last executing test programs:

9m38.39333171s ago: executing program 3 (id=548):
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000080)={0x60, 0x3, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x3, 0x0, 0x0, 0x10000, 0x10, 0x20, 0x14, 0x11})
r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x0, 0x5, 0xf})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)=""/182, 0xb6}], 0x1)
io_uring_enter(r2, 0x54, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='setgroups\x00')
prctl$PR_GET_TSC(0x43, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_setup(0x901, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
fcntl$setstatus(r7, 0x4, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

9m37.055772739s ago: executing program 3 (id=550):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000ffdbdf250900000008000300", @ANYRES32=r5, @ANYBLOB='\b\x007\x00\x00\x00\x00\x00\n\x00\b\x00'], 0x30}, 0x1, 0x0, 0x0, 0x24000081}, 0x20000000)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r6, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x4)
r9 = geteuid()
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@remote, 0x4e21, 0xa8da, 0x4e23, 0xd, 0xa, 0x20, 0x80, 0x6c, r6, r9}, {0x5a6, 0x9, 0x3, 0xd, 0xffffffffffff655a, 0xcb15017, 0x9, 0xfffffffffffffff7}, {0x1ff, 0x6, 0x45d9, 0xfffffffffffffff7}, 0x2, 0x6e6bbc, 0x2, 0x1, 0x2, 0x3}, {{@in=@remote, 0x4d4, 0x3c}, 0xa, @in=@private=0xa010101, 0x0, 0x3, 0x3, 0x9, 0x8, 0x101, 0x3}}, 0xe8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@delchain={0x34, 0x2c, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff2, 0xffff}, {0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4010)

9m35.521168346s ago: executing program 3 (id=553):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9})
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000d60900004ce801007baaf0ff00000000bf2700000000000007080000fffdffffbf9400000000000007040000f0ffffff640200000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004608f0f076000000bf9800110000000056080000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1400000004000000040000000800000000000000", @ANYRES32, @ANYBLOB="000000000047e9bc153571f10000000000000004", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x11, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000020c0)={0x0, 0x0, 0x0, 0x0, 0x2, r3, 0x4}, 0x38)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)="ae7aa9b51d41c2d5252c53843c0b927c5b71948efc77cfc7a45adb1358b4bbc0b3435b7e01f3dfd43528121fd257b4cdb706453172f74ba68e6c96c1c837cdf62c73e5a2e03e50ab4e9b3d8668378249319f45583feab77a183226249859eab10a0c1474adc98e4c535573d98c2612423779258f32b2cb44ef718eb921a16fb6c1286f875b5432b3214cbeb039ca4f6c4bca5afda7a3ee0dce4c9923770a3c4c3ef06496", 0xa4}], 0x1}}], 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000080000006a0a00ff000000002e00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000000000002505000000000000009500ecff00000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x480, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4140aecd, &(0x7f0000000040))
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x6, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="a03e324fb80c", 0x0, 0x0, 0x0, 0x0, 0x0})

9m35.120237238s ago: executing program 3 (id=555):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'wg1\x00', 0xb800})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@gettfilter={0x44, 0x2e, 0x100, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xd, 0xf}, {0x9, 0xfff2}, {0xb, 0xffff}}, [{0x8, 0xb, 0x401}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x8000}, {0x8, 0xb, 0x8001}]}, 0x44}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
fsetxattr(r2, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
fgetxattr(r2, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r3 = epoll_create1(0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
set_robust_list(&(0x7f0000000400)={0x0, 0x7}, 0x18)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000140))
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x821c10, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x112dd10, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f00000000c0)={0x9e, @dev={0xac, 0x14, 0x14, 0x29}, 0x4e20, 0x3, 'wrr\x00', 0xbfea27a05c20faa2, 0x2, 0x4f}, 0x2c)

9m34.156661827s ago: executing program 3 (id=558):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="030300000000fcffffff0c"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000280), &(0x7f0000000400)}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)

9m33.472387304s ago: executing program 3 (id=561):
fsopen(0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x10000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x0, {0x2, 0x0, @private}, 'lo\x00'})
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f00000002c0)=0x13, 0x4)

9m31.38045998s ago: executing program 32 (id=561):
fsopen(0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x10000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x0, {0x2, 0x0, @private}, 'lo\x00'})
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f00000002c0)=0x13, 0x4)

3m16.716737589s ago: executing program 0 (id=1486):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0xc, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$MAP_CREATE(0x1800000000000000, &(0x7f0000000b00)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

3m15.574552555s ago: executing program 0 (id=1488):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28)
writev(r0, &(0x7f00000016c0)=[{&(0x7f00000006c0)="5877e793bdd3904c578c5f40b7152e75a59e12363e30d3ee58b6f647fb73147821d9a29d0212b2edaecc1a5978089305ca9f34a10af97dc62319ba64324a7334b999e2698637655505acadf0407dd666d52c09998f0cf4083c15c88fd2bcd2619a3dd393d3efcf07dcfe62b16094ce9fcf3c9580397365a1070bd2be36038daba08d3158698305413707acafc7d240bcaac5d61cf012e2c9a3b2df5ff1f53e48a8167ff81489569b0cf155df2b2ef9d5c640beed0d3d3f8f47decc377cf0747583ef41802c202f0c5b84010c853c5d05a38c7fefd32921a4b5f18104466cef98f81dcf5433c2db944be8246fa69b476c1d5d5438665aaa36488f8ad185af6d87a9ea21d818454dee5f3d244083b5438c2a1759c63a19c7badacd410d269e1e277b57b34a8d6a7fb183c8ab6587329b36b3d52c65d8aa7417335736ab8b739a54b7e3f6be647946e4b0aa0f22168edeacf84a3f99a87ca3e87ea400255728614f6b3e13ab4e7da164d5f3634dd7c710d809573077288c848983dffb2bdce18a2aaaa877eaea4d973660834b8c61e1693b28a62e9407945267f7130c84909dbf5556a5c53268f3a70867ac5806d041e495a446867bf348baff0ec4b457cc9d8bd1544ac2faa9231cf7aeb642b93a50d909de176bdf16626759c5d8fc22877b00c12bbf9d3bb1a68f8f534ecddb6d629ba51977d8088a2e81a65486678f0718afbc675186b4c6658a67226f38fee16d81771f1af75b984a5779364c1eb9ee504799b5d686172325dc32a2b956c05dcbdba0ee208a9df44a06ac735d6c882a1e21da78a619a9f1c8c45a582cbc4adf7a551490f4651fa327e4eaeeea278fb0ad823624e0defd6d38c9fa74dee4b83b869e07ee7e7451db226cfa1bcc3a5fc0ec3f32b1acf53389da7933559d3874336fe754c9df4a82e46713ba501ae87dd6d51622d50a10b4cc6de95713a5034d01670395825f3f543f5dfbe31e303b2bc3a2a37ed377d95a6bc25096fe707615eb9a3d5b0eeacbfb6e0fc42402817479bcc7fc79960f6fd5631ba39e607287c4f4c838ab8701dc8e4e9470324233adbfd0abab44bb9870ed92e1c98d98aa6692bd00ed76fc253e94f105f4d246efa6b5ef55e30466609b247cc757b3fe3758a4f64b55eb2635c65a4045ca912323bd9d2d4d64d4bebd74be60d0df519498cc1223718b3f37cdde7f039cfe0de9e2fd41f94d01fefeb2cc7d65f1164428122bab44f33aad4e7da6181635f2a3c7b5ec0b5759ad1a5ea1c802bc5bd3efc2c631c1925c23f308de11cedefef2ac8a8c49c4e7cdc39f37bf9eaefb2a4bc4655f3dff0cb4820f6d14a4b831705568fc14cb5b7562b66fd3950b8dd2e1c1d1d7827d12f2d47badd604ef02e6f04cd376f99c52f776c4e70385d5b548054525a74d0dd65b26032520c4a37769b5839bb26df61861b31d8e514c344481f69cd8de9a3a7d01b5414f8a411463354ce0d7524c01323049d242c1be20e8b70efda38888a8e106c85fc11cd240b286e4201d8bfa5ae020f60d81abc3717801cfd51ee0f1fe2affc8f27d4b96c6feece17733d7fb27d32bd32df291be81a5e48e03217d22e1deaf7bc42019f60e64c8bd6a4c9046cc1afb8c8cf084d494ca3ef367945c1d7649d733fa9b3ae93fbd4dc207474d2e4f5be0b4369b9921880296a3584ad947d6283e3de254939ddf41d6e0153aaf8defedac8eeba6ef4b1112f0fa6ac946e1cc06e2146aa5ee47e7e7af3edbdc9d12e13eff32062d59cb3778dc5f24a171af6dcfc1dfca8dc74e07b91c5cc0954090cbe4ab7149d92f307970e4530d9641b6baf77f6548a0ee90a073a17ddabb081ac6fd20a43414c7649b7f2585e3de48c862edcc6da4e12d8cb98ff77c320024fd0265a90342f6d08ba7a3ce2982808f13be4ea859a294828751bf0c720217518db0cfd6aa0cad16bb8458dfb66f0fdd3d8ee5d419492a18cf5372abd860491024d7d134927f2a81b51a8a2b1f706884e9ebc2655178b2254b2fd40f08858bb719bba3963b07b859aea89f8e2c139bdf1a4173cd6cf46e6878a18b9e95b0412dd788d0753f3be106601a4433ec243d4cda3834e1e63c392396632847e29d327e32ec24608f2ec946b649a342832e9ea3cfd4749a22250e0c6a991677cf0bae2dba73559d857e024d65fd03e4682025f57d90d7992d80b6edd3e9abe039bb09ab0c12305a36d41b35f91e7255624eb13e852db8d19c520a18b6668170715959d8e41b59639055a867024102953da2da4d31d35d8bad2862bb7402105951c535ee852c2002c6e7f3e0b6cbd3b5a94ae1b28b0bb18517fa97ef2a1eb9a4c08dc25cde6fbe2ea75b0ae839b70b80a97be8d2b905de9a93539cfdc267a16e4c3dfc63dec90bb972d2237697c331a4e426657cb644ba6c89b9524f1fad9580055feb9707ed6c47fb5f852dea1e851aa2b72d640fb5384b396055d714c4e3019d39b58419f534c06ed6c00eb861a21caf77fa50f47bc4575a2b68b38574966649cb7bcdf32ab528d1bebe30946d30b9cf1ae4f604e3b1927fd912a02ca7d3e4f9a2cfb2e46a3c6685d37001ffe5d9a64b0201ea7812f444c4dbc2631de0cdb1303fecc320c32cead7c9abd6502f43e09413ca0946b3dc382d1e1cf66fbb5e5e55d2e26a19167fcfd486589334e4e76466e806eca87cac854a66d683812a6d508f6552fb78882b55b92cc1fb8baa443e889fd68abecb3c2cd3898897a1c8af87b3a9a0e5d51eafe1dc8a2428a46635caf1cdcc10212d71645b0755aac857cfa3a7fb78f22c861a657837d00dd3778d4bf0153c2925ecc28590257754805dc95e7aecc8513be0eacacb64e20af29ff0037206bd9e6fdb5a863921fc0b3e8c70aaa13a2f140b9812005e1284175b2403c27ae5aa950e66f8211c402637d1200cc6691147bb7ed558f1ce60e072bb71dabf0836efaaeb194c23a2bff70765282dbc447d8134d79c7284728d2279acc12351dfcfe3bb97945e4f0fe6d5166f66a612ec4341857c9c5162b7306c81f372a0c77e7bc85ffaf0afac4f8a732b7ce0c5201f6f9312fed8d7e25a669bd0a1f37fcf9f41a3d728305ac8a7c44477610d1bb698e278baa5182ecc817cf08ad8a45dec298df7d2b933aa5c0a3f45982ab5bf879027bb513c412f384c4ee80b769b0d79ed88ad03fedd0b325f0f26fa2c8c1c4ed9b2711b99e31b6ae19b0eb10c8bde73da63bf81571a7a7e1e6761a472930e3d406e699c677a95cd595c9794cf6f3155d106b6e558c5049bb9b162a3c5f1a50822667cb2837badf480a16d1155563aae7d96755671b72192522337f5379e7378f8bdba099f20dabafa62cdaf680744dc343ece76b09bf3ccafdb40a7ee43276d1c5a9dd6e64cbc2f0dce166983a020752cd13946682e2fd03bc9d09928c756996a4e2dadca37563480bf8c731155861123215a0b25f31d9cbe1dc9b8b16fa5b00f8c05c39b551a3291539a95a6a5eeafc962ebbe6e82515ceb9d735f463702b2bf0cf810e838027ee262d27a7d1219256f961363cee8c77a9e22d26936e3ec9dde4084258c2a33c55e200bb2a570cba4eeaf3d30e6d510eff36932b079bc13911c7a4994a006fb5708428f060aa85e000a0c7e8bc9d9dff0d4ae075feb9e12d85149f9e26c732b7cd289bf351b533d961e5e8fa29e46013e19f8f6ee6e1fb5b49b45e8b1375c81ecf6342e299528a2e57fb65c2ae5faa613dbf76e0b3cd8b2e5166352d90ec29c52df33f29cccf105a252c7f0ac3cdf6ed96f3405e78990668987748cb81cc020fe311c3b8b0a02865fd05af919c6165bf8f378c6f19b3f12cb8fa45532a89777902ae0977679d4c18480f2489c58f9a42a1867690afc4cb8dbf20be7675bbfe4088d571e67d2e6ff812e876bf30097e55109568d4e5a4332399503a9123ca5ca21e03af2745db6b38cde8218ac56e7f2da8aa3986dc0c0276486666ae24815a2916be4f40b54d7a83d1e134c02c74b6205964edbbabcc92fee28c55ebacdf8112b3fbdba7efbf8180060ff4df7bf78a58a8cf984ebc237a116488f792886bab0e2da27a9027a4c928f175ac73fcbb2daa05458d8a0bda365e253e852c3a47ac8ff6f728b3d7b6d2e83eccc49ab9f125e550342d7b88d72fa2808cf797327ead3ef7add455b3ec33ee420fccbfe6f3d5272226911722a7d7b7f1d8b639939a0d0555bc1272ef9e01b46095d1b05ce9c64276b6a8885b9a141dddf1dc82fe91529b1f82ed1edab1cc2e5ac2c5250968a9020d15ef0472e298069d05b35362a57cc661196c99fa4e154565af00ece065942883faaf3a3e40266c319e346b3027019832e25393e12ae6ff1c67225d8659a718d2ede443b43568a68491623343bc9c9456768c858ccd5ef9e853b292ca39472af4e1126f161e795f740e424da22f23d04ab98ab295c8edc8fc685c060fd96a9a44c0dd823be8dddae0961ee6845c70ae3e3e45ee3491ba46fefd2741b9c836a9dae77d277dc8d457fcde6aeb51eca8f31dfc277f30bcb081886977117b92829ede770cbb37af378da2909ae035af12a49a75093a69bcc63fa3579b54894e0b3ab4dc9cd6307abc631a95c3629c86aee445a5e075476bf4394a5cfc9050e58ee98e5fe165a7d11a6495939e56e11b788c23c0de9fb4ab48850c3c975fb4c8650bfded88865deb6ace3fbb023b6667ee96c69d6206d78a587e7b561809eaca69a32ea982f358acb8962fcaeda809849a2fee54d45162242d7b8f0b50924cc201bd39bf5b6239bff0f84a22e4e65d26eb653e9408684", 0xd41}], 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000007c0)=[{{&(0x7f00000002c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c, 0x0}}], 0x1, 0x40)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x18, &(0x7f00000002c0)=@assoc_value, &(0x7f0000000040)=0x8)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x10012, r1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "0d00d761cfccf6d8"}, 0x28)
recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/111, 0xff1}], 0x1}, 0x0)

3m15.35509643s ago: executing program 0 (id=1491):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socketpair(0x1, 0x80001, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
io_uring_setup(0x17ba, &(0x7f0000000340)={0x0, 0x0, 0xc, 0x2, 0x354})
sched_getparam(r0, &(0x7f00000003c0))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000e40)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x28}, &(0x7f0000000100)='./file0\x00', 0x18})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r3 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0x32)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)

3m14.002949514s ago: executing program 0 (id=1494):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f00000022c0)='./file0\x00', 0x65)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x8afa89, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x24000, 0x0) (fail_nth: 6)

3m12.814432273s ago: executing program 0 (id=1496):
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000080)={0x1ff, 0x8, '\x00', 0x1, &(0x7f0000000040)=[0x0]})
copy_file_range(r0, &(0x7f00000000c0)=0x4, r0, &(0x7f0000000100)=0x5, 0x9, 0x0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000140)={'ipvs\x00'}, &(0x7f0000000180)=0x1e)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='afs_send_data\x00', 0xffffffffffffffff, 0x0, 0x7ff}, 0x18)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x160, 0x1e, 0x200, 0x70bd28, 0x25dfdbfd, {0xb}, [@generic="e0cbe746d5d6517481898077e6c75671e2c2dc2e1a9745fcd917bb45792c8cd291a211f73cf3096d872bc3bf0de443c1bc907ba14fd105edf8e2e1680b2cf7e9819fcdd2d565af254d3e4464912ebd72a81a851d65af7986051dd94e9c47ce21b0d721d8e72fd96997528fe60bca599aa00c6a175716f7aef90c496327fd73e903567962788a09d76ea14835a9cff13761", @typed={0xc, 0x41, 0x0, 0x0, @u64=0x5b7}, @generic="ed06a0babb922b13b9e3e20870c1fd4f17d74dcfa94737593a09cb789b50f175b970ce1386be99dc14c4f1c662929733c61d6343a3005a5a1eae5f7f78348a9b", @generic="021cec9e4a17ea6a7602813a5df17ba772004e54ca2dc12d2aebfacf3105bce55e4bc0d5ae67fe15d1408eb9cbb9a671ecc83fbd996864ce5355dcbe8a299a962475cb56c8ec7eec22979bfba0", @nested={0x18, 0xfb, 0x0, 0x1, [@nested={0x4, 0x3d}, @typed={0x4, 0x134}, @nested={0x4, 0x13b}, @nested={0x4, 0xea}, @nested={0x4, 0x10a}]}, @typed={0x8, 0x12c, 0x0, 0x0, @fd=r1}]}, 0x160}, 0x1, 0x0, 0x0, 0x5}, 0x8004)
r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000480)='devices.allow\x00', 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000540)={'ip6tnl0\x00', &(0x7f00000004c0)={'ip6gre0\x00', <r3=>0x0, 0x2f, 0x81, 0xe, 0x0, 0xa, @loopback, @private2, 0x80, 0x8000, 0x9, 0x7}})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000580)={@remote, r3}, 0x14)
close(r0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f00000005c0)={"24cf4bc2ba4a4c556ededb840492f5782a29b890d58d49120f3107453ff7", 0x7, 0x81, 0x26d5, [0x4, 0x7, 0x5, 0x7, 0x0, 0x8001, 0x5, 0xbaaa, 0x100, 0x1, 0x572c, 0xc0000000, 0x5, 0x1, 0x6, 0x1, 0x5, 0x6]})
setsockopt$inet6_buf(r0, 0x29, 0xcd, &(0x7f0000000640)="9e95264d572c9b43a5e2fa43587c88d10ac01638f2f9e55cd03882924bab32b8d7c7c3bd1cd3b34f41fb9cd54ef9bddd72948b9f476cbea37b458c0172ad3a5f571774df0cb3e59ac76f41d4a844f18734e541a0b5e1e2feb5343172c213a745821ee6e4d4fd4e55fc5992117d1683b13443127a48f24aa33855095c975e104635406e1c385813db6eccb9ea30abf8718ea93cd0dbc81abe36017611620b36f1b8c6e85258ae35594f93aee10841ab9c9493e015a6ea38be52010f2532acd74dd6f31736af042aa36fdf0843c766b9c1d39e858a606492e7fe57f47ee49f71deb94fdc74b9236f3770026f", 0xeb)
read$FUSE(r0, &(0x7f0000000740)={0x2020, 0x0, 0x0, <r4=>0x0, 0x0, <r5=>0x0}, 0x2020)
quotactl_fd$Q_QUOTAON(r2, 0xffffffff80000200, r4, &(0x7f0000002780)='./file0\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000002880)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000002840)={&(0x7f0000002800)=@bridge_getneigh={0x38, 0x1e, 0x1, 0x70bd2d, 0x25dfdbfb, {0x7, 0x0, 0x0, r3, 0x882a, 0x40}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x59f0a}, @IFLA_TARGET_NETNSID={0x8, 0x2e, 0x2}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f00000028c0)={0x1d, r3}, 0x10)
connect$inet6(r0, &(0x7f0000002900)={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x400}, 0x1c)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000002940)={0x0, 0xffffffffffffffff, 0x5, 0xffffffffffff8001, 0x7fff, 0x7f})
ioctl$USBDEVFS_DISCARDURB(r0, 0x550b, &(0x7f0000002980)=0xfffffffffffffff9)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000002a00), r0)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000003240)={&(0x7f00000029c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003200)={&(0x7f0000002a40)={0x7ac, r7, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_PEERS={0x758, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x6d4, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x588, 0x9, 0x0, 0x1, [{0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x1}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @empty}}, {0x5, 0x3, 0x1}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1c}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x39}}, {0x5, 0x3, 0x2}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ALLOWEDIPS={0xc8, 0x9, 0x0, 0x1, [{0xc4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "319a70cf18aee97adb2faa47dfc928b5f75722e9bb75cc6ccad9a24e0574863a"}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x6, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x9}}, @WGPEER_A_PUBLIC_KEY={0x24}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @multicast1}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9a68951f389b66b21b732430145f64d4331ef4fc5103d5d5990637fdbd063647"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @local}}]}]}]}, 0x7ac}, 0x1, 0x0, 0x0, 0x4044884}, 0x4881)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000003280), 0x4000, 0x0)
ioprio_set$pid(0x3, r5, 0x6007)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f00000032c0)=[0x401, 0xd, 0x65761ad4, 0x101, 0x80000000, 0x2, 0x0, 0x10])
socket$vsock_stream(0x28, 0x1, 0x0)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000003340), r0)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000003400)={&(0x7f0000003300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000033c0)={&(0x7f0000003380)={0x1c, r8, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)

3m12.305263173s ago: executing program 0 (id=1501):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_open_dev$vim2m(&(0x7f0000000580), 0x300, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x80000000, 0x0, 0x41414270, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000100)={0x10002, 0x2, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x8200, &(0x7f00000003c0)=ANY=[@ANYBLOB='mpol=bind:0-N:N'])
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000140)=0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x7, &(0x7f00000003c0))
syz_emit_ethernet(0x14, &(0x7f0000000100)={@local, @dev, @void, {@generic={0x8863, "d4a7a9bd3cdc"}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioperm(0x5, 0x3d, 0x80000000001f)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000080)=0x8001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x2b, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4473}}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1000}}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @tail_call, @exit]}, &(0x7f0000000180)='GPL\x00', 0x5, 0x53, &(0x7f0000000300)=""/83, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x7, 0x1, 0x3}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[0xffffffffffffffff, 0x1], &(0x7f0000000600)=[{0x2, 0x1, 0x3}], 0x10, 0x3, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f00000007c0)={r4, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0, 0xfffffffb, 0x0, 0x1f, 0x0, &(0x7f0000000780)="ae7e9a4e9999bd0ccbc8a468a9a02d25cdaaa84c561fa7f942a6a772203efb", 0x0, 0x2, 0x0, 0xa}, 0x50)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

3m11.83635263s ago: executing program 33 (id=1501):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_open_dev$vim2m(&(0x7f0000000580), 0x300, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x80000000, 0x0, 0x41414270, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000100)={0x10002, 0x2, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x8200, &(0x7f00000003c0)=ANY=[@ANYBLOB='mpol=bind:0-N:N'])
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000140)=0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x7, &(0x7f00000003c0))
syz_emit_ethernet(0x14, &(0x7f0000000100)={@local, @dev, @void, {@generic={0x8863, "d4a7a9bd3cdc"}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioperm(0x5, 0x3d, 0x80000000001f)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000080)=0x8001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x2b, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4473}}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1000}}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @tail_call, @exit]}, &(0x7f0000000180)='GPL\x00', 0x5, 0x53, &(0x7f0000000300)=""/83, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x7, 0x1, 0x3}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[0xffffffffffffffff, 0x1], &(0x7f0000000600)=[{0x2, 0x1, 0x3}], 0x10, 0x3, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f00000007c0)={r4, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0, 0xfffffffb, 0x0, 0x1f, 0x0, &(0x7f0000000780)="ae7e9a4e9999bd0ccbc8a468a9a02d25cdaaa84c561fa7f942a6a772203efb", 0x0, 0x2, 0x0, 0xa}, 0x50)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

1m50.888971638s ago: executing program 4 (id=1755):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0xfff2, r3, {0x0, 0x1}, {}, {0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x6, 0x8, 0x5}, {0x600, 0x1, 0x6}}}]}]}]}}]}, 0x54}}, 0x0)

1m50.536704753s ago: executing program 4 (id=1759):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x100000, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_MASTER={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc, 0x9, {0x26, 0x3}}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40804}, 0x400c800)

1m49.808431114s ago: executing program 4 (id=1761):
setuid(0xee01)
pipe2$9p(&(0x7f0000000080), 0x4000)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x64f4, 0x3, 0x3}, 0x26, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001a00)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
write$binfmt_format(r4, &(0x7f0000001a40)='-1\x00', 0x3)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x4008800)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6800000010000104000000000000000000000000a45fdc893a7214cdfbfe638071642511865e2ec79186c84f5c96543110759ee3e3010b40536783df828306068afd9532366419258e65596665c3cda8198d0513d7b37ccb70bd4081bbecb6c3c462ed429be07a3445f41e9d906e80d10a5254da21f788b3aa0be7921faab6596a0304", @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="000000000404000008000a00", @ANYRES32=r2, @ANYBLOB="080004000008000008001b00ff0f00000800040080000000"], 0x68}}, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f00000000c0)={0x9, 0xffffffffffffffff, 0x1})
getuid()
r6 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000200)=0x632a, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x440000c0, &(0x7f0000000d40)={0xa, 0x4e21, 0x10001, @dev={0xfe, 0x80, '\x00', 0x3b}}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x31, &(0x7f0000000000)=0x1ad, 0x4)
recvmmsg(r6, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=""/129, 0x81}, 0x9}], 0x1, 0x12141, 0x0)

1m49.580528861s ago: executing program 4 (id=1764):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
umount2(0x0, 0x7)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100))
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x240028a2)
r3 = syz_open_dev$MSR(0x0, 0x0, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/75, 0x8e, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0)

1m48.026856594s ago: executing program 4 (id=1766):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x4000000000010046) (fail_nth: 9)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000000400)={r2, r0, 0x8f})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0)

1m47.782972932s ago: executing program 4 (id=1767):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xa, 0x4, 0x6, 0xff, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, 0x0, 0x0)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000001080)=""/240)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000180)={{@my=0x1, 0x6}, @hyper, 0xc, 0x7fff, 0x7fff, 0x8, 0x1, 0x7, 0x7fff})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)="a10000000000200000090000001f20", &(0x7f0000000080), 0x8000619, r0}, 0x38)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18)

1m31.938473382s ago: executing program 34 (id=1767):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xa, 0x4, 0x6, 0xff, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, 0x0, 0x0)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000001080)=""/240)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000180)={{@my=0x1, 0x6}, @hyper, 0xc, 0x7fff, 0x7fff, 0x8, 0x1, 0x7, 0x7fff})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)="a10000000000200000090000001f20", &(0x7f0000000080), 0x8000619, r0}, 0x38)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18)

13.079443773s ago: executing program 1 (id=2000):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40, 0x0, 0xc}, {0x6}]}, 0x10)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000540), 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x10, 0x6, 0x520, 0x1c0, 0x0, 0x290, 0x1c0, 0x290, 0x450, 0x450, 0x450, 0x450, 0x450, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0, 0x0, {0x7a00000000000000}}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@private0, @ipv4=@empty, 0xe}}}, {{@ipv6={@dev, @loopback, [], [], 'pimreg0\x00', 'veth1_macvtap\x00', {}, {}, 0x0, 0x0, 0x3, 0x20}, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x20}, @private0, [], [], 'bridge_slave_1\x00', 'gretap0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
chdir(0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r4 = syz_open_dev$media(&(0x7f00000006c0), 0x2, 0x40b02)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000940)=<r5=>0xffffffffffffffff)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r5, 0x7c80, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000066930108205050088000002030109021b0001"], 0x0)

8.976975225s ago: executing program 2 (id=2008):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000640)=0x3)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
creat(&(0x7f0000000280)='./file1\x00', 0x4)
ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000100)=0x9)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsopen(0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r1, 0x0, 0x0)

8.804763894s ago: executing program 7 (id=2010):
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000500)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, 'Y}+'}}, {@uid_eq}, {@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@uid_eq}]})

8.750375424s ago: executing program 1 (id=2011):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socketpair(0x1, 0x80001, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
io_uring_setup(0x17ba, &(0x7f0000000340)={0x0, 0x0, 0xc, 0x2, 0x354})
sched_getparam(r0, &(0x7f00000003c0))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000e40)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x28}, &(0x7f0000000100)='./file0\x00', 0x18})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r3 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0x32)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
add_key(0x0, &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)

8.695663883s ago: executing program 6 (id=2012):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f00000000c0)=0x32)
read(r1, &(0x7f00000019c0)=""/4107, 0x100b)
r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r2, &(0x7f00000002c0)=[{&(0x7f0000000180)}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x4, 0x8, 0x10, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)

8.070616446s ago: executing program 7 (id=2013):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x183341, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000007900)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000029a9e32ded4eede6fc39ed6894fa551aa21761f960f7e81105aeba91e128a2ff69d0954d9b6ef146fd5abb932450987c0d38dc60877c674ebbb3c459e4d2a90961e27a43ecfc0bc28e7dcd162905705a146de9bac0957a1686dd987ad51a93d8e9612d4ff2fa2bd17d7cadd982d6e80d8d12027420cbfd400bdcddf46006295b2fdda7300197bcb448ca48108977dab2b0b909c981e72df892824460d3bb16d2361525b59fc113f65c4780a5b320f872d921dcdd6705fdb02e2cc63c3908f64f946f5d256acc9d21f6b75cd7823700e339e88a9c21e5f0f53ac1c9ac5158d631dd8b3ffe73e3b8beea541bf0abe720994311573bb9e86e3f5774fab5"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x10008ff, &(0x7f0000000340))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x410482, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
modify_ldt$write(0x1, &(0x7f0000000080)={0x800}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

7.127917241s ago: executing program 2 (id=2015):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$USBDEVFS_CONNECTINFO(r0, 0x8004550f, &(0x7f0000002a40))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c000000100003050000f9000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128008000100677470002000028005000500000000001400080000000000000000000000000000000001"], 0x4c}}, 0x0)

7.11440928s ago: executing program 1 (id=2016):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x70bd2a, 0x25dfdbfc, {0x2, 0x0, 0x0, r3, 0x8, 0xc1, 0x2}, [@NDA_DST_IPV6={0x14, 0x1, @loopback}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4)
r4 = io_uring_setup(0x1fa, &(0x7f0000002400)={0x0, 0x1e19, 0x0, 0x1, 0x219})
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x2)
close_range(r4, 0xffffffffffffffff, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = accept4$alg(r7, 0x0, 0x0, 0x80000)
sendmmsg$alg(r8, &(0x7f0000006780)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000500)='y', 0x1}], 0x1, 0x0, 0x0, 0x2404002c}], 0x1, 0x4000000)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
syz_usb_connect(0x3, 0x325, &(0x7f0000000480)={{0x12, 0x1, 0x201, 0xe5, 0x4d, 0xea, 0x40, 0x10c4, 0xea70, 0x4398, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x313, 0x2, 0x9, 0x5, 0x30, 0x61, [{{0x9, 0x4, 0xc8, 0x2, 0xf, 0xc1, 0x69, 0x21, 0x0, [@uac_as={[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x4, 0x1, 0x7f, 0x1, "", "57fc"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x7, 0x6, 0xfd, 0x8, "3df7"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0xea6, 0x187, 0x2, "14d97144c493230d3a"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x2, 0x6, 0x7f}]}, @uac_control={{0xa, 0x24, 0x1, 0x7, 0x1}, [@feature_unit={0xd, 0x24, 0x6, 0x1, 0x1, 0x3, [0x2, 0x8, 0x9], 0x84}, @mixer_unit={0x8, 0x24, 0x4, 0x2, 0x3, "d321f9"}]}], [{{0x9, 0x5, 0xe, 0x1, 0x200, 0x6, 0xcd, 0xd6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0x4a}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x3, 0x9, 0x2}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x1, 0x9, 0x7, [@generic={0x81, 0x1, "bddf3a8bf2921f1e0d34f1dad066b22e0764289ccbc1bb0762501d8356ae404eec773b568cc118b1cb2c385acb7732dc34dd210c2aae2ddc2cb419e61cd8fc98cff5606088bf4bb7c3dbd6c2c17f056a3cbedfa662621d26163f54b4ac0c154beff62c9fa20e46c5a76faf86a1dfb1504692e674bdc9fa1f166f08efecbe2f"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0xc, 0x5}]}}, {{0x9, 0x5, 0x3, 0x0, 0x3ff, 0x4, 0x4c, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x1, 0x2}]}}, {{0x9, 0x5, 0xc, 0x0, 0x0, 0x0, 0x5, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x6, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x7, 0x4}]}}, {{0x9, 0x5, 0x2, 0xc, 0x400, 0x4c, 0x7, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0x50f}, @generic={0x5c, 0xb, "6a9ed82b10bf6ea616ab317b59898be43d3ccf6191770a1bd8b74e2fbb102f57e2bfcde487024abc86b65849d03baad35b9e7152e63d1f2516ed7de6873a08f798fa8eed027bcb29cd5e561646cc175412ab524626c99d7d86b8"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x400, 0x9, 0x3, 0x79}}, {{0x9, 0x5, 0x9, 0x10, 0x200, 0x5, 0xc, 0xdd}}, {{0x9, 0x5, 0x6, 0x8, 0x400, 0x2, 0x11, 0x1}}, {{0x9, 0x5, 0x5, 0x3, 0x8, 0x0, 0x1, 0x6}}, {{0x9, 0x5, 0x7, 0x2, 0x3ff, 0x9, 0xb5, 0x6}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x0, 0x5, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0xdd}]}}, {{0x9, 0x5, 0x0, 0x13, 0x88c283ae4f526ed5, 0x3, 0x28, 0x6}}, {{0x9, 0x5, 0x80, 0x8, 0x10, 0x6, 0x8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0xff, 0xfffc}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x3}]}}, {{0x9, 0x5, 0x4, 0xc, 0x400, 0x40, 0x7, 0x1}}]}}, {{0x9, 0x4, 0x35, 0xf8, 0x7, 0xb5, 0xc0, 0xee, 0x10, [], [{{0x9, 0x5, 0x6, 0x10, 0x1cf, 0x1, 0xfc, 0x4}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0xc0, 0x9, 0x1}}, {{0x9, 0x5, 0xa, 0x0, 0x200, 0x4, 0xc, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x70c2632a3bd76a1b, 0x2, 0xa}]}}, {{0x9, 0x5, 0xc, 0x1, 0x200, 0x1, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0x3139}]}}, {{0x9, 0x5, 0x9, 0x8, 0x20, 0x9, 0xff, 0x5}}, {{0x9, 0x5, 0x3, 0xc, 0x40, 0xc4, 0x1e, 0x4, [@generic={0x5b, 0x22, "14eae2ad57eceb4156bbef83336d0cafc9c3931c3bc1e58918a0a1134425ba6404eabd6f8ebf3c684034618c49d5952b2d2706fbeb1fd2c3ab773ae0a5156ff623bbef71130950b9e2942357ab8ce7f25bd0f6de989e48062d"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x10, 0x3, 0x4, 0x0, [@generic={0x59, 0xc, "b73766ec662bd10d24cf795aa99e435f435d9d27bb898bee2aef6b2859c8d9a377a6a2580837f17f50c29e923498bcfaf36256cc5d16d65d1600085b064c33ef31edad15fb9ad4c40ba646ff692e83737c9ac104fa254a"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x1}]}}]}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0xf3, 0x8, 0x5, 0x10, 0x3}, 0x71, &(0x7f0000000300)={0x5, 0xf, 0x71, 0x5, [@wireless={0xb, 0x10, 0x1, 0x8, 0xa0, 0x5, 0x0, 0x3, 0x80}, @ptm_cap={0x3}, @generic={0x4b, 0x10, 0x4, "c317f1983710bb39aed55ff81b7bf8472219383982f827da7db8e6f6ad8097cc312d1d11ede17721cb46cf24a71f1fbcc6bae90e3b683bb7090389945a5e80b39fc883309491ba4b"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x8, 0x1, 0x1}, @ssp_cap={0xc, 0x10, 0xa, 0x7, 0x0, 0x8, 0xff00, 0x3}]}, 0x2, [{0x78, &(0x7f0000000380)=@string={0x78, 0x3, "a5e7652abb48b0fde010962b9b97eeaaa890ffc54e739af698d708d7426a561554bd6a55bc97f16d366e3c260a9dbf4cc19fc56823ddd17cf2003f0fa583b3b7a2d6d4e819859c2b7a359c8084e4a5f5128498fbaabcd3659863fdf26b0d2151e19f50b863da60afbd981c9f604582f8efd858540167"}}, {0xe6, &(0x7f00000007c0)=@string={0xe6, 0x3, "9fc733c539cc9823d29ba637e7c1a872e0b52c544c7c1f37ee00992ebf1d02871d23f6f287e717e6f91a5839c96c615d5b4417e8cc97f38ef1465f88c4352bbcdea5fdac7c4507c2e51eb8b2090d9a91245327732a5893986c357049df88a20beb812e490b96dccacfa62857cf3f805b4d58d53cabaee9d5794541973caeb0b04ff80abf1c2de892e2f31f07ba61f19ad8339762e38dcfd6d05214118aa057b73884a3cfe02af8539e57820b57f18b3a5ea39f812c736abe73b0c3e4255c675bea3c05389411cd460c678d0c55ef6e9a00139fa8fe45778b90d65047a0529fbb26965e1e"}}]})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000005f000100000000000000000000001800d9"], 0x20}}, 0x0)

6.876424686s ago: executing program 6 (id=2017):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r2)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000480)={'filter\x00', 0x4}, 0x68)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000ffdbdf252b00000005002b000100000005002e00b20000000c0005000201aaaaaaaaaaaa08000200", @ANYRES32=r2, @ANYBLOB="05002b"], 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x850)
sendmsg$IEEE802154_LIST_PHY(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x100, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040001)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000300)=0x4, 0x4)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000240)=0x9)
sendto$inet(r4, &(0x7f0000000040)="0400", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000001200)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000001240)=<r7=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000001280)=<r8=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000012c0)=<r9=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000001300)=<r10=>0x0)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r1, &(0x7f0000001400)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001340)={0x64, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_FIRMWARE_NAME={0xb, 0x14, 'filter\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_FIRMWARE_NAME={0xb, 0x14, 'filter\x00'}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r11=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r12 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r12, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r12, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
read(r12, &(0x7f00000001c0)=""/4096, 0x1000)
ioctl$UFFDIO_COPY(r12, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000adb000/0x2000)=nil, &(0x7f0000fee000/0x11000)=nil, 0x2000})
socket(0x21, 0x80000, 0x2f)
accept$unix(r11, &(0x7f0000000140)=@abs, &(0x7f00000000c0)=0x6e)

6.592978934s ago: executing program 2 (id=2019):
r0 = socket(0xf, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="08000000000000000000f800eaffffffffffffff00000000000000006029c7d2fc70f535f7e0922df8e290325eea0526919d27a017e41773f7740b8695120b17b50de2581475ad67c6a4011e629b0d524bb7a0c8ad43"], 0x48)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv6_newrule={0x1c, 0x1a, 0x1, 0x400, 0x25dfdbff, {0x81, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10008}}, 0x1c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xd, &(0x7f0000000b40)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000c18148fc4a94b1a9ffb703000008000000b70400000000000003000000820000009500000000000000"], &(0x7f0000000680)='syzkaller\x00', 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$inet6(0xa, 0x80002, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afebebb25e18c732a820edca2f60be8c0ecd7e5a30282a0add95c6eb43b0afea34d91de7b20f4fb999d17c7fc418738f61cce38d656ce86e2d0a97f31dad0296ee63fb48e859003f88d0a27c874a47301dc0f1fd4f4e9b1bcd7806f715c751b94e182307d2d01278eb0ad2e1a48c3cac80ea5ec28b9b52f5cf6ea8b5611be5a24f91545cae2f581fd58fd47e6aa3b88b380442f21739319050ef702ffe604d7b1341013d330ad4e8d7c3cec17da298b4fcf1205e156f30642d654384d4be8b9eb4add6d9603e8fe122b9d70171d6f8ea5", 0xfffffdef}], 0x1}}], 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_open_dev$cec(0x0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
socket$inet6(0xa, 0x80002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
recvmsg$can_j1939(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x10100)
r7 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
write$bt_hci(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="0167d7000000c5bf1b247a"], 0xb)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
recvmsg(r3, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x100)
shutdown(r3, 0x0)

5.44029039s ago: executing program 1 (id=2021):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = semget(0x2, 0x4, 0x82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0xa8000)
r2 = signalfd(r1, &(0x7f0000000240)={[0x7f]}, 0x8)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="69f82d415818841fa013d79505cf641597da38432dd4178a1b", @ANYRES64=0x0], 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000b00000000000000000c85000000a800000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB="0200000006"], 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x5}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x8c8f}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0xe5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000880}, 0x880)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
fcntl$setownex(r1, 0xf, &(0x7f00000001c0)={0x0, r8})
r9 = getpid()
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe30)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
semop(r0, &(0x7f0000000040), 0x0)

5.421972108s ago: executing program 7 (id=2022):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket(0x2b, 0x80801, 0x1)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000080)="65be87527b788cdd256e008b66bfaa2d", 0x20)
r1 = socket$xdp(0x2c, 0x3, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000100)={0x0, 0xffddbf7f, 0x1000, 0x0, 0x1}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
r3 = add_key$keyring(&(0x7f0000000300), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000100)=@keyring={'key_or_keyring:', r4})
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00), 0x4)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

5.292706497s ago: executing program 5 (id=2023):
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000500)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, 'Y}+'}}, {@uid_eq}, {@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@uid_eq}]})

5.099467464s ago: executing program 5 (id=2024):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x500, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x11)
r1 = socket(0x10, 0x803, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000002c0)={0x0, 0x8}, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000240)=0x3)
ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f00000001c0)={'vxcan1\x00', {0x2, 0x0, @private}})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r5, 0x43, 0xfffffffffffffffe}, 0x1d)
splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
write(r2, 0x0, 0x0)

5.0006242s ago: executing program 7 (id=2025):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000640)=0x3)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
creat(&(0x7f0000000280)='./file1\x00', 0x4)
ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000100)=0x9)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsopen(0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)

4.033105392s ago: executing program 1 (id=2026):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socketpair(0x1, 0x80001, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
io_uring_setup(0x17ba, &(0x7f0000000340)={0x0, 0x0, 0xc, 0x2, 0x354})
sched_getparam(r0, &(0x7f00000003c0))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000e40)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x28}, &(0x7f0000000100)='./file0\x00', 0x18})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r3 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0x32)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
add_key(0x0, &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)

3.47205978s ago: executing program 2 (id=2027):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x30d803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x10d, &(0x7f0000000480)={0x0, 0xb76c, 0x8000, 0x0, 0x2f0, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000280))
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(0xffffffffffffffff, 0x101)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x3ce0}, 0x1, 0x0, 0x0, 0x20080d1}, 0x40008d5)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0xfd20, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000002c00010026bd7000fc3bdd250400000008001700", @ANYRES32=0x0, @ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

3.192521063s ago: executing program 6 (id=2028):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x4}, 0x18)
fchdir(r1)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/../file0\x00', 0x400000, 0x10)
r4 = openat(r3, &(0x7f0000000080)='./cgroup/../file0\x00', 0x0, 0x180)
getdents64(r4, &(0x7f0000001280)=""/4089, 0xff9)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1f, 0x7, 0xc, 0xffffffff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r8 = timerfd_create(0x0, 0x0)
read(r8, 0x0, 0x0)
write$binfmt_misc(r7, &(0x7f0000000000), 0xd)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffd1a, &(0x7f0000000000)='cgroup\x00'}, 0x30)
write$cgroup_pid(r6, &(0x7f00000001c0), 0x12)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r9, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r10, &(0x7f0000001fc0)=""/184, 0x20002078)

2.71021599s ago: executing program 5 (id=2029):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$USBDEVFS_CONNECTINFO(r0, 0x8004550f, &(0x7f0000002a40))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c000000100003050000f9000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128008000100677470002000028005000500000000001400080000000000000000000000000000000001"], 0x4c}}, 0x0)

2.68474701s ago: executing program 7 (id=2030):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_trie\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
lseek(r4, 0x7fffffffffffffff, 0x0)
keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r4, 0x4f)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@delneigh={0x30, 0x1a, 0x1, 0x70bd2b, 0x0, {0xa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4}, [@NDA_DST_IPV6={0x14, 0x1, @mcast2}]}, 0x30}}, 0x0)
r6 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x8000033, r6, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x275a, 0x0)

1.983338621s ago: executing program 5 (id=2031):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async, rerun: 32)
getresuid(0x0, 0x0, 0x0) (async, rerun: 32)
ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000080)=""/22)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x0, 0x0, 0x80, 0xff, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x0, 0x0, 0x7, 0x0, 0xf}, {0x0, 0x0, 0x8}], 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r3 = syz_open_dev$vcsa(&(0x7f0000000180), 0x5, 0x109002)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)=<r4=>0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r6=>0x0}, &(0x7f0000000180)=0xc)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20020, &(0x7f0000000100)={[{@uid={'uid', 0x3d, r6}}]}) (async)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x801000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@mmap}, {@aname={'aname', 0x3d, '({@&:@)'}}, {@dfltuid={'dfltuid', 0x3d, r4}}, {@cache_none}], [{@euid_lt={'euid<', r6}}]}}) (async, rerun: 64)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1.981784297s ago: executing program 2 (id=2032):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r0, &(0x7f0000000040)="8c5140fa", 0x4, 0x4094, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000900)="fc", 0x1}], 0x1, &(0x7f00000009c0)=[@sndinfo={0x20, 0x84, 0x2, {0x2, 0x41, 0x0, 0xfffffffe}}], 0x20}, 0x20004000)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
set_mempolicy(0x3, &(0x7f00000000c0)=0x7b, 0x8)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x1)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, &(0x7f0000000340), 0x4)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x80, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2, 0x42c0}], 0x1, 0x0, 0x0, 0x0)
syz_open_dev$vbi(0x0, 0x0, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = dup2(r5, r1)
close_range(r6, 0xffffffffffffffff, 0x0)
set_mempolicy(0x0, &(0x7f0000000080)=0x5, 0x48)
memfd_create(0x0, 0x1e)
socket$inet6_sctp(0xa, 0x5, 0x84)

1.916296831s ago: executing program 6 (id=2033):
r0 = socket(0x11, 0x800000003, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@metacopy_on}], [], 0x2c})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x2, 0x3, 0x8d)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f7c0000000c0a01080000000000000000010000000900020073797a3200000000500003804c000080080003400000000240000b803c0001800a0001006c69"], 0x100}}, 0x0)
r7 = dup(r5)
write$UHID_INPUT(r7, &(0x7f0000001040)={0x7, {"a2e3ad21ed0d52f91b48090987f70e06d038e7ff7fc6e5539b0d46078b089b37073b6d090890e0878f0e1ac6e7049b334d959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074b0936cd3b78130daa61d8e809ea88008000000000000027b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1dbdb230ae1fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b3804000000bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f6e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f000800080000000000002420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b25361b665a8c97447a3c6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f304b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8cf7d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad15a3a504767b6b45a45957f24d758ed024b3849c1137e2a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eb81f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39988b8658a20878b7c1dd7ba02fc42939dde7d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88d0466d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a028ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7bac7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068eb38067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3f0600faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
setsockopt$inet_msfilter(r4, 0x0, 0x8, 0x0, 0x1)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0)
read$fb(r8, &(0x7f0000000200)=""/174, 0xae)
syz_open_procfs(0x0, &(0x7f0000002180)='net/rt_cache\x00')
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), 0xffffffffffffffff)
r9 = eventfd2(0x0, 0x0)
writev(r9, &(0x7f0000000480)=[{&(0x7f0000000000)="f67804e83b4e100b", 0x8}, {0x0, 0x8}], 0x2)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))

1.796817645s ago: executing program 5 (id=2034):
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000500)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, 'Y}+'}}, {@uid_eq}, {@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@uid_eq}]})

1.536973634s ago: executing program 7 (id=2035):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001ac0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000400)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542ae", 0xc5}], 0x1}}], 0x1, 0xc0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r2, &(0x7f0000000280)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r2, 0x1)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, @void, @value}, 0x94)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x149001, 0x93)
openat$incfs(r4, &(0x7f0000000180)='.pending_reads\x00', 0x400, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/154, 0x9a}, {&(0x7f0000000640)=""/195, 0xc3}], 0x2}, 0x95}], 0x1, 0x40000160, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20003, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r5, @ANYBLOB="05", @ANYRES16=r5, @ANYRES16, @ANYRES16], 0x0)

399.321661ms ago: executing program 6 (id=2036):
unshare(0x22060480)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ASSERT(r0, 0x0, 0xcf, &(0x7f0000000040)=0x1, 0x4)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = syz_open_dev$loop(&(0x7f0000001dc0), 0x8, 0x2a43)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cgroup.kill\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x100, {0x2a00, 0x80010000, 0x0, 0xfffffffffffffffa, 0x1, 0x0, 0x1, 0x10, 0x1c, "fee8a2ab78fc979fd1e00d96072000001e0100", "2809e8db4b030795b556a5c01d873997bdb22d0000b420a1a93c5240f45f819e010a7d3d458dd4992861ac1e050000000000080000000000ac0b3000", "90be8b1c551265406c7f306003d8a0f4bd00", [0x20000000006, 0x20000003]}})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet6(0xa, 0x80002, 0x88)
socket$tipc(0x1e, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='setgroups\x00')
io_uring_setup(0x17c7, &(0x7f00000002c0)={0x0, 0x0, 0x20000, 0x2, 0x2b9})
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r3, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)

325.728546ms ago: executing program 5 (id=2037):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}]}, &(0x7f00000005c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000440)="ce07dfabd78c5ba355afff70930e6cf0ebd441d1e14b1867d0705c539223e3d5db2f0baa7e5548c2c706dce74331041772e5bbbc4faafccda5c5260658af160a028a5435b191487019d07e91ef0f9c9e3447c7ef98638920d2a0450d86f3e07f558f6263348c4bbe0b1be5c734e0ccbbb6c97125621ac9d373ad17ae824b30a75b8e96a336c3938a5d74544fab23399ea86614b05f1d0200067e70bb0fb38ac1c8cba2b41e1f0da3326f23727ad4fe09928bad080c24d9486d4a29", 0xbb}], 0x1}, 0x24008000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
add_key$user(&(0x7f0000002100), &(0x7f0000002180)={'syz', 0x1}, &(0x7f00000021c0)='b', 0x1, 0xfffffffffffffffe)
sendto$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffd5c, 0x20000045, &(0x7f0000b63fe4)={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffe}, 0x1c)
syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340), &(0x7f0000000280))
r3 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
connect$inet(r3, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
syslog(0x3, &(0x7f0000000500)=""/218, 0xda)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$inet6_dccp(0xa, 0x6, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f0000000180)={0x403, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8936, &(0x7f0000000180)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x41})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r5, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_COALESCE_TX_USECS_LOW={0x4b, 0x10, 0x600}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x7fffffff}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x5}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0x567f}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x80000000}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0x7}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

50.904111ms ago: executing program 2 (id=2038):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000080)=""/4076, 0x0)
r2 = socket$inet(0x2, 0x801, 0x0)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
splice(r2, 0x0, r3, 0x0, 0x7ffff000, 0x2)
gettid()
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0xfffffffffffffe79, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x58}}, 0x0)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0xfffffffe, 0x4002}, &(0x7f0000000480), &(0x7f00000004c0))

541.996µs ago: executing program 1 (id=2039):
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0xfcf3, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x56}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x21c0, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x201, 0x4800003e, r3, 0x0)
unlink(&(0x7f0000000000)='./file0\x00')
dup2(r4, r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000340)={0x1, 0x0, 0x0, 0x0, 0x8000}, 0x14)

0s ago: executing program 6 (id=2040):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000640)=0x3)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
creat(&(0x7f0000000280)='./file1\x00', 0x4)
ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000100)=0x9)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsopen(0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

_adv: batadv0: Interface activated: batadv_slave_0
[  727.431163][T11370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.442401][T11370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.453621][T11370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.464972][T11370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.476054][T11370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.487678][T11370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.498085][T11370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.512135][T11370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.523496][T11370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.523715][  T910] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  727.761336][ T5882] usb 5-1: device descriptor read/8, error -71
[  727.771588][T11370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.784847][T11370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  727.821264][  T910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  727.855072][T11464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  727.867856][T11464] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  727.872432][T11370] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  727.886523][  T910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  727.898908][  T910] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  727.912163][T11370] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  727.921051][T11370] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  727.930723][  T910] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  727.939979][T11370] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  727.949621][  T910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.963938][  T910] usb 3-1: config 0 descriptor??
[  728.027649][ T5882] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  728.256754][ T5882] usb 5-1: device descriptor read/8, error -71
[  728.885580][T11495] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[  729.122026][T10807] Bluetooth: hci2: command tx timeout
[  729.127741][ T5882] usb usb5-port1: unable to enumerate USB device
[  729.179737][ T5880] usbhid 2-1:0.0: can't add hid device: -71
[  729.185889][ T5880] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  729.223705][  T910] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max
[  729.238270][ T5880] usb 2-1: USB disconnect, device number 22
[  729.255384][  T910] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  729.325351][  T910] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  729.475170][ T6192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  729.493820][ T6192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  729.535716][T11505] sg_read: process 642 (syz.5.1539) changed security contexts after opening file descriptor, this is not allowed.
[  729.556879][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  729.572250][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  730.099356][    C0] vxcan0: j1939_tp_txtimer: 0xffff888028253800: tx aborted with unknown reason: -2
[  730.111415][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805e90d400: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250)
[  730.123240][T11526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1543'.
[  730.130138][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888028253800: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250)
[  730.354155][T11529] FAULT_INJECTION: forcing a failure.
[  730.354155][T11529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  730.418184][T11529] CPU: 0 UID: 0 PID: 11529 Comm: syz.4.1546 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  730.418217][T11529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  730.418230][T11529] Call Trace:
[  730.418238][T11529]  <TASK>
[  730.418247][T11529]  dump_stack_lvl+0x241/0x360
[  730.418288][T11529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  730.418330][T11529]  ? __pfx__printk+0x10/0x10
[  730.418363][T11529]  ? __pfx_lock_release+0x10/0x10
[  730.418391][T11529]  ? vfs_write+0x7fa/0xd10
[  730.418414][T11529]  should_fail_ex+0x40a/0x550
[  730.418442][T11529]  _copy_from_user+0x2d/0xb0
[  730.418465][T11529]  move_addr_to_kernel+0x82/0x150
[  730.418493][T11529]  __sys_connect+0xb6/0x2d0
[  730.418525][T11529]  ? __pfx___sys_connect+0x10/0x10
[  730.418567][T11529]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  730.418596][T11529]  ? do_syscall_64+0x100/0x230
[  730.418629][T11529]  __x64_sys_connect+0x7a/0x90
[  730.418660][T11529]  do_syscall_64+0xf3/0x230
[  730.418688][T11529]  ? clear_bhb_loop+0x35/0x90
[  730.418719][T11529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.418747][T11529] RIP: 0033:0x7febead8cda9
[  730.418766][T11529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  730.418784][T11529] RSP: 002b:00007febebb95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  730.418806][T11529] RAX: ffffffffffffffda RBX: 00007febeafa5fa0 RCX: 00007febead8cda9
[  730.418826][T11529] RDX: 000000000000001c RSI: 00000000200000c0 RDI: 0000000000000003
[  730.418838][T11529] RBP: 00007febebb95090 R08: 0000000000000000 R09: 0000000000000000
[  730.418855][T11529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  730.418866][T11529] R13: 0000000000000000 R14: 00007febeafa5fa0 R15: 00007ffc9c9b7f28
[  730.418894][T11529]  </TASK>
[  730.768157][ T5882] usb 3-1: reset high-speed USB device number 22 using dummy_hcd
[  731.125448][T11538] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1548' sets config #1
[  731.735417][T11549] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1552'.
[  731.759276][ T9235] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  731.760818][T11549] bridge0: entered promiscuous mode
[  731.794428][T11549] macsec1: entered promiscuous mode
[  731.818541][  T910] usb 3-1: USB disconnect, device number 22
[  731.937720][ T9235] usb 2-1: Using ep0 maxpacket: 32
[  732.082599][ T9235] usb 2-1: unable to get BOS descriptor or descriptor too short
[  732.116495][ T9235] usb 2-1: unable to read config index 0 descriptor/start: -71
[  732.150503][ T9235] usb 2-1: can't read configurations, error -71
[  732.264780][T11558] syz.6.1555 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  732.700736][T11564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1556'.
[  732.854545][T11567] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1557'.
[  732.863751][T11567] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1557'.
[  733.667258][ T2946] Bluetooth: hci5: Frame reassembly failed (-84)
[  733.694730][T11575] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1559'.
[  733.708778][T11574] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  733.764584][T11579] FAULT_INJECTION: forcing a failure.
[  733.764584][T11579] name failslab, interval 1, probability 0, space 0, times 0
[  733.784409][T11579] CPU: 0 UID: 0 PID: 11579 Comm: syz.5.1561 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  733.784438][T11579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  733.784452][T11579] Call Trace:
[  733.784459][T11579]  <TASK>
[  733.784468][T11579]  dump_stack_lvl+0x241/0x360
[  733.784509][T11579]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.784543][T11579]  ? __pfx__printk+0x10/0x10
[  733.784577][T11579]  ? __kmalloc_cache_noprof+0x48/0x390
[  733.784613][T11579]  ? __pfx___might_resched+0x10/0x10
[  733.784634][T11579]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  733.784667][T11579]  should_fail_ex+0x40a/0x550
[  733.784697][T11579]  should_failslab+0xac/0x100
[  733.784725][T11579]  __kmalloc_cache_noprof+0x70/0x390
[  733.784752][T11579]  ? tcf_block_get_ext+0x145/0x1670
[  733.784789][T11579]  tcf_block_get_ext+0x145/0x1670
[  733.784825][T11579]  ? __asan_memset+0x23/0x50
[  733.784867][T11579]  tcf_block_get+0xf8/0x150
[  733.784902][T11579]  ? __pfx_tcf_block_get+0x10/0x10
[  733.784933][T11579]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  733.784967][T11579]  ? __pfx_sfq_perturbation+0x10/0x10
[  733.784994][T11579]  ? init_timer_key+0x197/0x320
[  733.785020][T11579]  ? __pfx_sfq_init+0x10/0x10
[  733.785041][T11579]  sfq_init+0xec/0x2690
[  733.785068][T11579]  ? qdisc_alloc+0x7bd/0xa80
[  733.785086][T11579]  ? qdisc_create+0x182/0x11a0
[  733.785111][T11579]  ? tc_modify_qdisc+0xbbb/0x1f10
[  733.785137][T11579]  ? rtnetlink_rcv_msg+0x73f/0xcf0
[  733.785160][T11579]  ? netlink_unicast+0x7f6/0x990
[  733.785188][T11579]  ? netlink_sendmsg+0x8e4/0xcb0
[  733.785206][T11579]  ? __sock_sendmsg+0x221/0x270
[  733.785229][T11579]  ? ____sys_sendmsg+0x52a/0x7e0
[  733.785248][T11579]  ? do_syscall_64+0xf3/0x230
[  733.785276][T11579]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.785319][T11579]  ? __pfx_sfq_init+0x10/0x10
[  733.785344][T11579]  ? lockdep_rtnl_is_held+0x26/0x40
[  733.785373][T11579]  ? qdisc_lookup+0x350/0x6b0
[  733.785398][T11579]  ? __pfx_sfq_init+0x10/0x10
[  733.785419][T11579]  qdisc_create+0x9d4/0x11a0
[  733.785457][T11579]  ? __pfx_qdisc_create+0x10/0x10
[  733.785495][T11579]  tc_modify_qdisc+0xbbb/0x1f10
[  733.785540][T11579]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  733.785592][T11579]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  733.785622][T11579]  rtnetlink_rcv_msg+0x73f/0xcf0
[  733.785645][T11579]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  733.785674][T11579]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  733.785706][T11579]  ? ref_tracker_free+0x643/0x7e0
[  733.785739][T11579]  netlink_rcv_skb+0x1e3/0x430
[  733.785773][T11579]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  733.785800][T11579]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  733.785858][T11579]  ? netlink_deliver_tap+0x2e/0x1b0
[  733.785893][T11579]  netlink_unicast+0x7f6/0x990
[  733.785930][T11579]  ? __pfx_netlink_unicast+0x10/0x10
[  733.785958][T11579]  ? __virt_addr_valid+0x45f/0x530
[  733.785989][T11579]  ? __phys_addr_symbol+0x2f/0x70
[  733.786017][T11579]  ? __check_object_size+0x47a/0x730
[  733.786049][T11579]  netlink_sendmsg+0x8e4/0xcb0
[  733.786090][T11579]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.786124][T11579]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.786143][T11579]  __sock_sendmsg+0x221/0x270
[  733.786173][T11579]  ____sys_sendmsg+0x52a/0x7e0
[  733.786203][T11579]  ? __pfx_____sys_sendmsg+0x10/0x10
[  733.786222][T11579]  ? __fget_files+0x2a/0x410
[  733.786253][T11579]  ? __fget_files+0x2a/0x410
[  733.786289][T11579]  __sys_sendmsg+0x269/0x350
[  733.786316][T11579]  ? __pfx___sys_sendmsg+0x10/0x10
[  733.786351][T11579]  ? do_sys_openat2+0x17a/0x1d0
[  733.786408][T11579]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  733.786436][T11579]  ? do_syscall_64+0x100/0x230
[  733.786468][T11579]  ? do_syscall_64+0xb6/0x230
[  733.786499][T11579]  do_syscall_64+0xf3/0x230
[  733.786527][T11579]  ? clear_bhb_loop+0x35/0x90
[  733.786560][T11579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.786587][T11579] RIP: 0033:0x7f2cb4f8cda9
[  733.786606][T11579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  733.786624][T11579] RSP: 002b:00007f2cb5ea3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  733.786647][T11579] RAX: ffffffffffffffda RBX: 00007f2cb51a5fa0 RCX: 00007f2cb4f8cda9
[  733.786663][T11579] RDX: 0000000000004080 RSI: 00000000200007c0 RDI: 000000000000000a
[  733.786676][T11579] RBP: 00007f2cb5ea3090 R08: 0000000000000000 R09: 0000000000000000
[  733.786688][T11579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  733.786701][T11579] R13: 0000000000000000 R14: 00007f2cb51a5fa0 R15: 00007fffef610108
[  733.786732][T11579]  </TASK>
[  735.213886][  T910] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  735.629128][   T54] Bluetooth: hci5: command 0x1003 tx timeout
[  735.631108][T10807] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  735.949385][  T910] usb 7-1: device descriptor read/64, error -71
[  736.197253][  T910] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  736.253411][T11602] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1568'.
[  736.270622][T11604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1569'.
[  736.327668][  T910] usb 7-1: device descriptor read/64, error -71
[  736.438006][  T910] usb usb7-port1: attempt power cycle
[  736.767524][ T9235] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  736.797219][  T910] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  736.848213][  T910] usb 7-1: device descriptor read/8, error -71
[  736.857441][ T5931] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  736.920297][ T9235] usb 2-1: Using ep0 maxpacket: 32
[  736.931413][ T9235] usb 2-1: unable to get BOS descriptor or descriptor too short
[  736.943155][ T9235] usb 2-1: unable to read config index 0 descriptor/start: -71
[  736.953713][ T9235] usb 2-1: can't read configurations, error -71
[  737.037744][ T5931] usb 3-1: Using ep0 maxpacket: 8
[  737.048690][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  737.087220][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  737.087296][  T910] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  737.112874][ T5931] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  737.136584][  T910] usb 7-1: device descriptor read/8, error -71
[  737.137243][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.179474][ T5931] usb 3-1: config 0 descriptor??
[  737.197418][T11488] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  737.257646][  T910] usb usb7-port1: unable to enumerate USB device
[  737.367404][T11488] usb 6-1: Using ep0 maxpacket: 8
[  737.393398][T11488] usb 6-1: config 0 has an invalid interface number: 177 but max is 0
[  737.408237][T11614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  737.417612][T11614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  737.424000][T11488] usb 6-1: config 0 has no interface number 0
[  737.432430][ T5931] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  737.452278][T11488] usb 6-1: too many endpoints for config 0 interface 177 altsetting 165: 180, using maximum allowed: 30
[  737.497197][T11488] usb 6-1: config 0 interface 177 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 180
[  737.531502][T11488] usb 6-1: config 0 interface 177 has no altsetting 0
[  737.543395][T11488] usb 6-1: New USB device found, idVendor=0c45, idProduct=613b, bcdDevice=c4.6d
[  737.554724][T11488] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.581636][T11488] usb 6-1: Product: syz
[  737.592247][T11488] usb 6-1: Manufacturer: syz
[  737.603167][T11488] usb 6-1: SerialNumber: syz
[  737.632906][ T5931] usb 3-1: USB disconnect, device number 23
[  737.694350][T11488] usb 6-1: config 0 descriptor??
[  738.365359][T11620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  738.386553][T11620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.500750][T11488] gspca_main: sonixj-2.14.0 probing 0c45:613b
[  738.517906][T11488] gspca_sonixj: reg_w1 err -71
[  738.522803][T11488] sonixj 6-1:0.177: probe with driver sonixj failed with error -71
[  738.531709][T11636] netlink: 'syz.2.1579': attribute type 5 has an invalid length.
[  738.536848][T11488] usb 6-1: USB disconnect, device number 14
[  738.557649][T11636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1579'.
[  739.607478][T11654] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1585'.
[  739.917373][   T46] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  740.062958][T11664] net_ratelimit: 80 callbacks suppressed
[  740.063009][T11664] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  740.075877][T11664] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  740.099386][   T46] usb 5-1: config 0 has an invalid interface number: 133 but max is 0
[  740.108311][   T46] usb 5-1: config 0 has no interface number 0
[  740.117016][   T46] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  740.127050][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.136729][   T46] usb 5-1: Product: syz
[  740.141750][   T46] usb 5-1: Manufacturer: syz
[  740.146596][   T46] usb 5-1: SerialNumber: syz
[  740.174818][   T46] usb 5-1: config 0 descriptor??
[  740.519029][T11656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  740.528022][T11656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  740.544696][T11656] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1580'.
[  740.651011][   T46] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected
[  740.885501][   T46] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81
[  741.021552][T11656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  741.029862][   T46] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1
[  741.040804][T11673] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  741.047848][T11656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  741.051012][T11673] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  741.088079][   T46] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2
[  741.133346][   T46] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  741.436754][T11488] usb 5-1: USB disconnect, device number 22
[  741.457623][T11488] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  741.465329][T11681] netlink: 'syz.2.1592': attribute type 1 has an invalid length.
[  741.492232][T11681] netlink: 'syz.2.1592': attribute type 2 has an invalid length.
[  741.507739][T11488] keyspan 5-1:0.133: device disconnected
[  741.531908][T11681] loop2: detected capacity change from 0 to 7
[  741.571874][T11681] Dev loop2: unable to read RDB block 7
[  741.606262][T11681]  loop2: unable to read partition table
[  741.626671][T11681] loop2: partition table beyond EOD, truncated
[  741.656866][T11681] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  742.408604][   T29] audit: type=1326 audit(1738678359.239:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.6.1591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  742.548281][T11696] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1598'.
[  742.899811][T11703] tls_set_device_offload: netdev not found
[  743.447760][   T29] audit: type=1326 audit(1738678360.259:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  743.692595][T11708] tls_set_device_offload: netdev not found
[  744.207403][   T29] audit: type=1326 audit(1738678360.259:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  744.229003][    C0] vkms_vblank_simulate: vblank timer overrun
[  744.327406][   T29] audit: type=1326 audit(1738678360.259:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  744.440817][   T29] audit: type=1326 audit(1738678360.259:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  744.462470][    C0] vkms_vblank_simulate: vblank timer overrun
[  744.518348][   T29] audit: type=1326 audit(1738678360.259:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  744.558848][T11715] FAULT_INJECTION: forcing a failure.
[  744.558848][T11715] name failslab, interval 1, probability 0, space 0, times 0
[  744.572285][   T29] audit: type=1326 audit(1738678360.259:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  744.651852][T11715] CPU: 1 UID: 0 PID: 11715 Comm: syz.2.1600 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  744.651884][T11715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  744.651897][T11715] Call Trace:
[  744.651904][T11715]  <TASK>
[  744.651913][T11715]  dump_stack_lvl+0x241/0x360
[  744.651956][T11715]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.651990][T11715]  ? __pfx__printk+0x10/0x10
[  744.652023][T11715]  ? __kmalloc_cache_noprof+0x48/0x390
[  744.652053][T11715]  ? __pfx___might_resched+0x10/0x10
[  744.652083][T11715]  should_fail_ex+0x40a/0x550
[  744.652113][T11715]  should_failslab+0xac/0x100
[  744.652140][T11715]  __kmalloc_cache_noprof+0x70/0x390
[  744.652166][T11715]  ? nfnetlink_rcv+0x1265/0x2ab0
[  744.652196][T11715]  nfnetlink_rcv+0x1265/0x2ab0
[  744.652258][T11715]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  744.652280][T11715]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  744.652320][T11715]  ? rcu_preempt_deferred_qs_irqrestore+0x8c4/0xca0
[  744.652382][T11715]  ? rcu_read_unlock_special+0x497/0x570
[  744.652415][T11715]  ? netlink_deliver_tap+0x2e/0x1b0
[  744.652453][T11715]  ? skb_clone+0x240/0x390
[  744.652473][T11715]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  744.652512][T11715]  ? __rcu_read_unlock+0xa1/0x110
[  744.652539][T11715]  netlink_unicast+0x7f6/0x990
[  744.652577][T11715]  ? __pfx_netlink_unicast+0x10/0x10
[  744.652609][T11715]  ? __phys_addr_symbol+0x2f/0x70
[  744.652638][T11715]  ? __check_object_size+0x47a/0x730
[  744.652668][T11715]  netlink_sendmsg+0x8e4/0xcb0
[  744.652700][T11715]  ? __pfx_netlink_sendmsg+0x10/0x10
[  744.652732][T11715]  ? __pfx_netlink_sendmsg+0x10/0x10
[  744.652750][T11715]  __sock_sendmsg+0x221/0x270
[  744.652777][T11715]  ____sys_sendmsg+0x52a/0x7e0
[  744.652807][T11715]  ? __pfx_____sys_sendmsg+0x10/0x10
[  744.652825][T11715]  ? __fget_files+0x2a/0x410
[  744.652857][T11715]  ? __fget_files+0x2a/0x410
[  744.652893][T11715]  __sys_sendmsg+0x269/0x350
[  744.652918][T11715]  ? __pfx___sys_sendmsg+0x10/0x10
[  744.652967][T11715]  ? ksys_write+0x20d/0x2b0
[  744.653002][T11715]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  744.653032][T11715]  ? do_syscall_64+0x100/0x230
[  744.653064][T11715]  ? do_syscall_64+0xb6/0x230
[  744.653096][T11715]  do_syscall_64+0xf3/0x230
[  744.653125][T11715]  ? clear_bhb_loop+0x35/0x90
[  744.653157][T11715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.653186][T11715] RIP: 0033:0x7fae2918cda9
[  744.653205][T11715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  744.653223][T11715] RSP: 002b:00007fae26ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  744.653246][T11715] RAX: ffffffffffffffda RBX: 00007fae293a5fa0 RCX: 00007fae2918cda9
[  744.653262][T11715] RDX: 0000000000000004 RSI: 00000000200000c0 RDI: 0000000000000003
[  744.653275][T11715] RBP: 00007fae26ff6090 R08: 0000000000000000 R09: 0000000000000000
[  744.653288][T11715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.653300][T11715] R13: 0000000000000000 R14: 00007fae293a5fa0 R15: 00007ffd7e3b62e8
[  744.653333][T11715]  </TASK>
[  745.006728][   T29] audit: type=1326 audit(1738678360.259:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  745.028629][   T29] audit: type=1326 audit(1738678360.259:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  745.050606][   T29] audit: type=1326 audit(1738678360.259:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11691 comm="syz.4.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  745.421980][T11716] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  745.430968][T11716] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  745.536854][T11718] FAULT_INJECTION: forcing a failure.
[  745.536854][T11718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  745.576140][T11718] CPU: 0 UID: 0 PID: 11718 Comm: syz.1.1603 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  745.576173][T11718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  745.576186][T11718] Call Trace:
[  745.576194][T11718]  <TASK>
[  745.576203][T11718]  dump_stack_lvl+0x241/0x360
[  745.576244][T11718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  745.576278][T11718]  ? __pfx__printk+0x10/0x10
[  745.576321][T11718]  should_fail_ex+0x40a/0x550
[  745.576350][T11718]  _copy_to_user+0x31/0xb0
[  745.576374][T11718]  bpf_test_finish+0x59c/0x890
[  745.576416][T11718]  ? __pfx_bpf_test_finish+0x10/0x10
[  745.576454][T11718]  ? convert___skb_to_skb+0x41/0x620
[  745.576482][T11718]  ? convert_skb_to___skb+0x2d3/0x510
[  745.576517][T11718]  bpf_prog_test_run_skb+0xff8/0x1830
[  745.576570][T11718]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  745.576600][T11718]  ? __fget_files+0x2a/0x410
[  745.576633][T11718]  ? fput+0x21b/0x290
[  745.576659][T11718]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  745.576694][T11718]  bpf_prog_test_run+0x2e4/0x360
[  745.576722][T11718]  __sys_bpf+0x48d/0x810
[  745.576748][T11718]  ? __pfx___sys_bpf+0x10/0x10
[  745.576783][T11718]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  745.576814][T11718]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  745.576843][T11718]  ? do_syscall_64+0x100/0x230
[  745.576876][T11718]  __x64_sys_bpf+0x7c/0x90
[  745.576897][T11718]  do_syscall_64+0xf3/0x230
[  745.576925][T11718]  ? clear_bhb_loop+0x35/0x90
[  745.576958][T11718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.576985][T11718] RIP: 0033:0x7fce85d8cda9
[  745.577004][T11718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.577022][T11718] RSP: 002b:00007fce86b1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  745.577045][T11718] RAX: ffffffffffffffda RBX: 00007fce85fa5fa0 RCX: 00007fce85d8cda9
[  745.577061][T11718] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 000000000000000a
[  745.577074][T11718] RBP: 00007fce86b1e090 R08: 0000000000000000 R09: 0000000000000000
[  745.577099][T11718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.577111][T11718] R13: 0000000000000000 R14: 00007fce85fa5fa0 R15: 00007ffe8233da98
[  745.577140][T11718]  </TASK>
[  745.801003][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.015254][T11731] tmpfs: Unknown parameter 'usrquota…'
[  746.955293][T11743] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1610'.
[  747.178924][T11747] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1612'.
[  747.502080][T11754] tls_set_device_offload: netdev not found
[  748.249791][T11757] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  748.415194][   T29] kauditd_printk_skb: 51 callbacks suppressed
[  748.415216][   T29] audit: type=1326 audit(1738678365.249:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11744 comm="syz.2.1611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  749.270287][T11761] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  749.279016][T11761] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  749.421359][T11772] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1618'.
[  749.448418][T11772] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1618'.
[  749.467677][T11772] FAULT_INJECTION: forcing a failure.
[  749.467677][T11772] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  749.567378][T11772] CPU: 1 UID: 0 PID: 11772 Comm: syz.2.1618 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  749.567409][T11772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  749.567423][T11772] Call Trace:
[  749.567430][T11772]  <TASK>
[  749.567439][T11772]  dump_stack_lvl+0x241/0x360
[  749.567482][T11772]  ? __pfx_dump_stack_lvl+0x10/0x10
[  749.567516][T11772]  ? __pfx__printk+0x10/0x10
[  749.567554][T11772]  ? snprintf+0xda/0x120
[  749.567583][T11772]  should_fail_ex+0x40a/0x550
[  749.567612][T11772]  _copy_to_user+0x31/0xb0
[  749.567636][T11772]  simple_read_from_buffer+0xca/0x150
[  749.567664][T11772]  proc_fail_nth_read+0x1e9/0x250
[  749.567691][T11772]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  749.567718][T11772]  ? rw_verify_area+0x243/0x630
[  749.567750][T11772]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  749.567776][T11772]  vfs_read+0x1f8/0xb40
[  749.567809][T11772]  ? fdget_pos+0x254/0x320
[  749.567837][T11772]  ? __pfx___mutex_lock+0x10/0x10
[  749.567867][T11772]  ? __pfx_vfs_read+0x10/0x10
[  749.567903][T11772]  ? do_sys_openat2+0x17a/0x1d0
[  749.567933][T11772]  ? __fget_files+0x2a/0x410
[  749.567960][T11772]  ? __fget_files+0x395/0x410
[  749.567985][T11772]  ? __fget_files+0x2a/0x410
[  749.568019][T11772]  ksys_read+0x18f/0x2b0
[  749.568041][T11772]  ? __pfx_ksys_read+0x10/0x10
[  749.568062][T11772]  ? do_syscall_64+0x100/0x230
[  749.568094][T11772]  ? do_syscall_64+0xb6/0x230
[  749.568124][T11772]  do_syscall_64+0xf3/0x230
[  749.568153][T11772]  ? clear_bhb_loop+0x35/0x90
[  749.568187][T11772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.568215][T11772] RIP: 0033:0x7fae2918b7bc
[  749.568235][T11772] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  749.568252][T11772] RSP: 002b:00007fae26ff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  749.568275][T11772] RAX: ffffffffffffffda RBX: 00007fae293a5fa0 RCX: 00007fae2918b7bc
[  749.568291][T11772] RDX: 000000000000000f RSI: 00007fae26ff60a0 RDI: 0000000000000005
[  749.568304][T11772] RBP: 00007fae26ff6090 R08: 0000000000000000 R09: 0000000000000000
[  749.568317][T11772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.568329][T11772] R13: 0000000000000000 R14: 00007fae293a5fa0 R15: 00007ffd7e3b62e8
[  749.568361][T11772]  </TASK>
[  752.607450][ T5931] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  752.743938][T11806] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1629'.
[  752.847456][ T9235] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  753.540992][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  753.547638][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  753.557287][ T5931] usb 3-1: Using ep0 maxpacket: 32
[  753.567238][ T9235] usb 5-1: Using ep0 maxpacket: 16
[  753.586687][ T9235] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  753.601548][ T5931] usb 3-1: unable to get BOS descriptor or descriptor too short
[  753.605697][ T9235] usb 5-1: config 0 has no interface number 0
[  753.618717][ T5931] usb 3-1: config 7 has an invalid interface number: 128 but max is 0
[  753.630839][ T9235] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  753.649728][ T9235] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  753.662467][ T5931] usb 3-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[  753.679180][ T9235] usb 5-1: config 0 interface 41 has no altsetting 0
[  753.693912][ T5931] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  753.705361][ T9235] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  753.708147][ T5931] usb 3-1: config 7 has no interface number 0
[  753.730111][ T5931] usb 3-1: config 7 interface 128 altsetting 2 has an endpoint descriptor with address 0x17, changing to 0x7
[  753.733459][ T9235] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.747075][ T5931] usb 3-1: config 7 interface 128 altsetting 2 bulk endpoint 0x7 has invalid maxpacket 32
[  753.770838][ T5931] usb 3-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11
[  753.793204][ T9235] usb 5-1: Product: syz
[  753.803343][ T9235] usb 5-1: Manufacturer: syz
[  753.813489][ T5931] usb 3-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  753.817083][ T9235] usb 5-1: SerialNumber: syz
[  753.863401][ T5931] usb 3-1: config 7 interface 128 has no altsetting 0
[  753.864357][ T9235] usb 5-1: config 0 descriptor??
[  753.889435][ T5931] usb 3-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13
[  753.899907][T11796] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  753.919600][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.928629][T11796] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  753.938784][ T5931] usb 3-1: Product: syz
[  753.957228][ T5931] usb 3-1: Manufacturer: syz
[  753.961918][ T5931] usb 3-1: SerialNumber: syz
[  753.992079][T11792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  754.274437][ T9235] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  754.555714][ T9235] usb 5-1: USB disconnect, device number 23
[  755.336685][ T5931] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  755.567723][ T5931] usb 3-1: MIDIStreaming interface descriptor not found
[  755.993166][ T5931] usb 3-1: USB disconnect, device number 24
[  758.560251][T11863] tls_set_device_offload: netdev not found
[  759.310034][   T29] audit: type=1326 audit(1738678375.929:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11857 comm="syz.4.1644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febead8cda9 code=0x7fc00000
[  760.280658][T11874] tmpfs: Unknown parameter 'usrquota'
[  760.366507][T11875] blktrace: Concurrent blktraces are not allowed on sg0
[  762.448993][T11895] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1655'.
[  763.161549][T11905] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1656'.
[  765.115304][T11920] Process accounting resumed
[  766.034013][T11931] FAULT_INJECTION: forcing a failure.
[  766.034013][T11931] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  766.047248][T11931] CPU: 0 UID: 0 PID: 11931 Comm: syz.4.1663 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  766.047272][T11931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  766.047281][T11931] Call Trace:
[  766.047287][T11931]  <TASK>
[  766.047294][T11931]  dump_stack_lvl+0x241/0x360
[  766.047324][T11931]  ? __pfx_dump_stack_lvl+0x10/0x10
[  766.047348][T11931]  ? __pfx__printk+0x10/0x10
[  766.047380][T11931]  ? snprintf+0xda/0x120
[  766.047397][T11931]  should_fail_ex+0x40a/0x550
[  766.047418][T11931]  _copy_to_user+0x31/0xb0
[  766.047434][T11931]  simple_read_from_buffer+0xca/0x150
[  766.047454][T11931]  proc_fail_nth_read+0x1e9/0x250
[  766.047474][T11931]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  766.047494][T11931]  ? rw_verify_area+0x243/0x630
[  766.047517][T11931]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  766.047535][T11931]  vfs_read+0x1f8/0xb40
[  766.047558][T11931]  ? fdget_pos+0x254/0x320
[  766.047579][T11931]  ? __pfx___mutex_lock+0x10/0x10
[  766.047600][T11931]  ? __pfx_vfs_read+0x10/0x10
[  766.047621][T11931]  ? do_sys_openat2+0x17a/0x1d0
[  766.047643][T11931]  ? __fget_files+0x2a/0x410
[  766.047663][T11931]  ? __fget_files+0x395/0x410
[  766.047681][T11931]  ? __fget_files+0x2a/0x410
[  766.047706][T11931]  ksys_read+0x18f/0x2b0
[  766.047722][T11931]  ? __pfx_ksys_read+0x10/0x10
[  766.047736][T11931]  ? do_syscall_64+0x100/0x230
[  766.047758][T11931]  ? do_syscall_64+0xb6/0x230
[  766.047780][T11931]  do_syscall_64+0xf3/0x230
[  766.047801][T11931]  ? clear_bhb_loop+0x35/0x90
[  766.047826][T11931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.047846][T11931] RIP: 0033:0x7febead8b7bc
[  766.047859][T11931] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  766.047872][T11931] RSP: 002b:00007febebb95030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  766.047888][T11931] RAX: ffffffffffffffda RBX: 00007febeafa5fa0 RCX: 00007febead8b7bc
[  766.047899][T11931] RDX: 000000000000000f RSI: 00007febebb950a0 RDI: 0000000000000006
[  766.047908][T11931] RBP: 00007febebb95090 R08: 0000000000000000 R09: 0000000000000000
[  766.047917][T11931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  766.047925][T11931] R13: 0000000000000000 R14: 00007febeafa5fa0 R15: 00007ffc9c9b7f28
[  766.047947][T11931]  </TASK>
[  766.284619][    C0] vkms_vblank_simulate: vblank timer overrun
[  768.547411][   T46] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  768.757409][   T46] usb 5-1: Using ep0 maxpacket: 32
[  768.784666][   T46] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  768.798477][   T46] usb 5-1: config 0 has no interface number 0
[  768.804710][   T46] usb 5-1: config 0 interface 184 has no altsetting 0
[  768.842427][   T46] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  768.867260][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  768.875418][   T46] usb 5-1: Product: syz
[  768.897330][   T46] usb 5-1: Manufacturer: syz
[  768.902009][   T46] usb 5-1: SerialNumber: syz
[  768.916706][   T46] usb 5-1: config 0 descriptor??
[  768.956665][   T46] smsc75xx v1.0.0
[  769.337943][T11983] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  769.868340][   T46] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  769.905511][   T46] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  770.052971][T11990] tls_set_device_offload: netdev not found
[  770.535114][   T29] audit: type=1326 audit(1738678387.369:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11985 comm="syz.6.1677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  770.790998][   T46] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  770.802155][   T46] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  770.812997][   T46] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  770.823388][   T46] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  770.833070][   T46] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61
[  771.319689][T12001] FAULT_INJECTION: forcing a failure.
[  771.319689][T12001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  771.566093][T12001] CPU: 1 UID: 0 PID: 12001 Comm: syz.6.1681 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  771.566131][T12001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  771.566144][T12001] Call Trace:
[  771.566152][T12001]  <TASK>
[  771.566162][T12001]  dump_stack_lvl+0x241/0x360
[  771.566205][T12001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  771.566239][T12001]  ? __pfx__printk+0x10/0x10
[  771.566272][T12001]  ? __pfx_lock_release+0x10/0x10
[  771.566298][T12001]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  771.566333][T12001]  should_fail_ex+0x40a/0x550
[  771.566363][T12001]  _copy_from_iter+0x1e9/0x1c20
[  771.566406][T12001]  ? irqentry_exit+0x63/0x90
[  771.566435][T12001]  ? __pfx__copy_from_iter+0x10/0x10
[  771.566474][T12001]  ? copy_page_from_iter+0x1f/0x100
[  771.566516][T12001]  ? page_copy_sane+0x46/0x260
[  771.566549][T12001]  copy_page_from_iter+0x7a/0x100
[  771.566585][T12001]  tun_get_user+0x2035/0x48a0
[  771.566621][T12001]  ? tun_get_user+0x875/0x48a0
[  771.566671][T12001]  ? __pfx_tun_get_user+0x10/0x10
[  771.566722][T12001]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  771.566748][T12001]  ? tun_get+0x1e/0x2f0
[  771.566779][T12001]  ? __pfx_lock_release+0x10/0x10
[  771.566821][T12001]  ? tun_get+0x1e/0x2f0
[  771.566850][T12001]  ? tun_get+0x27d/0x2f0
[  771.566881][T12001]  tun_chr_write_iter+0x10d/0x1f0
[  771.566916][T12001]  vfs_write+0xacf/0xd10
[  771.566941][T12001]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  771.566972][T12001]  ? __pfx_vfs_write+0x10/0x10
[  771.567002][T12001]  ? do_sys_openat2+0x17a/0x1d0
[  771.567033][T12001]  ? __fget_files+0x2a/0x410
[  771.567064][T12001]  ? __fget_files+0x2a/0x410
[  771.567099][T12001]  ksys_write+0x18f/0x2b0
[  771.567120][T12001]  ? __pfx_ksys_write+0x10/0x10
[  771.567141][T12001]  ? do_syscall_64+0x100/0x230
[  771.567171][T12001]  ? do_syscall_64+0xb6/0x230
[  771.567202][T12001]  do_syscall_64+0xf3/0x230
[  771.567231][T12001]  ? clear_bhb_loop+0x35/0x90
[  771.567263][T12001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.567293][T12001] RIP: 0033:0x7fa1c438b85f
[  771.567311][T12001] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  771.567329][T12001] RSP: 002b:00007fa1c527b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  771.567352][T12001] RAX: ffffffffffffffda RBX: 00007fa1c45a5fa0 RCX: 00007fa1c438b85f
[  771.567368][T12001] RDX: 000000000000003a RSI: 00000000200001c0 RDI: 00000000000000c8
[  771.567382][T12001] RBP: 00007fa1c527b090 R08: 0000000000000000 R09: 0000000000000000
[  771.567395][T12001] R10: 000000000000003a R11: 0000000000000293 R12: 0000000000000001
[  771.567407][T12001] R13: 0000000000000000 R14: 00007fa1c45a5fa0 R15: 00007fff2fffb1c8
[  771.567437][T12001]  </TASK>
[  771.881946][ T9235] usb 5-1: USB disconnect, device number 24
[  775.306619][T12039] bridge_slave_0: left allmulticast mode
[  775.312687][T12039] bridge_slave_0: left promiscuous mode
[  775.319650][T12039] bridge0: port 1(bridge_slave_0) entered disabled state
[  776.095577][T12039] bridge_slave_1: left allmulticast mode
[  776.095610][T12039] bridge_slave_1: left promiscuous mode
[  776.095768][T12039] bridge0: port 2(bridge_slave_1) entered disabled state
[  776.118368][T12039] bond0: (slave bond_slave_0): Releasing backup interface
[  776.144108][T12039] bond0: (slave bond_slave_1): Releasing backup interface
[  776.173906][T12039] team0: Port device team_slave_0 removed
[  776.219638][T12039] team0: Port device team_slave_1 removed
[  776.220253][T12039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  776.220287][T12039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  776.225581][T12039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  776.225615][T12039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.234027][T12039] team0: Port device netdevsim0 removed
[  776.236465][T12039] bond0: (slave bond1): Releasing backup interface
[  776.848077][T12053] FAULT_INJECTION: forcing a failure.
[  776.848077][T12053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  776.910510][T12053] CPU: 1 UID: 0 PID: 12053 Comm: syz.5.1696 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  776.910540][T12053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  776.910552][T12053] Call Trace:
[  776.910559][T12053]  <TASK>
[  776.910567][T12053]  dump_stack_lvl+0x241/0x360
[  776.910609][T12053]  ? __pfx_dump_stack_lvl+0x10/0x10
[  776.910643][T12053]  ? __pfx__printk+0x10/0x10
[  776.910681][T12053]  ? snprintf+0xda/0x120
[  776.910705][T12053]  should_fail_ex+0x40a/0x550
[  776.910733][T12053]  _copy_to_user+0x31/0xb0
[  776.910755][T12053]  simple_read_from_buffer+0xca/0x150
[  776.910782][T12053]  proc_fail_nth_read+0x1e9/0x250
[  776.910809][T12053]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  776.910838][T12053]  ? rw_verify_area+0x243/0x630
[  776.910871][T12053]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  776.910898][T12053]  vfs_read+0x1f8/0xb40
[  776.910929][T12053]  ? fdget_pos+0x254/0x320
[  776.910955][T12053]  ? __pfx___mutex_lock+0x10/0x10
[  776.910982][T12053]  ? __pfx_vfs_read+0x10/0x10
[  776.911007][T12053]  ? do_sys_openat2+0x17a/0x1d0
[  776.911035][T12053]  ? __fget_files+0x2a/0x410
[  776.911060][T12053]  ? __fget_files+0x395/0x410
[  776.911083][T12053]  ? __fget_files+0x2a/0x410
[  776.911117][T12053]  ksys_read+0x18f/0x2b0
[  776.911136][T12053]  ? __pfx_ksys_read+0x10/0x10
[  776.911155][T12053]  ? do_syscall_64+0x100/0x230
[  776.911184][T12053]  ? do_syscall_64+0xb6/0x230
[  776.911224][T12053]  do_syscall_64+0xf3/0x230
[  776.911252][T12053]  ? clear_bhb_loop+0x35/0x90
[  776.911284][T12053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.911311][T12053] RIP: 0033:0x7f2cb4f8b7bc
[  776.911331][T12053] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  776.911348][T12053] RSP: 002b:00007f2cb5ea3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  776.911371][T12053] RAX: ffffffffffffffda RBX: 00007f2cb51a5fa0 RCX: 00007f2cb4f8b7bc
[  776.911386][T12053] RDX: 000000000000000f RSI: 00007f2cb5ea30a0 RDI: 0000000000000005
[  776.911398][T12053] RBP: 00007f2cb5ea3090 R08: 0000000000000000 R09: 0000000000000000
[  776.911411][T12053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  776.911423][T12053] R13: 0000000000000000 R14: 00007f2cb51a5fa0 R15: 00007fffef610108
[  776.911455][T12053]  </TASK>
[  777.267777][ T5882] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  777.429307][ T5882] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  777.473852][ T5882] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  777.537329][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.603904][ T5882] aiptek 3-1:17.0: interface has no int in endpoints, but must have minimum 1
[  777.846177][ T5882] usb 3-1: USB disconnect, device number 25
[  777.967640][T12068] FAULT_INJECTION: forcing a failure.
[  777.967640][T12068] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  777.983899][T12068] CPU: 1 UID: 0 PID: 12068 Comm: syz.5.1701 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  777.983931][T12068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  777.983944][T12068] Call Trace:
[  777.983951][T12068]  <TASK>
[  777.983960][T12068]  dump_stack_lvl+0x241/0x360
[  777.984001][T12068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.984034][T12068]  ? __pfx__printk+0x10/0x10
[  777.984070][T12068]  ? unwind_next_frame+0x18e6/0x22d0
[  777.984103][T12068]  should_fail_ex+0x40a/0x550
[  777.984132][T12068]  prepare_alloc_pages+0x1da/0x5b0
[  777.984163][T12068]  __alloc_frozen_pages_noprof+0x16f/0x710
[  777.984197][T12068]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  777.984241][T12068]  alloc_pages_mpol+0x311/0x660
[  777.984278][T12068]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  777.984305][T12068]  ? lockdep_unlock+0x16a/0x300
[  777.984329][T12068]  ? __pfx_lockdep_unlock+0x10/0x10
[  777.984359][T12068]  alloc_pages_noprof+0x121/0x190
[  777.984388][T12068]  __pmd_alloc+0x91/0x420
[  777.984421][T12068]  ? __pfx___pmd_alloc+0x10/0x10
[  777.984463][T12068]  __handle_mm_fault+0xd34/0x70f0
[  777.984523][T12068]  ? __pfx___handle_mm_fault+0x10/0x10
[  777.984568][T12068]  ? mt_find+0x2a9/0x920
[  777.984596][T12068]  ? __pfx_lock_release+0x10/0x10
[  777.984635][T12068]  ? mt_find+0x2a9/0x920
[  777.984664][T12068]  ? mt_find+0x6c8/0x920
[  777.984692][T12068]  ? mt_find+0x2a9/0x920
[  777.984725][T12068]  ? __pfx_mt_find+0x10/0x10
[  777.984773][T12068]  ? find_vma+0xf9/0x170
[  777.984803][T12068]  ? __pfx_find_vma+0x10/0x10
[  777.984836][T12068]  handle_mm_fault+0x2c1/0x7e0
[  777.984877][T12068]  exc_page_fault+0x2b9/0x8b0
[  777.984904][T12068]  ? __might_fault+0xaa/0x120
[  777.984940][T12068]  asm_exc_page_fault+0x26/0x30
[  777.984967][T12068] RIP: 0010:rep_movs_alternative+0x33/0x70
[  777.984990][T12068] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[  777.985007][T12068] RSP: 0018:ffffc9000b7ffd48 EFLAGS: 00050216
[  777.985026][T12068] RAX: 0000000000026175 RBX: 0000000020000320 RCX: 0000000000000020
[  777.985040][T12068] RDX: 0000000000000000 RSI: ffffc9000b7ffdc0 RDI: 0000000020000300
[  777.985054][T12068] RBP: ffffc9000b7fff00 R08: ffffc9000b7ffddf R09: 1ffff920016fffbb
[  777.985070][T12068] R10: dffffc0000000000 R11: fffff520016fffbc R12: 0000000000000020
[  777.985084][T12068] R13: 00007ffffffff000 R14: ffffc9000b7ffdc0 R15: 0000000020000300
[  777.985117][T12068]  _copy_to_user+0x8b/0xb0
[  777.985141][T12068]  __se_sys_ustat+0x3e8/0x430
[  777.985166][T12068]  ? __pfx___se_sys_ustat+0x10/0x10
[  777.985193][T12068]  ? __fget_files+0x2a/0x410
[  777.985240][T12068]  ? do_syscall_64+0x100/0x230
[  777.985271][T12068]  ? do_syscall_64+0xb6/0x230
[  777.985301][T12068]  do_syscall_64+0xf3/0x230
[  777.985329][T12068]  ? clear_bhb_loop+0x35/0x90
[  777.985362][T12068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.985389][T12068] RIP: 0033:0x7f2cb4f8cda9
[  777.985407][T12068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  777.985424][T12068] RSP: 002b:00007f2cb5ea3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000088
[  777.985444][T12068] RAX: ffffffffffffffda RBX: 00007f2cb51a5fa0 RCX: 00007f2cb4f8cda9
[  777.985459][T12068] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000801
[  777.985472][T12068] RBP: 00007f2cb5ea3090 R08: 0000000000000000 R09: 0000000000000000
[  777.985485][T12068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.985497][T12068] R13: 0000000000000001 R14: 00007f2cb51a5fa0 R15: 00007fffef610108
[  777.985528][T12068]  </TASK>
[  778.345571][    C1] vkms_vblank_simulate: vblank timer overrun
[  778.707276][ T5882] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  778.868694][ T5882] usb 5-1: device descriptor read/64, error -71
[  780.038637][ T5882] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  780.270871][ T5882] usb 5-1: device descriptor read/64, error -71
[  780.727740][ T5882] usb usb5-port1: attempt power cycle
[  780.788935][T12089] dccp_close: ABORT with 15584 bytes unread
[  781.087246][ T5882] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  781.159939][T12098] program syz.6.1711 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  781.424656][ T5882] usb 5-1: device not accepting address 27, error -71
[  782.627320][ T5882] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  782.764238][T12114] can0: slcan on ttynull.
[  782.860760][ T5882] usb 5-1: Using ep0 maxpacket: 16
[  782.867846][ T5882] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  782.878340][ T5882] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  782.891658][ T5882] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  782.901247][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.910163][ T5882] usb 5-1: Product: syz
[  782.910991][T12114] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1716'.
[  782.914350][ T5882] usb 5-1: Manufacturer: syz
[  782.914373][ T5882] usb 5-1: SerialNumber: syz
[  783.762731][T12100] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1712'.
[  783.912554][   T29] audit: type=1326 audit(1738678400.749:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12118 comm="syz.5.1717" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cb4f8cda9 code=0x0
[  783.947702][T12100] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1712'.
[  784.361797][T12113] can0 (unregistered): slcan off ttynull.
[  784.420543][T12100] veth0: entered promiscuous mode
[  784.431187][T12100] dummy0: entered promiscuous mode
[  784.584036][ T5882] usb 5-1: 0:2 : does not exist
[  784.628688][ T5882] usb 5-1: USB disconnect, device number 28
[  785.038934][T12139] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1722'.
[  785.048109][T12139] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1722'.
[  787.332607][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.888818][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.898020][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.907156][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.916261][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.925415][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.934586][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.943855][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.953168][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.975536][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.985019][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  787.994375][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  788.003775][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  788.013076][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  788.022467][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1729'.
[  789.400220][T12167] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  790.079555][T12179] FAULT_INJECTION: forcing a failure.
[  790.079555][T12179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  790.094236][T12179] CPU: 0 UID: 0 PID: 12179 Comm: syz.1.1733 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  790.094266][T12179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  790.094277][T12179] Call Trace:
[  790.094285][T12179]  <TASK>
[  790.094294][T12179]  dump_stack_lvl+0x241/0x360
[  790.094334][T12179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  790.094374][T12179]  ? __pfx__printk+0x10/0x10
[  790.094411][T12179]  ? snprintf+0xda/0x120
[  790.094435][T12179]  should_fail_ex+0x40a/0x550
[  790.094464][T12179]  _copy_to_user+0x31/0xb0
[  790.094488][T12179]  simple_read_from_buffer+0xca/0x150
[  790.094516][T12179]  proc_fail_nth_read+0x1e9/0x250
[  790.094544][T12179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  790.094572][T12179]  ? rw_verify_area+0x243/0x630
[  790.094603][T12179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  790.094630][T12179]  vfs_read+0x1f8/0xb40
[  790.094661][T12179]  ? fdget_pos+0x254/0x320
[  790.094688][T12179]  ? __pfx___mutex_lock+0x10/0x10
[  790.094716][T12179]  ? __pfx_vfs_read+0x10/0x10
[  790.094750][T12179]  ? __fget_files+0x2a/0x410
[  790.094778][T12179]  ? __fget_files+0x395/0x410
[  790.094802][T12179]  ? __fget_files+0x2a/0x410
[  790.094838][T12179]  ksys_read+0x18f/0x2b0
[  790.094859][T12179]  ? __pfx_ksys_read+0x10/0x10
[  790.094879][T12179]  ? do_syscall_64+0x100/0x230
[  790.094909][T12179]  ? do_syscall_64+0xb6/0x230
[  790.094938][T12179]  do_syscall_64+0xf3/0x230
[  790.094965][T12179]  ? clear_bhb_loop+0x35/0x90
[  790.094997][T12179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.095024][T12179] RIP: 0033:0x7fce85d8b7bc
[  790.095043][T12179] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  790.095060][T12179] RSP: 002b:00007fce86b1e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  790.095082][T12179] RAX: ffffffffffffffda RBX: 00007fce85fa5fa0 RCX: 00007fce85d8b7bc
[  790.095098][T12179] RDX: 000000000000000f RSI: 00007fce86b1e0a0 RDI: 0000000000000004
[  790.095115][T12179] RBP: 00007fce86b1e090 R08: 0000000000000000 R09: 0000000000000000
[  790.095128][T12179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  790.095140][T12179] R13: 0000000000000000 R14: 00007fce85fa5fa0 R15: 00007ffe8233da98
[  790.095170][T12179]  </TASK>
[  790.319446][    C0] vkms_vblank_simulate: vblank timer overrun
[  790.612850][T12185] netlink: 'syz.1.1737': attribute type 1 has an invalid length.
[  790.876911][T11488] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  791.464760][T11488] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  791.723839][T11488] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.749263][T11488] usb 5-1: Product: syz
[  791.753844][T11488] usb 5-1: Manufacturer: syz
[  791.764020][T11488] usb 5-1: SerialNumber: syz
[  791.782914][T11488] usb 5-1: config 0 descriptor??
[  791.804506][T11488] ch341 5-1:0.0: ch341-uart converter detected
[  792.035139][T12181] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  792.052749][T12181] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  792.202753][T10807] Bluetooth: hci1: unexpected event for opcode 0x0c26
[  792.628792][   T46] usb 2-1: new low-speed USB device number 27 using dummy_hcd
[  792.879423][   T46] usb 2-1: config 1 has an invalid interface descriptor of length 6, skipping
[  792.898408][   T46] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  792.927216][   T46] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  792.946657][   T46] usb 2-1: config 1 has no interface number 1
[  792.963322][   T46] usb 2-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  792.981728][   T46] usb 2-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  793.013088][   T46] usb 2-1: config 1 interface 2 has no altsetting 1
[  793.032246][   T46] usb 2-1: string descriptor 0 read error: -22
[  793.039125][   T46] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  793.065800][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.100573][   T46] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  793.142536][   T46] usb 2-1: MIDIStreaming interface descriptor not found
[  793.477071][T12213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  793.485730][T12213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  793.974842][T11488] usb 5-1: failed to send control message: -110
[  794.006585][T11488] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  794.111019][T11488] usb 5-1: USB disconnect, device number 29
[  794.121921][T11488] ch341 5-1:0.0: device disconnected
[  794.192289][T12208] Process accounting resumed
[  794.406001][   T29] audit: type=1326 audit(1738678411.239:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  794.432759][T12218] netlink: 'syz.2.1744': attribute type 29 has an invalid length.
[  794.489269][   T29] audit: type=1326 audit(1738678411.269:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  794.688235][   T29] audit: type=1326 audit(1738678411.269:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  794.712652][   T29] audit: type=1326 audit(1738678411.269:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  794.745316][   T29] audit: type=1326 audit(1738678411.269:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  794.884720][   T29] audit: type=1326 audit(1738678411.269:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  794.941181][   T29] audit: type=1326 audit(1738678411.269:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  795.017302][   T29] audit: type=1326 audit(1738678411.269:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  795.096719][   T29] audit: type=1326 audit(1738678411.289:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  795.151027][   T29] audit: type=1326 audit(1738678411.289:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.2.1744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7ffc0000
[  796.270939][T10807] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  796.280287][T10807] Bluetooth: hci1: Injecting HCI hardware error event
[  796.390149][   T54] Bluetooth: hci1: hardware error 0x00
[  796.747810][ T5910] usb 2-1: USB disconnect, device number 27
[  797.287578][T12250] FAULT_INJECTION: forcing a failure.
[  797.287578][T12250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  797.342495][T12250] CPU: 1 UID: 0 PID: 12250 Comm: syz.2.1752 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  797.342524][T12250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  797.342535][T12250] Call Trace:
[  797.342542][T12250]  <TASK>
[  797.342551][T12250]  dump_stack_lvl+0x241/0x360
[  797.342592][T12250]  ? __pfx_dump_stack_lvl+0x10/0x10
[  797.342623][T12250]  ? __pfx__printk+0x10/0x10
[  797.342656][T12250]  ? __pfx_lock_release+0x10/0x10
[  797.342703][T12250]  should_fail_ex+0x40a/0x550
[  797.342732][T12250]  _copy_from_user+0x2d/0xb0
[  797.342754][T12250]  restore_sigcontext+0xd8/0x7d0
[  797.342777][T12250]  ? __pfx___might_resched+0x10/0x10
[  797.342800][T12250]  ? __might_fault+0xaa/0x120
[  797.342849][T12250]  ? __pfx_restore_sigcontext+0x10/0x10
[  797.342902][T12250]  ? __task_pid_nr_ns+0x28/0x450
[  797.342938][T12250]  __do_sys_rt_sigreturn+0x1b9/0x280
[  797.342980][T12250]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  797.343005][T12250]  ? do_syscall_64+0x100/0x230
[  797.343050][T12250]  ? do_syscall_64+0xb6/0x230
[  797.343080][T12250]  do_syscall_64+0xf3/0x230
[  797.343126][T12250]  ? clear_bhb_loop+0x35/0x90
[  797.343159][T12250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.343187][T12250] RIP: 0033:0x7fae29128fa9
[  797.343206][T12250] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  797.343224][T12250] RSP: 002b:00007fae26ff5a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  797.343247][T12250] RAX: ffffffffffffffda RBX: 00007fae293a5fa0 RCX: 00007fae29128fa9
[  797.343262][T12250] RDX: 00007fae26ff5a80 RSI: 00007fae26ff5bb0 RDI: 0000000000000021
[  797.343276][T12250] RBP: 00007fae26ff6090 R08: 0000000000000af4 R09: 0000000000000000
[  797.343290][T12250] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  797.343302][T12250] R13: 0000000000000000 R14: 00007fae293a5fa0 R15: 00007ffd7e3b62e8
[  797.343333][T12250]  </TASK>
[  798.827443][   T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  799.086113][T12268] Process accounting resumed
[  800.121344][T12283] 9pnet_fd: Insufficient options for proto=fd
[  800.185096][T12288] FAULT_INJECTION: forcing a failure.
[  800.185096][T12288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  800.185157][T12288] CPU: 0 UID: 0 PID: 12288 Comm: syz.6.1763 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  800.185183][T12288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  800.185197][T12288] Call Trace:
[  800.185204][T12288]  <TASK>
[  800.185213][T12288]  dump_stack_lvl+0x241/0x360
[  800.185253][T12288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  800.185283][T12288]  ? __pfx__printk+0x10/0x10
[  800.185312][T12288]  ? __pfx_lock_release+0x10/0x10
[  800.185340][T12288]  should_fail_ex+0x40a/0x550
[  800.185363][T12288]  _copy_from_user+0x2d/0xb0
[  800.185381][T12288]  copy_msghdr_from_user+0xae/0x680
[  800.185408][T12288]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  800.185427][T12288]  ? __fget_files+0x2a/0x410
[  800.185452][T12288]  ? __fget_files+0x2a/0x410
[  800.185480][T12288]  __sys_sendmsg+0x209/0x350
[  800.185500][T12288]  ? __pfx___sys_sendmsg+0x10/0x10
[  800.185536][T12288]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  800.185577][T12288]  do_syscall_64+0xf3/0x230
[  800.185600][T12288]  ? clear_bhb_loop+0x35/0x90
[  800.185627][T12288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.185649][T12288] RIP: 0033:0x7fa1c438cda9
[  800.185663][T12288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.185678][T12288] RSP: 002b:00007fa1c5239038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  800.185707][T12288] RAX: ffffffffffffffda RBX: 00007fa1c45a6160 RCX: 00007fa1c438cda9
[  800.185720][T12288] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000006
[  800.185730][T12288] RBP: 00007fa1c5239090 R08: 0000000000000000 R09: 0000000000000000
[  800.185740][T12288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  800.185750][T12288] R13: 0000000000000000 R14: 00007fa1c45a6160 R15: 00007fff2fffb1c8
[  800.185773][T12288]  </TASK>
[  801.538784][T12283] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  802.136762][T12305] pim6reg: entered allmulticast mode
[  802.148622][T12305] FAULT_INJECTION: forcing a failure.
[  802.148622][T12305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  802.161930][T12305] CPU: 0 UID: 0 PID: 12305 Comm: syz.5.1768 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  802.161960][T12305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  802.161971][T12305] Call Trace:
[  802.161977][T12305]  <TASK>
[  802.161985][T12305]  dump_stack_lvl+0x241/0x360
[  802.162015][T12305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  802.162039][T12305]  ? __pfx__printk+0x10/0x10
[  802.162063][T12305]  ? __pfx_lock_release+0x10/0x10
[  802.162088][T12305]  should_fail_ex+0x40a/0x550
[  802.162108][T12305]  _copy_from_iter+0x1e9/0x1c20
[  802.162130][T12305]  ? __virt_addr_valid+0x183/0x530
[  802.162158][T12305]  ? __alloc_skb+0x28f/0x440
[  802.162179][T12305]  ? __pfx__copy_from_iter+0x10/0x10
[  802.162203][T12305]  ? __virt_addr_valid+0x183/0x530
[  802.162222][T12305]  ? __virt_addr_valid+0x183/0x530
[  802.162242][T12305]  ? __virt_addr_valid+0x45f/0x530
[  802.162262][T12305]  ? __phys_addr_symbol+0x2f/0x70
[  802.162282][T12305]  ? __check_object_size+0x47a/0x730
[  802.162304][T12305]  netlink_sendmsg+0x73d/0xcb0
[  802.162327][T12305]  ? __pfx_netlink_sendmsg+0x10/0x10
[  802.162349][T12305]  ? __pfx_netlink_sendmsg+0x10/0x10
[  802.162363][T12305]  __sock_sendmsg+0x221/0x270
[  802.162384][T12305]  ____sys_sendmsg+0x52a/0x7e0
[  802.162404][T12305]  ? __pfx_____sys_sendmsg+0x10/0x10
[  802.162417][T12305]  ? __fget_files+0x2a/0x410
[  802.162439][T12305]  ? __fget_files+0x2a/0x410
[  802.162463][T12305]  __sys_sendmsg+0x269/0x350
[  802.162481][T12305]  ? __pfx___sys_sendmsg+0x10/0x10
[  802.162512][T12305]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  802.162548][T12305]  do_syscall_64+0xf3/0x230
[  802.162569][T12305]  ? clear_bhb_loop+0x35/0x90
[  802.162592][T12305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.162612][T12305] RIP: 0033:0x7f2cb4f8cda9
[  802.162639][T12305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.162652][T12305] RSP: 002b:00007f2cb5e82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  802.162668][T12305] RAX: ffffffffffffffda RBX: 00007f2cb51a6080 RCX: 00007f2cb4f8cda9
[  802.162679][T12305] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  802.162688][T12305] RBP: 00007f2cb5e82090 R08: 0000000000000000 R09: 0000000000000000
[  802.162697][T12305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  802.162706][T12305] R13: 0000000000000000 R14: 00007f2cb51a6080 R15: 00007fffef610108
[  802.162726][T12305]  </TASK>
[  803.087867][T12313] overlayfs: missing 'workdir'
[  803.162454][T12317] FAULT_INJECTION: forcing a failure.
[  803.162454][T12317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  803.231158][T12317] CPU: 0 UID: 0 PID: 12317 Comm: syz.1.1771 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  803.231191][T12317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  803.231202][T12317] Call Trace:
[  803.231207][T12317]  <TASK>
[  803.231213][T12317]  dump_stack_lvl+0x241/0x360
[  803.231244][T12317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  803.231268][T12317]  ? __pfx__printk+0x10/0x10
[  803.231291][T12317]  ? __pfx_lock_release+0x10/0x10
[  803.231316][T12317]  should_fail_ex+0x40a/0x550
[  803.231336][T12317]  _copy_from_user+0x2d/0xb0
[  803.231352][T12317]  copy_msghdr_from_user+0xae/0x680
[  803.231372][T12317]  ? __pfx___might_resched+0x10/0x10
[  803.231391][T12317]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  803.231413][T12317]  ? do_recvmmsg+0x44e/0xab0
[  803.231428][T12317]  ? __might_fault+0xaa/0x120
[  803.231456][T12317]  do_recvmmsg+0x3bd/0xab0
[  803.231478][T12317]  ? __pfx_do_recvmmsg+0x10/0x10
[  803.231506][T12317]  ? ksys_write+0x22a/0x2b0
[  803.231520][T12317]  ? __pfx_lock_release+0x10/0x10
[  803.231543][T12317]  ? sb_end_write+0xe9/0x1c0
[  803.231564][T12317]  ? vfs_write+0x7fa/0xd10
[  803.231579][T12317]  ? __mutex_unlock_slowpath+0x227/0x800
[  803.231606][T12317]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  803.231626][T12317]  ? __fget_files+0x2a/0x410
[  803.231656][T12317]  __x64_sys_recvmmsg+0x199/0x250
[  803.231673][T12317]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  803.231690][T12317]  ? do_syscall_64+0x100/0x230
[  803.231713][T12317]  ? do_syscall_64+0xb6/0x230
[  803.231735][T12317]  do_syscall_64+0xf3/0x230
[  803.231762][T12317]  ? clear_bhb_loop+0x35/0x90
[  803.231785][T12317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.231806][T12317] RIP: 0033:0x7fce85d8cda9
[  803.231820][T12317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  803.231833][T12317] RSP: 002b:00007fce86b1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  803.231850][T12317] RAX: ffffffffffffffda RBX: 00007fce85fa5fa0 RCX: 00007fce85d8cda9
[  803.231861][T12317] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003
[  803.231878][T12317] RBP: 00007fce86b1e090 R08: 0000000000000000 R09: 0000000000000000
[  803.231887][T12317] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  803.231895][T12317] R13: 0000000000000000 R14: 00007fce85fa5fa0 R15: 00007ffe8233da98
[  803.231915][T12317]  </TASK>
[  803.488764][   T62] Bluetooth: hci5: Frame reassembly failed (-84)
[  804.079140][T12328] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  805.136731][T12344] FAULT_INJECTION: forcing a failure.
[  805.136731][T12344] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  805.152293][T12344] CPU: 1 UID: 0 PID: 12344 Comm: syz.6.1778 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  805.152323][T12344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  805.152336][T12344] Call Trace:
[  805.152344][T12344]  <TASK>
[  805.152352][T12344]  dump_stack_lvl+0x241/0x360
[  805.152393][T12344]  ? __pfx_dump_stack_lvl+0x10/0x10
[  805.152426][T12344]  ? __pfx__printk+0x10/0x10
[  805.152462][T12344]  ? snprintf+0xda/0x120
[  805.152487][T12344]  should_fail_ex+0x40a/0x550
[  805.152515][T12344]  _copy_to_user+0x31/0xb0
[  805.152538][T12344]  simple_read_from_buffer+0xca/0x150
[  805.152566][T12344]  proc_fail_nth_read+0x1e9/0x250
[  805.152594][T12344]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  805.152622][T12344]  ? rw_verify_area+0x243/0x630
[  805.152653][T12344]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  805.152680][T12344]  vfs_read+0x1f8/0xb40
[  805.152721][T12344]  ? fdget_pos+0x254/0x320
[  805.152749][T12344]  ? __pfx___mutex_lock+0x10/0x10
[  805.152777][T12344]  ? __pfx_vfs_read+0x10/0x10
[  805.152811][T12344]  ? __fget_files+0x2a/0x410
[  805.152839][T12344]  ? __fget_files+0x395/0x410
[  805.152864][T12344]  ? __fget_files+0x2a/0x410
[  805.152900][T12344]  ksys_read+0x18f/0x2b0
[  805.152922][T12344]  ? __pfx_ksys_read+0x10/0x10
[  805.152942][T12344]  ? do_syscall_64+0x100/0x230
[  805.152973][T12344]  ? do_syscall_64+0xb6/0x230
[  805.153004][T12344]  do_syscall_64+0xf3/0x230
[  805.153032][T12344]  ? clear_bhb_loop+0x35/0x90
[  805.153064][T12344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.153092][T12344] RIP: 0033:0x7fa1c438b7bc
[  805.153110][T12344] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  805.153128][T12344] RSP: 002b:00007fa1c527b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  805.153150][T12344] RAX: ffffffffffffffda RBX: 00007fa1c45a5fa0 RCX: 00007fa1c438b7bc
[  805.153165][T12344] RDX: 000000000000000f RSI: 00007fa1c527b0a0 RDI: 0000000000000003
[  805.153178][T12344] RBP: 00007fa1c527b090 R08: 0000000000000000 R09: 0000000000000000
[  805.153191][T12344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  805.153203][T12344] R13: 0000000000000001 R14: 00007fa1c45a5fa0 R15: 00007fff2fffb1c8
[  805.153233][T12344]  </TASK>
[  805.312090][   T54] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  805.328733][    C1] vkms_vblank_simulate: vblank timer overrun
[  805.686733][T12356] __nla_validate_parse: 22 callbacks suppressed
[  805.686754][T12356] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1780'.
[  805.947391][ T9235] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  806.807821][ T9235] usb 3-1: Using ep0 maxpacket: 8
[  806.868613][ T9235] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  806.868660][ T9235] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.959426][ T9235] usb 3-1: config 0 descriptor??
[  807.487329][ T9235] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  807.896406][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.910267][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.920740][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.931003][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.941695][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.952133][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.962591][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.973169][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  807.983596][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1786'.
[  809.060625][T12380] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  809.218195][ T9235] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  809.234921][ T9235] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  809.256553][ T9235] asix 3-1:0.0: probe with driver asix failed with error -71
[  809.317579][ T9235] usb 3-1: USB disconnect, device number 26
[  809.529129][T12390] netlink: 'syz.6.1788': attribute type 4 has an invalid length.
[  809.719994][T12393] input: syz1 as /devices/virtual/input/input27
[  810.880950][T10807] Bluetooth: hci5: sending frame failed (-49)
[  810.889638][   T54] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  811.264152][T12412] __nla_validate_parse: 29 callbacks suppressed
[  811.264198][T12412] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1795'.
[  811.279715][T12412] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1795'.
[  813.054735][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.065544][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.074758][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.083863][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.093003][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.102240][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.111318][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.120535][T12419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1798'.
[  813.268746][T12423] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  814.284077][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  814.284101][   T29] audit: type=1326 audit(1738678431.089:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12424 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb4f8cda9 code=0x7fc00000
[  814.480831][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  814.487918][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  815.243912][T12437] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  816.726947][T12453] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1807'.
[  816.736234][T12453] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1807'.
[  819.060582][   T62] Bluetooth: hci5: Frame reassembly failed (-84)
[  819.666788][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.676611][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.685806][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.694932][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.704167][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.713857][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.723030][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.732153][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'.
[  819.838283][T12473] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  819.853636][T12473] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  819.863283][T12473] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  819.879422][T12473] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  819.888971][T12473] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  819.898493][T12473] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  820.597430][   T54] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  820.953343][T12476] Process accounting resumed
[  821.553315][   T29] audit: type=1326 audit(1738678438.219:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12479 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce85d8cda9 code=0x7fc00000
[  821.751411][T12472] chnl_net:caif_netlink_parms(): no params data found
[  822.652507][   T54] Bluetooth: hci6: command tx timeout
[  823.574416][T12497] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  824.247662][ T5882] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  824.283175][T12472] bridge0: port 1(bridge_slave_0) entered blocking state
[  824.316361][T12472] bridge0: port 1(bridge_slave_0) entered disabled state
[  824.350197][T12472] bridge_slave_0: entered allmulticast mode
[  824.376182][T12472] bridge_slave_0: entered promiscuous mode
[  824.404613][T12472] bridge0: port 2(bridge_slave_1) entered blocking state
[  824.448523][ T5882] usb 3-1: Using ep0 maxpacket: 32
[  824.473944][T12472] bridge0: port 2(bridge_slave_1) entered disabled state
[  824.518668][T12472] bridge_slave_1: entered allmulticast mode
[  824.526861][T12472] bridge_slave_1: entered promiscuous mode
[  824.667400][   T54] Bluetooth: hci6: command tx timeout
[  824.735920][T12472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  824.805909][T12511] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1821'.
[  824.831355][ T5882] usb 3-1: unable to get BOS descriptor or descriptor too short
[  824.858379][T12472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  824.877655][ T5882] usb 3-1: unable to read config index 0 descriptor/start: -71
[  824.897387][ T5882] usb 3-1: can't read configurations, error -71
[  824.978787][T12472] team0: Port device team_slave_0 added
[  825.010209][T12472] team0: Port device team_slave_1 added
[  825.899219][T12472] batman_adv: batadv0: Adding interface: batadv_slave_0
[  825.906239][T12472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  826.135846][T12472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  826.159362][T12472] batman_adv: batadv0: Adding interface: batadv_slave_1
[  826.166913][T12472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  826.192915][    C0] vkms_vblank_simulate: vblank timer overrun
[  826.236061][T12472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  826.501860][T12525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1823'.
[  826.796243][   T54] Bluetooth: hci6: command tx timeout
[  828.222012][T12532] Process accounting resumed
[  828.296374][   T29] audit: type=1326 audit(1738678445.009:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.344789][   T29] audit: type=1326 audit(1738678445.019:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.366907][   T29] audit: type=1326 audit(1738678445.019:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.427322][   T29] audit: type=1326 audit(1738678445.019:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.497354][T12472] hsr_slave_0: entered promiscuous mode
[  828.529739][T12535] input input28: cannot allocate more than FF_MAX_EFFECTS effects
[  828.538199][T12472] hsr_slave_1: entered promiscuous mode
[  828.548258][   T29] audit: type=1326 audit(1738678445.019:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.548303][   T29] audit: type=1326 audit(1738678445.019:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.548353][   T29] audit: type=1326 audit(1738678445.019:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.548394][   T29] audit: type=1326 audit(1738678445.019:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.548432][   T29] audit: type=1326 audit(1738678445.019:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.548470][   T29] audit: type=1326 audit(1738678445.019:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12530 comm="syz.6.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  828.574790][T12472] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  828.574924][T12472] Cannot create hsr debugfs directory
[  828.586084][T12541] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  828.586166][T12541] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  828.586208][T12541] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  828.586241][T12541] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  828.586326][T12541] geneve2: entered promiscuous mode
[  828.586346][T12541] geneve2: entered allmulticast mode
[  829.575519][    C1] vkms_vblank_simulate: vblank timer overrun
[  829.718078][   T54] Bluetooth: hci6: command tx timeout
[  829.776258][    C1] vkms_vblank_simulate: vblank timer overrun
[  829.827320][    C1] vkms_vblank_simulate: vblank timer overrun
[  830.081223][T12472] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  830.107398][T12542] tty tty1: ldisc open failed (-12), clearing slot 0
[  830.120228][T12472] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  830.141777][T12472] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  830.175157][T12472] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  830.437546][T12472] 8021q: adding VLAN 0 to HW filter on device bond0
[  830.503460][T12472] 8021q: adding VLAN 0 to HW filter on device team0
[  830.552641][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  830.559984][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  830.632710][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[  830.639885][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.364606][T12472] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  831.579367][T12472] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  833.973367][T12589] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1839'.
[  834.500326][T12472] 8021q: adding VLAN 0 to HW filter on device batadv0
[  834.593318][ T5882] libceph: connect (1)[c::]:6789 error -101
[  834.599734][ T5882] libceph: mon0 (1)[c::]:6789 connect error
[  834.680731][T12594] ceph: No mds server is up or the cluster is laggy
[  835.086326][T12610] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1843'.
[  835.282216][T12472] veth0_vlan: entered promiscuous mode
[  835.389356][T12472] veth1_vlan: entered promiscuous mode
[  835.462015][T12472] veth0_macvtap: entered promiscuous mode
[  835.490676][T12472] veth1_macvtap: entered promiscuous mode
[  835.541900][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  835.568651][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  835.608751][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  835.643644][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  835.673013][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  835.703541][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  835.726217][T12620] FAULT_INJECTION: forcing a failure.
[  835.726217][T12620] name failslab, interval 1, probability 0, space 0, times 0
[  835.741219][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  835.753578][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  835.753596][   T29] audit: type=1326 audit(1738678452.579:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12587 comm="syz.1.1838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce85d8cda9 code=0x7fc00000
[  835.782813][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  835.787378][T12620] CPU: 1 UID: 0 PID: 12620 Comm: syz.2.1845 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  835.787407][T12620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  835.787421][T12620] Call Trace:
[  835.787429][T12620]  <TASK>
[  835.787438][T12620]  dump_stack_lvl+0x241/0x360
[  835.787483][T12620]  ? __pfx_dump_stack_lvl+0x10/0x10
[  835.787526][T12620]  ? __pfx__printk+0x10/0x10
[  835.787562][T12620]  ? __kmalloc_noprof+0xb5/0x4c0
[  835.787592][T12620]  ? __pfx___might_resched+0x10/0x10
[  835.787622][T12620]  should_fail_ex+0x40a/0x550
[  835.787654][T12620]  should_failslab+0xac/0x100
[  835.787683][T12620]  __kmalloc_noprof+0xdd/0x4c0
[  835.787711][T12620]  ? bm_register_write+0xda/0x1630
[  835.787741][T12620]  bm_register_write+0xda/0x1630
[  835.787772][T12620]  ? __pfx_bm_register_write+0x10/0x10
[  835.787798][T12620]  vfs_write+0x29f/0xd10
[  835.787821][T12620]  ? fdget_pos+0x254/0x320
[  835.787849][T12620]  ? __mutex_unlock_slowpath+0x227/0x800
[  835.787884][T12620]  ? __pfx_vfs_write+0x10/0x10
[  835.787915][T12620]  ? do_sys_openat2+0x17a/0x1d0
[  835.787947][T12620]  ? __fget_files+0x2a/0x410
[  835.787977][T12620]  ? __fget_files+0x395/0x410
[  835.788004][T12620]  ? __fget_files+0x2a/0x410
[  835.788042][T12620]  ksys_write+0x18f/0x2b0
[  835.788066][T12620]  ? __pfx_ksys_write+0x10/0x10
[  835.788088][T12620]  ? do_syscall_64+0x100/0x230
[  835.788121][T12620]  ? do_syscall_64+0xb6/0x230
[  835.788154][T12620]  do_syscall_64+0xf3/0x230
[  835.788184][T12620]  ? clear_bhb_loop+0x35/0x90
[  835.788217][T12620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.788246][T12620] RIP: 0033:0x7fae2918cda9
[  835.788266][T12620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  835.788284][T12620] RSP: 002b:00007fae26ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  835.788307][T12620] RAX: ffffffffffffffda RBX: 00007fae293a5fa0 RCX: 00007fae2918cda9
[  835.788323][T12620] RDX: 0000000000000032 RSI: 0000000020000000 RDI: 0000000000000003
[  835.788338][T12620] RBP: 00007fae26ff6090 R08: 0000000000000000 R09: 0000000000000000
[  835.788351][T12620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  835.788364][T12620] R13: 0000000000000000 R14: 00007fae293a5fa0 R15: 00007ffd7e3b62e8
[  835.788401][T12620]  </TASK>
[  836.060230][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  836.082889][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.101365][T12472] batman_adv: batadv0: Interface activated: batadv_slave_0
[  836.143925][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.177856][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.211601][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.258439][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.276788][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.289389][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.299634][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.311184][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.321420][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.333265][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.344857][T12472] batman_adv: batadv0: Interface activated: batadv_slave_1
[  836.634883][T12472] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  836.758215][T12630] tls_set_device_offload: netdev not found
[  837.333749][   T29] audit: type=1326 audit(1738678454.169:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12626 comm="syz.6.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c438cda9 code=0x7fc00000
[  837.469405][T12472] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  837.487168][T12472] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  837.506178][T12472] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  838.109749][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.157443][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  838.218285][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.372582][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  840.487237][ T5910] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  840.622660][T12659] can0: slcan on ttynull.
[  840.660784][ T5910] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[  840.670247][ T5910] usb 6-1: config 0 has no interface number 0
[  840.680671][ T5910] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  840.690276][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.699280][ T5910] usb 6-1: Product: syz
[  840.705388][ T5910] usb 6-1: Manufacturer: syz
[  840.713942][ T5910] usb 6-1: SerialNumber: syz
[  840.737376][ T5910] usb 6-1: config 0 descriptor??
[  840.772810][T12659] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1858'.
[  840.909391][T12658] can0 (unregistered): slcan off ttynull.
[  842.177524][ T9235] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  842.537235][ T9235] usb 2-1: Using ep0 maxpacket: 8
[  842.558274][ T5910] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[  842.566744][ T9235] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  842.596854][ T9235] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  842.597330][ T5910] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[  842.643911][ T9235] usb 2-1: Product: syz
[  842.650192][ T5910] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[  842.673454][ T9235] usb 2-1: Manufacturer: syz
[  842.675396][ T5910] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[  842.695367][ T9235] usb 2-1: SerialNumber: syz
[  842.707702][ T5910] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  842.726614][ T9235] usb 2-1: config 0 descriptor??
[  842.727809][T12681] overlayfs: failed to resolve './file0': -2
[  842.776093][T11488] usb 6-1: USB disconnect, device number 15
[  842.809479][T11488] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  843.024734][T11488] keyspan 6-1:0.133: device disconnected
[  843.450462][ T9235] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  843.660685][T12688] overlayfs: failed to resolve 'sync': -2
[  843.877387][ T5931] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  844.036562][T12696] sctp: [Deprecated]: syz.7.1870 (pid 12696) Use of struct sctp_assoc_value in delayed_ack socket option.
[  844.036562][T12696] Use struct sctp_sack_info instead
[  844.054819][ T5931] usb 7-1: device descriptor read/64, error -71
[  844.755913][ T5931] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  844.801961][   T29] audit: type=1326 audit(1738678461.639:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  844.877291][   T29] audit: type=1326 audit(1738678461.639:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  844.927302][ T5931] usb 7-1: device descriptor read/64, error -71
[  844.947454][   T29] audit: type=1326 audit(1738678461.639:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  844.969728][   T29] audit: type=1326 audit(1738678461.639:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  844.991665][   T29] audit: type=1326 audit(1738678461.639:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  845.014244][   T29] audit: type=1326 audit(1738678461.639:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  845.036168][   T29] audit: type=1326 audit(1738678461.639:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  845.058253][ T5931] usb usb7-port1: attempt power cycle
[  845.067143][   T29] audit: type=1326 audit(1738678461.639:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  845.137202][   T29] audit: type=1326 audit(1738678461.639:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  845.454829][   T29] audit: type=1326 audit(1738678461.639:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12668 comm="syz.2.1861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2918cda9 code=0x7fc00000
[  845.495868][ T9235] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  845.538216][ T9235] usb 2-1: USB disconnect, device number 28
[  845.710967][T12705] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1872'.
[  845.720088][T12705] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1872'.
[  846.210904][ T5931] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  847.211763][ T5931] usb 7-1: device descriptor read/8, error -71
[  847.228649][T10807] Bluetooth: hci2: command 0x0406 tx timeout
[  848.057421][ T5931] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  848.304254][ T5931] usb 7-1: device descriptor read/8, error -71
[  848.457498][ T5931] usb usb7-port1: unable to enumerate USB device
[  849.978798][T12726] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1878'.
[  850.804132][T12739] Smack: duplicate mount options
[  850.915188][T12742] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1883'.
[  852.117583][T12739] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  852.126233][T12739] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  852.134899][T12739] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  852.878307][T12754] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1887'.
[  853.107300][ T9235] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  853.399328][ T9235] usb 6-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  853.560928][ T9235] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.584700][ T9235] usb 6-1: config 0 descriptor??
[  853.613588][ T9235] gspca_main: sunplus-2.14.0 probing 055f:c420
[  854.925202][T12763] bond0: (slave team0): Releasing backup interface
[  854.965121][T12766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  854.994864][T12763] bridge_slave_0: left allmulticast mode
[  854.996028][T12766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  855.000655][T12763] bridge_slave_0: left promiscuous mode
[  855.014123][T12763] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.034548][T12763] bridge_slave_1: left allmulticast mode
[  855.041357][T12763] bridge_slave_1: left promiscuous mode
[  855.047217][T12763] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.076348][T12763] bond0: (slave bond_slave_0): Releasing backup interface
[  855.100293][T12763] bond0: (slave bond_slave_1): Releasing backup interface
[  855.122525][T12763] team0: Port device team_slave_0 removed
[  855.136060][T12763] team0: Port device team_slave_1 removed
[  855.143572][T12763] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  855.151331][T12763] batman_adv: batadv0: Removing interface: batadv_slave_0
[  855.172819][T12763] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  855.180886][T12763] batman_adv: batadv0: Removing interface: batadv_slave_1
[  855.228863][T12763] team0: Port device netdevsim0 removed
[  855.376583][ T9235] gspca_sunplus: reg_w_riv err -71
[  855.417319][ T9235] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  855.528820][ T9235] usb 6-1: USB disconnect, device number 16
[  855.830284][T12780] FAULT_INJECTION: forcing a failure.
[  855.830284][T12780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  855.843466][T12780] CPU: 0 UID: 0 PID: 12780 Comm: syz.1.1894 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  855.843485][T12780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  855.843495][T12780] Call Trace:
[  855.843500][T12780]  <TASK>
[  855.843506][T12780]  dump_stack_lvl+0x241/0x360
[  855.843536][T12780]  ? __pfx_dump_stack_lvl+0x10/0x10
[  855.843560][T12780]  ? __pfx__printk+0x10/0x10
[  855.843589][T12780]  ? __pfx_lock_release+0x10/0x10
[  855.843614][T12780]  should_fail_ex+0x40a/0x550
[  855.843634][T12780]  _copy_from_user+0x2d/0xb0
[  855.843650][T12780]  copy_msghdr_from_user+0xae/0x680
[  855.843673][T12780]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  855.843690][T12780]  ? __fget_files+0x2a/0x410
[  855.843712][T12780]  ? __fget_files+0x2a/0x410
[  855.843737][T12780]  __sys_sendmsg+0x209/0x350
[  855.843754][T12780]  ? __pfx___sys_sendmsg+0x10/0x10
[  855.843777][T12780]  ? do_sys_openat2+0x17a/0x1d0
[  855.843813][T12780]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  855.843833][T12780]  ? do_syscall_64+0x100/0x230
[  855.843856][T12780]  ? do_syscall_64+0xb6/0x230
[  855.843877][T12780]  do_syscall_64+0xf3/0x230
[  855.843897][T12780]  ? clear_bhb_loop+0x35/0x90
[  855.843920][T12780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  855.843940][T12780] RIP: 0033:0x7fce85d8cda9
[  855.843955][T12780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  855.843967][T12780] RSP: 002b:00007fce83bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  855.843983][T12780] RAX: ffffffffffffffda RBX: 00007fce85fa6160 RCX: 00007fce85d8cda9
[  855.843994][T12780] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 000000000000000a
[  855.844004][T12780] RBP: 00007fce83bd5090 R08: 0000000000000000 R09: 0000000000000000
[  855.844013][T12780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  855.844021][T12780] R13: 0000000000000000 R14: 00007fce85fa6160 R15: 00007ffe8233da98
[  855.844041][T12780]  </TASK>
[  856.543719][T12778] vlan2: entered allmulticast mode
[  857.904260][T12791] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1898'.
[  857.914258][T12791] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1898'.
[  861.058034][T12810] evm: overlay not supported
[  862.897880][T12847] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1912'.
[  862.979324][T12847] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1912'.
[  863.939887][T12852] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  864.510361][T12859] sock: sock_set_timeout: `syz.7.1914' (pid 12859) tries to set negative timeout
[  865.133246][T12867] overlayfs: failed to resolve './file0': -2
[  866.889712][   T29] kauditd_printk_skb: 39 callbacks suppressed
[  866.889735][   T29] audit: type=1326 audit(1738678483.499:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12865 comm="syz.1.1917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce85d8cda9 code=0x7fc00000
[  870.397352][ T5910] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  870.597284][ T5910] usb 6-1: Using ep0 maxpacket: 8
[  870.610723][ T5910] usb 6-1: device descriptor read/all, error -71
[  870.671553][   T29] audit: type=1326 audit(1738678487.509:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.1.1930" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce85d8cda9 code=0x0
[  871.674418][   T29] audit: type=1326 audit(1738678488.509:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12908 comm="syz.5.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb4f8cda9 code=0x7fc00000
[  872.688450][T12921] sch_tbf: burst 25 is lower than device lo mtu (65550) !
[  873.154901][T12924] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1936'.
[  873.181820][T12924] bridge_slave_1: left allmulticast mode
[  873.198963][ T5910] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  873.263067][T12924] bridge_slave_1: left promiscuous mode
[  873.301974][T12924] bridge0: port 2(bridge_slave_1) entered disabled state
[  873.328348][T12924] bridge_slave_0: left allmulticast mode
[  873.343829][T12924] bridge_slave_0: left promiscuous mode
[  873.354423][T12924] bridge0: port 1(bridge_slave_0) entered disabled state
[  873.394138][ T5910] usb 6-1: device descriptor read/64, error -71
[  874.555532][ T5910] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  874.638240][T12933] FAULT_INJECTION: forcing a failure.
[  874.638240][T12933] name failslab, interval 1, probability 0, space 0, times 0
[  874.677265][T12933] CPU: 0 UID: 0 PID: 12933 Comm: syz.2.1939 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  874.677299][T12933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  874.677313][T12933] Call Trace:
[  874.677320][T12933]  <TASK>
[  874.677330][T12933]  dump_stack_lvl+0x241/0x360
[  874.677373][T12933]  ? __pfx_dump_stack_lvl+0x10/0x10
[  874.677419][T12933]  ? __pfx__printk+0x10/0x10
[  874.677454][T12933]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  874.677485][T12933]  ? __pfx___might_resched+0x10/0x10
[  874.677516][T12933]  should_fail_ex+0x40a/0x550
[  874.677546][T12933]  should_failslab+0xac/0x100
[  874.677575][T12933]  kmem_cache_alloc_node_noprof+0x77/0x380
[  874.677603][T12933]  ? __alloc_skb+0x1c3/0x440
[  874.677639][T12933]  __alloc_skb+0x1c3/0x440
[  874.677677][T12933]  ? __pfx___alloc_skb+0x10/0x10
[  874.677719][T12933]  netlink_dump+0x239/0xe10
[  874.677756][T12933]  ? __mutex_lock+0x397/0x1010
[  874.677792][T12933]  ? __pfx_netlink_dump+0x10/0x10
[  874.677841][T12933]  ? __pfx_lock_acquire+0x10/0x10
[  874.677880][T12933]  __netlink_dump_start+0x5a2/0x790
[  874.677922][T12933]  ? __pfx_tc_dump_qdisc+0x10/0x10
[  874.677950][T12933]  rtnetlink_rcv_msg+0xb3d/0xcf0
[  874.677983][T12933]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.678008][T12933]  ? __pfx_rtnl_dumpit+0x10/0x10
[  874.678032][T12933]  ? __pfx_tc_dump_qdisc+0x10/0x10
[  874.678063][T12933]  ? ref_tracker_free+0x643/0x7e0
[  874.678097][T12933]  netlink_rcv_skb+0x1e3/0x430
[  874.678131][T12933]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.678159][T12933]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  874.678218][T12933]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.678255][T12933]  netlink_unicast+0x7f6/0x990
[  874.678295][T12933]  ? __pfx_netlink_unicast+0x10/0x10
[  874.678324][T12933]  ? __virt_addr_valid+0x45f/0x530
[  874.678355][T12933]  ? __phys_addr_symbol+0x2f/0x70
[  874.678383][T12933]  ? __check_object_size+0x47a/0x730
[  874.678422][T12933]  netlink_sendmsg+0x8e4/0xcb0
[  874.678457][T12933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.678482][T12933]  ? get_pid_task+0x23/0x1f0
[  874.678517][T12933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.678536][T12933]  __sock_sendmsg+0x221/0x270
[  874.678567][T12933]  sock_write_iter+0x2d7/0x3f0
[  874.678595][T12933]  ? __pfx_sock_write_iter+0x10/0x10
[  874.678644][T12933]  vfs_write+0xacf/0xd10
[  874.678669][T12933]  ? __pfx_sock_write_iter+0x10/0x10
[  874.678695][T12933]  ? __pfx_vfs_write+0x10/0x10
[  874.678725][T12933]  ? do_sys_openat2+0x17a/0x1d0
[  874.678756][T12933]  ? __fget_files+0x2a/0x410
[  874.678787][T12933]  ? __fget_files+0x2a/0x410
[  874.678825][T12933]  ksys_write+0x18f/0x2b0
[  874.678848][T12933]  ? __pfx_ksys_write+0x10/0x10
[  874.678870][T12933]  ? do_syscall_64+0x100/0x230
[  874.678908][T12933]  ? do_syscall_64+0xb6/0x230
[  874.678940][T12933]  do_syscall_64+0xf3/0x230
[  874.678969][T12933]  ? clear_bhb_loop+0x35/0x90
[  874.679002][T12933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.679031][T12933] RIP: 0033:0x7fae2918cda9
[  874.679050][T12933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.679069][T12933] RSP: 002b:00007fae26ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  874.679092][T12933] RAX: ffffffffffffffda RBX: 00007fae293a5fa0 RCX: 00007fae2918cda9
[  874.679108][T12933] RDX: 000000000000fe33 RSI: 0000000020000000 RDI: 0000000000000005
[  874.679121][T12933] RBP: 00007fae26ff6090 R08: 0000000000000000 R09: 0000000000000000
[  874.679134][T12933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.679145][T12933] R13: 0000000000000000 R14: 00007fae293a5fa0 R15: 00007ffd7e3b62e8
[  874.679177][T12933]  </TASK>
[  875.208899][ T5910] usb 6-1: device descriptor read/64, error -71
[  875.889237][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  875.895852][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  875.917564][ T5910] usb usb6-port1: attempt power cycle
[  876.552138][T12944] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  878.022502][T12960] can0: slcan on ttynull.
[  879.567348][T12959] can0 (unregistered): slcan off ttynull.
[  880.838006][ T5910] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  881.003259][ T5910] usb 7-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  881.087285][ T5910] usb 7-1: config 0 interface 0 has no altsetting 0
[  881.093994][ T5910] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  881.123533][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  881.194959][ T5910] usb 7-1: config 0 descriptor??
[  881.224121][T12986] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  881.448832][T12986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  881.467467][T12986] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  881.482842][T12998] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1956'.
[  881.945515][ T5910] usbhid 7-1:0.0: can't add hid device: -71
[  881.967529][ T5910] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  882.182708][ T5910] usb 7-1: USB disconnect, device number 10
[  884.852991][T13033] can0: slcan on ttynull.
[  885.107223][T13030] can0 (unregistered): slcan off ttynull.
[  888.258718][T13064] ip6t_REJECT: ECHOREPLY is not supported
[  889.048989][T13077] 9pnet_fd: Insufficient options for proto=fd
[  889.410017][T13083] Failed to get privilege flags for destination (handle=0x2:0x0)
[  889.427137][   T29] audit: type=1326 audit(1738678506.239:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  889.559120][   T29] audit: type=1326 audit(1738678506.239:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  889.772136][   T29] audit: type=1326 audit(1738678506.249:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  889.927257][   T29] audit: type=1326 audit(1738678506.259:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  890.086666][   T29] audit: type=1326 audit(1738678506.259:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  890.180884][   T29] audit: type=1326 audit(1738678506.289:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  891.187643][   T29] audit: type=1326 audit(1738678506.329:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  891.209476][   T29] audit: type=1326 audit(1738678506.349:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  891.837942][   T29] audit: type=1326 audit(1738678506.349:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  891.949479][   T29] audit: type=1326 audit(1738678506.349:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13082 comm="syz.7.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc398cda9 code=0x7ffc0000
[  892.607164][ T5910] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  892.848155][T13114] Process accounting resumed
[  893.117231][ T5910] usb 3-1: Using ep0 maxpacket: 32
[  893.957266][ T5910] usb 3-1: device descriptor read/all, error -71
[  895.370825][T13136] can0: slcan on ttynull.
[  895.419705][T13138] Failed to get privilege flags for destination (handle=0x2:0x0)
[  895.877761][T13129] can0 (unregistered): slcan off ttynull.
[  896.777191][ T5880] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  896.998981][T13166] overlayfs: failed to resolve './file0': -2
[  897.377491][ T5931] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  897.869868][T13169] FAULT_INJECTION: forcing a failure.
[  897.869868][T13169] name failslab, interval 1, probability 0, space 0, times 0
[  897.877183][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  897.907278][T13169] CPU: 1 UID: 0 PID: 13169 Comm: syz.2.2003 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  897.907311][T13169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  897.907325][T13169] Call Trace:
[  897.907333][T13169]  <TASK>
[  897.907342][T13169]  dump_stack_lvl+0x241/0x360
[  897.907385][T13169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.907417][T13169]  ? __pfx__printk+0x10/0x10
[  897.907462][T13169]  should_fail_ex+0x40a/0x550
[  897.907509][T13169]  should_failslab+0xac/0x100
[  897.907538][T13169]  __kmalloc_cache_noprof+0x70/0x390
[  897.907564][T13169]  ? __hw_addr_add_ex+0x1a8/0x610
[  897.907600][T13169]  __hw_addr_add_ex+0x1a8/0x610
[  897.907637][T13169]  dev_addr_init+0x143/0x230
[  897.907678][T13169]  ? __pfx_dev_addr_init+0x10/0x10
[  897.907708][T13169]  ? read_word_at_a_time+0xe/0x20
[  897.907746][T13169]  alloc_netdev_mqs+0x2ae/0x1110
[  897.907767][T13169]  ? __pfx_vxlan_setup+0x10/0x10
[  897.907797][T13169]  ? __pfx_snprintf+0x10/0x10
[  897.907824][T13169]  rtnl_create_link+0x2f9/0xc20
[  897.907864][T13169]  rtnl_newlink_create+0x210/0xa40
[  897.907899][T13169]  ? __pfx___mutex_lock+0x10/0x10
[  897.907929][T13169]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  897.907965][T13169]  ? ns_capable+0x8a/0xf0
[  897.907994][T13169]  rtnl_newlink+0x1c7e/0x2210
[  897.908035][T13169]  ? __pfx_rtnl_newlink+0x10/0x10
[  897.908058][T13169]  ? __netlink_deliver_tap+0x56b/0x7f0
[  897.908079][T13169]  ? __pfx_validate_chain+0x10/0x10
[  897.908109][T13169]  ? __sock_sendmsg+0x221/0x270
[  897.908133][T13169]  ? ____sys_sendmsg+0x52a/0x7e0
[  897.908151][T13169]  ? __sys_sendmmsg+0x36a/0x720
[  897.908170][T13169]  ? __x64_sys_sendmmsg+0xa0/0xb0
[  897.908189][T13169]  ? do_syscall_64+0xf3/0x230
[  897.908216][T13169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.908266][T13169]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  897.908297][T13169]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  897.908334][T13169]  ? mark_lock+0x9a/0x360
[  897.908367][T13169]  ? __lock_acquire+0x1397/0x2100
[  897.908428][T13169]  ? __pfx_lock_release+0x10/0x10
[  897.908471][T13169]  ? __pfx_rtnl_newlink+0x10/0x10
[  897.908498][T13169]  rtnetlink_rcv_msg+0x791/0xcf0
[  897.908521][T13169]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  897.908550][T13169]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  897.908583][T13169]  ? ref_tracker_free+0x643/0x7e0
[  897.908616][T13169]  netlink_rcv_skb+0x1e3/0x430
[  897.908655][T13169]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  897.908683][T13169]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  897.908741][T13169]  ? netlink_deliver_tap+0x2e/0x1b0
[  897.908777][T13169]  netlink_unicast+0x7f6/0x990
[  897.908816][T13169]  ? __pfx_netlink_unicast+0x10/0x10
[  897.908844][T13169]  ? __virt_addr_valid+0x45f/0x530
[  897.908875][T13169]  ? __phys_addr_symbol+0x2f/0x70
[  897.908909][T13169]  ? __check_object_size+0x47a/0x730
[  897.908941][T13169]  netlink_sendmsg+0x8e4/0xcb0
[  897.908975][T13169]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.909011][T13169]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.909030][T13169]  __sock_sendmsg+0x221/0x270
[  897.909060][T13169]  ____sys_sendmsg+0x52a/0x7e0
[  897.909090][T13169]  ? __pfx_____sys_sendmsg+0x10/0x10
[  897.909109][T13169]  ? __fget_files+0x2a/0x410
[  897.909139][T13169]  ? __fget_files+0x2a/0x410
[  897.909175][T13169]  __sys_sendmmsg+0x36a/0x720
[  897.909206][T13169]  ? __pfx___sys_sendmmsg+0x10/0x10
[  897.909241][T13169]  ? __pfx_lock_release+0x10/0x10
[  897.909265][T13169]  ? kstrtouint_from_user+0x128/0x190
[  897.909322][T13169]  ? ksys_write+0x22a/0x2b0
[  897.909342][T13169]  ? __pfx_lock_release+0x10/0x10
[  897.909374][T13169]  ? sb_end_write+0xe9/0x1c0
[  897.909402][T13169]  ? vfs_write+0x7fa/0xd10
[  897.909424][T13169]  ? __mutex_unlock_slowpath+0x227/0x800
[  897.909484][T13169]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  897.909514][T13169]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  897.909543][T13169]  ? do_syscall_64+0x100/0x230
[  897.909575][T13169]  __x64_sys_sendmmsg+0xa0/0xb0
[  897.909600][T13169]  do_syscall_64+0xf3/0x230
[  897.909628][T13169]  ? clear_bhb_loop+0x35/0x90
[  897.909669][T13169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.909697][T13169] RIP: 0033:0x7fae2918cda9
[  897.909716][T13169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.909734][T13169] RSP: 002b:00007fae26ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  897.909758][T13169] RAX: ffffffffffffffda RBX: 00007fae293a5fa0 RCX: 00007fae2918cda9
[  897.909774][T13169] RDX: 0492492492492627 RSI: 00000000200000c0 RDI: 0000000000000004
[  897.909789][T13169] RBP: 00007fae26ff6090 R08: 0000000000000000 R09: 0000000000000000
[  897.909801][T13169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  897.909814][T13169] R13: 0000000000000000 R14: 00007fae293a5fa0 R15: 00007ffd7e3b62e8
[  897.909846][T13169]  </TASK>
[  898.381795][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  898.397124][ T5880] usb 6-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00
[  898.406398][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.687229][ T5931] usb 2-1: Using ep0 maxpacket: 16
[  898.718679][ T5931] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  898.728990][ T5931] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  898.739834][ T5931] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[  898.749034][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  898.757026][ T5931] usb 2-1: Product: syz
[  898.761263][ T5931] usb 2-1: SerialNumber: syz
[  898.868769][ T5880] usb 6-1: config 0 descriptor??
[  898.881522][ T5931] usb 2-1: config 0 descriptor??
[  899.166863][ T5880] usbhid 6-1:0.0: can't add hid device: -71
[  899.173061][ T5880] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  899.189399][ T5880] usb 6-1: USB disconnect, device number 22
[  899.243810][T13180] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2006'.
[  899.315458][T13180] bridge0: port 2(bridge_slave_1) entered disabled state
[  899.324910][T13180] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.345817][T13181] netlink: 'syz.6.2006': attribute type 29 has an invalid length.
[  899.545609][T13180] netlink: 'syz.6.2006': attribute type 29 has an invalid length.
[  899.638774][T13186] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2007'.
[  899.647956][T13186] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2007'.
[  900.577717][ T5931] usb 2-1: USB disconnect, device number 29
[  900.841547][T13190] can0: slcan on ttynull.
[  901.548518][T13189] can0 (unregistered): slcan off ttynull.
[  902.899810][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  903.036099][T13215] fuse: Bad value for 'user_id'
[  903.066161][T13215] fuse: Bad value for 'user_id'
[  904.756403][T13234] can0: slcan on ttynull.
[  906.297426][T13233] can0 (unregistered): slcan off ttynull.
[  907.664691][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.196562][T13267] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2033'.
[  908.205738][T13267] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2033'.
[  909.357712][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.998149][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.417050][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1015.424080][    C1] rcu: 	0-...!: (1 GPs behind) idle=fe44/1/0x4000000000000000 softirq=47416/47421 fqs=0
[ 1015.435620][    C1] rcu: 	(detected by 1, t=10505 jiffies, g=52917, q=152 ncpus=2)
[ 1015.443384][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1015.443428][    C0] NMI backtrace for cpu 0
[ 1015.443445][    C0] CPU: 0 UID: 0 PID: 13287 Comm: syz.2.2038 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[ 1015.443464][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1015.443476][    C0] RIP: 0010:__lock_acquire+0xf5d/0x2100
[ 1015.443505][    C0] Code: 00 8b 1b 81 e3 ff 1f 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 40 38 2c 94 be 08 00 00 00 e8 6b a3 88 00 48 0f a3 1d 43 6a 91 12 <0f> 83 6f 02 00 00 48 69 c3 c8 00 00 00 48 8d 98 00 b7 c3 93 48 bf
[ 1015.443520][    C0] RSP: 0018:ffffc90000007a50 EFLAGS: 00000057
[ 1015.443537][    C0] RAX: 0000000000000001 RBX: 0000000000000861 RCX: ffffffff819acdf5
[ 1015.443549][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff942c3948
[ 1015.443560][    C0] RBP: d57e1d102ea6ccdd R08: ffffffff942c394f R09: 1ffffffff2858729
[ 1015.443572][    C0] R10: dffffc0000000000 R11: fffffbfff285872a R12: ffff88806025da00
[ 1015.443585][    C0] R13: ffff88806025da00 R14: 1ffff1100c04bca7 R15: 0000000000000001
[ 1015.443597][    C0] FS:  00007fae26fd56c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1015.443611][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1015.443622][    C0] CR2: 0000000020003c80 CR3: 0000000024ae8000 CR4: 00000000003526f0
[ 1015.443647][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1015.443657][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1015.443667][    C0] Call Trace:
[ 1015.443676][    C0]  <NMI>
[ 1015.443685][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1015.443706][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1015.443728][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1015.443753][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1015.443773][    C0]  ? nmi_handle+0x14f/0x5a0
[ 1015.443795][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1015.443818][    C0]  ? __lock_acquire+0xf5d/0x2100
[ 1015.443838][    C0]  ? default_do_nmi+0x63/0x160
[ 1015.443856][    C0]  ? exc_nmi+0x123/0x1f0
[ 1015.443871][    C0]  ? end_repeat_nmi+0xf/0x53
[ 1015.443897][    C0]  ? __lock_acquire+0xf55/0x2100
[ 1015.443919][    C0]  ? __lock_acquire+0xf5d/0x2100
[ 1015.443939][    C0]  ? __lock_acquire+0xf5d/0x2100
[ 1015.443960][    C0]  ? __lock_acquire+0xf5d/0x2100
[ 1015.443980][    C0]  </NMI>
[ 1015.443986][    C0]  <IRQ>
[ 1015.443999][    C0]  lock_acquire+0x1ed/0x550
[ 1015.444019][    C0]  ? __hrtimer_run_queues+0x670/0xd30
[ 1015.444045][    C0]  ? advance_sched+0xa02/0xca0
[ 1015.444064][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1015.444087][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1015.444104][    C0]  ? taprio_set_budgets+0x32c/0x370
[ 1015.444121][    C0]  ? advance_sched+0xa02/0xca0
[ 1015.444137][    C0]  ? advance_sched+0xa02/0xca0
[ 1015.444156][    C0]  _raw_spin_lock_irq+0xd3/0x120
[ 1015.444175][    C0]  ? __hrtimer_run_queues+0x670/0xd30
[ 1015.444198][    C0]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 1015.444221][    C0]  __hrtimer_run_queues+0x670/0xd30
[ 1015.444252][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1015.444276][    C0]  ? sched_clock+0x4a/0x70
[ 1015.444293][    C0]  ? read_tsc+0x9/0x20
[ 1015.444309][    C0]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1015.444332][    C0]  hrtimer_interrupt+0x403/0xa40
[ 1015.444366][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1015.444394][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1015.444416][    C0]  </IRQ>
[ 1015.444421][    C0]  <TASK>
[ 1015.444427][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1015.444452][    C0] RIP: 0010:lock_acquire+0x264/0x550
[ 1015.444472][    C0] Code: 2b 00 74 08 4c 89 f7 e8 ba b4 88 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[ 1015.444486][    C0] RSP: 0018:ffffc9001af0f880 EFLAGS: 00000206
[ 1015.444501][    C0] RAX: 0000000000000001 RBX: 1ffff920035e1f1c RCX: ffff88806025e4e8
[ 1015.444513][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0ab8e0 RDI: ffffffff8c5fb600
[ 1015.444525][    C0] RBP: ffffc9001af0f9c8 R08: ffffffff942c394f R09: 1ffffffff2858729
[ 1015.444538][    C0] R10: dffffc0000000000 R11: fffffbfff285872a R12: 1ffff920035e1f18
[ 1015.444550][    C0] R13: dffffc0000000000 R14: ffffc9001af0f8e0 R15: 0000000000000246
[ 1015.444572][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1015.444594][    C0]  ? get_futex_key+0x951/0xf40
[ 1015.444624][    C0]  ? __pfx_get_futex_key+0x10/0x10
[ 1015.444656][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1015.444679][    C0]  _raw_spin_lock+0x2e/0x40
[ 1015.444695][    C0]  ? futex_q_lock+0x193/0x230
[ 1015.444710][    C0]  futex_q_lock+0x193/0x230
[ 1015.444726][    C0]  futex_wait_setup+0x87/0x2a0
[ 1015.444750][    C0]  __futex_wait+0x13c/0x320
[ 1015.444774][    C0]  ? __pfx___futex_wait+0x10/0x10
[ 1015.444797][    C0]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1015.444820][    C0]  ? raw_spin_rq_unlock_irq+0x17/0x90
[ 1015.444845][    C0]  ? __schedule+0x1a75/0x4c40
[ 1015.444867][    C0]  futex_wait+0x101/0x360
[ 1015.444889][    C0]  ? __pfx_futex_wait+0x10/0x10
[ 1015.444912][    C0]  ? __pfx___schedule+0x10/0x10
[ 1015.444932][    C0]  ? irqentry_exit+0x63/0x90
[ 1015.444956][    C0]  do_futex+0x33b/0x560
[ 1015.444974][    C0]  ? __pfx_do_futex+0x10/0x10
[ 1015.444991][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1015.445015][    C0]  __se_sys_futex+0x3f9/0x480
[ 1015.445033][    C0]  ? irqentry_exit+0x63/0x90
[ 1015.445054][    C0]  ? __pfx___se_sys_futex+0x10/0x10
[ 1015.445075][    C0]  ? __x64_sys_futex+0x21/0xf0
[ 1015.445094][    C0]  do_syscall_64+0xf3/0x230
[ 1015.445117][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1015.445141][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.445164][    C0] RIP: 0033:0x7fae2918cda9
[ 1015.445181][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1015.445195][    C0] RSP: 002b:00007fae26fd50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1015.445212][    C0] RAX: ffffffffffffffda RBX: 00007fae293a6088 RCX: 00007fae2918cda9
[ 1015.445224][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fae293a6088
[ 1015.445235][    C0] RBP: 00007fae293a6080 R08: 0000000000000000 R09: 0000000000000000
[ 1015.445245][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae293a608c
[ 1015.445256][    C0] R13: 0000000000000000 R14: 00007ffd7e3b6200 R15: 00007ffd7e3b62e8
[ 1015.445275][    C0]  </TASK>
[ 1015.445421][    C1] rcu: rcu_preempt kthread starved for 10505 jiffies! g52917 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1016.064536][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1016.074526][    C1] rcu: RCU grace-period kthread stack dump:
[ 1016.080434][    C1] task:rcu_preempt     state:R  running task     stack:25968 pid:17    tgid:17    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1016.093997][    C1] Call Trace:
[ 1016.097298][    C1]  <TASK>
[ 1016.100284][    C1]  __schedule+0x18bc/0x4c40
[ 1016.104824][    C1]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1016.110767][    C1]  ? __pfx___schedule+0x10/0x10
[ 1016.115652][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1016.120715][    C1]  ? __pfx___mod_timer+0x10/0x10
[ 1016.125680][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1016.132040][    C1]  ? schedule+0x90/0x320
[ 1016.136313][    C1]  schedule+0x14b/0x320
[ 1016.140504][    C1]  schedule_timeout+0x15a/0x290
[ 1016.145403][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1016.150801][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1016.156130][    C1]  ? prepare_to_swait_event+0x330/0x350
[ 1016.161709][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1016.166943][    C1]  rcu_gp_fqs_loop+0x2df/0x1330
[ 1016.171823][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1016.177054][    C1]  ? rcu_gp_init+0x1256/0x1630
[ 1016.181857][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1016.186822][    C1]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[ 1016.192753][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1016.198072][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1016.204002][    C1]  ? finish_swait+0xd4/0x1e0
[ 1016.208625][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1016.213855][    C1]  rcu_gp_kthread+0xa7/0x3b0
[ 1016.218484][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1016.223717][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1016.229643][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1016.234700][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1016.239930][    C1]  kthread+0x7a9/0x920
[ 1016.244027][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.248649][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1016.253881][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.258500][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.263126][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.267746][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1016.272969][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1016.278198][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.282819][    C1]  ret_from_fork+0x4b/0x80
[ 1016.287273][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.291901][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1016.296710][    C1]  </TASK>
[ 1016.299751][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1016.306094][    C1] CPU: 1 UID: 0 PID: 62 Comm: kworker/u8:4 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[ 1016.316789][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1016.326872][    C1] Workqueue: events_unbound toggle_allocation_gate
[ 1016.333409][    C1] RIP: 0010:smp_call_function_many_cond+0x1ba4/0x2d30
[ 1016.340209][    C1] Code: 03 84 c0 75 7e 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 b0 e8 0b 00 41 83 e4 01 4c 8b 64 24 68 75 07 e8 60 e4 0b 00 eb 41 f3 90 <48> b8 00 00 00 00 00 fc ff df 0f b6 04 03 84 c0 75 11 41 f7 45 00
[ 1016.359844][    C1] RSP: 0000:ffffc9000213f640 EFLAGS: 00000293
[ 1016.365943][    C1] RAX: ffffffff81b37985 RBX: 1ffff110170c8c75 RCX: ffff888143ec9e00
[ 1016.373963][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1016.381981][    C1] RBP: ffffc9000213f840 R08: ffffffff81b37950 R09: 1ffffffff2858708
[ 1016.389992][    C1] R10: dffffc0000000000 R11: fffffbfff2858709 R12: ffff8880b873f9c8
[ 1016.397990][    C1] R13: ffff8880b86463a8 R14: ffff8880b873f9c0 R15: 0000000000000000
[ 1016.405988][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1016.414938][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1016.421541][    C1] CR2: 0000000000000008 CR3: 000000000e738000 CR4: 00000000003526f0
[ 1016.429545][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1016.438414][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1016.446406][    C1] Call Trace:
[ 1016.449708][    C1]  <IRQ>
[ 1016.452580][    C1]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[ 1016.458951][    C1]  ? print_other_cpu_stall+0x1481/0x15c0
[ 1016.464632][    C1]  ? __pfx_print_other_cpu_stall+0x10/0x10
[ 1016.470483][    C1]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[ 1016.476764][    C1]  ? rcu_sched_clock_irq+0xa26/0x10e0
[ 1016.482177][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[ 1016.487854][    C1]  ? update_process_times+0x242/0x2f0
[ 1016.493255][    C1]  ? tick_nohz_handler+0x37c/0x500
[ 1016.498398][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 1016.503882][    C1]  ? __hrtimer_run_queues+0x551/0xd30
[ 1016.509305][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1016.515055][    C1]  ? handle_softirqs+0x7e0/0x9b0
[ 1016.520019][    C1]  ? read_tsc+0x9/0x20
[ 1016.524111][    C1]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1016.530215][    C1]  ? hrtimer_interrupt+0x403/0xa40
[ 1016.535385][    C1]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[ 1016.541584][    C1]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1016.547428][    C1]  </IRQ>
[ 1016.550390][    C1]  <TASK>
[ 1016.553344][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1016.559539][    C1]  ? smp_call_function_many_cond+0x1b90/0x2d30
[ 1016.565891][    C1]  ? smp_call_function_many_cond+0x1bc5/0x2d30
[ 1016.572101][    C1]  ? smp_call_function_many_cond+0x1ba4/0x2d30
[ 1016.578392][    C1]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[ 1016.584499][    C1]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[ 1016.590714][    C1]  ? __pfx___text_poke+0x10/0x10
[ 1016.595695][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1016.602055][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1016.607364][    C1]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1016.613299][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1016.618351][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[ 1016.623503][    C1]  text_poke_bp_batch+0x352/0xb30
[ 1016.628561][    C1]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1016.634576][    C1]  ? arch_jump_label_transform_apply+0x17/0x30
[ 1016.640788][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 1016.646367][    C1]  ? arch_jump_label_transform_queue+0x9b/0x100
[ 1016.652657][    C1]  ? process_scheduled_works+0x976/0x1840
[ 1016.658405][    C1]  text_poke_finish+0x30/0x50
[ 1016.663106][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[ 1016.669134][    C1]  static_key_enable_cpuslocked+0x136/0x260
[ 1016.675070][    C1]  static_key_enable+0x1a/0x20
[ 1016.679869][    C1]  toggle_allocation_gate+0xbc/0x260
[ 1016.685179][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1016.691128][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1016.697531][    C1]  process_scheduled_works+0xa66/0x1840
[ 1016.703153][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1016.709175][    C1]  ? assign_work+0x364/0x3d0
[ 1016.713797][    C1]  worker_thread+0x870/0xd30
[ 1016.718424][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1016.724353][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1016.729413][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1016.734569][    C1]  kthread+0x7a9/0x920
[ 1016.738670][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.743302][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1016.748444][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.753060][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.757681][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.762303][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1016.767970][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1016.773198][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.777834][    C1]  ret_from_fork+0x4b/0x80
[ 1016.782282][    C1]  ? __pfx_kthread+0x10/0x10
[ 1016.786902][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1016.791708][    C1]  </TASK>