last executing test programs:

2m42.900485741s ago: executing program 4 (id=1517):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000c80)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000480)=""/102, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a00)={0x3, 0x0, [{0x1, 0xc9, &(0x7f0000000b80)=""/201}, {0x1, 0x62, &(0x7f00000007c0)=""/98}, {0x1000, 0xb9, &(0x7f0000000700)=""/185}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000)

2m42.173268407s ago: executing program 4 (id=1519):
prctl$PR_SET_IO_FLUSHER(0x53564d41, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffff6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002880)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44081}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@rights={{0x10, 0x117, 0x2}}], 0x10}}], 0x2, 0x88)

2m41.533850748s ago: executing program 4 (id=1523):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x80000000000000)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0))
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20)
msgsnd(0x0, &(0x7f0000001c40)=ANY=[@ANYBLOB="0200000000000000bc4b8e9205e5a1fc718b4242d0cee1aba4c45b4d09ec9e5174720367727d241d3c9e9481aabaf0ffda76010987d825835d18172fcb0a57f7cfedc8da12060d51c13d5621d1773978e007a882cfd0e193aa70ac56d0e514a16465c0f15987b653d4b3df0448fd75ca0896220d4afa4494e597e51ce08b127651adb7aa73d1b1bb002a89385e961de587ed88e5d7ed5ddee8d97aa0105455870c7ac68ecf9f7ab9f9c13dd9e7c68bc39f36e31f57e797379b4489bf18e081673785747fe5d33d03cb68f65d0ed253b5aba5e36f5622cf8741d61ad94cbe3070cc2cb2f074d6a9e8b75b5a7419688c392e38c4af4dbdc2d891c229b68fce51673d8a33b3fd11d5e052eacaebeedfe18832c12949337ddcac62aac8f23946cb5495872dd5d6a4afd2419d633c8f84c8fe36bb840bee450a3560cb5239f4891b3637f53934d1c7a110830bf9252866764cfc419ba83ded90b290606c35c5a978f5cc6c567cf3175f4ec5b030dc378086c9599546298b3b0a86b0dfd11a3fc09637e0f7c37915cffa3ec30efeb0334c5bf584f22e3b017398c15cea3126eb456ef0c846b7898b872b5d15f15babb40ad2d4d87fc38a60505a2b25d5bc3ff69459d999d0a01fc133f51b9d304bc4d4761d4147b52ae510dc02078144ddc5586b26ee1a73407b74a519f1ff6de8ef2fee304bbc1573a393b4f4a1786da19f8dc6edd742538864af783880d08022cd92bcd14252fe69baad91f067179f00270161c0ffc9224d5f63be70c621deb369d5224003126244e6906e7f9b9faebc0dd0d445cf0985656cbb9e1c41f2ae144324fd4009ea35c98d7b8ffb4acb41ddc01038930cc57283614688b54cfd1ef2711b67a5ea800eaf264bd4c2041320fd3ac8d5d2fa3c5cfdb8a7af59462544617cd530bf71aee2004b523b525856da3dc9bb8b432be24dcd40420ec45afeb30b039e24be4ef771c986596d1ad6cec1482b91c8ab363a99701d1117a42edf04d9053c6b5e6170bbddea1a06c7dab2834d2b50e6ed6feffe609db7c19802310a7d3c5b7551aedba3581768d18402ca790df84384753dc683a443430d6ded62b646886619898c0e2572e04b47afd3c45a3f3aae142409c7c67d4e8dea95bcd00efd0ef954176ba4ad91a3823246b29d3cb8002805920d30c453b9bd395636f6fa23d5765d0d7407cd34b22a7d76ad031c64a31276647d931ee8c69e506f4d35952ccca0f2c1c5cdefbcb7de223518f7c6112cb8e7bc3b71aee485cbfaa704a2765d8dbf90d409b6c068ebfeb1e5ba11787e5505f066f667e716d113f34bd66350ff663031d7406c7ef50b2ed2c054bb6ae8d1ad17198abb4eeebc9db9bcdf86ff9d80ac179205cc80c2fc581c9e540db11f19c5d3a33f583434f3b915448be9b1338177abdc71611d3961105082f5ec63316882c9651af4932ce49e942f99f42625c20216594ebc890d04939d3992c31ff53d1dbff2225cae45341341624d040f1e14b0cb566bbff1ac8d2b8ff21600add3557a1f4232dee42806499c23451f852be7ee59514f23a367e66db1dbcfa39899b09c633550c79032e42a62fe472d26eaf660e4b8b77cfcd896578fb887ed35bc2d2e60f18ae81a4e1f754fe956f6ab2fe74ff8ebce9eb69474f34a9646b25e842d610460de8f1b2d23891af3d86826bba35245f9512c307491610e3e17174111109fc33d9db3f0e03b93e31fbe73aedb043953019a996a74399060bdcf00843a66567f12ce62c9396aacb263c3996e2df44985445121597f862e0c6d9b66267aef0cbbd7bfbf2f5d7b70d5ab81a8f867d08d40185d8bbd198652b96afe5b3d52b78bae4d94e72da61f1c38cc18979c2532a87c2063dd3a985f3ada1c15d0513a6ffb9e3b45691f8f644fc49224217eea2ecacbce1ed537fc91d7cd9feebf2d7d6e6c649618d2c7e6abf4db9f3e85ea21ffc926ef437539707d2bda36c2a16d60980a84ee807df94b6680ec4b8895ea44b68146cb963879bed151bb018693afab58ede1061b93f16f51ae4a818d41d534fa8b6e7868abc4cd58a100c7f7f4cdc9ce19b7c38c6f15f613e2d05c73ad440eb10260880b8d6fa7bf5dc8fc168585da93ecf68f73487df03f3438655f455d11f9f72a89c88fcab4371c926c743b18c332e4b07cab38372a927a7ae2d1eb668dab20e4fb433db43a8b4e302a66eb91ca14e7a7cbd4ab797ab73f0e99f1fef9bdfecf1db31914a929ff3bba8dd9c9b6b6ea054bbb7997126352757e6605c604d2b21ad70f9d62a381a0b4d2b97f8753e66df830e5c2b1021b9b2607679314e4ef7f85c6b253a1e0cc7a492d6e625d7b273ebebc484bf1bb6d83bf8e283ad1c081116461f0ad722a8776f673034c36693fbed6c478a97b617f076d7500210bbe969ab13e312abefad8dd028a192525da85d05dc0bf3ff8dda9f8ba9f48f41ddec32ab3d26e3f8948ab4ea29a5849a96a713d11f4eb7126db8e1c0e471ff3c1b46c298cd7c42d29dcf2e48aca7f17bdca8b73fd580818e3bcee3e510f6ad49af7bb1678de01a9dbacc98ba0b891fa13fc772c6e5d82ae341defce6f6def9e14c7950467e941643e20b30a18fcdd99763860137ee1ec15e24d14d6b19e7e2748f6aa0070499dddd216985c5fe219cc2c41f3de6df196ceccc01ff1765f536278ef2374ad118e7180cb886e549106c2d0669c7b2ed25a998148ffe8b2154505fe82add0bbdf1f26868a1ba85edba3f88b0b2f7caf9fa65acc018ed73a899724ca21980a8aa4e34ee077f257d50c63bf4f892d03ff475704f1a4a6cdb8a1c89f0f47da4ff64c033479695bd5d3f061e9617e77ceafa152ec39d4ae2c3bed23ee33ed20f383dc8a23ebe4ace0d710cdb2a26d0d590b93f2571f992ea12e0b57c0edf1c417e276c0b4dcb115903f18065ea164c6d5ce3b6a71bed1bfab5cfc2c3e3e21ad798cf7680f1ddbdc4d966b837423ef5a82faf65c89e22e60e7437d5c23f78831583d07aa7be0978530681e13ba3f0c298fb0ecf4d515fda912d641b40532b9ec14c26935d483064c6d22a0c63ff342030a1b79e53aeafb83c87ced8204bc8e656b99e2eb6f43aa483ba340ef0fbbb56db31c7658b738b4dc9026c4e16afd5ebe4a53bf3c08fd4ea243a9f4081f78b18e913b6f669550fc12195f3da077a43f09b2c9b19bf9e4be1feffa2604261b3786990c3f98f5f0e7ed1b63fb2b33a9e38fdb2f9f4ec417c04ba59f3e3a595773acf6b8fc8605846bec1a55d832d9713807be983dbdb152f876312c48317d9b73c221d7a1b6b99286a9cf2f870d243d658f79a83d7bf4b9691f6246b546d6a8b05ebe6e77688eeaacf8eb94b65e44299019e759be248666d513eab1c2951aed83fb2fb0461f8d38cfd6d63fd2f3aeb2fb23a26db296d082df894acb683cc701a9e55a7144186af172d4bbda113fda0689466bf45cdd245a9d059bc55a87f83c1ca1e34d85f7cebd5781fada2167380666b5defcb9542bcdd1103b7240900dacf13c2b3cea8e08c81c3f18a3fd56800e9b253ba2c9e1e760d96a67aa650071dd40ba3785234b1c41e4a6d204402b03a9c80841782c661e7f0b8f4bf606f4b63fd8603e7ad5f91bc6a598862e3763047aef7e369a9c4a677d77c2c226b89781639e3c0706ef41af55f9c52ed3f4e841c475c2b86edbd63022ee5b7cc091716fa2b4343e1afb29b4c967955a5069a37ac4c9a3e29bf99a5373978cd0fc626900b236ea257a4b16441f947741f60982820cb29bdea670fbfc3f4d5f16ee4631941378d0f1ded82354a1428ae547f7a77ae9af237252da533546cec06b275d8663ca610b406250e6c053bb854918217e7f816e74dfeaf701d8664287e918eddba64430f666cbf18f692877e3e77d2645c3c69905ff9571be110f148962b9693c4ac312a640b58703cbe2e3a2e7552d6abcff42ab531971928fc78a204912f34fe7b8177b24b8d1e39ed25b9bb610d871f114fd22b3fdb7def76969e9427b3656db8c0880b9a601319b64909022ffc7303bc06c5105b9a1e8266d75e8c055d71b03784a0fcff806d0c6171009be78ebc41a52319063dd69bf4075140c35998ac3faed70bf5cde22fe1fbe60b1e2a82f3cda39baf5836238fd693c96c6a38928861df5ced3727f5c2a8d82e81d8f9efc6a6ffaa2f2792e59cddcbdc1a4d19a8dcd502a486e92eaba693ee23eb9542285a2aff3e34864ff87d74c9566a5370bad3c6b037c9d25250a8539a73c18c7bc0b9c8ea168d2641861c11148b1c1af50b9ee476dacf37644addbb084e3d06474f84442d3097e9a9d92ac5e69e87f6741dd26a7d9a026f9d8113f50e74884fa6b792b564e6ef578de0cfcb170e3970df6a1e51de351285e9e8bc0a713a9818c3fd1b76576db44238287e99175cef73a88ff380e7c7ba4d62905be2a0b1347ed0181dac4cc808b87fb5e254fd1a75c00c56ca203f3b2700a39d78586e60d9b3b6cfc8f3dea6ba759f829897c968122d89a40b09f7976c1fb73a4e7536202c4999871694b93b887414e568c4d7cde65de210f6b0d232ee00d74580d9644531cf43b3d079119ce2a098b850ddcd66e0fb6b78b8655e5de08c3b016cbf7e10da79c408d2f481e9e5b4395200608000000070deda0af07725ab03c3cb56353d39708a6f734d8f6901f465198e3217e444ff7c2fa5b0ea3df4ae1eb8353ff19ee319789bf5ca7154e8010f0daeaa5926e329de8471f708645d4c0696d76242854cb15343c64acb6e851bed05d9dcfbc9d0b3bf67c1c7a781d1bf9ab8653cc7517b64c67f3bc385128cebd47bc9485b42c5d59e1516992dc48a54359dffdf8ab6c5d6cd8365eb70116666dc218ceeeefd04f1671c3d844466b254d5a29c5ed0c26a4229fcb7c710cca7b7a9d5bca54c84bc21a71b375e295a2877f481e1ca45d859cdecae62abe3eb392be77339982ab5189b67ffe38f502d82a092b8aa4cc3d8750b8e5f366c00fda616bfbae7f088da8b031c4c7ab2517f111dba0c0ae89ada596f003785d9b52f9eb890a09197325f8a5319574475e2064220900bad7c5603899717d65a94ff2ec444968c3d0e865bf253d45c52b6023b273a51a751492e2aa36eea984d5c1d958a9ed212b7ebfd6ea031bcf2383d159aa5f956bac0d21b38c0180333abfef84f7b7b88c57e4bdb4f47ef82a8d9a95d97721a7cf860c7bce3926c8d20da7b701d1c0835056906ddb427a530ebe5441092a7405f982bfe198715c8ee829294f1f8b8ea7d543bb3bbc03612c21d7d9f8ecb0a0a47f5b86d6670f38c39b4b784163212a83dd6d6eee4bb986624a6de91d70aebecc95fcba8090468cf6b30e3c2361a9312233b5063a4d605febf89693df36d0d6d40fe201e20a524148a32e123fdd9e335f312d0d2a671284b7006e8580ca33075fe117a05dc741ede06f9d06602c4b6dae8e0e97ad3370ef50fc03ba8f2dfbaff56034bab2f50c5b66ca750d49fe7ff609c6213a9c9934b243dc4a34dc333309e529d78ed2936df2aa1203fb796278f0b02e4ece8b650283c37a8f4963cfced8a33cdf56fdace68c08b78635afe459881181b92c9eea00d60f0ff27d2dfcd5912af0c67bb9c1a758af8f726a0a2a5ae8456296527b7fa4ac530b04a3a26c3b85392d290f31537250c91fde102b20bb6ee76014e13b02c568191404de548908648462da65195aa8265f98a924eb33d71c81e464ebaa50df5dfeb98b53828e86f78c4cf9a21261f182feb774089faab24b7430da36c92dcd6cb2fc1810a7e1641e7b7e4ed26ab004f14f9d2a2cc4b6e3c1796102ab7af28883d37ab634a9e6c1e2315596bb6b30b1ef020cfd7e6867551f126f63a26728d5bf5d528a2a1cf80a4f3c7d2f467f1db3b960d3a3805405c3af8c052b2fbf5b7b449a00b5a11329f7babd40614b84e4792e8cae8e945076a12fd08cc8456616733e2ac80c15501652ab4abb3e4d7b3dc8532a374513191ab88fe1f43d4316e9532a801f73747de1c61ddc19774f84aa9050c789e1f77f6f17412c0b0f32ba55d9899a562d6aad3cb4fdb24ae6d428b9c500ffd77afc7fe32330e9577f0e60925875590eed9cb2c0285d1f1ce3da25fad9ef888d9c9335b2b3f08c0bef7c21fd57e0bf"], 0x1004, 0x800)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=r8, @ANYBLOB="00000000000000003400128009000100626f6e64000000002400028005001600000000000500110001", @ANYRES16=r8], 0x54}}, 0x0)

2m40.512894041s ago: executing program 4 (id=1527):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='block_plug\x00', r2}, 0x18)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r4}, 0x10)
io_setup(0x3, &(0x7f0000000340))
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380))
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x0, 0x0, 0x4}, 0x0, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r9, 0x29, 0x2a, &(0x7f0000fca000)={0x5, {{0xa, 0x4e24, 0xffffffff, @mcast2, 0x4}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff01000000670000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f000000000000000000000000000000000000000000000000000001"], 0x90)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

2m38.518029812s ago: executing program 4 (id=1533):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x1, @dev, 0x4}, 0x1c)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x101)
syz_emit_ethernet(0x4e, &(0x7f0000000300)={@local, @broadcast, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x7}}}}}}}, 0x0)

2m37.752409527s ago: executing program 4 (id=1536):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
close(r3)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x18001, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
r4 = syz_io_uring_setup(0x4818, &(0x7f0000000400)={0x0, 0xa72d, 0x2, 0x0, 0x2aa}, &(0x7f0000000740), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r4, 0x21, &(0x7f00000007c0)={r1}, 0x1)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
rseq(&(0x7f0000000040), 0xfffffe69, 0x1, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r7, 0x11, 0x1, &(0x7f00000006c0), 0x4)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
r8 = syz_open_dev$vcsu(&(0x7f0000000040), 0x3, 0x10000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r8, 0xc0f85403, &(0x7f0000000080)={{0x1, 0x2, 0xf, 0x0, 0x80}, 0xc, 0x4000000, 'id1\x00', 'timer0\x00', 0x0, 0x3, 0x0, 0xb0f3, 0x8})
close(r6)
getsockname$packet(r5, 0x0, 0x0)

2m22.677704828s ago: executing program 32 (id=1536):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
close(r3)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x18001, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
r4 = syz_io_uring_setup(0x4818, &(0x7f0000000400)={0x0, 0xa72d, 0x2, 0x0, 0x2aa}, &(0x7f0000000740), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r4, 0x21, &(0x7f00000007c0)={r1}, 0x1)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
rseq(&(0x7f0000000040), 0xfffffe69, 0x1, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r7, 0x11, 0x1, &(0x7f00000006c0), 0x4)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
r8 = syz_open_dev$vcsu(&(0x7f0000000040), 0x3, 0x10000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r8, 0xc0f85403, &(0x7f0000000080)={{0x1, 0x2, 0xf, 0x0, 0x80}, 0xc, 0x4000000, 'id1\x00', 'timer0\x00', 0x0, 0x3, 0x0, 0xb0f3, 0x8})
close(r6)
getsockname$packet(r5, 0x0, 0x0)

2m11.709456091s ago: executing program 3 (id=1640):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="1400000016000b63d25a80648c25940121", 0x11}, {&(0x7f0000000280)="e26248", 0x3}], 0x2}, 0x40050)

2m11.635340087s ago: executing program 3 (id=1641):
memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000001000080"])
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0010141, 0x0, 0x3}]})
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x2a020400)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x1, 0x0)
unshare(0x2000400)
close(r5)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000004100090025bd700000000000050000000800022201000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20044000}, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_int(r7, 0x29, 0x48, &(0x7f0000000000)=0x7, 0x4)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000180)={0x48})
r9 = accept4(r3, 0x0, 0x0, 0x80000)
sendmsg$nl_route_sched_retired(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@delqdisc={0x80, 0x25, 0x10, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0x1, 0xffff}, {0x3, 0xd}}, [@q_dsmark={{0xb}, {0x2c, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x16}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x3}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x21}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x10}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x26}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x20044411}, 0x801)
recvmsg$qrtr(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/218, 0x43c}], 0x1, 0x0, 0x0, 0x40010000}, 0x38, 0x10000)
r10 = accept$nfc_llcp(r9, &(0x7f0000000080), &(0x7f0000000100)=0x60)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000400)={0x7, 0xfff, 0x10000, 0x5, 0x5, "cfc57577c94ec6a7e6bca618310654b0792ac5"})
ioctl$SIOCRSGCAUSE(r9, 0x89e0, &(0x7f00000003c0))
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x10, r10}, 0x18)
sendto$packet(r9, &(0x7f0000000680)="4aad72ab06308d9df75473c20dce1caa623c6c351c878d2a55b5ff84648174aefc2f13681efb10fe51e3ccc9947d2d7c4b12a2c0d57dde37cb5e179d216e2b9067ec057d3d7d4548afff3c906bf840caf3df5ce7dab4974fd39caf338958fe6242a6", 0x62, 0x850, 0x0, 0x0)

2m9.817869472s ago: executing program 3 (id=1647):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38010000100013070000000000000000ffffffff000000000000000000000000002a17f800003400000000000000000000000000000000000000000a5dc7e535000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000053500000a0002000000000000000000480002006362632863617374352900"/240], 0x138}, 0x1, 0xe}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
pipe2(&(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r5, 0x407, 0x0)
write$FUSE_INIT(r5, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50)
vmsplice(r5, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r5, 0x407, 0x2000000)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
r9 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r9, 0x7a7, &(0x7f00000002c0)=0xa0000)
r10 = dup(r9)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000040)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r10, 0x7ab, &(0x7f0000000200)={&(0x7f0000000300)={{@host}, {}, 0x400, "1a0b5dbeaad6e12581edfd3e937bb049a5b6150777cdfc3f662aaa33c62804d786b79e9434331a65305e1ca8b12f2ef78b51d868fcacb8c1ce634287005fa21eae9125b9b5f78afe5816253c1d8179a25109c92aca81cbefee8bfee6e64f7d09541b3b54b464b08cd356e1cb5c49e7deaccfce3d06dbdf2318dfb309890458cb7a7b2a21743cec8f1ad4a7cbea7ea1ed37d1bab65c1bf52f9b1559ea51ed0e07f0184f39018109c38b561e132a99d1248964ca540bf022b6977bfaca7f9fc8e1b6826807127484d9835b5a1b710478b2a67c3f68d4d065d59140309232f0b5884f1d1dc6a575f990d0685a0cd095f6b4b79d0cffdb57b0bac719e4a9f39ccdc79fa6aeafa3a71ed3f46987cc1fda18e3bc34e56a441eb3e7f47476c52a400597b01eaf894da3428b4027a6ce2657b267932e83053be08f450510a0df068e3907290e7d104a8f79838bdc762cfe081260ff54b6b2fb4670b89be06c40b3c4ba8387586f5b84d2547d75125356f478523b8604452d0898c94f6d0bc75d9a34f063c979d519e0379eec57aa7a48d2120ae28682229213017a2215e0755c3b71e56ebaf2c928d6cf53dbc0190864d0b6ea928e933474e58a193c880bd90bb39d3291142687e8f9a10c60887898a931e34dac504220200401a7b26973590621222a74aa843becaec07a70456dad98ab32c225872a699f7aa849a035b8d513c97198d5a790b85a14375bc00f0635db6eaf0741fb9ab5bfb72dde3c1992b0157a1a34933caf5fa679435f34a756e0366a4f7d604958e6ede55883ca9f11e388306612489528887a45d7f67588bae91ec6f4b28ac26ccdae64cc82948fe99b2002df2d93236faacccc629f41a6981fffbb640e60399c5fe7288112bba82046197ef850d9f225987a6022fef9ad89b4798dc92b7cb5a1e1d2c698f86c4f99317ba87530b874ac3bd7899dffd2393a1d93ddb5143678831d94aaa2bf4267bfffefb44ec03fadcae8e8d89617ed926ad635559a7cdf61e2638dc3d8c424403c8121ad89aec8277a64955cf090c187113f4484c30f6246643a0600000015869e58fe86ba3ab33ed7646b21846bd4f754ccffac9a96223971e4c44a36eef33c09d1b57a3790bec363a2c7333b07629874ad2119f2ccda107b183477df18f175d7e9132720d7cd7e671f8b62dee95433fa1db34dfb1bcae6a22863d1f592be8f6c64dcbb93bc5131711c7156829f77fe17b5bbfb1ac2eac809daeeeb804994b61c5e4a40c1fcbe7ee925ac8a6b0c52e24eee6d713060e407752ad35aef68040a4e68ba07c6d0548b32b12b62401c8349c6c53084bad6300d2b5e371efa569bb3a67ad15797389b8fe8dfa267fe203555bb15f36807894643f3f7f081a1e584f959c7716a46fe455837fc44c561c41ccebb845434b86b354b4a0c7796d713a500"}, 0x418})
r11 = socket(0x2, 0x5, 0x0)
listen(r11, 0x0)
setuid(r8)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000100)={0x0, 0xffddbf7f, 0x1000, 0x0, 0x1}, 0x20)
sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x1402, 0x200, 0x70bd29, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004001}, 0x10)
semop(0x0, &(0x7f0000000900)=[{0x0, 0xfffb}], 0x1)
semop(0x0, &(0x7f0000001400)=[{0x0, 0x200, 0x1000}], 0x2aaaaaaaaaaaac46)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f00000002c0)={0x19})

2m8.548298355s ago: executing program 3 (id=1653):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000080)=0xb, 0x4)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0d03000000000000006a12"], 0x20}}, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
waitid(0x1, 0x0, 0x0, 0x60000007, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb)
recvmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10100, 0x0)

2m8.182026677s ago: executing program 3 (id=1654):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x78, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x40, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_INGRESS_QOS={0x34, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x10000, 0x200a7bb4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xd1, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xb8, 0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x8001}}]}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x78}, 0x1, 0x0, 0x0, 0x600}, 0x0)

2m7.201994867s ago: executing program 3 (id=1661):
r0 = userfaultfd(0x801)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000001c0)={r0, 0x3, 0x100, 0x7})
userfaultfd(0x800)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000280))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000b01d5597cfab9c4600000000000000380005"], 0x40)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$SO_BINDTODEVICE(r5, 0x1, 0x4c, 0x0, 0x20000000)
r6 = dup(r4)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x4, 0x0, 0x0, '\x00', 0x6})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
syz_open_dev$sndmidi(0x0, 0x2, 0x145001)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}], 0x2, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0x5)
shutdown(r7, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2m7.18574914s ago: executing program 33 (id=1661):
r0 = userfaultfd(0x801)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000001c0)={r0, 0x3, 0x100, 0x7})
userfaultfd(0x800)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000280))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000b01d5597cfab9c4600000000000000380005"], 0x40)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$SO_BINDTODEVICE(r5, 0x1, 0x4c, 0x0, 0x20000000)
r6 = dup(r4)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x4, 0x0, 0x0, '\x00', 0x6})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
syz_open_dev$sndmidi(0x0, 0x2, 0x145001)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}], 0x2, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0x5)
shutdown(r7, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m1.595850522s ago: executing program 6 (id=1881):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x9366, @private0, 0x401}, 0x1c, 0x0, 0x0, &(0x7f0000000c40)=[@rthdr_2292={{0x18, 0x29, 0x39, {0xc, 0x0, 0x1, 0xf7}}}], 0x18}}], 0x1, 0x20008000)
ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000080))
syz_open_procfs(0xffffffffffffffff, 0x0)
timer_create(0x7, 0x0, &(0x7f0000000040)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000100)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000140))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x166b1ab5eb710134)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000001080)=[0xee01, <r5=>0xffffffffffffffff])
socket(0x2a, 0x2, 0x0)
keyctl$chown(0x4, r4, 0xee01, r5)
io_setup(0x3, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1f, 0x13, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020750d0000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

54.836379834s ago: executing program 6 (id=1897):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0xc2200, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="160000000000000000840000010000000000000085fdba", @ANYRES32=r2, @ANYBLOB="0000000000000000000000ed8300000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = mq_open(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x800, 0x4, &(0x7f0000000180)={0x80, 0x101, 0x3, 0xe0f})
mq_notify(r5, &(0x7f00000001c0)={0x0, 0x19, 0x0, @thr={&(0x7f00000002c0)="6256be9562f195bcee9c8cf50ebb9e85d80ae556f167af4c18926bd6c60ff2223f6580ac241308475a0814190dab4ac1f2f2eef909494c556c204bfb68963df5afede6dfe30a1b4b5cc949b7dd39fff574d4b2d1e6ff5bbdb4406bda784993026d3668247cfd84edeb48b0fea72720e8a063139d3792203a088eed97e3f1fc5b2208140ae413d1142899a94ac88c528fbb88e9a9c845aaf1ac4b098ebd824f80b1155bbd583a48114863a7357b88a94d933a99106fec4f49e21b94241a6511ea783c4f259a2c7880f6aa3aed799409511f83c03bf590fcd545dec8c49fc5c5a458ff6c6b7f3466c8c720fb33b0", &(0x7f0000000440)="64293ab6d5b4fe6c7f35701f6aee94d90c2deb7f3adffd42cdc58f89419316005474f56973b38b9bb5115f1c4978c59cb344fa03e5e10838dab5843d27488ac67e6074dbe6d410c6e8c527448a1ff829c3586e06635bbd5811152d347453a27a118b122a33a4ab4b7fc6f7e964a4fae76f1c9e378c72585cf175b6714228c974f7f5b97d7bb2523204781cd6483b"}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x50)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000280)=@usbdevfs_disconnect={0xfffffffd})
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005700)=[@text16={0x10, 0x0}], 0x1, 0xc, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@textreal={0x8, &(0x7f0000000500)="0f21ee66b8050000000f23c80f21f86635040020000f23f80f01c50f0fc1ae66b8ccd3098166efbafc0c66b8d691000066efc11822a97d0067660f3a14ec02baf80c66b8ae105b8366efbafc0c5f0b04d8d8f20f38f1d1660f6a98f68f", 0x5d}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r7, 0x4068aea3, &(0x7f0000000000)={0xc7, 0x0, 0xdaa})

53.093312705s ago: executing program 6 (id=1902):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0xfffffffffffffdea, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x40, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x5, 0x84}}}, 0x88}, 0x1, 0x0, 0x0, 0x4000001}, 0x20050800)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a)
getsockname$packet(r0, 0x0, &(0x7f0000000080))
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2800004}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x64, 0x1, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_HELP_NAME={0x9, 0x6, 'pptp\x00'}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASK={0x2c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1e}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2b}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x800)

50.171924789s ago: executing program 6 (id=1905):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a877f7, 0x40}}, 0x20}}, 0xc080)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000e00)='status\x00')
read$FUSE(r3, &(0x7f00000061c0)={0x2020, 0x0, 0x0, <r4=>0x0}, 0x2020)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{@uid={'uid', 0x3d, r4}}]})
utimes(&(0x7f0000000880)='./file0/file0\x00', &(0x7f00000008c0)={{}, {0x0, 0xea60}})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

49.36962548s ago: executing program 6 (id=1909):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x76dc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_x25_SIOCADDRT(0xffffffffffffffff, 0x5411, &(0x7f0000000280)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}, 0x0, 'dummy0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = openat$sequencer2(0xffffff9c, &(0x7f00000011c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$SNDCTL_SEQ_NRMIDIS(r4, 0xc0045103, &(0x7f0000000040))
time(0xfffffffffffffffc)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x38, 0x1403, 0x6c08c44bda12f87d, 0x70bd2d, 0x1, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_team\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)

49.183828072s ago: executing program 6 (id=1911):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x3)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT=r2, @ANYRES8=r1, @ANYRES32=r0, @ANYRESDEC=r0], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000001e0000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_setup(0x3b4b, &(0x7f0000000140)={0x0, 0x0, 0x10, 0x0, 0x365}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x179, 0x11, 0x100000}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
sendto$inet6(r7, 0x0, 0x0, 0xe6372edfa0bde0bb, &(0x7f0000b63fe4)={0xa, 0x0, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10000}, 0x1c)
ioctl$sock_SIOCOUTQ(r7, 0x5411, &(0x7f0000000000))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="36ccc406756f4ce348728a9b0069369c40df0000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000150000009500000000000000"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x24, 0x0, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x54}]}, 0x24}, 0x1, 0x0, 0x0, 0xc095}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)={0x68, 0x0, 0x1, 0x470bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x1ff}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x24000080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r12 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$sock_int(r12, 0x1200, 0x7, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r9, @ANYRES16=r9, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000000080012"], 0x44}, 0x1, 0x0, 0x0, 0x24048080}, 0x0)

48.332115065s ago: executing program 34 (id=1911):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x3)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT=r2, @ANYRES8=r1, @ANYRES32=r0, @ANYRESDEC=r0], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000001e0000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_setup(0x3b4b, &(0x7f0000000140)={0x0, 0x0, 0x10, 0x0, 0x365}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x179, 0x11, 0x100000}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
sendto$inet6(r7, 0x0, 0x0, 0xe6372edfa0bde0bb, &(0x7f0000b63fe4)={0xa, 0x0, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10000}, 0x1c)
ioctl$sock_SIOCOUTQ(r7, 0x5411, &(0x7f0000000000))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="36ccc406756f4ce348728a9b0069369c40df0000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000150000009500000000000000"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x24, 0x0, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x54}]}, 0x24}, 0x1, 0x0, 0x0, 0xc095}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)={0x68, 0x0, 0x1, 0x470bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x1ff}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x24000080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r12 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$sock_int(r12, 0x1200, 0x7, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r9, @ANYRES16=r9, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000000080012"], 0x44}, 0x1, 0x0, 0x0, 0x24048080}, 0x0)

12.266367985s ago: executing program 1 (id=2022):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe67e, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x75}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x100}, @ldst={0x2, 0x3, 0x1, 0x9, 0x8, 0x5dc5da9e82b26d2, 0x8}, @map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x7, 0xf2, &(0x7f0000000140)=""/242, 0x41000, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x4, 0xc, 0xfff, 0x2}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f00000002c0)=[{0x1, 0x3, 0xf, 0x3}], 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='iocost_ioc_vrate_adj\x00', r1, 0x0, 0x8}, 0x18)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000400)={0xde, 0x9, 0x80000001, 0x1, 0x4, "25d4ec83b9bea8f72b5b8b3677303aa9c0aa2f", 0x64f, 0x3})
recvmsg(r0, &(0x7f0000001600)={&(0x7f0000000440)=@x25={0x9, @remote}, 0x80, &(0x7f0000001500)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/31, 0x1f}], 0x2, &(0x7f0000001540)=""/167, 0xa7}, 0x42)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, &(0x7f0000001640)={0x93, 0x0, 0x401, 0x6bcb, "3e2cf86bc5121dfd53f693d5c3a3d821a061e1cd514e03a0c37bb208ed47a2ece11022f38e25c5ddfa7973fff53f891491d14c084805458f36c3df09666f03c090c7eed715393a7977ef8c14d9f7716bd3f19d8ed8493eadd7db1546c7462b07c1bf877b878a2cacd460746228b3fbbf6718e0d162dfa8a31115b1"})
r3 = syz_open_dev$audion(&(0x7f0000001700), 0xcf, 0x900)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000002800)={r3, &(0x7f0000001740)="9a10306786b0ebcc1e6e4180408668d86476710fe0a7c1116b04437f9aa54fb205d3e2f9b048d222e918621f8ec09f13d6951600769b4c3f93fb0a08c2abc68f8dff664a69c4409616bda611a617e6672c7f35130d21be0ca2b6a94dc17b63445956b795481ae4cf5810be77c00dec04eb7211b4371337a504873235cfecd59a4bea56452fe3bce3867653ce21110faf8c9f1e64394d6b5ba345c5b781af12f593490d29aa42b36d9a5b7fcceb6d343ab9976f4cc22f047341cd2bd270b7c46678db18955575904c84a6cbed016f5eca7e631ffb6d90819e0dd1cf3edfd38a631a90173ac6d97ac7653cea12bd1b3d1336fc94ade6f698249ae01d538e8b649637b44c1cb6de7ea1555a808349d2a8efecf2837265d325a3150d44c445eb11c312ff88982d0c0a21b10e3ea3c245df0a92856d81cdb45bcd31c3cfaa20ef670730025599e46b795808963a8e9e45936d6296609ddc79505f25d97cc4e4683f10463d2806d8364793f9257067f5b8a6bed08fcee8cff1db8fffd98b0c0eef2e1e2d4ae5bed82b39686b2a9c9bd7a1dff082c8051e61aaf6d102d06fb6761f34d120bcbc8f9f2bf3ba1781b23031997912f982c3e7f4d142c27798eb9bc3ea100dda35d59c442ef516903f212165457b683f997b797623c7de50246a469f0a5da66c6a452f1d611ea663eacb48b2dec9caec2e21e987ce21800cf573aef2c681ad17f68c5c9bbd0bd25e14570ce0a3645b08a3873db944b7c7df03325c998f99ef1bf4b443fae15ab0cfc1e1a539a814c4bfd167a079fe6eeaca551f5354e22e4750b4ddb3008d5f787a1c5d982f0565d9e79f82e8f48ec216960b9ac3a0358b2e7e93fee64ec8466ecd665abd4a4c41a387b74c09ad9a47b2973ca40a0c456bac91b2897e30a214c5a862f91acdad0304b4434b5b5a256bcd6476325f479d316cefe9126fe3a1400c8fa9e115ce5d87615155cfc9b05d389671c0ce74ab94ddd268b1170b02d9a19bd3350faba8b0effb80ebe90daf7cd4fa9ec374f10d3ae0c75296deab5d33064d54a4f38b58aebae9468bce7e7c89bdc1ec29a24df8c5d45c14fa57cc2b3a3cbcdc8cc15e1b27003a4587434f8b9f304d9f89e6c7c4a40adc362138dcb349913b6eaaf033ccf75a17523aef21d37b7f68819f00c178c40b2e55d60b2d7af4c6d426b568dc6f92f56443e561c3a998b2fa599870ec24939c9c8d34bb39c772301871168ee39548257721010564ba736b5b7c122ba0a95c1053a30f507915b7bbf8c0d6e06750eb4ffd31ff3456338c704688770d190934b4330609dd30c6d37e74639f05d0a4db0b94035087efe8330165e60c6ec67e0d6dce9f7a5ba7fff7f131bbe127c42c5253ad623699e7fddd69a0755f411e9ad6ce1c4665aac139e8e53f243b5f4b93ed2a638f57b440555304091dc35b69ab8d80daa6021a6eaa7043d4439f59d3e671d7ceded7e14c9d6efdb355c72884492c34da701b23877d81b6c18cc1ab4c0d400c4a76b29baf007a28e160d8f1903d2a9ec782976a0d82f122e3534de8b39f428ff85d76c093fc9b74d3c999635aa3f0400d5bd041fd81b56a110eb0a4508f88efa53f1471757e7e3a0f1ba37328732f37406bd545ff4614243b1c5eb76448bd21cf240ab0ca7884a1854de02934497e33a0b10eb235e49205ea62e5103c1e6e0d9cd289f2d1bf89ea147ffe63a5062f0a89270237d5b72ea2cecb41c9b912bfb1f586ec83094147aa896e60ec340998fee560ebb5c98a12a311026e790fcb9ddb826092c004e6a5b64ab5579aa6e9c45a1a4ca1c798e1956094b2ffd929c632efd23075cccbcbe206b59512130567c344407ff6e2e3263e09d1e86572d1343827b4c65928d304517b548500b3b986ed075fe0545ef8e206c87c865464493ef714e4525116e79640b30e0cf59ae178739ea3f2b443ebcd385850608af77f81a42b85959e1fcc9cb2020a9bf57869f59a6526c678f125bf0fb9a9ba0cd63f20cd478a7a5af6187bc67da5db1d1f302854ec76a630382abe3e58c83bb6bd99c73fe3778512d25cce968c5e83d2d134cfbb0b9ad08ec2b944efa15b2b0ee1f9ee2ba72b8a2d66f14923891fe0f7e1721523135504d76699c1fd3f6b5f4ec73c2059952fe49542e855fa582b890f87834380d1e18c3dc287d8651919e9ba283e82f4595d6ad391afcce3fb46a021c5583734018e4c8c1dccc3bd14c296bdd64057bb71a77718dde0c18fde7e312a830da803556e19711b62bce990a090e44c46a7b15097b79595b34ce70fe640e1be0fd7bfd2bae76cbfc158da14f6ae65c880524f417d7ad401e05acbebad17880f40abb67f9ba0b9269c4d53738ecc474185a902e4dbd96127f1a0e7f11a81ab9c1469be94c922e568790a9da9d0f3c3d0bf72b74d49ec66c334c6321122619f106189074c3e47c60f541139a89b0e282361bdbf604aaf420341377ffebdfe9e375528266b1300d02dac056d5ea67d985b2a3036f23760b4a1de1d63838d4c898310bb53f9463e97ca267b5be5bb11994ba6f1501da46b7e0f8110c27999184c602e6e8c7d805fa1a948dd6fb1c78769dad818e829887acf955f136d46822282f1e0d855a0d1922ce268f264a0e1ecaa394faa8386b500da760207723446f72a8b350b01cb9d397e2e7749ac7bc2e51a0a8542c691022fb3378ba35f8faa08c16a30449790c1745db8271f639dd4138a594479d36b46f5c98c2aeec9a8f98f7f00c873b161c530375a0af86864776ee6f5da0c7da3e71b39cdfeb9bdacb5c58ea54933115b40fe2f52916d1e8371ad591e9205b48de2dc6693ac0613444390869118fb22e526c3a068c251f128b8c9d5dd57236fb0e66ef7e8a872821339c49cc8847f1cad996898df601c762bbe4309224b4f9eca7e5911f399bd07b9688de3cd1b61fcebee322e385470b21da4a8f9454e5916b708adc692f26b678e92be69dcf0fb2b3d2e5fe169565c53d9a6d1e9bf12396d858467d51538624a902af0742d7dcf7c6512f3c2624f67208c1d0020680d29645e3571ca2dfa5a44f31be3ab7341b94454dd8e4c7ffb48b8212667df01c2ebb63e07d9523d7ab6fde1ceff96970147cf4185b7102b48147f6938dddbc6a879c348195ac5eaa7f1084fa5592cf5cc9adf378a53dafa25d9ceb45a1b8e0ef899758fd514ff10ac5c59cc9bf9bc99ca49844f2e9b0202e1007aa1108ad10c3b1be0febe88ea9208aa420caa6465e94616b839d3cbd671f2451c5306fd945b3b3ccc6699ff2bcda5932e988c5d546bab529cdd1145696504d265a2c890b1448adac2479a31366f70d36e6f1b43df4f6e74c52ab8d8da73985fca0e0b2a19930d26ee639ee201bf87b9dfe0252f54fa7b6533b4c31b32fc90934705a1c33c1a1fcded20d09102437311e1baa46a614fd799a7e5bed71a130b690b0b7b85be838b2ae3cccfad24ac93688f3a43a959c0da178b88d133bcba2fde57dfce7938e54284ce8441602e1333bb48c561626911d2a945618197883c34536dcb35bf63b238922be1663d8b659e846978bd1c86bf538f29360332cc262f0ffa2ddf255300139db4ca45f8272df0aaa97330908b9a7fec7ca52ef5e3f58a710eba7b905940f6c4b99f550c99d52bb0f2d11894a2dd8e4c970c64c951bc3ac4169f45e57ce67060df7eb978d9156c1816a9324e21ca40adc0e80a3b99f9c061fb2738f1213772de25ab98afc183e51b7203d2a8f39e132ad387cb36c161dcfde59e242f529f4a1930b20dd50fcbb9974cb0938491577c1cb9db53feca56b4252f86629eb0afa8ed51af9385690c7e73f89ecae462ae7fb668112bb0167a08e642350b2d696bf9479c10efa649f41c796f81cf42a6b5b5bee9e07704c27d7a544766c681cb773b37087bd24bc58396794788afe032a56c7ce70970b3bd87ae56a690e09d1e48aa0acd3010556f46dd2df1c82d76bc5448e2df3982552370427014e1510c573313433596fff4e08ae693c0b313a88526dad5fb43f32f06bfaff9654ceda7a39a7603db6c2063d9fe199491b199027f462ff5b00e1abc7aba16e6b92733045b5de520ab7e71f5cda1a3036da58b9dda674d2a18f8776f20b3c9026e790166032edadf906d86f60467f50a9671fb789afdf2e7f742f8763a149d1f3a144044c91b323e63540c896d3a2a22954bc942ed1e246e1809876ef8026c498103c9e47870d56d1a06f42d709e34e8c768656027e4d12dfc602c21a2da87647f11440b5dc683a2dfba727a47358f5b0eecd027d0a211e31cc752ed5fd1eda284c20e6d64becf4f48b7b6946050f03d91e93a395df85f36929f64cc109f25340cc041655cffd916672099b168572b8b357544bb1e29dd59a4b62d883115de545ef573775abdb905b762807f95a543197223697366f72a9f3ade9fed8a090e13c270d7ec0393e4e3c0f50641ea6b65bf5aeab7bf9fda4a62c5da7454ea5813b1bee835e5ddd12c06c96d0510454c64bbd3870da444927b72ecf437d8b33f2b0caadc57785f0b5dd266b1bad18ca62cb3c86d63620e09c9f2276e8fa5822e9c254ace3cea7960fd4a19b1b948f1de1dde4d53abbd828b9aa8f4e53db68f4c9b1986eb97b70072fe01df09363bec5c72d4141296d563dae23d7e32b83cd1fb5bbee1718a81d779906292b04cbcfade44e5414fa6701be37537617468cd0e683732739d16a3a45740fc478145adc02c1995b6dc03e81b11bec3f7df245c2ee3ab72f1fcf610325a61e5d47702f30bc88e25dc0dd6a61cc63aa10e27163e0644fceaaa52c087bb1101f8d04a340f34683600dbefe794414b76c31d424a2ab12ddb79a1acf70ff2b21e7ff8c5cf54ded1ebd464d190bb0cb7a62749bd9d0ccff545ca08c02eb13ebb9656df0d5811d6ccd3bcbd43ded7be8e000de0806e358ca38de6dafc71bebff42a747199635d47253109cbd66c1752c68a15429120dafcbae08b584ebaafeb5d6b2a167bdc411e8457328b826432b4f259f543d78070508a7bace955575ff1961946918abb2677fb1ef00aabb378a0fbe7a86c1a1e44be6627c5e80a331fe0f0508f3e56a1d86b4351fe9ad8fd3e8775843c5d73a3e888489198a6fae861ae9fb49d7d6a5a6c91be3eba5ec223c6b3433d7eac276461c5f86b13e8eb7a3a64eb158258c5bb768ff6828dd3e48b1e7f1a489397341644ae5a9c43c01d5543931a62dde4b7f3b381dcb811efe6671538d00cc236264d0069bc254ac9d849eb79c6bd5d89ca3c32b1130eb8ee713394a8695bd0357efae31ae5e0952d9530e26ba372c002e6c158a1f262e7d192bb11990956ef4fe5ed4eb55bd7eff201bc49e87ecc548347a166266176b41265f2fe4266cf571f4d538f814a90010ee3fac33d12c4bfa6fea90d177c3e43194cb76669ba8841b421303e54132169bf46952dd89d45015a25630f22dc45741994c8b5aa7b9944757b0d3125075cd8ea3290fdb08577644693af9044fa1da6ab3cd04b3b91dd32d035a72b68ed7d202ce944fa4044a6cf2ef9e45e3f09ddac628e5c961ed92377f7c093cadfc628f52aea873075c0178f15dce2d771c7ef521fc305705552de5abd091322962d4faa0de5f699709ab5e139391959c9f8e20257a07e65b1b367cc85a0094277adfdb90baef9efa6a9612b1b6a8e2f4b51e5bb851429722ee16690034d1073857d6c0493c8a1aec3b7894eb41e3acc1fa12f3bc183bdc9018fa616112053715b6c2c7e74411631bad8bdae64785f2a5c54074e45edbab9523d20a53f1433", &(0x7f0000002740)=""/164}, 0x20)
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000002880)=@attr_other={0x0, 0xfffffffd, 0xfffffffffffffff9, &(0x7f0000002840)=0x3})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f00000028c0), r4)
sendto$inet(r3, &(0x7f0000002900)="6445f0097bbb3bc704ff1abfa606fb029cc2e155d86ebd8c5c1e2787de87cbe061e4f627ed12ea4c3da3c467cfc6b795ae3d866e6861ce9899ff0e30c5c3ce28290ea6fafd7503b9c46a20036095", 0x4e, 0x1, &(0x7f0000002980)={0x2, 0x4e20, @multicast1}, 0x10)
ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r3, 0x3ba0, &(0x7f00000029c0)={0x48, 0x9, 0x0, 0x0, 0x2400000})
recvfrom$inet(r3, &(0x7f0000002a40)=""/121, 0x79, 0x10101, &(0x7f0000002ac0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
socket$unix(0x1, 0x5, 0x0)
r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000002b00), 0x100, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000002bc0)={'ip6tnl0\x00', &(0x7f0000002b40)={'ip6tnl0\x00', <r6=>0x0, 0x2f, 0x3, 0xc4, 0x5, 0x25, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x80, 0x700, 0x3, 0xc9}})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000002c00)=@bloom_filter={0x1e, 0x9, 0xc44e, 0x0, 0x28000, 0xffffffffffffffff, 0x9, '\x00', r6, r5, 0x4, 0x4, 0x1, 0xe, @value=r3, @void, @void, @value}, 0x50)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r2, &(0x7f0000002dc0)={&(0x7f0000002c80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000002d80)={&(0x7f0000002cc0)={0x88, 0x0, 0x2, 0x70bd29, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x8081}, 0x20004000)
ioctl$HIDIOCGRAWPHYS(r3, 0x80404805, &(0x7f0000002e00))
r8 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000002e40), 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000004080)={0x9, <r9=>0x0}, 0x8)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000040c0)={0x1f, 0x27, &(0x7f0000002e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffa}}, @call={0x85, 0x0, 0x0, 0x38}, @printk={@u}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @ldst={0x3, 0x3, 0x1, 0x0, 0x1, 0x1}, @exit, @map_fd={0x18, 0x4, 0x1, 0x0, r7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000002fc0)='GPL\x00', 0x1, 0x1000, &(0x7f0000003000)=""/4096, 0x41000, 0x0, '\x00', r6, @fallback=0x36, r5, 0x8, &(0x7f0000004000)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000004040)={0x5, 0x8, 0xdfe, 0xfffffff9}, 0x10, r9, r3, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000004180)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0x4000)
io_submit(0x0, 0x5, &(0x7f00000046c0)=[&(0x7f0000004200)={0x0, 0x0, 0x0, 0x1, 0x9, r11, &(0x7f00000041c0)="0b423869ac5f232b3d73afc2566d95eea35d70681a62ab538f264e3fdc24ce8611d77cc6b88a1eba0ffbfbcbac30917fe0282fbdcbcb975977", 0x39, 0x6935, 0x0, 0x3}, &(0x7f0000004300)={0x0, 0x0, 0x0, 0x0, 0x9, r7, &(0x7f0000004240)="7a9e3355a31166cd70e0a70ef0d849f3be571bd7a9945961bae506f8da79f478d4f2a64e6e56dc00148f7d7f6d3035254f3541bfdbe32ab25310e58eda9cc3e7f8cae3ff2bfe91ca1304af954fd8df794464f81209ec64197c2fe4af299d5ce28bc30296a6598a1105941db222cd4ac1360ca3a876ddadcbe6d29a6c0e417de2ce2778bf40a14273edfb862104b4307dde0d817d9713d5b26c106be7", 0x9c, 0x7fff, 0x0, 0x3}, &(0x7f0000004440)={0x0, 0x0, 0x0, 0x6, 0x10, r7, &(0x7f0000004340)="ad622cc4506af95b7bc0a4ca73da7425b4677e9a67e90e2f0e17f6843a0c0c03bd50fa4c44d40be785d6df6a02d24d24f8e40463185df673bb5ef14dabcf9de18e324bef10126cd793d273bfc9a2d6633785abe6ba6b1caa727e4f8943a6f7a5ec0a45a5420f053e22adde9b1bef558ae0688c360fb00fd39a1796046fd4550b32164e65d902084f6fe0f618fc17d35968046490284e63a053ce9342f106d7a628d92ffa0d7692b26e491d7020242af29cdd577043c400c0451b0892730aee00deeaf226713aca018cad69fd0e78e7", 0xcf, 0x4e36970c, 0x0, 0x4eed1e4491134292, r8}, &(0x7f0000004540)={0x0, 0x0, 0x0, 0x1, 0x9, r12, &(0x7f0000004480)="45ea0df8533970e4be87a568d91bb09ebcbd8ef08cdefc0312cae7abd4b4c751379bb7100abd0b40dc0136224d4cfffa31af283847f75c3c84ad816b0bb1145319c529bab9e78761d48178581e0fee179bebacc2b01544236cd6caf6f64ee26ebb944e07f5b766d4157836e841cbf6c2e8e2f3a291d220e361f46414f243af12b37a2d775795598645dbcdb125b364f74380ef58bd1ba626905e31dd698b94b5df86b44df89c5a07a28e1bd480fbdd831a", 0xb1, 0x8, 0x0, 0x1, r8}, &(0x7f0000004680)={0x0, 0x0, 0x0, 0x1, 0x1f, r4, &(0x7f0000004580)="29760cc0a413e9899ba6e270f49a3614306b5cc445ea242d73776ddecb88d8197e8fac4404f6e1e7c16b528c3b7488bedf3aa05c17059d3ca5543ed4a65bd5cb056819961e8c3ba253b1b4a332b834485ce9237b02a3c6ee53c08d655fdaa2c89cd55f4a80747b675134aabf76e3490a9dc2bb5924dcda948d663146b79b1955482fb9026e7451cebe24a744ff375030cef4e6b1f38b1f64b86ddceaead2aeb1e4009e255b5cf972e43b4f890f160110c7e1617d8a080ab638fc36c5b0dc4b5d57b6eaebd3a4821473bf398e53cf84202911e0e59f43e9f2e894a4fafa76105de73ea07d6871793b76d5f3", 0xeb, 0x302, 0x0, 0x3}])
r13 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGPGRP(r13, 0x8904, &(0x7f0000004700))
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000004740)='wg2\x00', 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000004cc0)=@bpf_ext={0x1c, 0x32, &(0x7f00000048c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x5}, {}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ldst={0x1, 0x1, 0x0, 0x4, 0x0, 0xc}, @jmp={0x5, 0x1, 0xd, 0x3, 0x4, 0xfffffffffffffff8, 0xffffffffffffffff}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x2}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000004a80)='GPL\x00', 0x5, 0xe5, &(0x7f0000004ac0)=""/229, 0x41100, 0x20, '\x00', r6, 0x0, r5, 0x8, &(0x7f0000004bc0)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000004c00)={0x3, 0x10, 0x8, 0x6}, 0x10, 0x2a2d6, r10, 0x2, &(0x7f0000004c40)=[r8], &(0x7f0000004c80)=[{0x0, 0x1, 0x8, 0xb}, {0x4, 0x5, 0xf, 0x6}], 0x10, 0x3ff, @void, @value}, 0x94)

12.264889017s ago: executing program 7 (id=2023):
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001040)}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000800)}, {0x0}], 0x6}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

11.489774001s ago: executing program 7 (id=2024):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000600)="600e000104004824958e097144c1", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a10a000b000140020203600e41b0000900ac0006031100000016001500090002000000035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x3cc, 0x65, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}}, [@filter_kind_options=@f_route={{0xa}, {0x39c, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xa, 0xe}}, @TCA_ROUTE4_ACT={0x390, 0x6, [@m_simple={0x200, 0x1f, 0x0, 0x0, {{0xb}, {0xa8, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x401, 0x2, 0x1, 0x2, 0x8}}, @TCA_DEF_DATA={0x2d, 0x3, '@-^[\xa5&,.\x00pe\xe9\xb9\xf1Q+=\xdf\xacqd\xb4\xd3\rj6\xb4\xa6fz\x91\xa6\xe9\xdfy\xef\xbcY\xbb[a'}, @TCA_DEF_DATA={0x7, 0x3, 'lo\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x403, 0xfffffffffffffffe, 0x6, 0x2}}, @TCA_DEF_PARMS={0x18, 0x2, {0x3, 0xfb, 0x10000000, 0x695b, 0xffffffff}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x1, 0x10000000, 0x4, 0x8}}, @TCA_DEF_DATA={0xb, 0x3, 'j\xbf!*{$\x00'}]}, {0x12d, 0x6, "bb56072c27c5e2984fb9b39740c7dea2e6372a168bf1fdb8ecb6019c9f5db834fcaca18620641b7aab2922f69d2f9b062f5ec4be8a5a603fe7236ffd67f60e9e007b34e0f9cb58fc8855dae5289e4e856559f64bc5a1c5683263937fdd088e5f34874e0d2d2273a7a09810d9042b32fb69223c74e88c41fda5268c22a3107d32ee49d3a99665178abfde24d27a872b23ece9d09c9560070a6e3cca383ccb4d1a6d7c302ab3ee820e67d26e78f72566a2f9765698d783e6c14d8da6156473bc39143eaba66c1921f94f19f65bc88b127c0eb8ac765b9220105c7c1060a0dd863f80d90bc3848a4fa52f73aaa4e21a1f0d6078cc5386cdfb2eef199f5261cf64455c3d8b7584e7e01a4e794f882f04307913cd5e00e1ebd8bbb0e6ed906dfc64b4608f285ecdef3d31a8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_xt={0x84, 0x6, 0x0, 0x0, {{0x7}, {0x30, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x3}]}, {0x2d, 0x6, "a5253fa303177a58da34b3cbe73fc5a4963269cc278d679372af47f8a41503e725cc83e204a4adf520"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_mpls={0xac, 0x15, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xfffffff9, 0x5, 0x8, 0x7, 0x4}, 0x3}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7, 0x6, 0x5, 0x3, 0x800}, 0x1}}]}, {0x45, 0x6, "b785195954bf29eb39a865c5695a7ac46cec065f7db06dbdba2e8cf062693312261bf71915b2d84a074fd931b04b8440933794ba3bc0c3d3302773efdb92a21687"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0x5c, 0x1b, 0x0, 0x0, {{0x8}, {0x34, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x4, 0x3, 0x6, 0x4, 0x7}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6, 0x7, 0x20000000, 0x0, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x3cc}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000009aaf40b74fbd010000000900d00073797a310000000040000000030a010200000000008f128237267707aa00030073797a3200000000140004800800080001400000000000010020000c00024000000000000000010900010073797a3100000000140000001100010000000000000000000000000a000000000000ba3cd148835a9e9d5e4619cd7633746741c2681e96fb49c487a3e1031fa6a8523a99d46f2e9d97ce32e88b5c75351629c52438998938167ffe3213eb25de3f084c6b741eb3a8637f5c5017a96b92be70f12200d06e36284dcc31f559362ad9b7aec0c287ec073fdc7396a1909f4789a1d809e4a15ff7757f503b38b4cc08b352039443f73925b1dc65dd1afccf410d35ffcbd12fdb782b7fe785d35dd7753c48abd93220da65"], 0xb4}}, 0x0)

11.396862947s ago: executing program 1 (id=2026):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x20050800)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
getsockname$packet(r1, 0x0, &(0x7f0000000080))
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2800004}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x64, 0x1, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_HELP_NAME={0x9, 0x6, 'pptp\x00'}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASK={0x2c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1e}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2b}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x800)

11.146913913s ago: executing program 7 (id=2028):
r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000780)={<r4=>0x0, @local, @dev}, &(0x7f00000008c0)=0xc)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000a00)={{r0}, &(0x7f0000000980), 0x0}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x21, &(0x7f0000000b80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}, @call={0x85, 0x0, 0x0, 0xb0}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @ldst={0x3, 0x2, 0x2, 0x7, 0x8, 0x4, 0x8}, @jmp={0x5, 0x1, 0x5, 0x7, 0x2, 0xffffffffffffffc0, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x5e}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='GPL\x00', 0x401, 0x97, &(0x7f00000006c0)=""/151, 0x41100, 0x4c, '\x00', r4, 0x25, r0, 0x8, &(0x7f0000000900)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000940)={0x4, 0xf, 0x10001, 0x7fff}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000a40)=[r0, r0, r0, 0x1, r0, r0, r0], &(0x7f0000000a80)=[{0x5, 0x5, 0xe, 0x8}], 0x10, 0x7f, @void, @value}, 0x94)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000200)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_pauseparam={0x12}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x40000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)

11.123366362s ago: executing program 0 (id=2029):
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xdec9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYRES8=r2, @ANYBLOB="ab26dd35c7f1e91f74287e97252bf608723b99f4a6632d8930482d1e7a8ce8eaad1aed7b3032"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r3 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x18)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001c00000014000180080003000100000008000100", @ANYRES32=r8], 0x28}}, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r4, 0xc004510e, &(0x7f0000000800)=0xffffffff)
clock_gettime(0x0, &(0x7f0000000040))
r9 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x61)
lseek(r9, 0x100, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(r9, 0xc0585609, 0x0)

8.459252217s ago: executing program 1 (id=2031):
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = epoll_create(0x10000e9)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r3 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r2, 0x0)
fcntl$addseals(r3, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000100)={r3, 0x0, 0x0, 0x1000})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000080)={0x2025})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x4000000, 0x3, 0x3, 0x0, 0x8001, 0x1000000}, 0x0, &(0x7f0000000180)={0x4e, 0x8, 0xc98, 0x0, 0x0, 0x9, 0x7fffffff, 0x3}, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, &(0x7f0000000240)=0x91, 0x4)
socket$caif_stream(0x25, 0x1, 0x5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
sendto$inet6(r6, &(0x7f00000000c0)="8c", 0x1, 0x1000, 0x0, 0x0)
shutdown(r6, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000002280)=0x40)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x3d, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000001300)="259374c96ee32f8d294c9fc6746590253ee96645fcef4c89cf58a03ee946310398ca18e157b9eebaaddb9a75b83ddce4aaae9f1ea011fdb0fc3a4d8aea", 0x0, 0x0, 0x0, 0x0, 0x0})

8.400171627s ago: executing program 0 (id=2032):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x80000000000000)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0))
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20)
msgsnd(0x0, &(0x7f0000001c40)=ANY=[@ANYBLOB], 0x1004, 0x800)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=r8, @ANYBLOB="00000000000000003400128009000100626f6e64000000002400028005001600000000000500110001", @ANYRES16=r8], 0x54}}, 0x0)

6.897943308s ago: executing program 7 (id=2034):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x80000000000000)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0))
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20)
msgsnd(0x0, &(0x7f0000001c40)=ANY=[@ANYBLOB="0200000000000000bc4b8e9205e5a1fc718b4242d0cee1aba4c45b4d09ec9e5174720367727d241d3c9e9481aabaf0ffda76010987d825835d18172fcb0a57f7cfedc8da12060d51c13d5621d1773978e007a882cfd0e193aa70ac56d0e514a16465c0f15987b653d4b3df0448fd75ca0896220d4afa4494e597e51ce08b127651adb7aa73d1b1bb002a89385e961de587ed88e5d7ed5ddee8d97aa0105455870c7ac68ecf9f7ab9f9c13dd9e7c68bc39f36e31f57e797379b4489bf18e081673785747fe5d33d03cb68f65d0ed253b5aba5e36f5622cf8741d61ad94cbe3070cc2cb2f074d6a9e8b75b5a7419688c392e38c4af4dbdc2d891c229b68fce51673d8a33b3fd11d5e052eacaebeedfe18832c12949337ddcac62aac8f23946cb5495872dd5d6a4afd2419d633c8f84c8fe36bb840bee450a3560cb5239f4891b3637f53934d1c7a110830bf9252866764cfc419ba83ded90b290606c35c5a978f5cc6c567cf3175f4ec5b030dc378086c9599546298b3b0a86b0dfd11a3fc09637e0f7c37915cffa3ec30efeb0334c5bf584f22e3b017398c15cea3126eb456ef0c846b7898b872b5d15f15babb40ad2d4d87fc38a60505a2b25d5bc3ff69459d999d0a01fc133f51b9d304bc4d4761d4147b52ae510dc02078144ddc5586b26ee1a73407b74a519f1ff6de8ef2fee304bbc1573a393b4f4a1786da19f8dc6edd742538864af783880d08022cd92bcd14252fe69baad91f067179f00270161c0ffc9224d5f63be70c621deb369d5224003126244e6906e7f9b9faebc0dd0d445cf0985656cbb9e1c41f2ae144324fd4009ea35c98d7b8ffb4acb41ddc01038930cc57283614688b54cfd1ef2711b67a5ea800eaf264bd4c2041320fd3ac8d5d2fa3c5cfdb8a7af59462544617cd530bf71aee2004b523b525856da3dc9bb8b432be24dcd40420ec45afeb30b039e24be4ef771c986596d1ad6cec1482b91c8ab363a99701d1117a42edf04d9053c6b5e6170bbddea1a06c7dab2834d2b50e6ed6feffe609db7c19802310a7d3c5b7551aedba3581768d18402ca790df84384753dc683a443430d6ded62b646886619898c0e2572e04b47afd3c45a3f3aae142409c7c67d4e8dea95bcd00efd0ef954176ba4ad91a3823246b29d3cb8002805920d30c453b9bd395636f6fa23d5765d0d7407cd34b22a7d76ad031c64a31276647d931ee8c69e506f4d35952ccca0f2c1c5cdefbcb7de223518f7c6112cb8e7bc3b71aee485cbfaa704a2765d8dbf90d409b6c068ebfeb1e5ba11787e5505f066f667e716d113f34bd66350ff663031d7406c7ef50b2ed2c054bb6ae8d1ad17198abb4eeebc9db9bcdf86ff9d80ac179205cc80c2fc581c9e540db11f19c5d3a33f583434f3b915448be9b1338177abdc71611d3961105082f5ec63316882c9651af4932ce49e942f99f42625c20216594ebc890d04939d3992c31ff53d1dbff2225cae45341341624d040f1e14b0cb566bbff1ac8d2b8ff21600add3557a1f4232dee42806499c23451f852be7ee59514f23a367e66db1dbcfa39899b09c633550c79032e42a62fe472d26eaf660e4b8b77cfcd896578fb887ed35bc2d2e60f18ae81a4e1f754fe956f6ab2fe74ff8ebce9eb69474f34a9646b25e842d610460de8f1b2d23891af3d86826bba35245f9512c307491610e3e17174111109fc33d9db3f0e03b93e31fbe73aedb043953019a996a74399060bdcf00843a66567f12ce62c9396aacb263c3996e2df44985445121597f862e0c6d9b66267aef0cbbd7bfbf2f5d7b70d5ab81a8f867d08d40185d8bbd198652b96afe5b3d52b78bae4d94e72da61f1c38cc18979c2532a87c2063dd3a985f3ada1c15d0513a6ffb9e3b45691f8f644fc49224217eea2ecacbce1ed537fc91d7cd9feebf2d7d6e6c649618d2c7e6abf4db9f3e85ea21ffc926ef437539707d2bda36c2a16d60980a84ee807df94b6680ec4b8895ea44b68146cb963879bed151bb018693afab58ede1061b93f16f51ae4a818d41d534fa8b6e7868abc4cd58a100c7f7f4cdc9ce19b7c38c6f15f613e2d05c73ad440eb10260880b8d6fa7bf5dc8fc168585da93ecf68f73487df03f3438655f455d11f9f72a89c88fcab4371c926c743b18c332e4b07cab38372a927a7ae2d1eb668dab20e4fb433db43a8b4e302a66eb91ca14e7a7cbd4ab797ab73f0e99f1fef9bdfecf1db31914a929ff3bba8dd9c9b6b6ea054bbb7997126352757e6605c604d2b21ad70f9d62a381a0b4d2b97f8753e66df830e5c2b1021b9b2607679314e4ef7f85c6b253a1e0cc7a492d6e625d7b273ebebc484bf1bb6d83bf8e283ad1c081116461f0ad722a8776f673034c36693fbed6c478a97b617f076d7500210bbe969ab13e312abefad8dd028a192525da85d05dc0bf3ff8dda9f8ba9f48f41ddec32ab3d26e3f8948ab4ea29a5849a96a713d11f4eb7126db8e1c0e471ff3c1b46c298cd7c42d29dcf2e48aca7f17bdca8b73fd580818e3bcee3e510f6ad49af7bb1678de01a9dbacc98ba0b891fa13fc772c6e5d82ae341defce6f6def9e14c7950467e941643e20b30a18fcdd99763860137ee1ec15e24d14d6b19e7e2748f6aa0070499dddd216985c5fe219cc2c41f3de6df196ceccc01ff1765f536278ef2374ad118e7180cb886e549106c2d0669c7b2ed25a998148ffe8b2154505fe82add0bbdf1f26868a1ba85edba3f88b0b2f7caf9fa65acc018ed73a899724ca21980a8aa4e34ee077f257d50c63bf4f892d03ff475704f1a4a6cdb8a1c89f0f47da4ff64c033479695bd5d3f061e9617e77ceafa152ec39d4ae2c3bed23ee33ed20f383dc8a23ebe4ace0d710cdb2a26d0d590b93f2571f992ea12e0b57c0edf1c417e276c0b4dcb115903f18065ea164c6d5ce3b6a71bed1bfab5cfc2c3e3e21ad798cf7680f1ddbdc4d966b837423ef5a82faf65c89e22e60e7437d5c23f78831583d07aa7be0978530681e13ba3f0c298fb0ecf4d515fda912d641b40532b9ec14c26935d483064c6d22a0c63ff342"], 0x1004, 0x800)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=r8, @ANYBLOB="00000000000000003400128009000100626f6e64000000002400028005001600000000000500110001", @ANYRES16=r8], 0x54}}, 0x0)

6.748528116s ago: executing program 0 (id=2036):
socket$kcm(0x11, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000200)=0x2010003, 0x4)
sendto$inet6(r2, &(0x7f0000000180)="800037bbfa9ba1ce", 0x8, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x8d4, @remote, 0x1}, 0x1c)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_int(r3, &(0x7f0000000380)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x100, 0x2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040)={0xaa})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000080)={[{0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x3}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}], 0x1})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r8 = dup2(r7, r7)
ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f0000000040)=0x1)
ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f0000000000)=0x5)

6.74670668s ago: executing program 5 (id=2037):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r4, &(0x7f0000000000)='./file0\x00')
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000480)={{{@in6, @in=@dev}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f00000003c0)=0xe8)
mount$overlay(0x0, &(0x7f0000000640)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)={[{@lowerdir={'lowerdir', 0x3d, './file1'}}, {@index_on}, {@uuid_off}], [{@hash}, {@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, '\xaf'}}, {@smackfsroot={'smackfsroot', 0x3d, 's\xe1\x94B\xb8_swy#9#\xe7\r5\xc4\\\a\xea\x14M[\xe2\x89itch\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@flag='posixacl'}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x6000)

5.814226483s ago: executing program 5 (id=2039):
syz_emit_ethernet(0x1ce, &(0x7f0000000640)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x198, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x4, 0x1, 0x0, 0x0, {0x0, 0x6, "8bb91d", 0x0, 0x11, 0x0, @local, @empty, [@fragment, @hopopts={0x0, 0x2a, '\x00', [@ra={0x5, 0x2, 0xffff}, @generic={0x0, 0x9d, "a17e9ab13f6e142b20582c8d220c698a74dbf13dfc0ad1f526dfc43313759300929090dd4792ce67ea9f8769d3246f94412c56e0247939ed4b318e4b6066b72d91d9aff97fcf30977dfd4028dea535a8e9d1682c4794d255d62089716f2f97577f9bef264da3cfd3e5511fb253122f61808a73cc2e760f93ceb68a0db2613cf0956b23235f057c2f980a19266a6bb4a33a17f550a571c5b4211c6fa371"}, @ra, @generic={0x0, 0x8c, "65fd1a52737fa1ec91495f4d25a766a5dd36bcffb376f4b35d4a5bc51b0f8fb9a273282a9c8ef192a4de26c8732765dbeb6ce083e81cebf0612d1cc7956b78fb34ce0e4a867c8b4094bab04b23680ba97ad5c624055e8504a7a121cf38a402a7aa80e05dbe56fecab8b014420231c0e997cbfda9bdc7f29e3a8b13dcfc396cf6ff1fcd8a7f43a107871fdd7e"}, @generic={0x0, 0x12, "8b168e4b48529453d91cea424030c8b20063"}, @calipso={0x7, 0x8}]}]}}}}}}}, 0x0)

5.66071941s ago: executing program 7 (id=2040):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100))
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd29, 0x25dfdbff, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0xb55a, 0x9e, 0x800, 0x0, 0x6, 0x1}, [@TCA_NETEM_RATE64={0xc, 0x8, 0x6c1d2c4110c6a71c}]}}}]}, 0x58}}, 0x0)
r4 = dup3(r0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000001800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0xcc, &(0x7f0000000040)={{0xa, 0x4e22, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}, 0x478}, {0xa, 0x4e22, 0x8, @private2, 0x8}, 0x1, {[0xa, 0xf5, 0x5, 0x9, 0x100, 0x6, 0x8, 0x4]}}, 0x5c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x24, 0x5a, 0x1, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x24}}, 0x0)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000240)=<r8=>0x0)
prlimit64(r8, 0x3, &(0x7f0000000440)={0x9, 0x893e}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r6, {0xffe0}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x5}}]}}]}, 0x3c}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.571542563s ago: executing program 0 (id=2041):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x20050800)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
getsockname$packet(r1, 0x0, &(0x7f0000000080))
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2800004}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x64, 0x1, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_HELP_NAME={0x9, 0x6, 'pptp\x00'}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASK={0x2c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1e}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2b}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x800)

5.570663891s ago: executing program 5 (id=2042):
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="002b00000008000300"/18, @ANYRES32=r2, @ANYBLOB="04004600040051800a0034000101010101010000080026006c090000"], 0x38}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$TCFLSH(r7, 0x400455c8, 0x1)
ioctl$TIOCSETD(r7, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040))
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000340)=0xff)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0x80)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000240))
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000001c0))
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
read$FUSE(r8, &(0x7f00000103c0)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r8, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.50366445s ago: executing program 2 (id=2043):
r0 = socket$caif_stream(0x25, 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)=ANY=[@ANYRES8=r0], 0x48)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000580)=0x803, 0x4)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0xffffffffffffffff)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20004000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
fsopen(&(0x7f0000000080)='nfs\x00', 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)

4.389453001s ago: executing program 2 (id=2044):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
lsm_list_modules(0x0, 0x0, 0x300)
gettid()
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
set_mempolicy(0x3, 0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40080, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000100000000000000000000000018040000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000050000000bca9000000000000350901000700000095000000000000003f9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pread64(r2, &(0x7f0000000300)=""/112, 0x70, 0x5)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0), 0x8042, 0x0)
write$vga_arbiter(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB='lock io'], 0x8)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
write$vga_arbiter(r4, &(0x7f0000000200)=ANY=[@ANYBLOB='unlock mem'], 0xb)
r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0xd00, 0x0)
close(0xffffffffffffffff)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
syz_io_uring_setup(0xd2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x0, 0x0, 0x0, r5}, &(0x7f0000000280)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x4007, @fd_index=0x6, 0x0, 0x0, 0x0, 0x2, 0x0, {0x3}})
syz_clone(0x200030e4, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
io_uring_setup(0x1edf, &(0x7f00000001c0))

2.488959872s ago: executing program 1 (id=2045):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'ipvlan1\x00', 0x400})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000740)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$unix(0x1, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000001300)=""/234, 0xea}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f00000000c0)={'a', ' *:* ', 'm\x00'}, 0x8)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
pread64(r6, &(0x7f0000000180)=""/73, 0x49, 0x0)
ioctl$SG_EMULATED_HOST(r6, 0x2203, &(0x7f0000000140))

2.057703961s ago: executing program 2 (id=2046):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NFC_CMD_SE_IO(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x44800)
io_setup(0x6, &(0x7f0000000140))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, 0x1, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x800)
sendmsg$NFC_CMD_DISABLE_SE(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r1, 0x40b, 0x70bd27, 0x25dfdbfe, {}, [@NFC_ATTR_SE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x800)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x84, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x60, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6e}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x38, 0x24}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x48}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}]}, 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x18, 0x0, 0x0, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20008850}, 0x80)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000680)={0xc})
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000980)=<r5=>0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000009c0)={{{@in6=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@initdev}, 0x0, @in=@local}}, &(0x7f0000000ac0)=0xe8)
getresgid(&(0x7f0000000b00), &(0x7f0000000b40)=<r7=>0x0, &(0x7f0000000b80))
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@multicast2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@remote}, 0x0, @in6=@private1}}, &(0x7f0000000cc0)=0xe8)
lstat(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000e00)=@o_path={&(0x7f0000000dc0)='./file0\x00', 0x0, 0x4000, r3}, 0x18)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000e40)={0x10000, <r11=>r2, 0x1})
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000e80)=<r12=>0x0)
getgroups(0x2, &(0x7f0000000ec0)=[<r13=>0x0, 0xee01])
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000f00)={0x0, <r14=>0x0})
r15 = geteuid()
fstat(r2, &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0})
r17 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000001440), 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000001480)={0x0, <r18=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000001500)={{0x1, 0x1, 0x18, r2, {<r19=>0xee00, 0xee00}}, './file0\x00'})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000001540)={0x0, 0x0, <r20=>0x0}, &(0x7f0000001580)=0xc)
ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f00000015c0)={0x6, 0x4bb9, {<r21=>0xffffffffffffffff}, {0xffffffffffffffff}, 0x401, 0x401})
sendmmsg$unix(r3, &(0x7f0000001ac0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000006c0)="2d78e40e5463c31d44422b322e8d752b7780b300d95399a2332ed27aba013f478902b830e3ba95", 0x27}, {&(0x7f0000000700)="e947e3a6aa8d387c64cd82cc8d8f4821d26d38255a8ab5d94002ba936bfb28", 0x1f}, {&(0x7f0000000740)="784ed8c78f682a7c23244d634f91ae4aa3cd130b6e660233a05458c1f6c078c97a05c1927c928125f2560be4948ab4123481e920079c1ed9ea39013f2248ad95a825f6b8c3ca84026ccc85e3b6a9f2c56a5399f1f8c32de1f9a609a43ebd74427db3b251f9ecabb6a39cb399148136ac641017fd584dcf2828a1cc5895960104", 0x80}, {&(0x7f00000007c0)="09df40fad1471ca5be81a30e24", 0xd}, {&(0x7f0000000800)="5cc1d6c16158753ed0d137aed9f9320268de974b93ed3570dd94da3b4c4e8766d22b043129fd73bbb17df019effedc8b06f926683552a474914f14bbc07afea4fecdcc89ccefba696b7985bb78a70a8f6ac419368cd35103a32979e73b709dc95f2683c66c99bbe047553d1819e19b70c10f371d274befa3a38123febcc911b2e285557564d335e4ba592f11ccd0e3d3b4c03ec6f08122a719379fe692abf29a8a01d53230793dea27271b6b1ef8902ae1e64a8117b4c414923cf405704f15ca72e3e9e7b35fc6108c5ca3c0d6ef26360deae447c755e169198cb8d96ee7276dea26abab50544077db66a822b393d0ab54bc", 0xf2}], 0x5, &(0x7f0000000fc0)=[@cred={{0x1c, 0x1, 0x2, {r5, r6, r7}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r8, r9}}}, @rights={{0x30, 0x1, 0x1, [r10, r2, r2, r2, r3, r2, r3, r2]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r2, r3, r3, r11, r3, r2, r2]}}, @cred={{0x1c, 0x1, 0x2, {r12, 0xffffffffffffffff, r13}}}, @cred={{0x1c, 0x1, 0x2, {r14, r15, r16}}}, @rights={{0x14, 0x1, 0x1, [r2]}}, @rights={{0x28, 0x1, 0x1, [r2, r3, r3, r2, r3, r2]}}], 0x120, 0x4010}}, {{&(0x7f0000001100)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001400)=[{&(0x7f0000001180)="990ac3c8daffc0972d470e33bbbfafd84adc92864c27d13ab2e75f5fd8fe72f24356e739c4b19ee05c9fe4a15caa994601eafeeda9be0a11d389ef76f762387c2022ec26757b20f1bbb26a149074daf56519b1aacda1ea463ef6d72a3d160060d6f5e341d2e6b47e7e550df637ae8652afebb0bc7b3e3af040ec34e69a41283c77f210258d47a367b98ece612a61009c95b0c349cc51329c3684c6d2df621b27a9c3e36652f06ca29693c8ccb6befdd09f0cb59e1ca8e0cb3487c3f9db1d4c0363f5ed8046ba1a70bf1bfd902cd56c9797d4b946ffb36f56bc6e969503", 0xdd}, {&(0x7f0000001280)="4155a2e687c8e61ec4e502524d1e5c4bdaa83936a9eeb726887ccc9c6c9b069f2aa617d34faf39faa5ce72d56e6b51e488b0690601fbe68ad082c7e13a216165d552a9c5d046b1757f05023f19ff4bae9e6315253245261ca0837d3e7c6b0fa41eae145e", 0x64}, {&(0x7f0000001300)="6fb5d7bb94e9e47a2098cfc54c007afd7465646b54903845789cc53dbd10e95c427bbce78a1c19a492337d7d9fda43f33e98accfcea8ca50aa3f1038cb06b6229da9a9f8b2d64f0c68c085dbd36c101b2e64e3f89890cf73d9d66417bc115ffb57c80c05282ca792c7709ad25239dc3601b2a5bdd69be7917e1bbc3fd4e0a719b17aed9b1bda3c91fa8e0074a21663fd9170de4d035b2a504e7699450bb7802b70148356f02c8485706e6b1f", 0xac}, {&(0x7f00000013c0)}], 0x4, &(0x7f00000019c0)=[@rights={{0x14, 0x1, 0x1, [r17]}}, @cred={{0x1c, 0x1, 0x2, {r18, r19, r20}}}, @cred={{0x1c, 0x1, 0x2, {r21}}}, @rights={{0x28, 0x1, 0x1, [r2, r2, r3, r2, r2, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @rights={{0x24, 0x1, 0x1, [r2, r2, r3, r2, r3]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0xe8, 0x20008040}}], 0x2, 0x760485d7f7e6a967)

2.004382127s ago: executing program 7 (id=2047):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x74d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
socket$kcm(0x29, 0x2, 0x0)
unshare(0x22020400)
unshare(0x10080)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000380), 0x4)
setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000280)={{}, 0x78}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000240)={0x20, 0x35, 0x5d, {0x5d, 0x3, "05820cf2e086b7358b69058c6d8616720b2a7e6ad80fa1ac248ab3b40000000000006e1a9dd467d935c19f5bb6933a835eba11ba5477429ea1a1e9d052c9eaa8382f40eeacecbdb0423595377f7c7be4cdc8eb7a8621f062a141a2"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.193653435s ago: executing program 0 (id=2048):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffe)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x40000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x10000000, 0xfffffffffffffffe, 0x1, 0x0, 0x0, 0x5]})
sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="0c63264954a5f26d"], 0x1c}, 0x1, 0x0, 0x0, 0x4004841}, 0x4810)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.193266644s ago: executing program 1 (id=2049):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000600)="600e000104004824958e097144c1", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a10a000b000140020203600e41b0000900ac0006031100000016001500090002000000035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x3cc, 0x65, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}}, [@filter_kind_options=@f_route={{0xa}, {0x39c, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xa, 0xe}}, @TCA_ROUTE4_ACT={0x390, 0x6, [@m_simple={0x200, 0x1f, 0x0, 0x0, {{0xb}, {0xa8, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x401, 0x2, 0x1, 0x2, 0x8}}, @TCA_DEF_DATA={0x2d, 0x3, '@-^[\xa5&,.\x00pe\xe9\xb9\xf1Q+=\xdf\xacqd\xb4\xd3\rj6\xb4\xa6fz\x91\xa6\xe9\xdfy\xef\xbcY\xbb[a'}, @TCA_DEF_DATA={0x7, 0x3, 'lo\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x403, 0xfffffffffffffffe, 0x6, 0x2}}, @TCA_DEF_PARMS={0x18, 0x2, {0x3, 0xfb, 0x10000000, 0x695b, 0xffffffff}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x1, 0x10000000, 0x4, 0x8}}, @TCA_DEF_DATA={0xb, 0x3, 'j\xbf!*{$\x00'}]}, {0x12d, 0x6, "bb56072c27c5e2984fb9b39740c7dea2e6372a168bf1fdb8ecb6019c9f5db834fcaca18620641b7aab2922f69d2f9b062f5ec4be8a5a603fe7236ffd67f60e9e007b34e0f9cb58fc8855dae5289e4e856559f64bc5a1c5683263937fdd088e5f34874e0d2d2273a7a09810d9042b32fb69223c74e88c41fda5268c22a3107d32ee49d3a99665178abfde24d27a872b23ece9d09c9560070a6e3cca383ccb4d1a6d7c302ab3ee820e67d26e78f72566a2f9765698d783e6c14d8da6156473bc39143eaba66c1921f94f19f65bc88b127c0eb8ac765b9220105c7c1060a0dd863f80d90bc3848a4fa52f73aaa4e21a1f0d6078cc5386cdfb2eef199f5261cf64455c3d8b7584e7e01a4e794f882f04307913cd5e00e1ebd8bbb0e6ed906dfc64b4608f285ecdef3d31a8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_xt={0x84, 0x6, 0x0, 0x0, {{0x7}, {0x30, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x3}]}, {0x2d, 0x6, "a5253fa303177a58da34b3cbe73fc5a4963269cc278d679372af47f8a41503e725cc83e204a4adf520"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_mpls={0xac, 0x15, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xfffffff9, 0x5, 0x8, 0x7, 0x4}, 0x3}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7, 0x6, 0x5, 0x3, 0x800}, 0x1}}]}, {0x45, 0x6, "b785195954bf29eb39a865c5695a7ac46cec065f7db06dbdba2e8cf062693312261bf71915b2d84a074fd931b04b8440933794ba3bc0c3d3302773efdb92a21687"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0x5c, 0x1b, 0x0, 0x0, {{0x8}, {0x34, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x4, 0x3, 0x6, 0x4, 0x7}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6, 0x7, 0x20000000, 0x0, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x3cc}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000009aaf40b74fbd010000000900d00073797a310000000040000000030a010200000000008f128237267707aa00030073797a3200000000140004800800080001400000000000010020000c00024000000000000000010900010073797a3100000000140000001100010000000000000000000000000a000000000000ba3cd148835a9e9d5e4619cd7633746741c2681e96fb49c487a3e1031fa6a8523a99d46f2e9d97ce32e88b5c75351629c52438998938167ffe3213eb25de3f084c6b741eb3a8637f5c5017a96b92be70f12200d06e36284dcc31f559362ad9b7aec0c287ec073fdc7396a1909f4789a1d809e4a15ff7757f503b38b4cc08b352039443f73925b1dc65dd1afccf410d35ffcbd12fdb782b7fe785d35dd7753c48abd93220da65"], 0xb4}}, 0x0)

1.192837239s ago: executing program 2 (id=2050):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r4, &(0x7f0000000000)='./file0\x00')
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000480)={{{@in6, @in=@dev}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f00000003c0)=0xe8)
mount$overlay(0x0, &(0x7f0000000640)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)={[{@lowerdir={'lowerdir', 0x3d, './file1'}}, {@index_on}, {@uuid_off}], [{@hash}, {@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, '\xaf'}}, {@smackfsroot={'smackfsroot', 0x3d, 's\xe1\x94B\xb8_swy#9#\xe7\r5\xc4\\\a\xea\x14M[\xe2\x89itch\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@flag='posixacl'}]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x6000)

1.192275598s ago: executing program 5 (id=2051):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000600)="600e000104004824958e097144c1", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a10a000b000140020203600e41b0000900ac0006031100000016001500090002000000035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x3cc, 0x65, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}}, [@filter_kind_options=@f_route={{0xa}, {0x39c, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xa, 0xe}}, @TCA_ROUTE4_ACT={0x390, 0x6, [@m_simple={0x200, 0x1f, 0x0, 0x0, {{0xb}, {0xa8, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x401, 0x2, 0x1, 0x2, 0x8}}, @TCA_DEF_DATA={0x2d, 0x3, '@-^[\xa5&,.\x00pe\xe9\xb9\xf1Q+=\xdf\xacqd\xb4\xd3\rj6\xb4\xa6fz\x91\xa6\xe9\xdfy\xef\xbcY\xbb[a'}, @TCA_DEF_DATA={0x7, 0x3, 'lo\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x403, 0xfffffffffffffffe, 0x6, 0x2}}, @TCA_DEF_PARMS={0x18, 0x2, {0x3, 0xfb, 0x10000000, 0x695b, 0xffffffff}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x1, 0x10000000, 0x4, 0x8}}, @TCA_DEF_DATA={0xb, 0x3, 'j\xbf!*{$\x00'}]}, {0x12d, 0x6, "bb56072c27c5e2984fb9b39740c7dea2e6372a168bf1fdb8ecb6019c9f5db834fcaca18620641b7aab2922f69d2f9b062f5ec4be8a5a603fe7236ffd67f60e9e007b34e0f9cb58fc8855dae5289e4e856559f64bc5a1c5683263937fdd088e5f34874e0d2d2273a7a09810d9042b32fb69223c74e88c41fda5268c22a3107d32ee49d3a99665178abfde24d27a872b23ece9d09c9560070a6e3cca383ccb4d1a6d7c302ab3ee820e67d26e78f72566a2f9765698d783e6c14d8da6156473bc39143eaba66c1921f94f19f65bc88b127c0eb8ac765b9220105c7c1060a0dd863f80d90bc3848a4fa52f73aaa4e21a1f0d6078cc5386cdfb2eef199f5261cf64455c3d8b7584e7e01a4e794f882f04307913cd5e00e1ebd8bbb0e6ed906dfc64b4608f285ecdef3d31a8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_xt={0x84, 0x6, 0x0, 0x0, {{0x7}, {0x30, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x3}]}, {0x2d, 0x6, "a5253fa303177a58da34b3cbe73fc5a4963269cc278d679372af47f8a41503e725cc83e204a4adf520"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_mpls={0xac, 0x15, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xfffffff9, 0x5, 0x8, 0x7, 0x4}, 0x3}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7, 0x6, 0x5, 0x3, 0x800}, 0x1}}]}, {0x45, 0x6, "b785195954bf29eb39a865c5695a7ac46cec065f7db06dbdba2e8cf062693312261bf71915b2d84a074fd931b04b8440933794ba3bc0c3d3302773efdb92a21687"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0x5c, 0x1b, 0x0, 0x0, {{0x8}, {0x34, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x4, 0x3, 0x6, 0x4, 0x7}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6, 0x7, 0x20000000, 0x0, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x3cc}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000009aaf40b74fbd010000000900d00073797a310000000040000000030a010200000000008f128237267707aa00030073797a3200000000140004800800080001400000000000010020000c00024000000000000000010900010073797a3100000000140000001100010000000000000000000000000a000000000000ba3cd148835a9e9d5e4619cd7633746741c2681e96fb49c487a3e1031fa6a8523a99d46f2e9d97ce32e88b5c75351629c52438998938167ffe3213eb25de3f084c6b741eb3a8637f5c5017a96b92be70f12200d06e36284dcc31f559362ad9b7aec0c287ec073fdc7396a1909f4789a1d809e4a15ff7757f503b38b4cc08b352039443f73925b1dc65dd1afccf410d35ffcbd12fdb782b7fe785d35dd7753c48abd93220da65"], 0xb4}}, 0x0)

330.819082ms ago: executing program 0 (id=2052):
r0 = accept4$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000002c0)=0xfffffffffffffca8, 0x80800)
getsockname$packet(r0, 0x0, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f0000000300)={0x1d, r2}, 0x10)
readv(r1, &(0x7f0000000100)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r6}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

329.868527ms ago: executing program 1 (id=2053):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r2 = accept(r1, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=@newtaction={0x114, 0x30, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [{0x100, 0x1, [@m_ipt={0xd0, 0xf, 0x0, 0x0, {{0x8}, {0x5c, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x80}, @TCA_IPT_HOOK={0x8, 0x2, 0x3}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x4d, 0x6, "63751654e9b474b1183b75e7617d06046f9500768c9cc003b79d7ea2d7e20b36ded7577cab5a20ede33101e4fb72ee07503ee12cd5b50a06c32883f4674ca662fe36f9e6e5f6a128c7"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ipt={0x2c, 0xb, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x2004c095}, 0x1)
recvmsg$can_raw(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)=""/70, 0x46}, {&(0x7f0000000280)=""/204, 0xcc}], 0x2}, 0x40012002)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x700, 0x12)
recvmsg$qrtr(r6, &(0x7f00000003c0)={&(0x7f0000000180), 0xc, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/31, 0x1f}], 0x1, &(0x7f0000000640)=[{0xd0, 0x0, 0x0, ""/185}, {0x18, 0x0, 0x0, ""/5}], 0xe8, 0x10020}, 0x38, 0x12102)
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10)
futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, 0x0, 0x0)

256.771396ms ago: executing program 5 (id=2054):
r0 = socket$caif_stream(0x25, 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)=ANY=[@ANYRES8=r0], 0x48)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000580)=0x803, 0x4)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0xffffffffffffffff)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20004000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
fsopen(&(0x7f0000000080)='nfs\x00', 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)

192.685678ms ago: executing program 2 (id=2055):
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
r1 = epoll_create(0x10000e9)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r3 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r2, 0x0)
fcntl$addseals(r3, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000100)={r3, 0x0, 0x0, 0x1000})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000080)={0x2025})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x4000000, 0x3, 0x3, 0x0, 0x8001, 0x1000000}, 0x0, &(0x7f0000000180)={0x4e, 0x8, 0xc98, 0x0, 0x0, 0x9, 0x7fffffff, 0x3}, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, &(0x7f0000000240)=0x91, 0x4)
socket$caif_stream(0x25, 0x1, 0x5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
sendto$inet6(r6, &(0x7f00000000c0)="8c", 0x1, 0x1000, 0x0, 0x0)
shutdown(r6, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000002280)=0x40)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x3d, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000001300)="259374c96ee32f8d294c9fc6746590253ee96645fcef4c89cf58a03ee946310398ca18e157b9eebaaddb9a75b83ddce4aaae9f1ea011fdb0fc3a4d8aea", 0x0, 0x0, 0x0, 0x0, 0x0})

376.712µs ago: executing program 2 (id=2056):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/13, @ANYRES32], 0x50)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket(0x2, 0x5, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x80000001, 0x0, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x7, 0x8, {<r4=>0x0}, {0xee01}, 0x0, 0x4000000000})
prlimit64(r4, 0xe, &(0x7f0000000000)={0x8, 0x100008d}, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
pipe(0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r6, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)

0s ago: executing program 5 (id=2057):
openat$urandom(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r0 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f00000000c0)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x8, &(0x7f0000000200)={[{}, {}]})

kernel console output (not intermixed with test programs):

.003264][   T29] audit: type=1400 audit(1733631604.468:718): avc:  denied  { read } for  pid=11526 comm="syz.2.1452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  471.085763][   T29] audit: type=1400 audit(1733631604.568:719): avc:  denied  { lock } for  pid=11526 comm="syz.2.1452" path="socket:[30630]" dev="sockfs" ino=30630 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  471.109031][    C1] vkms_vblank_simulate: vblank timer overrun
[  471.218472][   T29] audit: type=1400 audit(1733631604.698:720): avc:  denied  { execute } for  pid=11537 comm="syz.3.1455" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=30833 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  471.243033][    C1] vkms_vblank_simulate: vblank timer overrun
[  471.493313][  T969] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  471.751929][   T29] audit: type=1400 audit(1733631605.228:721): avc:  denied  { ioctl } for  pid=11547 comm="syz.4.1458" path="socket:[30844]" dev="sockfs" ino=30844 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  471.776805][    C1] vkms_vblank_simulate: vblank timer overrun
[  471.787404][T11548] FAULT_INJECTION: forcing a failure.
[  471.787404][T11548] name failslab, interval 1, probability 0, space 0, times 0
[  471.803502][  T969] usb 2-1: device descriptor read/64, error -71
[  471.810976][T11548] CPU: 0 UID: 0 PID: 11548 Comm: syz.4.1458 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  471.821738][T11548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  471.831780][T11548] Call Trace:
[  471.835046][T11548]  <TASK>
[  471.837964][T11548]  dump_stack_lvl+0x16c/0x1f0
[  471.842638][T11548]  should_fail_ex+0x497/0x5b0
[  471.847298][T11548]  ? fs_reclaim_acquire+0xae/0x150
[  471.852402][T11548]  should_failslab+0xc2/0x120
[  471.857072][T11548]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  471.862865][T11548]  ? __alloc_skb+0x2b1/0x380
[  471.867446][T11548]  __alloc_skb+0x2b1/0x380
[  471.871848][T11548]  ? __pfx___alloc_skb+0x10/0x10
[  471.876773][T11548]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  471.882745][T11548]  netlink_alloc_large_skb+0x69/0x130
[  471.888109][T11548]  netlink_sendmsg+0x689/0xd70
[  471.892871][T11548]  ? __pfx_netlink_sendmsg+0x10/0x10
[  471.898155][T11548]  ____sys_sendmsg+0xaaf/0xc90
[  471.902910][T11548]  ? copy_msghdr_from_user+0x10b/0x160
[  471.908355][T11548]  ? __pfx_____sys_sendmsg+0x10/0x10
[  471.913660][T11548]  ___sys_sendmsg+0x135/0x1e0
[  471.918337][T11548]  ? __pfx____sys_sendmsg+0x10/0x10
[  471.923548][T11548]  ? __pfx_lock_release+0x10/0x10
[  471.928589][T11548]  ? trace_lock_acquire+0x14e/0x1f0
[  471.933800][T11548]  ? __fget_files+0x206/0x3a0
[  471.938472][T11548]  __sys_sendmsg+0x16e/0x220
[  471.943053][T11548]  ? __pfx___sys_sendmsg+0x10/0x10
[  471.948163][T11548]  do_syscall_64+0xcd/0x250
[  471.952659][T11548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.958541][T11548] RIP: 0033:0x7f1b6ab7fed9
[  471.962965][T11548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.982560][T11548] RSP: 002b:00007f1b6b92a058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  471.990962][T11548] RAX: ffffffffffffffda RBX: 00007f1b6ad45fa0 RCX: 00007f1b6ab7fed9
[  471.998918][T11548] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
[  472.006876][T11548] RBP: 00007f1b6b92a0a0 R08: 0000000000000000 R09: 0000000000000000
[  472.014830][T11548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.022789][T11548] R13: 0000000000000000 R14: 00007f1b6ad45fa0 R15: 00007ffff07fcf78
[  472.030771][T11548]  </TASK>
[  472.061254][T11550] veth0_macvtap: left promiscuous mode
[  472.174484][  T969] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  472.333240][  T969] usb 2-1: device descriptor read/64, error -71
[  472.443520][  T969] usb usb2-port1: attempt power cycle
[  473.973461][  T969] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  475.139777][  T969] usb 2-1: device descriptor read/8, error -71
[  475.341761][T11601] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1476'.
[  475.351465][T11601] bond0: option ad_select: unable to set because the bond device is up
[  475.494819][   T29] audit: type=1326 audit(1733631608.978:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.2.1479" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f003f97fed9 code=0x0
[  475.523228][T11262] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  475.686192][T11262] usb 4-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  475.695606][T11262] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.705765][T11262] usb 4-1: Product: syz
[  475.710102][T11262] usb 4-1: Manufacturer: syz
[  475.715272][T11262] usb 4-1: SerialNumber: syz
[  475.729732][T11262] usb 4-1: config 0 descriptor??
[  475.738696][T11262] gspca_main: sq905c-2.14.0 probing 2770:9052
[  476.254972][T11262] gspca_sq905c: sq905c_command: usb_control_msg failed (-110)
[  476.262886][T11262] sq905c 4-1:0.0: Get version command failed
[  476.487433][T11262] sq905c 4-1:0.0: probe with driver sq905c failed with error -110
[  476.694938][T11621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1483'.
[  478.298595][T11621] bond0 (unregistering): Released all slaves
[  478.344391][ T5897] usb 4-1: USB disconnect, device number 32
[  478.533433][   T29] audit: type=1400 audit(1733631611.988:723): avc:  denied  { map } for  pid=11642 comm="syz.0.1488" path="/dev/tty20" dev="devtmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  478.598457][   T29] audit: type=1400 audit(1733631611.988:724): avc:  denied  { execute } for  pid=11642 comm="syz.0.1488" path="/dev/tty20" dev="devtmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  478.950462][T11659] binder: BINDER_SET_CONTEXT_MGR already set
[  478.970098][T11659] binder: 11635:11659 ioctl 4018620d 20000100 returned -16
[  479.029745][T11649] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1491'.
[  479.043992][T11659] binder: BINDER_SET_CONTEXT_MGR already set
[  479.050043][T11659] binder: 11635:11659 ioctl 4018620d 200002c0 returned -16
[  479.344329][   T29] audit: type=1400 audit(1733631612.818:725): avc:  denied  { read } for  pid=11669 comm="syz.4.1494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  480.804471][T11688] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  480.927344][T11696] FAULT_INJECTION: forcing a failure.
[  480.927344][T11696] name failslab, interval 1, probability 0, space 0, times 0
[  480.969948][T11696] CPU: 1 UID: 0 PID: 11696 Comm: syz.1.1499 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  480.980777][T11696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  480.990846][T11696] Call Trace:
[  480.994134][T11696]  <TASK>
[  480.997075][T11696]  dump_stack_lvl+0x16c/0x1f0
[  481.001782][T11696]  should_fail_ex+0x497/0x5b0
[  481.006481][T11696]  ? fs_reclaim_acquire+0xae/0x150
[  481.011622][T11696]  should_failslab+0xc2/0x120
[  481.016316][T11696]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  481.022134][T11696]  ? __alloc_skb+0x2b1/0x380
[  481.026739][T11696]  __alloc_skb+0x2b1/0x380
[  481.031169][T11696]  ? __pfx___alloc_skb+0x10/0x10
[  481.036122][T11696]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  481.042127][T11696]  netlink_alloc_large_skb+0x69/0x130
[  481.047525][T11696]  netlink_sendmsg+0x689/0xd70
[  481.052317][T11696]  ? __pfx_netlink_sendmsg+0x10/0x10
[  481.057634][T11696]  ____sys_sendmsg+0xaaf/0xc90
[  481.062413][T11696]  ? copy_msghdr_from_user+0x10b/0x160
[  481.067884][T11696]  ? __pfx_____sys_sendmsg+0x10/0x10
[  481.073199][T11696]  ___sys_sendmsg+0x135/0x1e0
[  481.077890][T11696]  ? __pfx____sys_sendmsg+0x10/0x10
[  481.083112][T11696]  ? __pfx_lock_release+0x10/0x10
[  481.088149][T11696]  ? trace_lock_acquire+0x14e/0x1f0
[  481.093377][T11696]  ? __fget_files+0x206/0x3a0
[  481.098071][T11696]  __sys_sendmsg+0x16e/0x220
[  481.102669][T11696]  ? __pfx___sys_sendmsg+0x10/0x10
[  481.107806][T11696]  do_syscall_64+0xcd/0x250
[  481.112321][T11696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.118230][T11696] RIP: 0033:0x7f57b637fed9
[  481.122655][T11696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.142285][T11696] RSP: 002b:00007f57b41f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  481.150721][T11696] RAX: ffffffffffffffda RBX: 00007f57b6545fa0 RCX: 00007f57b637fed9
[  481.158723][T11696] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003
[  481.166723][T11696] RBP: 00007f57b41f60a0 R08: 0000000000000000 R09: 0000000000000000
[  481.174714][T11696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.182704][T11696] R13: 0000000000000000 R14: 00007f57b6545fa0 R15: 00007fff463c6da8
[  481.190706][T11696]  </TASK>
[  481.313605][T11706] netlink: 'syz.3.1505': attribute type 12 has an invalid length.
[  481.521301][T11711] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  482.863904][T11741] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1508'.
[  483.272023][T11742] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1509'.
[  483.281347][T11742] bond0: option ad_select: unable to set because the bond device is up
[  484.055000][T11746] FAULT_INJECTION: forcing a failure.
[  484.055000][T11746] name failslab, interval 1, probability 0, space 0, times 0
[  484.123068][T11746] CPU: 1 UID: 0 PID: 11746 Comm: syz.4.1511 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  484.133882][T11746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  484.143958][T11746] Call Trace:
[  484.147306][T11746]  <TASK>
[  484.150248][T11746]  dump_stack_lvl+0x16c/0x1f0
[  484.154949][T11746]  should_fail_ex+0x497/0x5b0
[  484.159631][T11746]  ? fs_reclaim_acquire+0xae/0x150
[  484.164768][T11746]  should_failslab+0xc2/0x120
[  484.169455][T11746]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  484.175267][T11746]  ? __alloc_skb+0x2b1/0x380
[  484.179870][T11746]  __alloc_skb+0x2b1/0x380
[  484.184302][T11746]  ? __pfx___alloc_skb+0x10/0x10
[  484.189265][T11746]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  484.195274][T11746]  netlink_alloc_large_skb+0x69/0x130
[  484.200681][T11746]  netlink_sendmsg+0x689/0xd70
[  484.205473][T11746]  ? __pfx_netlink_sendmsg+0x10/0x10
[  484.210789][T11746]  ____sys_sendmsg+0xaaf/0xc90
[  484.215572][T11746]  ? copy_msghdr_from_user+0x10b/0x160
[  484.221046][T11746]  ? __pfx_____sys_sendmsg+0x10/0x10
[  484.226357][T11746]  ___sys_sendmsg+0x135/0x1e0
[  484.231042][T11746]  ? __pfx____sys_sendmsg+0x10/0x10
[  484.236256][T11746]  ? __pfx_lock_release+0x10/0x10
[  484.241283][T11746]  ? trace_lock_acquire+0x14e/0x1f0
[  484.246509][T11746]  ? __fget_files+0x206/0x3a0
[  484.251206][T11746]  __sys_sendmsg+0x16e/0x220
[  484.255815][T11746]  ? __pfx___sys_sendmsg+0x10/0x10
[  484.260963][T11746]  do_syscall_64+0xcd/0x250
[  484.265483][T11746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.271388][T11746] RIP: 0033:0x7f1b6ab7fed9
[  484.275815][T11746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  484.295446][T11746] RSP: 002b:00007f1b6b92a058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  484.303869][T11746] RAX: ffffffffffffffda RBX: 00007f1b6ad45fa0 RCX: 00007f1b6ab7fed9
[  484.311844][T11746] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  484.319826][T11746] RBP: 00007f1b6b92a0a0 R08: 0000000000000000 R09: 0000000000000000
[  484.327810][T11746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  484.335800][T11746] R13: 0000000000000000 R14: 00007f1b6ad45fa0 R15: 00007ffff07fcf78
[  484.343791][T11746]  </TASK>
[  484.504044][   T29] audit: type=1326 audit(1733631617.988:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11755 comm="syz.0.1512" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d4db7fed9 code=0x0
[  485.548795][T11789] overlayfs: missing 'lowerdir'
[  485.596643][T11789] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  486.044811][T11781] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1518'.
[  486.141453][T11800] 8021q: adding VLAN 0 to HW filter on device bond1
[  486.171564][T11800] bond0: (slave bond1): Enslaving as an active interface with an up link
[  486.473192][T11815] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1523'.
[  486.482275][T11815] bond0: option ad_select: unable to set because the bond device is up
[  487.183489][  T970] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  487.453376][  T970] usb 2-1: Using ep0 maxpacket: 8
[  487.461549][  T970] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[  487.471173][  T970] usb 2-1: config 0 has an invalid interface number: 21 but max is 0
[  487.493567][  T970] usb 2-1: config 0 has no interface number 0
[  487.501296][  T970] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  487.513545][  T970] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  487.551488][  T970] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  488.232025][  T970] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  488.241326][  T970] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  488.250548][  T970] usb 2-1: Product: syz
[  488.256654][  T970] usb 2-1: config 0 descriptor??
[  488.262255][T11810] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  489.132923][   T29] audit: type=1400 audit(1733631622.488:727): avc:  denied  { ioctl } for  pid=11809 comm="syz.1.1522" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x7040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  489.843578][  T970] usb 2-1: USB disconnect, device number 58
[  491.017028][T11889] IPVS: set_ctl: invalid protocol: 41 172.20.20.28:20001
[  491.026859][   T29] audit: type=1400 audit(1733631624.508:728): avc:  denied  { listen } for  pid=11888 comm="syz.1.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  492.294639][T11896] sp0: Synchronizing with TNC
[  492.367332][T11904] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1541'.
[  492.469996][T11916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1544'.
[  492.482683][T11916] geneve0: entered promiscuous mode
[  492.488353][T11916] geneve0: entered allmulticast mode
[  492.673295][T11262] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  492.733323][  T970] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  492.853858][T11262] usb 4-1: Using ep0 maxpacket: 16
[  492.863258][T11262] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.874442][T11262] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.884310][T11262] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  492.893469][  T970] usb 2-1: Using ep0 maxpacket: 16
[  492.897228][T11262] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  492.906163][  T970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.911325][T11262] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.925898][  T970] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.940471][  T970] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  492.942221][T11262] usb 4-1: config 0 descriptor??
[  492.960453][  T970] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  492.970787][  T970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.984953][  T970] usb 2-1: config 0 descriptor??
[  493.365701][T11262] microsoft 0003:045E:07DA.0029: ignoring exceeding usage max
[  493.389015][T11262] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0029/input/input63
[  493.396691][  T970] microsoft 0003:045E:07DA.002A: ignoring exceeding usage max
[  493.991313][T11262] microsoft 0003:045E:07DA.0029: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  494.008779][T11262] usb 4-1: USB disconnect, device number 33
[  494.009066][  T970] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.002A/input/input64
[  494.181510][  T970] microsoft 0003:045E:07DA.002A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  494.215667][  T970] usb 2-1: USB disconnect, device number 59
[  494.518641][T11937] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1548'.
[  496.118173][   T29] audit: type=1400 audit(1733631629.598:729): avc:  denied  { read } for  pid=11954 comm="syz.2.1551" path="socket:[31445]" dev="sockfs" ino=31445 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  496.142511][    C1] vkms_vblank_simulate: vblank timer overrun
[  496.207247][T11958] FAULT_INJECTION: forcing a failure.
[  496.207247][T11958] name failslab, interval 1, probability 0, space 0, times 0
[  496.221937][T11958] CPU: 1 UID: 0 PID: 11958 Comm: syz.3.1552 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  496.232720][T11958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  496.242775][T11958] Call Trace:
[  496.246057][T11958]  <TASK>
[  496.248986][T11958]  dump_stack_lvl+0x16c/0x1f0
[  496.253674][T11958]  should_fail_ex+0x497/0x5b0
[  496.258350][T11958]  ? fs_reclaim_acquire+0xae/0x150
[  496.263472][T11958]  should_failslab+0xc2/0x120
[  496.268166][T11958]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  496.273999][T11958]  ? __alloc_skb+0x2b1/0x380
[  496.278606][T11958]  __alloc_skb+0x2b1/0x380
[  496.283025][T11958]  ? __pfx___alloc_skb+0x10/0x10
[  496.287977][T11958]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  496.293973][T11958]  netlink_alloc_large_skb+0x69/0x130
[  496.299366][T11958]  netlink_sendmsg+0x689/0xd70
[  496.304166][T11958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  496.309488][T11958]  ____sys_sendmsg+0xaaf/0xc90
[  496.314270][T11958]  ? copy_msghdr_from_user+0x10b/0x160
[  496.319740][T11958]  ? __pfx_____sys_sendmsg+0x10/0x10
[  496.325052][T11958]  ___sys_sendmsg+0x135/0x1e0
[  496.329742][T11958]  ? __pfx____sys_sendmsg+0x10/0x10
[  496.334969][T11958]  ? __pfx_lock_release+0x10/0x10
[  496.340021][T11958]  ? trace_lock_acquire+0x14e/0x1f0
[  496.345264][T11958]  ? __fget_files+0x206/0x3a0
[  496.349963][T11958]  __sys_sendmsg+0x16e/0x220
[  496.354565][T11958]  ? __pfx___sys_sendmsg+0x10/0x10
[  496.359712][T11958]  do_syscall_64+0xcd/0x250
[  496.364234][T11958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.370145][T11958] RIP: 0033:0x7f141097fed9
[  496.374581][T11958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.394211][T11958] RSP: 002b:00007f1411738058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  496.402617][T11958] RAX: ffffffffffffffda RBX: 00007f1410b45fa0 RCX: 00007f141097fed9
[  496.410573][T11958] RDX: 0000000000040000 RSI: 0000000020001f40 RDI: 0000000000000003
[  496.418538][T11958] RBP: 00007f14117380a0 R08: 0000000000000000 R09: 0000000000000000
[  496.426499][T11958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  496.434460][T11958] R13: 0000000000000000 R14: 00007f1410b45fa0 R15: 00007ffdf0ced448
[  496.442434][T11958]  </TASK>
[  496.445542][    C1] vkms_vblank_simulate: vblank timer overrun
[  496.533087][T11966] FAULT_INJECTION: forcing a failure.
[  496.533087][T11966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  496.547788][T11966] CPU: 0 UID: 0 PID: 11966 Comm: syz.1.1555 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  496.558546][T11966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  496.568593][T11966] Call Trace:
[  496.571866][T11966]  <TASK>
[  496.574776][T11966]  dump_stack_lvl+0x16c/0x1f0
[  496.579438][T11966]  should_fail_ex+0x497/0x5b0
[  496.584095][T11966]  _copy_from_user+0x2e/0xd0
[  496.588663][T11966]  move_addr_to_kernel+0x68/0x160
[  496.593669][T11966]  __copy_msghdr+0x386/0x470
[  496.598243][T11966]  copy_msghdr_from_user+0xc2/0x160
[  496.603440][T11966]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  496.609244][T11966]  ? __lock_acquire+0xcc5/0x3c40
[  496.614170][T11966]  ___sys_sendmsg+0xff/0x1e0
[  496.618739][T11966]  ? __pfx____sys_sendmsg+0x10/0x10
[  496.623919][T11966]  ? trace_lock_acquire+0x14e/0x1f0
[  496.629105][T11966]  __sys_sendmmsg+0x201/0x420
[  496.633760][T11966]  ? __pfx___sys_sendmmsg+0x10/0x10
[  496.638938][T11966]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  496.644908][T11966]  ? fput+0x67/0x440
[  496.648793][T11966]  ? ksys_write+0x1ba/0x250
[  496.653280][T11966]  ? __pfx_ksys_write+0x10/0x10
[  496.658120][T11966]  __x64_sys_sendmmsg+0x9c/0x100
[  496.663035][T11966]  ? lockdep_hardirqs_on+0x7c/0x110
[  496.668229][T11966]  do_syscall_64+0xcd/0x250
[  496.672714][T11966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.678589][T11966] RIP: 0033:0x7f57b637fed9
[  496.682994][T11966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.702592][T11966] RSP: 002b:00007f57b41f6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  496.710983][T11966] RAX: ffffffffffffffda RBX: 00007f57b6545fa0 RCX: 00007f57b637fed9
[  496.718932][T11966] RDX: 0000000000000001 RSI: 0000000020000480 RDI: 0000000000000004
[  496.726880][T11966] RBP: 00007f57b41f60a0 R08: 0000000000000000 R09: 0000000000000000
[  496.734826][T11966] R10: 0000000004008084 R11: 0000000000000246 R12: 0000000000000001
[  496.742779][T11966] R13: 0000000000000000 R14: 00007f57b6545fa0 R15: 00007fff463c6da8
[  496.750738][T11966]  </TASK>
[  496.763214][   T29] audit: type=1400 audit(1733631630.008:730): avc:  denied  { connect } for  pid=11965 comm="syz.1.1555" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  498.336813][   T29] audit: type=1400 audit(1733631631.818:731): avc:  denied  { map } for  pid=11983 comm="syz.1.1560" path="socket:[32538]" dev="sockfs" ino=32538 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  498.513258][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  498.747931][    T9] usb 4-1: Using ep0 maxpacket: 32
[  498.756508][    T9] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  498.765021][    T9] usb 4-1: config 0 has no interface number 0
[  498.777792][    T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  498.790891][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.799922][    T9] usb 4-1: Product: syz
[  498.804720][    T9] usb 4-1: Manufacturer: syz
[  498.809333][    T9] usb 4-1: SerialNumber: syz
[  498.816214][    T9] usb 4-1: config 0 descriptor??
[  498.843036][    T9] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  499.031300][    T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  499.040812][ T5822] Bluetooth: hci4: unexpected event for opcode 0x1001
[  499.070946][    T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  499.232913][T11982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  499.256215][T11982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.277685][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 144
[  499.698419][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  499.708614][    T9] usb 4-1: USB disconnect, device number 34
[  499.723835][    T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  499.759552][    T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  499.788000][    T9] quatech2 4-1:0.51: device disconnected
[  501.174178][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  501.180791][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  501.605175][T12037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1577'.
[  502.052261][T12037] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1577'.
[  502.169191][T12036] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.454731][T12047] sp0: Synchronizing with TNC
[  502.603608][    T9] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  502.781657][    T9] usb 2-1: device descriptor read/64, error -71
[  503.610692][T12067] FAULT_INJECTION: forcing a failure.
[  503.610692][T12067] name failslab, interval 1, probability 0, space 0, times 0
[  503.613219][    T9] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  503.657713][T12067] CPU: 1 UID: 0 PID: 12067 Comm: syz.3.1584 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  503.668530][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  503.678603][T12067] Call Trace:
[  503.681887][T12067]  <TASK>
[  503.684821][T12067]  dump_stack_lvl+0x16c/0x1f0
[  503.689517][T12067]  should_fail_ex+0x497/0x5b0
[  503.694209][T12067]  ? fs_reclaim_acquire+0xae/0x150
[  503.699350][T12067]  should_failslab+0xc2/0x120
[  503.704037][T12067]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  503.709844][T12067]  ? __alloc_skb+0x2b1/0x380
[  503.714416][T12067]  __alloc_skb+0x2b1/0x380
[  503.718807][T12067]  ? __pfx___alloc_skb+0x10/0x10
[  503.723718][T12067]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[  503.730024][T12067]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  503.736692][T12067]  netlink_alloc_large_skb+0x69/0x130
[  503.742057][T12067]  netlink_sendmsg+0x689/0xd70
[  503.746803][T12067]  ? __pfx_netlink_sendmsg+0x10/0x10
[  503.752071][T12067]  ____sys_sendmsg+0xaaf/0xc90
[  503.756814][T12067]  ? copy_msghdr_from_user+0x10b/0x160
[  503.762257][T12067]  ? __pfx_____sys_sendmsg+0x10/0x10
[  503.767524][T12067]  ___sys_sendmsg+0x135/0x1e0
[  503.772180][T12067]  ? __pfx____sys_sendmsg+0x10/0x10
[  503.777370][T12067]  ? __pfx_lock_release+0x10/0x10
[  503.782370][T12067]  ? trace_lock_acquire+0x14e/0x1f0
[  503.787552][T12067]  ? __fget_files+0x206/0x3a0
[  503.792208][T12067]  __sys_sendmsg+0x16e/0x220
[  503.796774][T12067]  ? __pfx___sys_sendmsg+0x10/0x10
[  503.801867][T12067]  do_syscall_64+0xcd/0x250
[  503.806351][T12067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.812227][T12067] RIP: 0033:0x7f141097fed9
[  503.816622][T12067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  503.836216][T12067] RSP: 002b:00007f1411717058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  503.844618][T12067] RAX: ffffffffffffffda RBX: 00007f1410b46080 RCX: 00007f141097fed9
[  503.852562][T12067] RDX: 0000000000004000 RSI: 00000000200004c0 RDI: 0000000000000004
[  503.860519][T12067] RBP: 00007f14117170a0 R08: 0000000000000000 R09: 0000000000000000
[  503.868483][T12067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  503.876451][T12067] R13: 0000000000000000 R14: 00007f1410b46080 R15: 00007ffdf0ced448
[  503.884416][T12067]  </TASK>
[  504.035468][    T9] usb 2-1: device descriptor read/64, error -71
[  504.445846][    T9] usb usb2-port1: attempt power cycle
[  504.850099][T12099] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1593'.
[  504.865267][   T29] audit: type=1400 audit(1733631638.348:732): avc:  denied  { bind } for  pid=12098 comm="syz.3.1593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  504.915687][T12099] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1593'.
[  505.022160][T12108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1596'.
[  505.303374][T12113] FAULT_INJECTION: forcing a failure.
[  505.303374][T12113] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  505.316522][T12113] CPU: 1 UID: 0 PID: 12113 Comm: syz.3.1597 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  505.327285][T12113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  505.337336][T12113] Call Trace:
[  505.340610][T12113]  <TASK>
[  505.343538][T12113]  dump_stack_lvl+0x16c/0x1f0
[  505.348228][T12113]  should_fail_ex+0x497/0x5b0
[  505.352907][T12113]  _copy_from_user+0x2e/0xd0
[  505.357499][T12113]  copy_msghdr_from_user+0x99/0x160
[  505.362697][T12113]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  505.368517][T12113]  ___sys_sendmsg+0xff/0x1e0
[  505.373110][T12113]  ? __pfx____sys_sendmsg+0x10/0x10
[  505.378316][T12113]  ? __pfx_lock_release+0x10/0x10
[  505.383343][T12113]  ? trace_lock_acquire+0x14e/0x1f0
[  505.388560][T12113]  ? __fget_files+0x206/0x3a0
[  505.393243][T12113]  __sys_sendmsg+0x16e/0x220
[  505.397834][T12113]  ? __pfx___sys_sendmsg+0x10/0x10
[  505.402962][T12113]  do_syscall_64+0xcd/0x250
[  505.407478][T12113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.413380][T12113] RIP: 0033:0x7f141097fed9
[  505.417793][T12113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  505.437402][T12113] RSP: 002b:00007f14116f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  505.445814][T12113] RAX: ffffffffffffffda RBX: 00007f1410b46160 RCX: 00007f141097fed9
[  505.453783][T12113] RDX: 0000000000000000 RSI: 0000000020000700 RDI: 0000000000000009
[  505.461750][T12113] RBP: 00007f14116f60a0 R08: 0000000000000000 R09: 0000000000000000
[  505.469717][T12113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  505.477686][T12113] R13: 0000000000000000 R14: 00007f1410b46160 R15: 00007ffdf0ced448
[  505.485668][T12113]  </TASK>
[  505.721812][T12116] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  505.732198][T12116] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  505.759796][T12116] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  505.771565][T12116] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  505.779529][T12116] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  505.787049][T12116] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  505.827466][   T29] audit: type=1400 audit(1733631639.308:733): avc:  denied  { mounton } for  pid=12114 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  505.919433][T12125] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1600'.
[  506.641397][T12124] FAULT_INJECTION: forcing a failure.
[  506.641397][T12124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.717644][T12124] CPU: 0 UID: 0 PID: 12124 Comm: syz.0.1599 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  506.728462][T12124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  506.738531][T12124] Call Trace:
[  506.741810][T12124]  <TASK>
[  506.744745][T12124]  dump_stack_lvl+0x16c/0x1f0
[  506.749439][T12124]  should_fail_ex+0x497/0x5b0
[  506.754128][T12124]  _copy_from_user+0x2e/0xd0
[  506.758727][T12124]  kstrtouint_from_user+0xd7/0x1c0
[  506.763848][T12124]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  506.769587][T12124]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  506.775232][T12124]  proc_fail_nth_write+0x84/0x250
[  506.780274][T12124]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  506.785916][T12124]  ? ksys_write+0x12b/0x250
[  506.790429][T12124]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  506.796071][T12124]  vfs_write+0x24c/0x1150
[  506.800405][T12124]  ? __fget_files+0x1fc/0x3a0
[  506.805089][T12124]  ? __pfx___mutex_lock+0x10/0x10
[  506.810123][T12124]  ? __pfx_vfs_write+0x10/0x10
[  506.814900][T12124]  ? __fget_files+0x206/0x3a0
[  506.819586][T12124]  ksys_write+0x12b/0x250
[  506.823921][T12124]  ? __pfx_ksys_write+0x10/0x10
[  506.828771][T12124]  do_syscall_64+0xcd/0x250
[  506.833256][T12124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.839128][T12124] RIP: 0033:0x7f0d4db7e98f
[  506.843545][T12124] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  506.863132][T12124] RSP: 002b:00007f0d4e95f050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  506.871519][T12124] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0d4db7e98f
[  506.879475][T12124] RDX: 0000000000000001 RSI: 00007f0d4e95f0b0 RDI: 0000000000000005
[  506.887437][T12124] RBP: 00007f0d4e95f0a0 R08: 0000000000000000 R09: 0000000000000000
[  506.895382][T12124] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  506.903326][T12124] R13: 0000000000000001 R14: 00007f0d4dd46080 R15: 00007fffc2b04cb8
[  506.911279][T12124]  </TASK>
[  507.102260][T12114] chnl_net:caif_netlink_parms(): no params data found
[  507.281630][T12114] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.302742][T12114] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.310077][T12114] bridge_slave_0: entered allmulticast mode
[  507.318147][T12114] bridge_slave_0: entered promiscuous mode
[  507.325714][T12114] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.332898][T12114] bridge0: port 2(bridge_slave_1) entered disabled state
[  507.340768][T12114] bridge_slave_1: entered allmulticast mode
[  507.347657][T12114] bridge_slave_1: entered promiscuous mode
[  507.381256][T12114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  507.390745][T12145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1606'.
[  507.408873][T12114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  507.567788][T12114] team0: Port device team_slave_0 added
[  507.574571][T12148] FAULT_INJECTION: forcing a failure.
[  507.574571][T12148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  507.592547][T12114] team0: Port device team_slave_1 added
[  507.613406][   T29] audit: type=1400 audit(1733631641.068:734): avc:  denied  { append } for  pid=12144 comm="syz.0.1606" name="nvme-fabrics" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  507.636985][T12148] CPU: 1 UID: 0 PID: 12148 Comm: syz.3.1608 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  507.647755][T12148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  507.657795][T12148] Call Trace:
[  507.661052][T12148]  <TASK>
[  507.663977][T12148]  dump_stack_lvl+0x16c/0x1f0
[  507.668678][T12148]  should_fail_ex+0x497/0x5b0
[  507.673373][T12148]  _copy_from_iter+0x2a1/0x1560
[  507.678225][T12148]  ? __pfx__copy_from_iter+0x10/0x10
[  507.683505][T12148]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  507.689504][T12148]  ? tun_build_skb.constprop.0+0x1b8/0x1120
[  507.695408][T12148]  ? __pfx_lock_release+0x10/0x10
[  507.700417][T12148]  ? trace_lock_acquire+0x14e/0x1f0
[  507.705609][T12148]  ? __pfx_lock_release+0x10/0x10
[  507.710633][T12148]  copy_page_from_iter+0xa5/0x120
[  507.715646][T12148]  tun_build_skb.constprop.0+0x294/0x1120
[  507.721364][T12148]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  507.727515][T12148]  ? __pfx___lock_acquire+0x10/0x10
[  507.732703][T12148]  ? register_lock_class+0xb1/0x1240
[  507.737983][T12148]  ? __lock_acquire+0xcc5/0x3c40
[  507.742910][T12148]  tun_get_user+0x870/0x3e40
[  507.747498][T12148]  ? find_held_lock+0x2d/0x110
[  507.752254][T12148]  ? __pfx_tun_get_user+0x10/0x10
[  507.757269][T12148]  ? find_held_lock+0x2d/0x110
[  507.762027][T12148]  ? __pfx_lock_release+0x10/0x10
[  507.767044][T12148]  tun_chr_write_iter+0xdc/0x210
[  507.771974][T12148]  vfs_write+0x5ae/0x1150
[  507.776288][T12148]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  507.781827][T12148]  ? __pfx_vfs_write+0x10/0x10
[  507.786577][T12148]  ? __fget_files+0x40/0x3a0
[  507.791160][T12148]  ksys_write+0x12b/0x250
[  507.795474][T12148]  ? __pfx_ksys_write+0x10/0x10
[  507.800317][T12148]  do_syscall_64+0xcd/0x250
[  507.804813][T12148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.810697][T12148] RIP: 0033:0x7f141097e98f
[  507.815097][T12148] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  507.834691][T12148] RSP: 002b:00007f1411738020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  507.843089][T12148] RAX: ffffffffffffffda RBX: 00007f1410b45fa0 RCX: 00007f141097e98f
[  507.851048][T12148] RDX: 000000000000003f RSI: 0000000020000240 RDI: 00000000000000c8
[  507.859002][T12148] RBP: 00007f14117380a0 R08: 0000000000000000 R09: 0000000000000000
[  507.866956][T12148] R10: 000000000000003f R11: 0000000000000293 R12: 0000000000000001
[  507.874909][T12148] R13: 0000000000000000 R14: 00007f1410b45fa0 R15: 00007ffdf0ced448
[  507.882872][T12148]  </TASK>
[  507.893905][T12116] Bluetooth: hci5: command tx timeout
[  507.914516][T12114] batman_adv: batadv0: Adding interface: batadv_slave_0
[  507.921499][T12114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  508.000750][T12114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  508.066857][T12114] batman_adv: batadv0: Adding interface: batadv_slave_1
[  508.083216][T12114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  508.137001][T12114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  508.229181][T12114] hsr_slave_0: entered promiscuous mode
[  508.236910][T12114] hsr_slave_1: entered promiscuous mode
[  508.245849][T12114] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  508.323155][T12114] Cannot create hsr debugfs directory
[  508.816156][   T29] audit: type=1400 audit(1733631642.298:735): avc:  denied  { ioctl } for  pid=12166 comm="syz.3.1613" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x7456 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  508.817550][T12114] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  508.859899][T12114] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  508.870762][T12114] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  508.882895][T12114] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  509.089134][T12114] 8021q: adding VLAN 0 to HW filter on device bond0
[  509.693374][T12114] 8021q: adding VLAN 0 to HW filter on device team0
[  509.717370][ T7344] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.724485][ T7344] bridge0: port 1(bridge_slave_0) entered forwarding state
[  509.735109][ T7344] bridge0: port 2(bridge_slave_1) entered blocking state
[  509.742219][ T7344] bridge0: port 2(bridge_slave_1) entered forwarding state
[  509.976789][T12116] Bluetooth: hci5: command tx timeout
[  510.021960][T12114] 8021q: adding VLAN 0 to HW filter on device batadv0
[  510.302329][T12114] veth0_vlan: entered promiscuous mode
[  510.327159][T12114] veth1_vlan: entered promiscuous mode
[  510.375774][T12114] veth0_macvtap: entered promiscuous mode
[  510.396817][T12114] veth1_macvtap: entered promiscuous mode
[  510.421410][T12114] batman_adv: batadv0: Interface activated: batadv_slave_0
[  510.442464][T12114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.458899][T12114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.508292][T12114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.547736][T12114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.561107][T12114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.573029][T12114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.583001][T12114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.594639][T12114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.604725][T12114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.615249][T12114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.635589][T12114] batman_adv: batadv0: Interface activated: batadv_slave_1
[  510.667792][T12198] xfrm1: entered allmulticast mode
[  510.710334][T12114] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  510.752839][T12114] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  510.786202][T12114] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  510.803226][T12114] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  510.877518][   T29] audit: type=1400 audit(1733631644.348:736): avc:  denied  { write } for  pid=12203 comm="syz.3.1623" path="socket:[33320]" dev="sockfs" ino=33320 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  511.361875][ T6031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  511.807619][   T29] audit: type=1400 audit(1733631644.398:737): avc:  denied  { read } for  pid=12203 comm="syz.3.1623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  511.866127][ T6031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.053417][T12116] Bluetooth: hci5: command tx timeout
[  512.792302][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  512.892844][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  513.058024][   T29] audit: type=1400 audit(1733631646.538:738): avc:  denied  { mounton } for  pid=12114 comm="syz-executor" path="/root/syzkaller.kHbVUi/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  513.084837][   T29] audit: type=1400 audit(1733631646.538:739): avc:  denied  { mounton } for  pid=12114 comm="syz-executor" path="/root/syzkaller.kHbVUi/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=33358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  513.124633][   T29] audit: type=1400 audit(1733631646.568:740): avc:  denied  { mount } for  pid=12114 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  513.169327][   T29] audit: type=1400 audit(1733631646.568:741): avc:  denied  { mounton } for  pid=12114 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  513.284952][T12230] siw: device registration error -23
[  513.307860][T12226] siw: device registration error -23
[  514.189794][T12116] Bluetooth: hci5: command tx timeout
[  515.303899][T12258] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1635'.
[  515.846129][T12258] bond0: option ad_select: unable to set because the bond device is up
[  516.621702][   T29] audit: type=1400 audit(1733631650.078:742): avc:  denied  { ioctl } for  pid=12267 comm="syz.5.1642" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  517.931998][T12290] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1647'.
[  519.961463][   T29] audit: type=1400 audit(1733631653.438:743): avc:  denied  { unmount } for  pid=5830 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  519.983013][T12314] FAULT_INJECTION: forcing a failure.
[  519.983013][T12314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  520.019241][T12314] CPU: 0 UID: 0 PID: 12314 Comm: syz.1.1656 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  520.030050][T12314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  520.040109][T12314] Call Trace:
[  520.043391][T12314]  <TASK>
[  520.046330][T12314]  dump_stack_lvl+0x16c/0x1f0
[  520.051030][T12314]  should_fail_ex+0x497/0x5b0
[  520.055726][T12314]  _copy_to_user+0x32/0xd0
[  520.060153][T12314]  simple_read_from_buffer+0xd0/0x160
[  520.063973][T12317] delete_channel: no stack
[  520.065526][T12314]  proc_fail_nth_read+0x198/0x270
[  520.074950][T12314]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  520.080517][T12314]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  520.086087][T12314]  vfs_read+0x1df/0xbe0
[  520.090257][T12314]  ? __fget_files+0x1fc/0x3a0
[  520.094948][T12314]  ? __pfx___mutex_lock+0x10/0x10
[  520.099984][T12314]  ? __pfx_vfs_read+0x10/0x10
[  520.104676][T12314]  ? __fget_files+0x206/0x3a0
[  520.109364][T12314]  ksys_read+0x12b/0x250
[  520.113618][T12314]  ? __pfx_ksys_read+0x10/0x10
[  520.118405][T12314]  do_syscall_64+0xcd/0x250
[  520.122927][T12314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.128836][T12314] RIP: 0033:0x7f57b637e8ec
[  520.133253][T12314] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  520.152874][T12314] RSP: 002b:00007f57b41f6050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  520.161298][T12314] RAX: ffffffffffffffda RBX: 00007f57b6545fa0 RCX: 00007f57b637e8ec
[  520.169279][T12314] RDX: 000000000000000f RSI: 00007f57b41f60b0 RDI: 0000000000000003
[  520.177256][T12314] RBP: 00007f57b41f60a0 R08: 0000000000000000 R09: 0000000000000000
[  520.185229][T12314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  520.185431][   T29] audit: type=1400 audit(1733631653.608:744): avc:  denied  { read } for  pid=12311 comm="syz.2.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  520.193185][T12314] R13: 0000000000000000 R14: 00007f57b6545fa0 R15: 00007fff463c6da8
[  520.193213][T12314]  </TASK>
[  520.242740][T12321] Illegal XDP return value 488863 on prog  (id 231) dev N/A, expect packet loss!
[  520.252146][T12312] veth1_to_team: entered promiscuous mode
[  520.500870][T12331] netlink: zone id is out of range
[  520.519311][T12331] netlink: zone id is out of range
[  520.550885][T12331] netlink: zone id is out of range
[  520.580826][ T9920] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.602279][T12331] netlink: zone id is out of range
[  520.607624][T12331] netlink: zone id is out of range
[  520.622956][T12331] netlink: zone id is out of range
[  520.628594][   T29] audit: type=1400 audit(1733631654.118:745): avc:  denied  { shutdown } for  pid=12325 comm="syz.5.1660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  520.690837][   T29] audit: type=1400 audit(1733631654.168:746): avc:  denied  { read } for  pid=12325 comm="syz.5.1660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  520.743620][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  520.756605][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  520.757432][ T9920] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.765484][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  520.782053][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  520.790359][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  520.799497][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  520.853735][ T5827] Bluetooth: hci5: command 0x0405 tx timeout
[  520.926992][ T9920] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.012815][ T9920] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.243515][   T29] audit: type=1400 audit(1733631654.618:747): avc:  denied  { write } for  pid=12343 comm="syz.0.1663" name="dev" dev="proc" ino=4026533252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  521.365920][T12338] chnl_net:caif_netlink_parms(): no params data found
[  521.584946][ T9920] bridge_slave_1: left allmulticast mode
[  521.610628][T12364] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1665'.
[  521.611790][ T9920] bridge_slave_1: left promiscuous mode
[  521.651416][ T9920] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.687244][ T9920] bridge_slave_0: left promiscuous mode
[  521.699649][ T9920] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.955067][ T5868] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  522.202789][ T5868] usb 6-1: Using ep0 maxpacket: 16
[  522.229183][ T5868] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  522.254345][ T5868] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  522.273226][ T5868] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  523.030073][ T5868] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  523.039615][ T5868] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.053411][T12116] Bluetooth: hci0: command tx timeout
[  523.060955][ T5868] usb 6-1: config 0 descriptor??
[  523.327750][T12386] siw: device registration error -23
[  523.685233][ T5868] microsoft 0003:045E:07DA.002B: ignoring exceeding usage max
[  523.710696][ T5868] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.002B/input/input65
[  523.790082][ T5868] microsoft 0003:045E:07DA.002B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  523.908694][    T9] usb 6-1: USB disconnect, device number 2
[  525.547462][T12116] Bluetooth: hci0: command tx timeout
[  525.613671][ T9920] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  525.707716][ T9920] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  525.716508][   T29] audit: type=1400 audit(1733631659.188:748): avc:  denied  { connect } for  pid=12404 comm="syz.1.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  525.804021][ T9920] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  525.873727][ T9920] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  525.883851][ T9920] bond0 (unregistering): Released all slaves
[  526.230790][ T9920] IPVS: stopping master sync thread 10857 ...
[  526.362655][T12338] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.392911][T12338] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.418863][T12338] bridge_slave_0: entered allmulticast mode
[  526.446697][T12338] bridge_slave_0: entered promiscuous mode
[  526.659350][T12338] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.677981][T12338] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.711107][T12338] bridge_slave_1: entered allmulticast mode
[  526.725585][T12338] bridge_slave_1: entered promiscuous mode
[  526.852263][T12338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.870456][T12338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.969799][ T9920] hsr_slave_0: left promiscuous mode
[  526.989118][ T9920] hsr_slave_1: left promiscuous mode
[  527.012519][ T9920] batman_adv: batadv0: Removing interface: batadv_slave_0
[  527.030157][ T9920] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  527.042617][ T9920] batman_adv: batadv0: Removing interface: batadv_slave_1
[  527.105925][ T9920] bridge_slave_0: left allmulticast mode
[  527.118048][ T9920] veth1_macvtap: left promiscuous mode
[  527.138498][ T9920] veth0_macvtap: left promiscuous mode
[  527.163461][ T9920] veth1_vlan: left promiscuous mode
[  527.225734][ T9920] veth0_vlan: left promiscuous mode
[  527.606072][T12116] Bluetooth: hci0: command tx timeout
[  529.658140][T12116] Bluetooth: hci0: command tx timeout
[  530.158419][ T9920] team0 (unregistering): Port device team_slave_1 removed
[  531.231788][ T9920] team0 (unregistering): Port device team_slave_0 removed
[  532.113081][T12338] team0: Port device team_slave_0 added
[  532.139917][T12338] team0: Port device team_slave_1 added
[  532.234172][T12338] batman_adv: batadv0: Adding interface: batadv_slave_0
[  532.241157][T12338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  532.337937][T12338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  532.360116][T12481] FAULT_INJECTION: forcing a failure.
[  532.360116][T12481] name failslab, interval 1, probability 0, space 0, times 0
[  532.389446][T12338] batman_adv: batadv0: Adding interface: batadv_slave_1
[  532.416799][T12338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  532.459964][T12481] CPU: 0 UID: 0 PID: 12481 Comm: syz.1.1691 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  532.470768][T12481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  532.480835][T12481] Call Trace:
[  532.484123][T12481]  <TASK>
[  532.487066][T12481]  dump_stack_lvl+0x16c/0x1f0
[  532.491761][T12481]  should_fail_ex+0x497/0x5b0
[  532.496450][T12481]  ? fs_reclaim_acquire+0xae/0x150
[  532.501585][T12481]  should_failslab+0xc2/0x120
[  532.504841][T12338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  532.506261][T12481]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  532.522566][T12481]  ? __alloc_skb+0x2b1/0x380
[  532.527176][T12481]  __alloc_skb+0x2b1/0x380
[  532.531610][T12481]  ? __pfx___alloc_skb+0x10/0x10
[  532.536570][T12481]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  532.542592][T12481]  netlink_alloc_large_skb+0x69/0x130
[  532.547996][T12481]  netlink_sendmsg+0x689/0xd70
[  532.552792][T12481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.558112][T12481]  ____sys_sendmsg+0xaaf/0xc90
[  532.562909][T12481]  ? copy_msghdr_from_user+0x10b/0x160
[  532.568391][T12481]  ? __pfx_____sys_sendmsg+0x10/0x10
[  532.573720][T12481]  ___sys_sendmsg+0x135/0x1e0
[  532.578427][T12481]  ? __pfx____sys_sendmsg+0x10/0x10
[  532.583662][T12481]  ? __pfx_lock_release+0x10/0x10
[  532.588711][T12481]  ? trace_lock_acquire+0x14e/0x1f0
[  532.593945][T12481]  ? __fget_files+0x206/0x3a0
[  532.598648][T12481]  __sys_sendmsg+0x16e/0x220
[  532.603263][T12481]  ? __pfx___sys_sendmsg+0x10/0x10
[  532.608412][T12481]  do_syscall_64+0xcd/0x250
[  532.612943][T12481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.618864][T12481] RIP: 0033:0x7f57b637fed9
[  532.623293][T12481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.642918][T12481] RSP: 002b:00007f57b41f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  532.651348][T12481] RAX: ffffffffffffffda RBX: 00007f57b6545fa0 RCX: 00007f57b637fed9
[  532.659336][T12481] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003
[  532.667329][T12481] RBP: 00007f57b41f60a0 R08: 0000000000000000 R09: 0000000000000000
[  532.675319][T12481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.683284][T12481] R13: 0000000000000000 R14: 00007f57b6545fa0 R15: 00007fff463c6da8
[  532.691277][T12481]  </TASK>
[  533.160809][T12338] hsr_slave_0: entered promiscuous mode
[  533.197412][T12338] hsr_slave_1: entered promiscuous mode
[  533.841780][T12510] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1696'.
[  535.151615][T12338] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  535.186771][T12338] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  535.206266][T12338] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  535.236217][T12338] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  535.418142][T12338] 8021q: adding VLAN 0 to HW filter on device bond0
[  535.471013][T12338] 8021q: adding VLAN 0 to HW filter on device team0
[  535.525435][ T7344] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.532593][ T7344] bridge0: port 1(bridge_slave_0) entered forwarding state
[  535.575038][ T7344] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.582219][ T7344] bridge0: port 2(bridge_slave_1) entered forwarding state
[  537.212710][T12338] 8021q: adding VLAN 0 to HW filter on device batadv0
[  537.523302][T12587] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1709'.
[  537.532416][T12587] bond0: option ad_select: unable to set because the bond device is up
[  538.089250][T12586] FAULT_INJECTION: forcing a failure.
[  538.089250][T12586] name failslab, interval 1, probability 0, space 0, times 0
[  538.123374][T12586] CPU: 1 UID: 0 PID: 12586 Comm: syz.1.1711 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  538.134185][T12586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  538.144227][T12586] Call Trace:
[  538.147491][T12586]  <TASK>
[  538.150405][T12586]  dump_stack_lvl+0x16c/0x1f0
[  538.155077][T12586]  should_fail_ex+0x497/0x5b0
[  538.159738][T12586]  ? fs_reclaim_acquire+0xae/0x150
[  538.164844][T12586]  should_failslab+0xc2/0x120
[  538.169510][T12586]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  538.175302][T12586]  ? __alloc_skb+0x2b1/0x380
[  538.179879][T12586]  __alloc_skb+0x2b1/0x380
[  538.184279][T12586]  ? __pfx___alloc_skb+0x10/0x10
[  538.189201][T12586]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  538.195176][T12586]  netlink_alloc_large_skb+0x69/0x130
[  538.200539][T12586]  netlink_sendmsg+0x689/0xd70
[  538.205324][T12586]  ? __pfx_netlink_sendmsg+0x10/0x10
[  538.210610][T12586]  ____sys_sendmsg+0xaaf/0xc90
[  538.215366][T12586]  ? copy_msghdr_from_user+0x10b/0x160
[  538.220812][T12586]  ? __pfx_____sys_sendmsg+0x10/0x10
[  538.226098][T12586]  ___sys_sendmsg+0x135/0x1e0
[  538.230763][T12586]  ? __pfx____sys_sendmsg+0x10/0x10
[  538.235955][T12586]  ? __pfx_lock_release+0x10/0x10
[  538.240971][T12586]  ? trace_lock_acquire+0x14e/0x1f0
[  538.246170][T12586]  ? __fget_files+0x206/0x3a0
[  538.250839][T12586]  __sys_sendmsg+0x16e/0x220
[  538.255417][T12586]  ? __pfx___sys_sendmsg+0x10/0x10
[  538.260528][T12586]  do_syscall_64+0xcd/0x250
[  538.265038][T12586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.270922][T12586] RIP: 0033:0x7f57b637fed9
[  538.275322][T12586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.294918][T12586] RSP: 002b:00007f57b41f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  538.303325][T12586] RAX: ffffffffffffffda RBX: 00007f57b6545fa0 RCX: 00007f57b637fed9
[  538.311288][T12586] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  538.319269][T12586] RBP: 00007f57b41f60a0 R08: 0000000000000000 R09: 0000000000000000
[  538.327229][T12586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.335186][T12586] R13: 0000000000000000 R14: 00007f57b6545fa0 R15: 00007fff463c6da8
[  538.343155][T12586]  </TASK>
[  538.842133][T12338] veth0_vlan: entered promiscuous mode
[  538.989903][T12338] veth1_vlan: entered promiscuous mode
[  539.028181][T12338] veth0_macvtap: entered promiscuous mode
[  539.040686][T12338] veth1_macvtap: entered promiscuous mode
[  539.062094][T12338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  539.850660][T12338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  539.881298][T12338] batman_adv: batadv0: Interface activated: batadv_slave_0
[  539.951883][T12338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  539.964475][T12338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  539.978743][T12338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  539.989267][T12338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  539.999516][T12338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.012307][T12338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.012324][T12338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.032674][T12338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.042852][T12338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.053435][T12338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.065468][T12338] batman_adv: batadv0: Interface activated: batadv_slave_1
[  540.090891][T12338] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.100009][T12338] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.108716][T12338] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.121979][T12622] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1716'.
[  540.144816][T12338] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.181842][T12620] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1718'.
[  540.385955][ T4255] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.407145][ T4255] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.442802][ T4255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.467719][ T4255] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.846474][   T29] audit: type=1326 audit(1733631674.328:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc3597fed9 code=0x7ffc0000
[  541.182238][   T29] audit: type=1326 audit(1733631674.328:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc3597e840 code=0x7ffc0000
[  541.396182][   T29] audit: type=1326 audit(1733631674.328:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7efc35981707 code=0x7ffc0000
[  541.513201][   T29] audit: type=1326 audit(1733631674.328:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efc3597fed9 code=0x7ffc0000
[  541.536974][   T29] audit: type=1326 audit(1733631674.328:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7efc35981707 code=0x7ffc0000
[  541.560863][   T29] audit: type=1326 audit(1733631674.328:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7efc3597eb3a code=0x7ffc0000
[  541.584780][   T29] audit: type=1326 audit(1733631674.328:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc3597fed9 code=0x7ffc0000
[  541.609380][   T29] audit: type=1326 audit(1733631674.328:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc3597fed9 code=0x7ffc0000
[  541.633387][   T29] audit: type=1326 audit(1733631674.328:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc3597fed9 code=0x7ffc0000
[  541.657476][   T29] audit: type=1326 audit(1733631674.328:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12632 comm="syz.6.1671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc3597fed9 code=0x7ffc0000
[  541.738396][T12654] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1722'.
[  541.768963][T12654] bond0: option ad_select: unable to set because the bond device is up
[  542.626504][T12664] siw: device registration error -23
[  543.703604][T12696] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1733'.
[  543.841170][T12701] FAULT_INJECTION: forcing a failure.
[  543.841170][T12701] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.921324][T12701] CPU: 0 UID: 0 PID: 12701 Comm: syz.6.1734 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  543.932144][T12701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  543.942214][T12701] Call Trace:
[  543.945503][T12701]  <TASK>
[  543.948442][T12701]  dump_stack_lvl+0x16c/0x1f0
[  543.953140][T12701]  should_fail_ex+0x497/0x5b0
[  543.957830][T12701]  _copy_from_user+0x2e/0xd0
[  543.962427][T12701]  copy_msghdr_from_user+0x99/0x160
[  543.967636][T12701]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  543.973463][T12701]  ___sys_sendmsg+0xff/0x1e0
[  543.978065][T12701]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.983286][T12701]  ? __pfx_lock_release+0x10/0x10
[  543.988322][T12701]  ? trace_lock_acquire+0x14e/0x1f0
[  543.993550][T12701]  ? __fget_files+0x206/0x3a0
[  543.998245][T12701]  __sys_sendmsg+0x16e/0x220
[  544.002849][T12701]  ? __pfx___sys_sendmsg+0x10/0x10
[  544.007985][T12701]  do_syscall_64+0xcd/0x250
[  544.012506][T12701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.018415][T12701] RIP: 0033:0x7efc3597fed9
[  544.022835][T12701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.042457][T12701] RSP: 002b:00007efc337f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  544.050877][T12701] RAX: ffffffffffffffda RBX: 00007efc35b45fa0 RCX: 00007efc3597fed9
[  544.058856][T12701] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[  544.066838][T12701] RBP: 00007efc337f60a0 R08: 0000000000000000 R09: 0000000000000000
[  544.074822][T12701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.082804][T12701] R13: 0000000000000000 R14: 00007efc35b45fa0 R15: 00007ffc2c8fd9e8
[  544.090800][T12701]  </TASK>
[  544.605360][T12714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1736'.
[  544.730259][T12714] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1736'.
[  544.935848][T12721] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1737'.
[  544.944974][T12721] bond0: option ad_select: unable to set because the bond device is up
[  545.573501][ T5986] wlan1: Trigger new scan to find an IBSS to join
[  545.658208][T12729] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1740'.
[  545.684118][T12730] bio_check_eod: 2 callbacks suppressed
[  545.684136][T12730] syz.1.1738: attempt to access beyond end of device
[  545.684136][T12730] loop1: rw=0, sector=16, nr_sectors = 2 limit=0
[  545.702365][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.758445][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.778284][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.785967][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.796268][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.804062][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.812016][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.819550][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.827053][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.834835][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.842309][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.849922][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.857463][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.865187][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.872643][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.880167][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.887652][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.896135][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.904558][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.912099][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.919614][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.927366][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.934885][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.942645][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.951309][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.959034][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.966568][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.974488][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.982170][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.989895][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  545.997997][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  546.006142][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  546.013960][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  546.021448][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  546.028970][    T9] hid-generic 0000:0000:0003.002C: unknown main item tag 0x0
[  546.081805][    T9] hid-generic 0000:0000:0003.002C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  546.378911][T12753] fuse: Unknown parameter '184467440737095516150x0000000000000007'
[  548.034152][   T29] kauditd_printk_skb: 42 callbacks suppressed
[  548.034165][   T29] audit: type=1400 audit(1733631681.518:801): avc:  denied  { ioctl } for  pid=12772 comm="syz.5.1750" path="socket:[37040]" dev="sockfs" ino=37040 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  548.076821][T12773] vlan2: entered promiscuous mode
[  548.083025][T12769] ebt_among: wrong size: 1048 against expected 710676, rounded to 710680
[  548.091660][T12773] vlan2: entered allmulticast mode
[  548.103466][T12773] vlan0: entered allmulticast mode
[  548.130998][T12773] veth0_vlan: entered allmulticast mode
[  548.148322][T12773] vlan0: entered promiscuous mode
[  548.257728][T12773] team0: Port device vlan2 added
[  549.527596][    T9] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  549.575103][   T12] wlan1: Trigger new scan to find an IBSS to join
[  549.703027][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  549.723416][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  549.725660][T12800] FAULT_INJECTION: forcing a failure.
[  549.725660][T12800] name failslab, interval 1, probability 0, space 0, times 0
[  549.765838][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  549.788225][T12800] CPU: 1 UID: 0 PID: 12800 Comm: syz.0.1757 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  549.790329][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  549.799012][T12800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  549.799027][T12800] Call Trace:
[  549.799034][T12800]  <TASK>
[  549.799043][T12800]  dump_stack_lvl+0x16c/0x1f0
[  549.799071][T12800]  should_fail_ex+0x497/0x5b0
[  549.799088][T12800]  ? fs_reclaim_acquire+0xae/0x150
[  549.799115][T12800]  should_failslab+0xc2/0x120
[  549.799138][T12800]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  549.799159][T12800]  ? __alloc_skb+0x2b1/0x380
[  549.815179][    T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  549.822044][T12800]  __alloc_skb+0x2b1/0x380
[  549.826095][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.828223][T12800]  ? __pfx___alloc_skb+0x10/0x10
[  549.828252][T12800]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  549.834468][    T9] usb 2-1: Product: syz
[  549.837558][T12800]  netlink_alloc_large_skb+0x69/0x130
[  549.837595][T12800]  netlink_sendmsg+0x689/0xd70
[  549.850431][    T9] usb 2-1: Manufacturer: syz
[  549.853125][T12800]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.853165][T12800]  ____sys_sendmsg+0xaaf/0xc90
[  549.853194][T12800]  ? copy_msghdr_from_user+0x10b/0x160
[  549.853212][T12800]  ? __pfx_____sys_sendmsg+0x10/0x10
[  549.853244][T12800]  ___sys_sendmsg+0x135/0x1e0
[  549.853266][T12800]  ? __pfx____sys_sendmsg+0x10/0x10
[  549.853294][T12800]  ? __pfx_lock_release+0x10/0x10
[  549.858534][    T9] usb 2-1: SerialNumber: syz
[  549.866841][T12800]  ? trace_lock_acquire+0x14e/0x1f0
[  549.866878][T12800]  ? __fget_files+0x206/0x3a0
[  549.866904][T12800]  __sys_sendmsg+0x16e/0x220
[  549.866924][T12800]  ? __pfx___sys_sendmsg+0x10/0x10
[  549.866959][T12800]  do_syscall_64+0xcd/0x250
[  549.866986][T12800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.867011][T12800] RIP: 0033:0x7f0d4db7fed9
[  549.867028][T12800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.867046][T12800] RSP: 002b:00007f0d4e980058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.867066][T12800] RAX: ffffffffffffffda RBX: 00007f0d4dd45fa0 RCX: 00007f0d4db7fed9
[  549.867079][T12800] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000004
[  549.867090][T12800] RBP: 00007f0d4e9800a0 R08: 0000000000000000 R09: 0000000000000000
[  549.867102][T12800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.867113][T12800] R13: 0000000000000000 R14: 00007f0d4dd45fa0 R15: 00007fffc2b04cb8
[  549.867137][T12800]  </TASK>
[  550.366750][    T9] usb 2-1: config 0 descriptor??
[  550.442337][    T9] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected
[  550.454196][   T29] audit: type=1400 audit(1733631683.938:802): avc:  denied  { ioctl } for  pid=12813 comm="syz.6.1762" path="socket:[36331]" dev="sockfs" ino=36331 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  550.518565][    T9] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[  550.529529][   T29] audit: type=1400 audit(1733631683.938:803): avc:  denied  { setopt } for  pid=12815 comm="syz.0.1761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  550.610040][    T9] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[  551.070937][  T970] libceph: connect (1)[c::]:6789 error -101
[  551.080516][  T970] libceph: mon0 (1)[c::]:6789 connect error
[  551.091035][ T7344] wlan1: Creating new IBSS network, BSSID da:73:97:72:f9:c6
[  551.549458][  T970] libceph: connect (1)[c::]:6789 error -101
[  551.555815][  T970] libceph: mon0 (1)[c::]:6789 connect error
[  551.612981][T12828] ceph: No mds server is up or the cluster is laggy
[  551.746580][  T969] usb 2-1: USB disconnect, device number 63
[  551.753032][  T969] garmin_gps 2-1:0.0: device disconnected
[  551.975883][   T29] audit: type=1400 audit(1733631685.448:804): avc:  denied  { shutdown } for  pid=12842 comm="syz.0.1766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  552.012382][T12846] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  554.026567][   T29] audit: type=1400 audit(1733631687.498:805): avc:  denied  { getopt } for  pid=12881 comm="syz.2.1777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  554.079250][   T29] audit: type=1400 audit(1733631687.498:806): avc:  denied  { shutdown } for  pid=12881 comm="syz.2.1777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  554.162812][T12888] evm: overlay not supported
[  554.240445][T12895] FAULT_INJECTION: forcing a failure.
[  554.240445][T12895] name failslab, interval 1, probability 0, space 0, times 0
[  554.256670][T12895] CPU: 1 UID: 0 PID: 12895 Comm: syz.1.1779 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  554.267468][T12895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  554.277506][T12895] Call Trace:
[  554.280764][T12895]  <TASK>
[  554.283675][T12895]  dump_stack_lvl+0x16c/0x1f0
[  554.288350][T12895]  should_fail_ex+0x497/0x5b0
[  554.293010][T12895]  ? fs_reclaim_acquire+0xae/0x150
[  554.298123][T12895]  should_failslab+0xc2/0x120
[  554.302802][T12895]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  554.308590][T12895]  ? __alloc_skb+0x2b1/0x380
[  554.313167][T12895]  __alloc_skb+0x2b1/0x380
[  554.317573][T12895]  ? __pfx___alloc_skb+0x10/0x10
[  554.322487][T12895]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[  554.328801][T12895]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  554.335472][T12895]  netlink_alloc_large_skb+0x69/0x130
[  554.340829][T12895]  netlink_sendmsg+0x689/0xd70
[  554.345588][T12895]  ? __pfx_netlink_sendmsg+0x10/0x10
[  554.350858][T12895]  ____sys_sendmsg+0xaaf/0xc90
[  554.355601][T12895]  ? copy_msghdr_from_user+0x10b/0x160
[  554.361036][T12895]  ? __pfx_____sys_sendmsg+0x10/0x10
[  554.366306][T12895]  ___sys_sendmsg+0x135/0x1e0
[  554.370969][T12895]  ? __pfx____sys_sendmsg+0x10/0x10
[  554.376154][T12895]  ? __pfx_lock_release+0x10/0x10
[  554.381157][T12895]  ? trace_lock_acquire+0x14e/0x1f0
[  554.386338][T12895]  ? __fget_files+0x206/0x3a0
[  554.390999][T12895]  __sys_sendmsg+0x16e/0x220
[  554.395574][T12895]  ? __pfx___sys_sendmsg+0x10/0x10
[  554.400687][T12895]  do_syscall_64+0xcd/0x250
[  554.405185][T12895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.411067][T12895] RIP: 0033:0x7f57b637fed9
[  554.415460][T12895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.435044][T12895] RSP: 002b:00007f57b41f6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  554.443437][T12895] RAX: ffffffffffffffda RBX: 00007f57b6545fa0 RCX: 00007f57b637fed9
[  554.451395][T12895] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  554.459345][T12895] RBP: 00007f57b41f60a0 R08: 0000000000000000 R09: 0000000000000000
[  554.467294][T12895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  554.475240][T12895] R13: 0000000000000000 R14: 00007f57b6545fa0 R15: 00007fff463c6da8
[  554.483198][T12895]  </TASK>
[  557.877718][T12959] syzkaller0: entered promiscuous mode
[  557.889167][T12959] syzkaller0: entered allmulticast mode
[  557.928992][   T29] audit: type=1400 audit(1733631691.398:807): avc:  denied  { listen } for  pid=12951 comm="syz.0.1794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  558.264788][T12983] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1797'.
[  559.512047][ T5939] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  559.683988][ T5939] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  559.701890][ T5939] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  559.728684][ T5939] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  559.738528][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  559.755012][ T5939] usb 2-1: SerialNumber: syz
[  559.764122][   T29] audit: type=1400 audit(1733631693.238:808): avc:  denied  { setopt } for  pid=12995 comm="syz.5.1800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  559.977611][ T5939] usb 2-1: 0:2 : does not exist
[  562.554271][  T969] usb 2-1: USB disconnect, device number 64
[  562.608748][   T29] audit: type=1400 audit(1733631696.088:809): avc:  denied  { accept } for  pid=13011 comm="syz.5.1803" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  562.668518][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  562.674931][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  562.812475][T13024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1805'.
[  565.657491][T13056] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1808'.
[  566.187542][T13060] ip6erspan0: entered promiscuous mode
[  567.028365][  T969] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  567.403199][  T969] usb 6-1: Using ep0 maxpacket: 16
[  567.488768][  T969] usb 6-1: config 5 has an invalid interface number: 121 but max is 0
[  567.507430][  T969] usb 6-1: config 5 has no interface number 0
[  567.581729][T13089] FAULT_INJECTION: forcing a failure.
[  567.581729][T13089] name failslab, interval 1, probability 0, space 0, times 0
[  567.594794][T13089] CPU: 0 UID: 0 PID: 13089 Comm: syz.0.1815 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  567.605560][T13089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  567.615617][T13089] Call Trace:
[  567.618891][T13089]  <TASK>
[  567.621818][T13089]  dump_stack_lvl+0x16c/0x1f0
[  567.626504][T13089]  should_fail_ex+0x497/0x5b0
[  567.631178][T13089]  ? fs_reclaim_acquire+0xae/0x150
[  567.636300][T13089]  should_failslab+0xc2/0x120
[  567.640983][T13089]  __kmalloc_noprof+0xcb/0x510
[  567.645749][T13089]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  567.651388][T13089]  tomoyo_realpath_from_path+0xb9/0x720
[  567.656940][T13089]  ? tomoyo_path_number_perm+0x235/0x590
[  567.662578][T13089]  ? tomoyo_path_number_perm+0x235/0x590
[  567.668215][T13089]  tomoyo_path_number_perm+0x248/0x590
[  567.673679][T13089]  ? tomoyo_path_number_perm+0x235/0x590
[  567.679315][T13089]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  567.685310][T13089]  ? __pfx___schedule+0x10/0x10
[  567.690184][T13089]  ? irqentry_exit+0x3b/0x90
[  567.694776][T13089]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.699990][T13089]  ? __x64_sys_ioctl+0x94/0x200
[  567.704844][T13089]  ? security_file_ioctl+0x18/0x240
[  567.710048][T13089]  security_file_ioctl+0x9b/0x240
[  567.715079][T13089]  __x64_sys_ioctl+0xb7/0x200
[  567.719765][T13089]  do_syscall_64+0xcd/0x250
[  567.724275][T13089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.730189][T13089] RIP: 0033:0x7f0d4db7fed9
[  567.734617][T13089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.754236][T13089] RSP: 002b:00007f0d4e93e058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  567.762652][T13089] RAX: ffffffffffffffda RBX: 00007f0d4dd46160 RCX: 00007f0d4db7fed9
[  567.770626][T13089] RDX: 00007cb7562f2d67 RSI: 000000000000545c RDI: 0000000000000008
[  567.778592][T13089] RBP: 00007f0d4e93e0a0 R08: 0000000000000000 R09: 0000000000000000
[  567.786561][T13089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.794530][T13089] R13: 0000000000000000 R14: 00007f0d4dd46160 R15: 00007fffc2b04cb8
[  567.802512][T13089]  </TASK>
[  567.810432][T13089] ERROR: Out of memory at tomoyo_realpath_from_path.
[  567.835877][  T969] usb 6-1: config 5 interface 121 altsetting 248 endpoint 0x5 has an invalid bInterval 168, changing to 7
[  567.847359][  T969] usb 6-1: config 5 interface 121 has no altsetting 0
[  567.874078][  T969] usb 6-1: New USB device found, idVendor=05c6, idProduct=9001, bcdDevice=a1.67
[  567.912536][  T969] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.937497][  T969] usb 6-1: Product: syz
[  567.941998][  T969] usb 6-1: Manufacturer: syz
[  567.946936][  T969] usb 6-1: SerialNumber: syz
[  568.293841][T13118] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  568.543184][T13129] netlink: 'syz.5.1812': attribute type 11 has an invalid length.
[  569.592742][T13143] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1823'.
[  570.292677][  T969] usb 6-1: USB disconnect, device number 3
[  570.324027][T13145] netlink: 'syz.0.1822': attribute type 11 has an invalid length.
[  571.480650][T13173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1830'.
[  571.869513][   T29] audit: type=1400 audit(1733631705.328:810): avc:  denied  { getopt } for  pid=13180 comm="syz.2.1831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  571.929399][   T29] audit: type=1400 audit(1733631705.328:811): avc:  denied  { ioctl } for  pid=13180 comm="syz.2.1831" path="socket:[38982]" dev="sockfs" ino=38982 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  572.199535][T13191] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1832'.
[  572.731257][    T9] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  572.883731][    T9] usb 2-1: Using ep0 maxpacket: 16
[  572.890277][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.908530][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.947612][T13191] bond0: option ad_select: unable to set because the bond device is up
[  573.066949][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  573.361355][    T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  573.376579][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.396714][    T9] usb 2-1: config 0 descriptor??
[  573.625956][T13206] FAULT_INJECTION: forcing a failure.
[  573.625956][T13206] name failslab, interval 1, probability 0, space 0, times 0
[  573.638868][T13206] CPU: 0 UID: 0 PID: 13206 Comm: syz.6.1834 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  573.649627][T13206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  573.659691][T13206] Call Trace:
[  573.662956][T13206]  <TASK>
[  573.665873][T13206]  dump_stack_lvl+0x16c/0x1f0
[  573.670547][T13206]  should_fail_ex+0x497/0x5b0
[  573.675210][T13206]  ? fs_reclaim_acquire+0xae/0x150
[  573.680318][T13206]  should_failslab+0xc2/0x120
[  573.684985][T13206]  __kmalloc_noprof+0xcb/0x510
[  573.689737][T13206]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  573.695368][T13206]  tomoyo_realpath_from_path+0xb9/0x720
[  573.700905][T13206]  ? tomoyo_path_number_perm+0x235/0x590
[  573.706524][T13206]  ? tomoyo_path_number_perm+0x235/0x590
[  573.712161][T13206]  tomoyo_path_number_perm+0x248/0x590
[  573.717607][T13206]  ? tomoyo_path_number_perm+0x235/0x590
[  573.723227][T13206]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  573.729214][T13206]  ? __pfx_lock_release+0x10/0x10
[  573.734223][T13206]  ? trace_lock_acquire+0x14e/0x1f0
[  573.739416][T13206]  ? lock_acquire+0x2f/0xb0
[  573.743903][T13206]  ? __fget_files+0x40/0x3a0
[  573.748486][T13206]  ? __fget_files+0x206/0x3a0
[  573.753157][T13206]  security_file_ioctl+0x9b/0x240
[  573.758184][T13206]  __x64_sys_ioctl+0xb7/0x200
[  573.762855][T13206]  do_syscall_64+0xcd/0x250
[  573.767351][T13206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.773236][T13206] RIP: 0033:0x7efc3597fed9
[  573.777634][T13206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  573.797230][T13206] RSP: 002b:00007efc337d5058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  573.805649][T13206] RAX: ffffffffffffffda RBX: 00007efc35b46080 RCX: 00007efc3597fed9
[  573.813608][T13206] RDX: 00000000200002c0 RSI: 0000000000008946 RDI: 000000000000000a
[  573.821564][T13206] RBP: 00007efc337d50a0 R08: 0000000000000000 R09: 0000000000000000
[  573.829520][T13206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  573.837477][T13206] R13: 0000000000000000 R14: 00007efc35b46080 R15: 00007ffc2c8fd9e8
[  573.845444][T13206]  </TASK>
[  573.848528][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.923887][T13206] ERROR: Out of memory at tomoyo_realpath_from_path.
[  574.187397][    T9] microsoft 0003:045E:07DA.002D: ignoring exceeding usage max
[  574.213882][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.002D/input/input67
[  574.391529][T13196] syz.0.1833 (13196): drop_caches: 2
[  574.451318][    T9] microsoft 0003:045E:07DA.002D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  574.506345][ T5868] usb 2-1: USB disconnect, device number 65
[  574.549414][T13212] netlink: 'syz.5.1836': attribute type 11 has an invalid length.
[  574.560391][   T29] audit: type=1326 audit(1733631708.048:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13211 comm="syz.5.1836" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x0
[  574.583291][    C0] vkms_vblank_simulate: vblank timer overrun
[  574.828781][T13210] syz.6.1834 (13210): drop_caches: 2
[  574.869749][   T29] audit: type=1400 audit(1733631708.348:813): avc:  denied  { validate_trans } for  pid=13221 comm="syz.0.1838" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  576.366083][T13264] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1845'.
[  576.375252][T13264] bond0: option ad_select: unable to set because the bond device is up
[  577.519281][T13279] overlayfs: failed to clone upperpath
[  577.728819][ T5939] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  577.758512][   T29] audit: type=1400 audit(1733631711.228:814): avc:  denied  { setopt } for  pid=13285 comm="syz.5.1851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  577.785016][   T29] audit: type=1400 audit(1733631711.228:815): avc:  denied  { nlmsg_write } for  pid=13285 comm="syz.5.1851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  577.876037][T13290] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1852'.
[  577.885267][T13290] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1852'.
[  578.463530][ T5939] usb 2-1: device descriptor read/64, error -71
[  579.624844][ T5939] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  579.747563][T13298] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1855'.
[  579.773233][ T5939] usb 2-1: device descriptor read/64, error -71
[  580.603588][ T5939] usb usb2-port1: attempt power cycle
[  581.080748][T13318] Cannot find del_set index 0 as target
[  581.113475][ T5939] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  581.156657][ T6031] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  581.226499][ T5939] usb 2-1: device descriptor read/8, error -71
[  581.992673][T12116] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  582.191084][T13331] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  582.232288][T13331] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  582.253309][T13331] gretap1: entered promiscuous mode
[  582.258750][T13331] gretap1: entered allmulticast mode
[  582.268179][   T29] audit: type=1400 audit(1733631715.748:816): avc:  denied  { map } for  pid=13332 comm="syz.6.1867" path="/dev/vbi7" dev="devtmpfs" ino=992 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  582.394074][ T5927] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  582.543224][ T5927] usb 6-1: Using ep0 maxpacket: 8
[  582.570031][ T5927] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  582.587016][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.599254][ T5927] usb 6-1: Product: syz
[  582.619820][ T5927] usb 6-1: Manufacturer: syz
[  582.625440][ T5927] usb 6-1: SerialNumber: syz
[  582.636159][ T5927] usb 6-1: config 0 descriptor??
[  582.862548][ T5927] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  583.538963][T13328] Invalid source name
[  583.543009][T13328] UBIFS error (pid: 13328): cannot open "ubifs", error -22
[  583.558572][ T5927] gspca_sunplus: reg_w_riv err -110
[  583.571077][ T5927] sunplus 6-1:0.0: probe with driver sunplus failed with error -110
[  583.799734][ T5927] usb 6-1: USB disconnect, device number 4
[  584.661825][T13365] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1876'.
[  585.790939][T13376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1879'.
[  585.801878][T13376] geneve0: entered promiscuous mode
[  585.808577][T13376] geneve0: entered allmulticast mode
[  586.775728][ T5927] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  586.913262][ T5927] usb 6-1: device descriptor read/64, error -71
[  587.225023][ T5927] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  587.996249][ T5927] usb 6-1: device descriptor read/64, error -71
[  588.037094][   T29] audit: type=1326 audit(1733631721.508:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  588.150160][ T5927] usb usb6-port1: attempt power cycle
[  588.182815][   T29] audit: type=1326 audit(1733631721.508:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  589.176150][   T29] audit: type=1326 audit(1733631721.518:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  589.199680][   T29] audit: type=1326 audit(1733631721.518:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  589.773626][T13411] fuse: Unknown parameter '184467440737095516150x0000000000000007'
[  590.199833][   T29] audit: type=1326 audit(1733631721.518:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  590.233830][ T5927] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  590.241683][   T29] audit: type=1326 audit(1733631721.518:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  590.265345][   T29] audit: type=1326 audit(1733631721.518:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  590.288923][   T29] audit: type=1326 audit(1733631721.518:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  590.312670][   T29] audit: type=1326 audit(1733631721.518:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  590.336247][   T29] audit: type=1326 audit(1733631721.518:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13402 comm="syz.2.1887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f003f97fed9 code=0x7ffc0000
[  590.443607][ T5927] usb 6-1: device not accepting address 7, error -71
[  591.465330][ T5927] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  591.496244][ T5927] usb 6-1: Using ep0 maxpacket: 32
[  591.514497][ T5927] usb 6-1: unable to get BOS descriptor or descriptor too short
[  591.525816][ T5927] usb 6-1: config 0 has an invalid interface number: 165 but max is 0
[  591.544731][ T5927] usb 6-1: config 0 has no interface number 0
[  591.586173][ T5927] usb 6-1: config 0 interface 165 has no altsetting 0
[  591.595765][ T5927] usb 6-1: New USB device found, idVendor=07c4, idProduct=a109, bcdDevice=ba.a6
[  591.607759][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.626803][ T5927] usb 6-1: Product: syz
[  591.635758][ T5927] usb 6-1: Manufacturer: syz
[  591.642676][ T5927] usb 6-1: SerialNumber: syz
[  591.670025][ T5927] usb 6-1: config 0 descriptor??
[  591.783944][T13430] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  591.918694][ T5927] ums-datafab 6-1:0.165: USB Mass Storage device detected
[  591.978600][ T5927] ums-sddr55 6-1:0.165: USB Mass Storage device detected
[  592.060208][ T5927] usb 6-1: USB disconnect, device number 8
[  596.543340][T13469] fuse: Unknown parameter '184467440737095516150x0000000000000007'
[  597.675732][T13474] FAULT_INJECTION: forcing a failure.
[  597.675732][T13474] name failslab, interval 1, probability 0, space 0, times 0
[  597.725283][T13474] CPU: 0 UID: 0 PID: 13474 Comm: syz.5.1906 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  597.736067][T13474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  597.746099][T13474] Call Trace:
[  597.749364][T13474]  <TASK>
[  597.752275][T13474]  dump_stack_lvl+0x16c/0x1f0
[  597.756948][T13474]  should_fail_ex+0x497/0x5b0
[  597.761599][T13474]  ? fs_reclaim_acquire+0xae/0x150
[  597.766703][T13474]  should_failslab+0xc2/0x120
[  597.771358][T13474]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  597.777140][T13474]  ? __alloc_skb+0x2b1/0x380
[  597.781703][T13474]  __alloc_skb+0x2b1/0x380
[  597.786094][T13474]  ? __pfx___alloc_skb+0x10/0x10
[  597.791004][T13474]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[  597.797320][T13474]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  597.804493][T13474]  netlink_alloc_large_skb+0x69/0x130
[  597.809845][T13474]  netlink_sendmsg+0x689/0xd70
[  597.814599][T13474]  ? __pfx_netlink_sendmsg+0x10/0x10
[  597.819873][T13474]  ____sys_sendmsg+0xaaf/0xc90
[  597.824627][T13474]  ? copy_msghdr_from_user+0x10b/0x160
[  597.830060][T13474]  ? __pfx_____sys_sendmsg+0x10/0x10
[  597.835327][T13474]  ___sys_sendmsg+0x135/0x1e0
[  597.839978][T13474]  ? __pfx____sys_sendmsg+0x10/0x10
[  597.845156][T13474]  ? __pfx_lock_release+0x10/0x10
[  597.850167][T13474]  ? trace_lock_acquire+0x14e/0x1f0
[  597.855349][T13474]  ? __fget_files+0x206/0x3a0
[  597.860004][T13474]  __sys_sendmsg+0x16e/0x220
[  597.864569][T13474]  ? __pfx___sys_sendmsg+0x10/0x10
[  597.869661][T13474]  do_syscall_64+0xcd/0x250
[  597.874145][T13474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.880015][T13474] RIP: 0033:0x7f488f17fed9
[  597.884404][T13474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  597.903992][T13474] RSP: 002b:00007f4890003058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  597.912381][T13474] RAX: ffffffffffffffda RBX: 00007f488f345fa0 RCX: 00007f488f17fed9
[  597.920327][T13474] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  597.928273][T13474] RBP: 00007f48900030a0 R08: 0000000000000000 R09: 0000000000000000
[  597.936219][T13474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  597.944176][T13474] R13: 0000000000000000 R14: 00007f488f345fa0 R15: 00007fffbe5f9d68
[  597.952129][T13474]  </TASK>
[  599.225137][   T11] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.341450][   T11] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.582576][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  599.594166][   T11] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.614914][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  599.653479][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  599.729101][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  599.737881][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  599.745254][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  599.925385][   T11] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.106798][T13507] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1916'.
[  600.173588][T13507] bond0: option ad_select: unable to set because the bond device is up
[  601.474529][T13515] netlink: 'syz.0.1917': attribute type 11 has an invalid length.
[  601.813275][ T5827] Bluetooth: hci0: command tx timeout
[  602.702652][T13525] team0 (unregistering): Port device team_slave_0 removed
[  602.751620][T13525] team0 (unregistering): Port device team_slave_1 removed
[  602.779810][T13525] vlan0: left allmulticast mode
[  602.787840][T13525] veth0_vlan: left allmulticast mode
[  602.807926][T13525] vlan0: left promiscuous mode
[  602.832396][T13525] team0 (unregistering): Port device vlan2 removed
[  602.972609][   T11] bridge_slave_1: left allmulticast mode
[  603.001080][   T11] bridge_slave_1: left promiscuous mode
[  603.032009][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.084212][   T11] bridge_slave_0: left allmulticast mode
[  603.453713][   T11] bridge_slave_0: left promiscuous mode
[  603.461659][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.925506][ T5827] Bluetooth: hci0: command tx timeout
[  604.952800][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  604.980689][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  604.997522][   T11] bond0 (unregistering): Released all slaves
[  605.919493][T13499] chnl_net:caif_netlink_parms(): no params data found
[  605.973228][ T5827] Bluetooth: hci0: command tx timeout
[  606.201412][   T29] kauditd_printk_skb: 6 callbacks suppressed
[  606.208875][   T29] audit: type=1400 audit(1733631739.678:833): avc:  denied  { bind } for  pid=13583 comm="syz.0.1932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  606.567907][T13499] bridge0: port 1(bridge_slave_0) entered blocking state
[  606.584556][T13499] bridge0: port 1(bridge_slave_0) entered disabled state
[  606.603665][T13499] bridge_slave_0: entered allmulticast mode
[  606.642311][T13499] bridge_slave_0: entered promiscuous mode
[  606.781707][  T969] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  607.558674][T13499] bridge0: port 2(bridge_slave_1) entered blocking state
[  607.588281][T13499] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.716767][T13499] bridge_slave_1: entered allmulticast mode
[  607.723595][T13499] bridge_slave_1: entered promiscuous mode
[  608.475393][ T5827] Bluetooth: hci0: command tx timeout
[  608.514649][   T11] hsr_slave_0: left promiscuous mode
[  608.547768][  T969] usb 2-1: Using ep0 maxpacket: 8
[  608.552885][   T11] hsr_slave_1: left promiscuous mode
[  608.556142][  T969] usb 2-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17
[  608.576047][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  608.578563][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.591637][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  608.602359][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  608.609663][  T969] usb 2-1: Product: syz
[  608.623585][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  608.623679][  T969] usb 2-1: Manufacturer: syz
[  608.657305][  T969] usb 2-1: SerialNumber: syz
[  608.665842][   T11] veth1_macvtap: left promiscuous mode
[  608.671326][   T11] veth0_macvtap: left promiscuous mode
[  608.685122][  T969] usb 2-1: config 0 descriptor??
[  608.688398][   T11] veth1_vlan: left promiscuous mode
[  608.710336][   T11] veth0_vlan: left promiscuous mode
[  608.717198][  T969] hub 2-1:0.0: bad descriptor, ignoring hub
[  608.726107][  T969] hub 2-1:0.0: probe with driver hub failed with error -5
[  608.748996][  T969] gspca_main: jeilinj-2.14.0 probing 0979:0270
[  609.091342][   T29] audit: type=1400 audit(1733631742.568:834): avc:  denied  { append } for  pid=13601 comm="syz.1.1935" name="event3" dev="devtmpfs" ino=1014 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  609.147392][T13640] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1935'.
[  609.992021][   T11] team0 (unregistering): Port device team_slave_1 removed
[  610.357852][   T11] team0 (unregistering): Port device team_slave_0 removed
[  611.760283][T13619] ipvlan0: entered promiscuous mode
[  611.765680][T13619] ipvlan0: entered allmulticast mode
[  611.770962][T13619] veth0_vlan: entered allmulticast mode
[  611.907304][T13640] tipc: Enabling of bearer <eth:vlan0> rejected, failed to enable media
[  611.950310][T13499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  611.982368][   T29] audit: type=1400 audit(1733631745.458:835): avc:  denied  { accept } for  pid=13661 comm="syz.2.1945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  612.030163][T13499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  612.068972][T13666] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1946'.
[  612.122947][T11262] usb 2-1: USB disconnect, device number 70
[  612.213919][T13499] team0: Port device team_slave_0 added
[  612.302092][T13499] team0: Port device team_slave_1 added
[  612.397366][T13499] batman_adv: batadv0: Adding interface: batadv_slave_0
[  612.529171][T13499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.641360][T13499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  613.343350][T13499] batman_adv: batadv0: Adding interface: batadv_slave_1
[  613.350331][T13499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  613.376519][T13499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.583866][ T5986] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  613.720137][T13499] hsr_slave_0: entered promiscuous mode
[  613.732600][T13499] hsr_slave_1: entered promiscuous mode
[  614.644357][T13714] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1952'.
[  615.128822][T13727] fuse: Unknown parameter '184467440737095516150x0000000000000007'
[  615.593673][T13499] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  615.613977][T13499] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  615.624220][T13499] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  615.669314][T13499] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  615.683589][T11262] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  615.748139][T13499] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.762508][T13499] 8021q: adding VLAN 0 to HW filter on device team0
[  615.839628][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.846732][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.864134][T11262] usb 2-1: Using ep0 maxpacket: 16
[  615.874878][T11262] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.886805][T11262] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  615.896822][T11262] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  615.909905][T11262] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  615.919102][T11262] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.936342][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  615.943442][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  615.997237][T11262] usb 2-1: config 0 descriptor??
[  616.039697][T13735] netlink: 'syz.2.1959': attribute type 10 has an invalid length.
[  616.055415][T13735] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  616.553760][T11262] microsoft 0003:045E:07DA.002E: ignoring exceeding usage max
[  616.567088][T13499] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.782389][T11262] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.002E/input/input70
[  616.914436][T11262] microsoft 0003:045E:07DA.002E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  616.995803][T11262] usb 2-1: USB disconnect, device number 71
[  618.164774][T13783] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1964'.
[  618.801986][T13499] veth0_vlan: entered promiscuous mode
[  618.860058][T13499] veth1_vlan: entered promiscuous mode
[  618.976122][T13499] veth0_macvtap: entered promiscuous mode
[  619.012354][T13499] veth1_macvtap: entered promiscuous mode
[  619.038215][T13499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  619.049463][T13499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  619.060492][T13499] batman_adv: batadv0: Interface activated: batadv_slave_0
[  619.098988][T13499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  619.114084][T13499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  619.125453][T13499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  619.137249][T13499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  619.148685][T13499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  619.160432][T13499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  619.171593][T13499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  619.189141][T13499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  619.202061][T13499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  619.216827][T13499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  619.234317][T13499] batman_adv: batadv0: Interface activated: batadv_slave_1
[  619.640319][T13499] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  619.669188][T13499] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  619.710696][T13499] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  619.735621][T13499] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  619.762620][T13809] netlink: 40227 bytes leftover after parsing attributes in process `syz.1.1971'.
[  619.796163][T13810] netlink: 40227 bytes leftover after parsing attributes in process `syz.1.1971'.
[  620.066904][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.169125][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.403450][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.411369][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.616017][T13852] xt_CT: You must specify a L4 protocol and not use inversions on it
[  622.745422][T13868] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1984'.
[  623.811029][   T29] audit: type=1400 audit(1733631757.278:836): avc:  denied  { write } for  pid=13867 comm="syz.2.1984" path="socket:[40900]" dev="sockfs" ino=40900 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  624.599971][   T29] audit: type=1326 audit(1733631758.078:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  624.624167][   T29] audit: type=1326 audit(1733631758.078:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  624.661809][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  624.668247][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  624.893355][   T29] audit: type=1326 audit(1733631758.078:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  625.140354][   T29] audit: type=1326 audit(1733631758.078:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  625.281842][T13902] serio: Serial port ptm0
[  625.288640][   T29] audit: type=1326 audit(1733631758.078:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  625.330772][T13902] netlink: 'syz.7.1990': attribute type 4 has an invalid length.
[  625.743203][   T29] audit: type=1326 audit(1733631758.078:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  625.933777][   T29] audit: type=1326 audit(1733631758.078:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  625.961494][   T29] audit: type=1326 audit(1733631758.138:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  625.985797][   T29] audit: type=1326 audit(1733631758.138:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13890 comm="syz.5.1988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488f17fed9 code=0x7ffc0000
[  626.311791][T13915] overlayfs: failed to clone lowerpath
[  630.358533][T13985] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526
[  630.394794][T13992] =======================================================
[  630.394794][T13992] WARNING: The mand mount option has been deprecated and
[  630.394794][T13992]          and is ignored by this kernel. Remove the mand
[  630.394794][T13992]          option from the mount to silence this warning.
[  630.394794][T13992] =======================================================
[  630.394798][   T29] kauditd_printk_skb: 21 callbacks suppressed
[  630.394811][   T29] audit: type=1400 audit(1733631763.878:867): avc:  denied  { remount } for  pid=13988 comm="syz.1.2004" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  631.266310][T13997] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  631.335461][T12116] Bluetooth: hci5: command 0x0405 tx timeout
[  631.682534][   T29] audit: type=1400 audit(1733631765.158:868): avc:  denied  { audit_write } for  pid=14011 comm="syz.1.2009" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  632.112840][T14014] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  632.124258][T14014] macvtap1: entered promiscuous mode
[  632.129728][T14014] macvtap1: entered allmulticast mode
[  632.135407][T14014] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  632.186874][T14014] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  632.194219][T14014] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  633.088182][T14034] FAULT_INJECTION: forcing a failure.
[  633.088182][T14034] name failslab, interval 1, probability 0, space 0, times 0
[  633.107026][T14034] CPU: 0 UID: 0 PID: 14034 Comm: syz.5.2014 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  633.117823][T14034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  633.127859][T14034] Call Trace:
[  633.131118][T14034]  <TASK>
[  633.134197][T14034]  dump_stack_lvl+0x16c/0x1f0
[  633.138886][T14034]  should_fail_ex+0x497/0x5b0
[  633.143558][T14034]  ? fs_reclaim_acquire+0xae/0x150
[  633.148652][T14034]  should_failslab+0xc2/0x120
[  633.153316][T14034]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  633.159135][T14034]  ? __alloc_skb+0x2b1/0x380
[  633.163706][T14034]  __alloc_skb+0x2b1/0x380
[  633.168096][T14034]  ? __pfx___alloc_skb+0x10/0x10
[  633.173008][T14034]  ? is_bpf_text_address+0x30/0x1a0
[  633.178188][T14034]  alloc_skb_with_frags+0xe4/0x850
[  633.183274][T14034]  ? is_bpf_text_address+0x94/0x1a0
[  633.188465][T14034]  sock_alloc_send_pskb+0x7f1/0x980
[  633.193648][T14034]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  633.199348][T14034]  ? lock_acquire.part.0+0x11b/0x380
[  633.204617][T14034]  __ip_append_data+0x19c7/0x4160
[  633.209639][T14034]  ? lock_acquire+0x2f/0xb0
[  633.214123][T14034]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  633.219648][T14034]  ? lockdep_hardirqs_on+0x7c/0x110
[  633.224841][T14034]  ? ip_dst_mtu_maybe_forward.constprop.0+0x274/0x4c0
[  633.231581][T14034]  ? __pfx___ip_append_data+0x10/0x10
[  633.236935][T14034]  ip_make_skb+0x27d/0x300
[  633.241347][T14034]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  633.246873][T14034]  ? __pfx_ip_make_skb+0x10/0x10
[  633.251790][T14034]  ? ip_route_output_key_hash+0x16c/0x2e0
[  633.257490][T14034]  ? __pfx_lock_release+0x10/0x10
[  633.262496][T14034]  ? udp_sendmsg+0x1889/0x29e0
[  633.267250][T14034]  udp_sendmsg+0x1889/0x29e0
[  633.271824][T14034]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  633.277350][T14034]  ? __pfx_udp_sendmsg+0x10/0x10
[  633.282331][T14034]  ? avc_has_perm+0x11b/0x1c0
[  633.286990][T14034]  ? __pfx___lock_acquire+0x10/0x10
[  633.292176][T14034]  ? __pfx_udp_sendmsg+0x10/0x10
[  633.297095][T14034]  inet_sendmsg+0x105/0x140
[  633.301597][T14034]  ____sys_sendmsg+0x98c/0xc90
[  633.306342][T14034]  ? copy_msghdr_from_user+0x10b/0x160
[  633.311780][T14034]  ? __pfx_____sys_sendmsg+0x10/0x10
[  633.317042][T14034]  ? __lock_acquire+0xcc5/0x3c40
[  633.321961][T14034]  ? hlock_class+0x4e/0x130
[  633.326442][T14034]  ? __lock_acquire+0x15a9/0x3c40
[  633.331457][T14034]  ___sys_sendmsg+0x135/0x1e0
[  633.336110][T14034]  ? __pfx____sys_sendmsg+0x10/0x10
[  633.341285][T14034]  ? __pfx___lock_acquire+0x10/0x10
[  633.346475][T14034]  ? __pfx___might_resched+0x10/0x10
[  633.351739][T14034]  ? __might_fault+0xe3/0x190
[  633.356398][T14034]  __sys_sendmmsg+0x201/0x420
[  633.361064][T14034]  ? __pfx___sys_sendmmsg+0x10/0x10
[  633.366265][T14034]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  633.372259][T14034]  ? fput+0x67/0x440
[  633.376143][T14034]  ? ksys_write+0x1ba/0x250
[  633.380627][T14034]  ? __pfx_ksys_write+0x10/0x10
[  633.385475][T14034]  __x64_sys_sendmmsg+0x9c/0x100
[  633.390401][T14034]  ? lockdep_hardirqs_on+0x7c/0x110
[  633.395584][T14034]  do_syscall_64+0xcd/0x250
[  633.400070][T14034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.405959][T14034] RIP: 0033:0x7f488f17fed9
[  633.410351][T14034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.429939][T14034] RSP: 002b:00007f4890003058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  633.438326][T14034] RAX: ffffffffffffffda RBX: 00007f488f345fa0 RCX: 00007f488f17fed9
[  633.446274][T14034] RDX: 0400000000000077 RSI: 0000000020000180 RDI: 0000000000000004
[  633.454240][T14034] RBP: 00007f48900030a0 R08: 0000000000000000 R09: 0000000000000000
[  633.462191][T14034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  633.470157][T14034] R13: 0000000000000000 R14: 00007f488f345fa0 R15: 00007fffbe5f9d68
[  633.478110][T14034]  </TASK>
[  635.041503][T14056] netlink: 'syz.7.2019': attribute type 11 has an invalid length.
[  635.363466][ T5897] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  635.606556][T14078] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2021'.
[  636.115942][ T5897] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  636.133271][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  636.225687][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  636.236516][T14086] netlink: 'syz.0.2025': attribute type 11 has an invalid length.
[  636.259037][ T5897] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  636.317949][ T5897] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  636.330989][T14091] netlink: 'syz.7.2024': attribute type 11 has an invalid length.
[  636.338097][ T5897] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  636.368467][ T5897] usb 6-1: Manufacturer: syz
[  636.389145][ T5897] usb 6-1: config 0 descriptor??
[  637.983423][T14114] overlayfs: missing 'lowerdir'
[  638.847781][ T5897] appleir 0003:05AC:8243.002F: unknown main item tag 0x0
[  638.855423][ T5897] appleir 0003:05AC:8243.002F: No inputs registered, leaving
[  638.864829][ T5897] appleir 0003:05AC:8243.002F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  639.904399][T14129] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2032'.
[  640.663421][ T5897] usb 6-1: USB disconnect, device number 9
[  640.689230][T14133] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2033'.
[  641.137938][T14147] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2034'.
[  641.147253][T14147] bond0: option ad_select: unable to set because the bond device is up
[  643.408305][T14172] Bluetooth: Error in BCSP hdr checksum
[  643.534080][T14152] netlink: 'syz.7.2040': attribute type 1 has an invalid length.
[  645.588301][ T5827] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  645.601586][T12116] Bluetooth: hci6: command 0x1003 tx timeout
[  646.583707][T14202] netlink: 'syz.1.2049': attribute type 11 has an invalid length.
[  646.628459][T14206] netlink: 'syz.5.2051': attribute type 11 has an invalid length.
[  647.213244][ T5867] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  647.364847][ T5867] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.399271][ T5867] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  647.441399][ T5867] usb 8-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.00
[  647.490184][ T5867] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.554862][T14229] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2052'.
[  647.572515][ T5867] usb 8-1: config 0 descriptor??
[  647.735496][   T30] INFO: task syz.4.1536:11883 blocked for more than 143 seconds.
[  647.743383][   T30]       Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  647.751036][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  647.763333][   T30] task:syz.4.1536      state:D stack:27696 pid:11883 tgid:11875 ppid:5821   flags:0x00000006
[  647.780857][   T30] Call Trace:
[  647.785618][   T30]  <TASK>
[  647.788806][   T30]  __schedule+0xe58/0x5ad0
[  647.800100][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  647.810072][   T30]  ? __pfx___schedule+0x10/0x10
[  647.820726][   T30]  ? schedule+0x298/0x350
[  647.839527][   T30]  ? __pfx_lock_release+0x10/0x10
[  647.844978][   T30]  ? lock_acquire+0x2f/0xb0
[  647.849545][   T30]  ? schedule+0x1fd/0x350
[  647.854315][   T30]  schedule+0xe7/0x350
[  647.858558][   T30]  schedule_timeout+0x244/0x280
[  647.863689][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  647.870930][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  647.876439][   T30]  __wait_for_common+0x3e1/0x600
[  647.881502][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  647.888279][   T30]  ? __pfx___wait_for_common+0x10/0x10
[  647.894145][   T30]  ? __pfx_try_to_wake_up+0x10/0x10
[  647.899442][   T30]  wait_for_completion_state+0x1c/0x40
[  647.909677][   T30]  do_coredump+0x86f/0x49e0
[  647.914851][   T30]  ? unwind_get_return_address+0x59/0xa0
[  647.920618][   T30]  ? __pfx_do_coredump+0x10/0x10
[  647.930882][   T30]  ? stack_trace_save+0x95/0xd0
[  647.936131][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[  647.941633][   T30]  ? hlock_class+0x4e/0x130
[  647.943192][T11262] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  647.957942][   T30]  ? stack_depot_save_flags+0x28/0x8f0
[  647.964613][   T30]  ? kasan_save_stack+0x42/0x60
[  647.969569][   T30]  ? kasan_save_stack+0x33/0x60
[  647.975204][   T30]  ? kasan_save_track+0x14/0x30
[  647.980063][   T30]  ? kasan_save_free_info+0x3b/0x60
[  647.985399][   T30]  ? __kasan_slab_free+0x51/0x70
[  647.991225][   T30]  ? kmem_cache_free+0x152/0x4c0
[  647.996270][   T30]  ? __sigqueue_free+0xba/0x2a0
[  648.001134][   T30]  ? get_signal+0xcbc/0x26c0
[  648.008995][   T30]  ? arch_do_signal_or_restart+0x90/0x7e0
[  648.015566][   T30]  ? syscall_exit_to_user_mode+0x150/0x2a0
[  648.021383][   T30]  ? find_held_lock+0x2d/0x110
[  648.029231][   T30]  ? proc_coredump_connector+0x2d2/0x4f0
[  648.035845][   T30]  ? __pfx_proc_coredump_connector+0x10/0x10
[  648.041848][   T30]  get_signal+0x230b/0x26c0
[  648.042976][ T5867] elan 0003:04F3:074D.0030: item fetching failed at offset 5/7
[  648.050286][   T30]  ? __pfx_force_sigsegv+0x10/0x10
[  648.054571][ T5867] elan 0003:04F3:074D.0030: Hid Parse failed
[  648.059786][   T30]  ? __pfx_get_signal+0x10/0x10
[  648.065839][ T5867] elan 0003:04F3:074D.0030: probe with driver elan failed with error -22
[  648.079197][   T30]  ? __asan_memset+0x23/0x50
[  648.084956][   T30]  arch_do_signal_or_restart+0x90/0x7e0
[  648.091421][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  648.098236][   T30]  syscall_exit_to_user_mode+0x150/0x2a0
[  648.104173][   T30]  do_syscall_64+0xda/0x250
[  648.108842][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.114990][   T30] RIP: 0033:0x7f1b6aa406d0
[  648.117396][T11262] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  648.119499][   T30] RSP: 002b:00007f1b6b8e7378 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  648.133192][T11262] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.138405][   T30] RAX: 0000000000000000 RBX: 00007f1b6ad46160 RCX: 00007f1b6ab7fed9
[  648.145787][T11262] usb 6-1: Product: syz
[  648.157901][T11262] usb 6-1: Manufacturer: syz
[  648.158316][   T30] RDX: 00007f1b6b8e7380 RSI: 00007f1b6b8e74b0 RDI: 000000000000000b
[  648.162668][T11262] usb 6-1: SerialNumber: syz
[  648.170866][   T30] RBP: 00007f1b6abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[  648.188592][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  648.198201][   T30] R13: 0000000000000000 R14: 00007f1b6ad46160 R15: 00007ffff07fcf78
[  648.199969][T11262] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  648.221776][   T30]  </TASK>
[  648.226122][   T30] 
[  648.226122][   T30] Showing all locks held in the system:
[  648.239505][   T30] 1 lock held by khungtaskd/30:
[  648.246630][   T30]  #0: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390
[  648.262918][   T30] 3 locks held by kworker/1:2/969:
[  648.269394][   T30]  #0: ffff8880b863ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  648.288833][   T30]  #1: ffff8880b8728a88 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2c1/0x8e0
[  648.293518][ T5867] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  648.331493][   T30]  #2: ffff88804532a240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1bb/0x26d0
[  648.352133][   T30] 2 locks held by getty/5568:
[  648.357157][   T30]  #0: ffff88803710a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  648.367274][   T30]  #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480
[  648.378134][   T30] 2 locks held by kworker/1:4/5867:
[  648.383714][   T30]  #0: ffff88801b078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  648.409778][   T30]  #1: ffffc90002e37d80 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  648.442879][   T30] 1 lock held by syz.0.2052/14229:
[  648.454908][   T30]  #0: ffffffff8e1c6d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x700
[  648.471757][   T30] 
[  648.482266][   T30] =============================================
[  648.482266][   T30] 
[  648.500464][   T30] NMI backtrace for cpu 1
[  648.504825][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  648.515341][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  648.525409][   T30] Call Trace:
[  648.528701][   T30]  <TASK>
[  648.531638][   T30]  dump_stack_lvl+0x116/0x1f0
[  648.536336][   T30]  nmi_cpu_backtrace+0x27b/0x390
[  648.541291][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  648.547298][   T30]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  648.553302][   T30]  watchdog+0xf14/0x1240
[  648.557568][   T30]  ? __pfx_watchdog+0x10/0x10
[  648.562259][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  648.567478][   T30]  ? __kthread_parkme+0x148/0x220
[  648.572531][   T30]  ? __pfx_watchdog+0x10/0x10
[  648.577226][   T30]  kthread+0x2c1/0x3a0
[  648.581319][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  648.586532][   T30]  ? __pfx_kthread+0x10/0x10
[  648.591139][   T30]  ret_from_fork+0x45/0x80
[  648.595561][   T30]  ? __pfx_kthread+0x10/0x10
[  648.600164][   T30]  ret_from_fork_asm+0x1a/0x30
[  648.604960][   T30]  </TASK>
[  648.608547][   T30] Sending NMI from CPU 1 to CPUs 0:
[  648.614040][    C0] NMI backtrace for cpu 0
[  648.614052][    C0] CPU: 0 UID: 0 PID: 14260 Comm: dhcpcd-run-hook Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  648.614068][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  648.614075][    C0] RIP: 0010:const_folio_flags+0x33/0x1f0
[  648.614095][    C0] Code: 89 f3 e8 f0 23 b0 ff 48 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 90 01 00 00 4c 8b 65 08 <31> ff 41 83 e4 01 4c 89 e6 e8 2f 26 b0 ff 4d 85 e4 0f 85 ff 00 00
[  648.614107][    C0] RSP: 0000:ffffc900035079a0 EFLAGS: 00000246
[  648.614118][    C0] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81ea97b2
[  648.614129][    C0] RDX: 1ffffd400009b711 RSI: ffffffff81e9e250 RDI: ffffea00004db888
[  648.614140][    C0] RBP: ffffea00004db880 R08: 0000000000000005 R09: 0000000000000000
[  648.614149][    C0] R10: 0000000000000000 R11: 0000000000000005 R12: ffffea00004db8c8
[  648.614159][    C0] R13: ffffea00004db880 R14: 0000000000000001 R15: ffffea00004db898
[  648.614167][    C0] FS:  00007f1a62629500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  648.614181][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  648.614190][    C0] CR2: 00007f1a62822440 CR3: 000000005bbde000 CR4: 00000000003526f0
[  648.614199][    C0] Call Trace:
[  648.614203][    C0]  <NMI>
[  648.614208][    C0]  ? nmi_cpu_backtrace+0x1d8/0x390
[  648.614224][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  648.614238][    C0]  ? nmi_handle+0x1ac/0x5d0
[  648.614252][    C0]  ? const_folio_flags+0x33/0x1f0
[  648.614265][    C0]  ? default_do_nmi+0x6a/0x160
[  648.614278][    C0]  ? exc_nmi+0x170/0x1e0
[  648.614292][    C0]  ? end_repeat_nmi+0xf/0x53
[  648.614316][    C0]  ? folio_add_file_rmap_ptes+0x142/0x310
[  648.614331][    C0]  ? const_folio_flags+0x10/0x1f0
[  648.614343][    C0]  ? const_folio_flags+0x33/0x1f0
[  648.614355][    C0]  ? const_folio_flags+0x33/0x1f0
[  648.614369][    C0]  ? const_folio_flags+0x33/0x1f0
[  648.614381][    C0]  </NMI>
[  648.614385][    C0]  <TASK>
[  648.614390][    C0]  folio_add_file_rmap_ptes+0x18f/0x310
[  648.614406][    C0]  set_pte_range+0x135/0x520
[  648.614421][    C0]  filemap_map_pages+0x57b/0x16b0
[  648.614435][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  648.614458][    C0]  ? __pfx_filemap_map_pages+0x10/0x10
[  648.614474][    C0]  ? do_pte_missing+0xcec/0x3e70
[  648.614488][    C0]  ? lock_acquire+0x2f/0xb0
[  648.614501][    C0]  ? do_pte_missing+0xcec/0x3e70
[  648.614515][    C0]  ? __pfx_filemap_map_pages+0x10/0x10
[  648.614527][    C0]  do_pte_missing+0xdab/0x3e70
[  648.614544][    C0]  __handle_mm_fault+0x103c/0x2a40
[  648.614561][    C0]  ? lock_vma_under_rcu+0x6b9/0x980
[  648.614574][    C0]  ? __pfx___handle_mm_fault+0x10/0x10
[  648.614597][    C0]  handle_mm_fault+0x3fa/0xaa0
[  648.614617][    C0]  do_user_addr_fault+0x60d/0x13f0
[  648.614634][    C0]  exc_page_fault+0x5c/0xc0
[  648.614649][    C0]  asm_exc_page_fault+0x26/0x30
[  648.614665][    C0] RIP: 0033:0x7f1a626fcbfe
[  648.614674][    C0] Code: 00 48 8d 35 a4 58 12 00 48 0f 44 f0 83 fa 0a 74 0e 83 fa 10 74 28 89 d1 83 fa 08 75 5d eb 3d 48 89 f8 31 d2 49 ff c8 48 f7 f1 <8a> 14 16 41 88 10 48 89 fa 48 89 c7 48 83 fa 09 77 e3 eb 58 48 89
[  648.614686][    C0] RSP: 002b:00007ffd96ddacf8 EFLAGS: 00010216
[  648.614696][    C0] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 000000000000000a
[  648.614704][    C0] RDX: 0000000000000000 RSI: 00007f1a62822440 RDI: 0000000000000000
[  648.614712][    C0] RBP: 00007ffd96ddb220 R08: 00007ffd96ddb1cf R09: 00007ffd96ddade8
[  648.614721][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffd96ddb390
[  648.614728][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  648.614742][    C0]  </TASK>
[  648.620977][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  648.976380][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  648.986862][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  648.996897][   T30] Call Trace:
[  649.000156][   T30]  <TASK>
[  649.003077][   T30]  dump_stack_lvl+0x3d/0x1f0
[  649.007664][   T30]  panic+0x71d/0x800
[  649.011552][   T30]  ? __pfx_panic+0x10/0x10
[  649.015962][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  649.021323][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  649.027287][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  649.032644][   T30]  ? watchdog+0xd7e/0x1240
[  649.037047][   T30]  ? watchdog+0xd71/0x1240
[  649.041452][   T30]  watchdog+0xd8f/0x1240
[  649.045686][   T30]  ? __pfx_watchdog+0x10/0x10
[  649.050347][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  649.055532][   T30]  ? __kthread_parkme+0x148/0x220
[  649.060545][   T30]  ? __pfx_watchdog+0x10/0x10
[  649.065210][   T30]  kthread+0x2c1/0x3a0
[  649.069268][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  649.074451][   T30]  ? __pfx_kthread+0x10/0x10
[  649.079029][   T30]  ret_from_fork+0x45/0x80
[  649.083428][   T30]  ? __pfx_kthread+0x10/0x10
[  649.088009][   T30]  ret_from_fork_asm+0x1a/0x30
[  649.092768][   T30]  </TASK>
[  649.095972][   T30] Kernel Offset: disabled
[  649.100294][   T30] Rebooting in 86400 seconds..