last executing test programs:

14m42.228386812s ago: executing program 4 (id=46):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x7, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(0x0, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x54)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x1, [<r4=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000140)={0x1d, r6}, 0x18)
sendmmsg(r5, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0)
getsockopt$SO_J1939_PROMISC(r5, 0x6b, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)

14m38.471729369s ago: executing program 4 (id=51):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xa}]}}}]}]}], {0x14}}, 0x74}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x100000000000000)

14m37.464544215s ago: executing program 4 (id=53):
r0 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/smackfs/access\x00', 0x2, 0x0)
pwritev2(r0, 0x0, 0x0, 0xe20b, 0x2, 0x0)
read$FUSE(r0, &(0x7f00000015c0)={0x2020}, 0x2020)

14m37.341036941s ago: executing program 4 (id=54):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
clock_gettime(0x0, &(0x7f0000002180)={<r1=>0x0, <r2=>0x0})
clock_gettime(0x0, &(0x7f00000021c0)={<r3=>0x0, <r4=>0x0})
acct(&(0x7f00000022c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000002400))
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000003000000000000020000003851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r5, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0, 0x4})
write$evdev(r0, &(0x7f0000002200)=[{{0x0, 0xea60}, 0x16, 0x6, 0x80000001}, {{r1, r2/1000+60000}, 0x1f, 0x99a3, 0x7}, {{}, 0x14, 0x7, 0x4}, {{r3, r4/1000+10000}, 0x3, 0x61cf}, {{0x77359400}, 0x3, 0x80, 0x9}, {{}, 0x17, 0x3, 0x2}, {{0x77359400}, 0x2, 0x0, 0x4}], 0xa8)
fallocate(r0, 0x0, 0x5, 0x3)
accept4$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000002140)=0x10, 0x400)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x430, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x360, 0xffffffff, 0xffffffff, 0x360, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0xffffff00], 'veth0_virt_wifi\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x87}, 0x0, 0x258, 0x290, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}, {0x100}}}, @common=@inet=@hashlimit3={{0x158}, {'pim6reg\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3, 0x40}}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x6, 0x7}, {0x1, 0x1, 0x3}, {0x1, 0x0, 0x4}, 0x4, 0x9}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x490)
read$FUSE(r6, &(0x7f0000000080)={0x2020}, 0x2020)

14m35.842700487s ago: executing program 4 (id=58):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x4, &(0x7f0000000300)=[{0x0, 0x1, 0x0, 0x7fff7ffa}, {0x0, 0x6, 0x53, 0x801}, {0x8, 0x7, 0x2, 0x1}, {0x3, 0x22, 0x3, 0x4}]})
r1 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r1, @ANYRES8=r2], 0x9c}, 0x1, 0x0, 0x0, 0x4000811}, 0x40800)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$CEC_ADAP_G_CONNECTOR_INFO(0xffffffffffffffff, 0x8044610a, &(0x7f0000000380))
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x2f, 0x5, 0x3, 0x2, 0x46, @private0, @local, 0x40, 0x40, 0x1, 0xa2}})
connect$inet(r9, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r9, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r9, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r9, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
close_range(r0, 0xffffffffffffffff, 0x0)
unshare(0x2c020400)

14m35.323770468s ago: executing program 4 (id=62):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000000)="05000806", 0x4, 0x0, &(0x7f0000000080)={0x11, 0x8100, r2}, 0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4844}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
r4 = getpgid(0x0)
prlimit64(r4, 0xe, &(0x7f00000002c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080))
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x40)
writev(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xe, 0x11, r0, 0xd6486000)
socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x4, 0x6, 0x9, 0x6, 0x4, @loopback, @empty, 0x700, 0x8, 0x8, 0xffff18f3}})

14m34.234265796s ago: executing program 32 (id=62):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000000)="05000806", 0x4, 0x0, &(0x7f0000000080)={0x11, 0x8100, r2}, 0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4844}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
r4 = getpgid(0x0)
prlimit64(r4, 0xe, &(0x7f00000002c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080))
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x40)
writev(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xe, 0x11, r0, 0xd6486000)
socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x4, 0x6, 0x9, 0x6, 0x4, @loopback, @empty, 0x700, 0x8, 0x8, 0xffff18f3}})

13m47.417205746s ago: executing program 3 (id=154):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a050600001900000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001414000000110001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={r5, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r7, r6, 0x0, 0x0, 0x5, 0x800, {0x1, 0x0, 0x3, 0x69, 0x200, 0x0, 0x0, 0x5, 0x4cab, 0xe156, 0x0, 0x0, 0x60ff, 0x0, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r8, 0xc0745645, &(0x7f0000000640)={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], 0x7})
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000000d0a010e0000000000000000018000000900010073797a3000000000090002"], 0x2c}}, 0x0)

13m45.355807852s ago: executing program 3 (id=159):
syz_usb_connect(0x4, 0x6ad, &(0x7f00000013c0)={{0x12, 0x1, 0x110, 0xb, 0x42, 0x5b, 0x20, 0xaf0, 0x7021, 0xe416, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x69b, 0x1, 0x3, 0x0, 0x40, 0x6, [{{0x9, 0x4, 0xe4, 0xff, 0x10, 0xe3, 0xf3, 0x28, 0x0, [@generic={0x100, 0x7, "71fa62ed1aabfac8cfccc1a163ef555e6dc44a4948873475b874caec32481de01fe7cc4b3b9dbf3f8c0b9ef5330c00492c14e5de5bcc0cdfcb0cbe8ed7d3037008d3deae2e1256390e0c56df7cf9f1e936849350bd58200287200268108ec5cf882e62633f986df5911dae56a21c1b813023b9dc08a11428a490375d7e6d7ebf423852fbe52c17bdb33a54bb91e3596b09cae218be1108b38ac81ad3ff5b79955ae1b5e390675282ea7543084d4a52abb6e8922dcfdae4ef372a9612b442e4816b9a8e0b509cd45e9299bf8c9b4fdfac3e5a5f5ede759cd031061e7f6cdbbe32a4bfcf6566af1ef291779e898c2761b93eb2ef21b8aef271dfdd894e1239"}, @uac_as], [{{0x9, 0x5, 0x3, 0x0, 0x7d7, 0xab, 0x5, 0x3b, [@generic={0x93, 0x22, "183fc32ef0d3db7442498415a39c45f3c89d236333b0177e7cba912c9300cd18afa7fe3632a31a5d361f2f249ea0f3f49ddc1e5e740605be9e7929fc9da6d9170f74f46e72eaa14e2e2e5d86c40834485dede8088264cf2a79bd42860520e375cc9991492c6b6937fd3e88fb01b437c7d2ef43db204df6f44d78ec94a873b7c0e7fdc8bce42b5c6a1deeec0617f657f21e"}, @generic={0x21, 0x10, "7ec17e7941377892f90453a3e377d56088b8e4bc5fd4dcfb1e45aac3cf581e"}]}}, {{0x9, 0x5, 0x7, 0x4, 0x8, 0x0, 0x2, 0x9a}}, {{0x9, 0x5, 0xc, 0x3, 0x8, 0x3, 0xa, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x6, 0x85d}]}}, {{0x9, 0x5, 0xd, 0x4, 0x3ff, 0x2, 0x2, 0x5, [@generic={0x4, 0x31, "b178"}, @generic={0xb0, 0xc, "2c8afb6a659014f3d735c1ec798b37aed9a7d099bf142c3a554892833362effd88bb96a8fe89d4392fe27d09aba97b58578d115a893a9165178919e33e144f1646268f012ebc868f4f9c2ecc5aa424329199abd93b2c7b8b3324dd5dbeadad59ee1f99c0974728eeaffb7abe3f1db00d012370bacb038274f9fd9595180bf3cae76b7dc48b89069bcf2e0e60f9225c2d58a10af1dd7ed2049dc7819277220ad29d994559dc6b7a53b5fe2384770b"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x0, 0x7, 0x3d, 0x2}}, {{0x9, 0x5, 0x3, 0x0, 0x0, 0x81, 0x81, 0x1, [@generic={0x66, 0x22, "e2a7dd53744fd440dd49151914195b636c1a82a762b002c9b7cf7171c8931341d0b0a09e07ab84dc91fa98f49d9109b4686bd463998d2cdbe1547fc5274dc0261cb7df3549f17d72154d40f110b0671ad28189ae006351a1da0bf88ccedf627e44a4ac54"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x4, 0x0, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x10, 0x6}, @generic={0x3e, 0x1a, "3215f665fea11a2575eef86a5b567d01b9b0487671fba9e654cf29c5bc0d674a8001422b9305939ddcab7a2889e6f32d9c8955f1fb6e1f618f8a134e"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x10, 0xfc, 0x2, 0x40}}, {{0x9, 0x5, 0xf, 0x4, 0x8, 0x0, 0x80, 0x5}}, {{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x4, 0x7, 0xc0}}, {{0x9, 0x5, 0x7, 0x4, 0x408, 0x9, 0x8, 0x3, [@generic={0xea, 0x0, "f891b848a16cb9246c662e1f19254a083ddd5afd8143878e698a97484152bfe8dbf38ba5f78f108bbc3648d5a1514172ccc18aea2514700c4bab57f35bb0ada02989dbffd9d22248e689f5161549e19ff871ecb9e80405dd2ae92dc8324d03763c28299aaca8cf76629407ab7eb7a324251f0ace1884ecb76cefa8c47b1fe58086251f4ef206c201faaf419f934e25667c6a632738cc0da47732ddad56ecd3664c93a91e765881f104506afbb1d3b7384641e6039b1bfd3db730012a1b2cb9e3d96a1649ffc4f4759520f305d659a05ef96247e2b5a6c1b9930f82168fca609e8da857549d99e262"}]}}, {{0x9, 0x5, 0xb, 0x4, 0x10, 0x2, 0x2, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x81, 0xfff7}]}}, {{0x9, 0x5, 0x8, 0x0, 0x210, 0x80, 0x4, 0x2, [@generic={0xfc, 0x7, "e30dfc1fcb09ec7b53f6c5eff8e5c901b7cde15da4918be557dc7deb4886c51e15026319a045f6b5116ce8fee1a45b221ee02f36069c666133c88142ea7a1af23efe63870f2cf690164a7f284044c3e1fe2d5d502d435844969bd87713497b08f6d3618499272e582efef9522746fb21d3aa7beb4398973a28a834b5614893252f4bdc8acda23e9716168096e6fa022e210a71dbd7d6b0e91f0c9f9b2309bda676d565cc951e6dad53ce00daabef49a897dcf129b7b1d2d5ca74b7c9deabcbd645505a8724fd668d8c2310291b58cc0abdbb680f0ce2ea6c89d7eeb4f426e2ffa094840340c0f0c6bb01fe59139dd30bb41b964a55da20fb7f02"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0xe8, 0x3}]}}, {{0x9, 0x5, 0x9, 0x4, 0x40, 0xc, 0x4, 0x9}}, {{0x9, 0x5, 0x6, 0x2, 0x400, 0x4, 0x7, 0x4}}, {{0x9, 0x5, 0x80, 0x4, 0x10, 0x3, 0x7, 0xfe, [@generic={0xe1, 0xd, "353e8296c24f3b5f4dc83e837acd7fdd9c3b854e48c123179d3ba0e4d801c5301bbab27a6b24d54f9c7702c35cd5cb4aed084279eb0b4114a062a9f92148ca9a9c2c5c246985890d11b59dcd79c7c813fc805bb2402a2070668e26731b1cc17f52db5b15e33c8acb82393697a9cca4b933a3061ad08a516548a956adb136b56da3a50ddb2250fb7713309beab0df814f73c241ee84b1e9f74509f15fec36bea369a06be09419c113109898fba7887e6167497a74e4c959920c1fd725f6fc75ef0e6aa241ab863d1761d34b8c17b025fb7f3afa15eaac44cdc205f047495e72"}, @generic={0xa, 0xf, "9af72fcc40f11bcf"}]}}]}}]}}]}}, &(0x7f0000001b40)={0xa, &(0x7f0000000fc0)={0xa, 0x6, 0x201, 0x40, 0xe6, 0x6b, 0x20, 0x1}, 0xbe, &(0x7f0000001a80)={0x5, 0xf, 0xbe, 0x4, [@ssp_cap={0xc, 0x10, 0xa, 0xe, 0x0, 0x7ffff81, 0xf00, 0x7}, @wireless={0xb, 0x10, 0x1, 0x10, 0x2, 0x3, 0xb, 0xc, 0xf}, @wireless={0xb, 0x10, 0x1, 0xc, 0x60, 0x2f, 0x8, 0xc87, 0x72}, @generic={0x97, 0x10, 0x3, "e63f55113e0d086f25492cf7f3790b79ad4eca01a29802c58cbedea62812e66b893a65ab845b90663374f801b0908658c07c61a6063f5c7ebae7ce58eda7938fa9ef96e809770cef2f76bfce86ffebb63621937aba7d22756665927441f3e81abe199ac81679cf39631f1543c8e311449c3f6cf91f73fe2a0de2fab5a4e7c44077ec0da5f6838cecbdc146296a9427fb9fb48fe9"}]}, 0x1, [{0x4, &(0x7f0000001000)=@lang_id={0x4, 0x3, 0x439}}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2002, 0x3b9}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
io_uring_register$IORING_UNREGISTER_RING_FDS(r1, 0x15, &(0x7f0000001300)=[{0x3, 0x1, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/143, 0x8f}, {&(0x7f0000000400)=""/187, 0xbb}, {&(0x7f0000000500)=""/139, 0x8b}], &(0x7f00000000c0)=[0x40, 0x6, 0xfffffffffffffffc, 0x7, 0xfffffffffffffff7, 0x9, 0x1]}, {0x1, 0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000005c0)=""/133, 0x85}], &(0x7f00000001c0)=[0x3, 0x6, 0x3, 0xfffffffffffffff9, 0x7, 0x8000000, 0x3, 0x5]}, {0x9, 0x1, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000680)=""/240, 0xf0}, {&(0x7f0000000240)=""/60, 0x3c}, {&(0x7f0000000780)=""/112, 0x70}, {&(0x7f0000000880)=""/211, 0xd3}, {&(0x7f0000000980)=""/108, 0x6c}, {&(0x7f0000000800)=""/3, 0x3}, {&(0x7f0000000a00)=""/53, 0x35}, {&(0x7f0000000a40)=""/186, 0xba}, {&(0x7f0000000b00)=""/153, 0x99}], &(0x7f0000000c80)=[0x84df, 0x800, 0x0, 0xe10d, 0x10001]}, {0x4, 0x1, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000cc0)=""/3, 0x3}, {&(0x7f0000000d00)=""/255, 0xff}, {&(0x7f0000000e00)=""/231, 0xe7}, {&(0x7f0000000f00)=""/122, 0x7a}], &(0x7f0000000fc0)}, {0x0, 0x1, 0x0, &(0x7f0000001000), &(0x7f0000001040)=[0x3]}, {0x3, 0x32ac1a7efc1e748a, 0x0, &(0x7f0000001280)=[{&(0x7f0000001080)=""/163, 0xa3}, {&(0x7f0000001140)=""/222, 0xde}, {&(0x7f0000001240)=""/45, 0x2d}], &(0x7f00000012c0)=[0x38, 0x0, 0x9]}], 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)

13m39.028413538s ago: executing program 3 (id=164):
r0 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = syz_open_dev$sg(&(0x7f0000000080), 0x502e, 0x185700)
ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x11e1c000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000780)='./file2\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')

13m37.667458899s ago: executing program 3 (id=166):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
clock_gettime(0x0, &(0x7f0000002180))
clock_gettime(0x0, &(0x7f00000021c0))
acct(&(0x7f00000022c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000002400))
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000003000000000000020000003851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0, 0x4})
fallocate(r0, 0x0, 0x5, 0x3)

13m37.584794632s ago: executing program 5 (id=168):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
io_setup(0xb2, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000040)=0x7, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
syz_open_dev$usbmon(&(0x7f0000000180), 0x7fffffff, 0x80001)
r9 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xbcV\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/M\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn\xf2\x97\x96c\xda7\t,', 0x5)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, r9, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x8)
ftruncate(r9, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

13m35.921632237s ago: executing program 3 (id=170):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r4 = creat(&(0x7f0000000440)='./bus\x00', 0x11d)
setsockopt$inet6_buf(r4, 0x29, 0x6, &(0x7f0000000580)="b235a390d0474d9b34508e301eeef6885cf93439c90ae529608a63ef7d5d2ce5eb771829ed4c2935642569c0dcff21126f9841788acc9bce4c6fbd131c5c2bb7fdb5cf9018bcf4eedde3e82390f512bbe7189ab35591bd23d9d995d1888f9592b6fd698276026ffb7de7a0e1ad62cce416181e674573a8d8a9ee704349b9b935c7d63005a028acc4c9ec8292d3f94d017ed9d7fa277992cf56ea0a8ea06d8a8c800eb4f54642f9a5b7799a92e717d9ab052e229f9dc35e5d30239c91ae29e10621a1a34f9d8080540e4a58a652c1d2fb7d90bebe3530029f13158deb0f0694a29d7fd1e83e05f4b5ada2ce8e942c95798a12db8483741ffe3094a9954e7ca8d20243a5ddf65bdc21fd56a18bd09000b1fe697890bd31e0238f14a1b1bd29f6ceb383ebb473c59537d7a28791b716d16b7f8d9be0ecc8646e9f02e5669efe74280590912193446f51cbe6cd57f8dadf0a3f79288a0711c936dab58e0d01c0021dbaa8d8fa6e9993c2196aa834aff3c99a2d9b86c223efb9555c1d7b8545d1f435da019ae60c80ba97fd7e0e2df4e817aabe4ee6168ef85e2e469436f1c585197e24f36064e7d29644fb38c54730f48bc00a307448b12388c4eb884b9568cb6129c46502bcbb2d8e2b031be975564a1a5b6e77879cc160978ce356695632bd7a12a5bf1d879537bfcf66fc8a54715d1d28f606fc279bda99ef12b8a2326bfe72fff9fe8b753c454f0dd0be56177832b6e2151fb6d35dfd97e729973594c29d00275a20436916863c34f0cbc88b6d0195c98b16edbc09a4b750c228c1af6efbe65c5e09930cdcac35c3588dece7116add4e06e097a0192c7b248991cd5532b3f1923fe30af8d254adfe8668e6acfbf8495f16eee1a20554c2f34c7d592591dcd8b41145c4730f4c251d7ac5dd578466e363cd1b7a24b2a84e0607bb922a8920a0145f8ddffed383e73c112fb8c7e7d7410197bfa6b6f6a4f56f1d900a4ed7c58641be73b2ea4b201f05ab8b69f9f734af7742e2cd472f6405371a745e322e107fe2319f7c27c56d24617865e93d4f7fbef9ec7dba4400270615ba708a2ac1fbe99d36abfb4369957f5169ac4a8a4a45a9782d1b9e29389ba37f306d4f05415939d883b96e5354dd52a632823e875694997eb719de789a1825504a7eb7d89101a332495dff2bc1fd5965f291b656dc0374706f3a8e1681fbaa655801223b64b93ddf91acbe8dfcf54e797b2a1d9ee63365f0fbb773c729b2783c12281aa4d5f1c6fde301a255679a8b9a95d30f113c62475742ad26b13c73bbc4205f2b7c56f88fe9f45f3d0e6821f91aecd4128a05692ae08e8717e7109db9c1f29f3cb988eaf4fbaa6fba154f89660fdac6c5b942a05fb3dd4436d6da04757c222610afcaec6a8979dcc9d9c8eafb03b628a1521b45bb3d3017b50b20239c6bf6af56aec269fee3ed4ce2a116976c014e80b8ba1e4dbbf4ceabf3ad67f2596ad9b442b355ab6f6edd2fd75956c7c6a69a1ae3a64f5cb5a74f0a562fb4ec6a35fc9cd87044d1a73f3dd4a173af59e88c4cd4d32835af29993946849b065bec6b1d95c422544f026e6efbafca5bd0097b23ae199a6d1b9b52ff487f1b8b93dd7810b0bfdf3be65ac0103e218a4e66e66907dbb387a56bbb5214d0bdacf91fea4ec257837d0c22bfa660d5b9025d713714520c473de6334796ca8b00563be44582abba2a453ef7fb69c49880ea3cbd9b402ad94b37b1d14a0bea8b11bf69127cb38c34ec56951a5570f9a1b845230022ef41007e9515ae4f38a5f3007b8116f103be48532b72bb5a1bca0f16888f0760ad9aae763e86036b95a29402d8460c078a9258ce9080a58f7a6780963ecd87f704f643ae3ae70423b151ab7707bd5bffe11bf94d11b7ce3ee746cc311b9dd84ee39ae6d927f003ca93bdf719a19bb66ea2fdd7fe94231f4d60453589ee3086ac561868200e68fec7308a0c24e866ff503ae973b35bf4a7f31e0c6d9cd4f9dd3a0ffa4f381574d56412d9efb7bba373b631e7beb34588499e04af13fc7fa95284dddf79ad5f8081932fe0eeeb3afd08d78f157547abf62413d9428919fc4c895dc1adc9581079a4e7f7213760a99db4faae68447d212978cf2d0c8de0795af5ac12879c4528b9dd72971e1f52f4b9dec5424f6d7cd58ea4984497e301699d7b30ddd8d1d359959d9ce8a2e2f6262549c9524dd768ff297bff15045caa5262ad1be15057121030e0586cbe9e57704343031a2b07f27926528e9c8e1a843ff2b95eb509bd4c6857720c6efffcd8523f39444492f1959c91eee6b8df9f99303908b8bd23b6911de2df131b0b38e2f1e089f1860b5a1b76b9d86ca56062667aaf2da6eb54cc1902b7aa4e4329629d51c1631237acd2bf7de61c15a2e77a6266148c000205bbe7e8f5b2e3d84b34af02db96bea273a39c02ae83f0012a90b9470b0784fa3e2f10b5c791771222c2a4a49029026e716ca994f7d364f83542c2ae0f831d01891ccc238de4cae3fdca39d99845436f690a19524b7983d26cd721b065f0f2174f96aa6308d53b62cf97393d4ee3fddc98021711519107608123cd33e4c189f32b990f1ad07386e9a0161c1364de60a7163daea82b8651520e76e37a716533441aaa9c0828768a34908f950656e3bc1dfd5de8be24b28dd67e158467599fe7dff309301b9ffc83884ce278df3c41924a16f14612c371597b9ca177b078d88ee7cab995037bdd8abd50d76a23d6ae0ec1e4a1ded1d1f59195105b7e3b290f47ad1d85fab080b1afd29a001cfe1d832ffed904500a074212280dd522e08888ecd70b93b2040076b37b0e4e7820465b416d6df18a045cbab08380bf979e82ca39fcbeaa811d6a5be63de7edfd6522c6b505c03d62556c2be97a", 0x800)
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x143042, 0xfe)
ftruncate(r6, 0x2008002)
sendfile(r5, r6, 0x0, 0x80000001)

13m34.385716421s ago: executing program 5 (id=173):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00'})
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x11e1c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000780)='./file2\x00')

13m34.076285497s ago: executing program 3 (id=175):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[], [], 0x2f})
syz_open_dev$ptys(0xc, 0x3, 0x1)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xa9c)
execve(&(0x7f0000000000)='./file2\x00', 0x0, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff})
close_range(r3, r3, 0x2)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'gre0\x00', @link_local})
bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x2459e2b044da2cee}, 0xc)
fchdir(r2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100, 0x2, 0x2de}, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0))
fcntl$getownex(r0, 0x10, &(0x7f0000000300)={0x0, <r7=>0x0})
syz_open_procfs(r7, &(0x7f0000000340)='ns\x00')
mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0)
syncfs(r2)

13m32.716898053s ago: executing program 33 (id=175):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[], [], 0x2f})
syz_open_dev$ptys(0xc, 0x3, 0x1)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xa9c)
execve(&(0x7f0000000000)='./file2\x00', 0x0, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff})
close_range(r3, r3, 0x2)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'gre0\x00', @link_local})
bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x2459e2b044da2cee}, 0xc)
fchdir(r2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100, 0x2, 0x2de}, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0))
fcntl$getownex(r0, 0x10, &(0x7f0000000300)={0x0, <r7=>0x0})
syz_open_procfs(r7, &(0x7f0000000340)='ns\x00')
mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0)
syncfs(r2)

13m32.700748929s ago: executing program 5 (id=178):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
syz_emit_ethernet(0xfdef, &(0x7f0000000740)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @remote, @void, {@x25={0x805, {0x2, 0x1, 0x27}}}}, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000002e00)={0x1f, 0x4, &(0x7f0000000c80)=ANY=[@ANYRES16=r0, @ANYBLOB="df0881c6747b6cf8ad0c5f0fe08426e2dede764bf9bc6267562e625f154df5f71d474543dfb00e8b51d895e185ad1d8ea9e9a3d34fcd37368afaebe65540194d3634802fe6530adc423cdd704ff9a25fd7fdd5404f829058b8534c0caed7b435c11ad9872f5f7d6e93c36b216631df3091279aa6cb9a76e5a710d0fb1bbe7abd", @ANYRES16=r0, @ANYRESOCT=r0, @ANYRES64=r0, @ANYRESDEC=r0, @ANYRESOCT=r0], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r3 = syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, &(0x7f0000000240), &(0x7f0000001880))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x21, &(0x7f0000000440)=r2, 0x1)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xf9f}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xf}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000000)='wg1\x00', 0x4)
sendmmsg(r1, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000380)="57ac7cab87aaf68432ade4f44581d9d8d15c532c461a7cf2649520b54e3150c044f8b21951e357e4942b6d7fb3decc8c5fd5b71aa481edd22ff6af8b66360113a779444cc6f73f2b6e5e0d9ce22b75a3", 0x50}, {&(0x7f0000000540)="4c56504d2bfd9c83050de2b7a3b6ee00431e6c310784d74bea7070a11283482d5fa7f63776c53ddd78884bc06833aa479a7fa36f30c95da07ecff5ad5f1b0863f0c3eb6e9aa77e72de3be2048680c83b898564e2cc665bc4504accc55ee1fa8ee6e4586e70de9f0895efafc9922ab610f01dcf90d7b156a3f5fd8757b8a7df6fa74d216d824ef3e7caeda2d9ee9683872aded9e9a7993fc199f1b549c5b3d3b350207e10c19414e176b46ee058afd21e66f106f8ed1232915794b66108f860714ed9783ebb4b5e8d70e4da575a5529512178e02df2338dea15ca7467b8b5de342b73a7e37f0c", 0xe6}, {&(0x7f0000000640)="897f382ac6db20d0d6646fea0e8b2ca8b4b36ac615bd0dd27343c14da7ff2906edb2e81b5a5d737d886de24d94574b7d50e40e0c1db4554fb5f04328e2c2f0d51243164fdf45f2caa1c74ccdd07ac714b66b6b62f2d9715f71c41a9b63d621c7b285466c5c1a2b1e94ae837eaf0ad9701baa5b44aa34b6e9e32a207d43d262fe3c5b5196befcb94212763a70445b2d515949dd5cd2d1753b27d351f72f32f5480445b3477bfb85cacd20d96f55d2c8acc4c7c267657d23022a89f3f5b207c3925094c0486c0209359315af29d901267e18c38911bee8989f423291c09299d1925301806d39", 0xe5}, {&(0x7f0000000740)="f41dd65e8b248c3e4a71d6cb9e3d87555977eb25057a6b8baf1aedd85e4a585fee8674a91044b549cae2811b09b81fb8e547f2992875aed4ea4a04c2739268947d6ac7f3fa8bf46f88c68bba78ae89ba97046046e3b40c99afa1a55205cfcea7320cd5d7544f42a3b4ded07524965f974c8f997bc37f062d4ab7", 0x7a}, {&(0x7f00000007c0)="37263857b1f089fa717203f3272845444367816fe2da801b3310e653d24e1133aa78d5561432a4558fbdd26edd6dd5deeb5b61394aecffae21d3b69c1ab21007196bf4de96031b55cfb0c43eb2a5ce4fdfec49b63cbb80eec7b1038ec84e4330a107a9670c555a5177580e5f15f2a143fbe9ee8d01858dc9e197162ee155b3c8ced8b66fd20a4317358fcf19abb9274da8fb2e9b62a0255172ef79e1235f6d4e2667662f431f8564c7145d40f9e0a0ab129a79ddfe4709bef1ba6ab7ab3a30ed271e10bfdd3504cbb9cd428b4b53fd23e4e1420dbb25135288fbd949", 0xdc}, {&(0x7f00000008c0)="e3cad0019ac5f693d4cdcad70e17595a313afb414f168ce1373c34cc23ed099751446636fbbb79a706ef27bae1b57e94d0ea0a997b18fe9788247760b6db4383a3b8c1f0ef51306ed766b161cb61df6cc589fa2dc5993d14674565cf16842c4d1ad0b6fd288517bd7975358a21087da5ea7979ddb9f83267f17796634a851e01e97bfd81f839bb6b8bc738ccade90df978e78aead4888a992db3769469b0abb19dfd3dfb65c872cae9f633f0600b3e28853d09ff89c1ca39750c7e9315cdf23523d273c94f74d2f5f7191eb341a48bc5eb722992f02338d18c285964f101424c", 0xe0}, {&(0x7f00000009c0)="2d8e8d27210be570d32e40bcf91986c76042509ec79e9d4b20430bb98c51045fd560e419b037dfc7454a20abbf1d6b20297986eafb0e3f5979f1fbefb8a48999e9c8c3bf9c25ed", 0x47}, {&(0x7f0000000b80)="a408124f70fc4c7dee54a21db4c41205e678f127397f8703430cf9227d9300264195bc312d7259f44f971322e400610370b4e53b93302d3a9a709164aae919aee6fa51e47968028cc101db3c7fa38042a01b5adc10b1d18eaa812cd8637a898b72ca624551fc6c63d2b9d69e9cae8b9efcfb40a4f0bce0ff072cdf29ea86e471d6858a9df95e764551c720ebbdacd00b131b4542f032e8968ddc1f0826d1bd45bb9b4214101c29050af5c0bda91cac7b90e7bb66f31b919e467d8948e436b879e4a286478ba3d42f141af103a2fc9eb584f485c7f13c36324c93b5fd2d6c65cbfc3306354d33fa3800096b232758a869a98efae685d14f6c980c4fc222", 0xfd}], 0x8}}], 0x1, 0x4000)

13m32.076618127s ago: executing program 5 (id=180):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
clock_gettime(0x0, &(0x7f0000002180))
clock_gettime(0x0, &(0x7f00000021c0))
acct(&(0x7f00000022c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000002400))
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000003000000000000020000003851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0, 0x4})
fallocate(r0, 0x0, 0x5, 0x3)

13m31.781935032s ago: executing program 5 (id=181):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r0, 0x11, 0x1, &(0x7f0000000000)=0x507, 0x4)
sendto$inet(r0, &(0x7f0000000f40)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95d53c495ae6848109d78fd7dc7b913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba4d42c60cf2154d1b659aa709e8980a522cfb72fa25bea09462b7923ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d15bbc0b74b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373f30a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c5e1000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e97", 0xfffffffffffffe93, 0x40004, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x348}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r2, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0), 0x8)

13m31.210015215s ago: executing program 5 (id=184):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="54000000100001040625fd1a62ea8ef707504a8621d2400000000000000000ffff0000", @ANYRES32=0x0, @ANYBLOB="08d10000000000002000128009000100766c616e00000000100002800c0002000e0000000f00000014000300766c616e300000000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)={0x30, r6, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x1}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x3}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8840}, 0x40080)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8)
mount(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r9 = gettid()
syz_open_procfs$namespace(r9, &(0x7f0000000380)='ns/time\x00')
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r10}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0xc, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x300, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(r2)
openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
r11 = getpid()
r12 = syz_pidfd_open(r11, 0x0)
setns(r12, 0x8020000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r13=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r13, 0x89fc, &(0x7f0000000900)={'bond0\x00', @random="06fe002000"})
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r12}}, 0x20)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)={0x2, 0x0, [{0x332, 0x0, 0x3}, {0x2ba, 0x0, 0xeff}]})

13m29.910263882s ago: executing program 34 (id=184):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="54000000100001040625fd1a62ea8ef707504a8621d2400000000000000000ffff0000", @ANYRES32=0x0, @ANYBLOB="08d10000000000002000128009000100766c616e00000000100002800c0002000e0000000f00000014000300766c616e300000000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)={0x30, r6, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x1}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x3}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8840}, 0x40080)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8)
mount(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r9 = gettid()
syz_open_procfs$namespace(r9, &(0x7f0000000380)='ns/time\x00')
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r10}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0xc, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x300, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(r2)
openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
r11 = getpid()
r12 = syz_pidfd_open(r11, 0x0)
setns(r12, 0x8020000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r13=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r13, 0x89fc, &(0x7f0000000900)={'bond0\x00', @random="06fe002000"})
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r12}}, 0x20)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)={0x2, 0x0, [{0x332, 0x0, 0x3}, {0x2ba, 0x0, 0xeff}]})

8m23.08457844s ago: executing program 1 (id=848):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f0000000080)=""/1, &(0x7f00000000c0)=0x1)

8m22.041592835s ago: executing program 1 (id=850):
timer_create(0x0, 0x0, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$BTRFS_IOC_RM_DEV(r4, 0x5000940b, &(0x7f0000000a80)={{r2}, "fad7b9428d93038f63c4dafa1da7e07527fe756bde6d960d81bfd34ba5cca803ad5bdebe227152d43a607faa0dc407fc189b0d7e7468ab55f146ff0337aed82849987da5e1ab963dda992d377e4eacce0e342581ab9962694df4a98aef6d7813fb8b796948ff95415e9d71a47ede207b1794f624b034487af5832e243034017f4f93e15abf71e2dc1e26f97de375b5a1f1a24f98467d2d07d33c06c55c3f89c8d5282a18faedb7595cdedc33c345c89deca5b925cf8467200094111705e71154b451ed8407d1c89255b27d9b243d3a333b099595c33db04682ac22a418c49f5c39a0918c015e8393d2cb7c20feb2c54c82b6387812412e3237e938369453e1e8030d49fcd1c91bf36f2422d1a72f49b31ec3889ebc0d28c929b0c6736f00b53b9ccfd3934a7d933a8202fd2bdb2a8b0d58d6180c1a69b7fb41255ce92795786d10a8c7d9e4f680517f4e34b1e8f884e81e09bd5ec5ecf38b7b8f1637afb0aee0e708c4074eec24e3141b9e12ced6b4beaedec6d55dbae69d5a63142b3e81997458d7151a84d0d7cd4ebd25d24f3d2a3b4c403ab707fe38aa61cab1b070d4730625f76dc37f201e8698204637fe62fe52ed11ae0d8f98f69d4f92762bcba03b8b42feeca7a9fa9300ca4759ff9d7e9162479f954b1316775fcbfc6640b91dd1cb976ceaf2f9f28040ecfdc0e28bb9705a1b985274c7d08bd96aacd6a00f865f3a22f86ef2ace146c4f40bb20798e0bc2db4ce62f0873c09a85e7892729489a7b9c8c9a2939812595942b1ca2d3260315bc723ac2edf24d88f0f49d586a8065817ad936dc8161e438eb5b845df96b2c9a56eb7535ee9e255f41def5d9e9720857fbfd84b4bf1c97c574f568933df8f25d6df5d74a374e4f9a6a2e76644df77da621a8c9ce947af8f20feda0e22ef467eb210665589823025c9144ec05d80276574d3cae61c639d3b12438e012ffe1ca3823b4b79185ce1896b7a41aa36a47776fade667af70c25d9543bc036f40aec1c521f39239cdbf2748883f86b89349ffee1f528f955bdf6f29686c57a49b66ebfc26ee604316f27f9547cf3c21c221581458246b04d627e29e8b846e099e5d8234ce0db1d3e77130147580622b8eeaa34707ea25369c250ce5f5adc14b7afcfbce3c25e5e65d04858dc056456e2f2d2bd6afb59afae8d63b7ab5b8b6ad3386d52dbcee60c7f0945517a77edeeda33789acdb3b7b3242704d6c51940c004cde1d3a342477607581a92a50716caf93495cbc1a6b2f1be20081f7ba8a013416e6b8433383299b752feabd1455bc336b868b38f5ad73f397f0381a51748ffa8550510837d9128ab095629b7a159c6b0dfadfd8a8bff53c80481c59d861954790c593524d8a53cd8b2f2c234b850ec7576a46074293453a86cb3c0c346a8cbbac65eda4a2130e00053f5a054603776ea1d2975e4badbaa83518dad9274c22ac17f20686f56315340e5581c787a2f71ab3a2063664bcc82c7380a13cc8eb106c036800c7b0f14ed667f39af9a5cc01dcdd5809b534fad505858508845d9c547e19c632cd8024ecd777e193c2258312b7a5998a875d33dd8b861500946852af487bbefa54e9b16a83b6131ac343eacb2558e759a9b6ce5db0f1ab173d457d144fd5a65f092e553e1d0e3f9972ec57d27bb48c78332c7a6fab0d5958c61898b3a5ae8810e2246ae36291cd5f79f9475e697c9da84d05cc8dc197485ad790d2a8da5400583dce8ffa3c8adfe276884ed5d33f0e7bc4fb1748e83884213c10ec673dbbbf55670da7fbdd6d8927cd41106064ce22cd2ae14084c439e8f07e4e261667507c0acb03033f30665dbf928d31ff9cf38f61a46d6d1286065bfad5839b0247c975673839f6f685ebaad9396c5f93b3a5f346202a40969ab5c72d0355fd609d33b9443093a53dfbf8052a405389ce269f71da8ae1fb39b30f6a701f56838ca11527de58850f17b4fcc6397614da8e2e331f06024f1ee7f6a8b2f910711526361244a585dfacb4bab57738d7938adb436cf17cfeceb95016e339aa5f2ba30515f289ba35118d32504f52710044e78666dd2834fc2d9fad35e2df29b10e0557ab4789c7dc718d2d03434062bb58fd824c13a0bc6298ed9bdc3d0cc79d008972fcc9f751af4824b2be0823313581cd2fd2b436f84b14719b93dd95a38941c11af5b51f3b0503f3db3569ac847a93ea9124622044b37b083fcf8882a788041289905296e1bf2eb12aadb5228f366a925269a20f7ca9db7f317d5117a70d93f90b402993a7f84328409bda0fdc6306dd5c126fdb179fde4e4d7314d2ee419c8635e62895f8dffdf73f38188121f7b24dae40531b6e43054d3b9b459df2f2613536819643e6b7038de55ffa43bc9edc72e2038e2bf9da70a4a24a3fce0b8673f7f8f5099fcf0d23ab90c7f8770bdfd23e6aaabf7d110768ff08c8754ff6d962e43ff215d78d2ebd882353490da27dabd92ab08291338eaacf3e1ebe6a7da8286d3d57e272b9eac7c70a9a1bd67fb3f4e3052779422a7e19b7cfb01760f949ce4562ce5ad5292cb607e42d513d1facd0903a87836d5c30c181b5728db474154d3cb4e524ba5e03336534ca9f6b093fd6d9e5b89ede5becc677996321d65e9022d1c00e2907767a51c75c9f0688e4e82e045dc972e6be8948c7fc8a84ca8e1a992d44ac8e7a962a931d8eb3d0c4756b838c1339758a4a563d108d35940366b582c48567b5ca539839fbd327361ed76f4204f8ec84ec6401079a189b271747129c3d0025ccc25c9d7fbea0aa4f6a0e5f10422e9866e42ab0f86d6e9022688652536eef7fd28dc5961670a4058eaec61ba3e11273111be9cc3da57edc16321e1382d20f4cf52827032b5f79e395e742113303b0aa595f7188a417ddfdc3b6259b56f9f8f7b133774bfb5c181f1288713e3144ac4ff69fc146cc633dc70c8aee1da2384b72115b49cdbdfe9508b2e06fcd02df78d895e12cf6f0cf4171c7570809b949c6bfbff07da4018935a186630be06d42a4844521428afbed6b3a34aa0226a948fa12e8bdfbb27d13fd5627093511f52a51a6dcd33e0122d2dd1736885c797e1d1c65c06739790767be42582349c147d52e377732742f176b79243edd2c6b585d5512702ce4a7395835e2ab038a5deff84f7ff0d4622aebcd31c58d2dbbaad54638473e5fb428b827a577215460489001af429b40d0dae3521be9a381913740ea72a8b707d2ed4a12f5791fc2d0ea9674d59d68ff02a7b7dda9b9a1917db6093bf8ba4a186c952434dfd664cf9607d9b194b874c24ad03b04148d6f1951d4127146b22783be7eceefc686c4bef899e6cce8ce1344e9e49cfc0d43633098983a40276b4b4fcbe4ce0b695d58471afcfcce714ff1da6e975bd1494d127fbcda25c0110f596e4e0882e01acc674446d2c6e3d08d8034eebd4432968b1aab2e825eba0f76612ae6617667ad6c823fb8234363d5bb341c440fe0a0cad018b6c36ca317e3473eedbcc5f6740a7fad23b55a6fb626d8093ea62d6f35d2babd391e138b24a4ddfa86fef5487a710289f2994f36e87fadd178a5e139455d398a8809e30d2569650ceee90ad6b68942087ae0e33c49c6f7952b08da8762be2c9066e56d27a69a926fc58c82565877e913bff08e0827c45f9e74c964f282d5023efb21e976b93177464a686150ef09a32c352505c534e467ce014fec144dbbdcc8e2d28b6bf619ddf63a48054406dfa33aa541cb9beafa70cabcd8600cabf93d138de261f6f5b63273691669e363e06bc583bdee1ed210179f2ab50a6bc0a727475551e90b0265e1e8ca02acabe93b596b7a782151d792a5679e21e730b7e964c38a49717d0a1385bbb1b0459916424133149720bf47ac38687178a8b351ae3f29bf4a6ea369c90f85f4f123416c8c09c3f25b133ddcdb71b1289821d81581b78ae66c075c535e30151ae1bd48e787b55cc45951c83b5ce097711df0764feab81f24d63940915c471479c24222bd5569201ac4c56577168b76c1f0684f981df516cf5ac5d4307ef2bf429d818c9809f6669f43b1eb160bdcb817154bc36cd8bd24cd6c75e037edab6fa0fe9a0f19b6dbaf99dd68f0318382ccf8d20fe2fdc08134a86b5b0794a534992751fca4ec726dfca985cc239bae2b04ce49416e07e14f752767d05f6584479b5da973fa22477be64fef48b5f3c07936c2be9fa8b92c9e8a0412a2718932edf53382efe2aa1531bbde87363fee5a15501a490c16d26354c0ffeeccf0d05705a6b68a0b88de1e15736092014273f7494474a24555e7e7a6b4e274a9dd4d534cac979a0e99758203f74309af7b221e925c592ad25e13c7907c1030fc79bb728bce4437047470cf97ebc48f45ef67695585caa73178057802a24e3e4fea0a55111275c738d2b09aa7e7a00e91be43ee507b6533c6c6e9d1848e708240d7547b08bb9121fc024caed12805a0a8bfb72f72c6787b760ccd3657328507050f8ad3e348597b38685ad6d44125266382dbf433a9628c548f89eea1691e92fc755502e4656d2faa2077ab1d749a3d2d0543cd5248db49cdb1a60f006ec8cb5b3ecfc1b6b38ed802a6885c6733dbdfbe9d6c0a0daacda38f9bdbd728bfae407e2be620cd8e66743c70073e38e87ede0daf00e7e6205bc0f5cc3ff5657ad559ad13a865d01357215e2e813153212d13d6817ff2badace7edac682ea459e30b476b98ea7ca540c9ec3f8a0550ab51340e04425e3eb0d36fcfa6612bfe947263322afb876ef4a86edf8adf41f4bf4fd617c2cc57c0639baa79f4e6468258e53b76ae51c83f37b6d128cbe4eaf3e58e7d24a7c24451289c991984bed04ce060e4ee13a0c0e43fc98baae2352366672075a6c8c26165aa538b1bac0765ffda39bfafaa401cea38646e418fc99704540acd08e128121bb0b8ab8e316f924cfdae1002d54e2ef3cf3477558d77881beaa3c31cb9cc2429eaf858ebaf06709910faf26d7433290a3250cca586c0e49c3d2456a6409da11259bc7b7e2345146a360404f3d7333487343d9dfbb2813bbeba56a1e1f90d421aca2d1e6ca075b1fcb5733df856fc45de7fe5dbe6174ebc4a6241576e46503a3f7e4ad18b5965c0525faa3d031b09b2b9aa1874285c874382359e93775a69701bb63fccc33d095aac42e79a74ec9700218add3c93114c0686f6897f3228cf3bee05ca63f709075df1b5e89e44c05feb00356c0de06190b84e09285443e58a361840e93da22a3ab64d8a4a0474466d13738c07c71847b6b2e47adb22db94e92524a08ca0dbb02de2e0eb5c2edb7e29d89ed5c2d76bb2fc5da5cd57b89bfd47465b5a57ebd72261ddfb443a141415670a59ae82acde715d73b4ab62602b9a347764a05a15159d25abfa2e26531efc90cce8692bb61d859ef6ecb4d9d6d44813085915e8d97916127241aa470b55cdf629ad52b7ad48d4253b2539726f26cf169c208a591ed4a3d4c0474446493a2da85d1226e58d988bcd484ed94d8b18f3298815be6627d1eb5bde9a2f8a3864b2e0c772502854afab501e8cbf1425028bebc3aece71cae8fc40f1606902d0ebcb124be02fcfb6a2810f580942e9f6a2871f9e9bd4a43bb3428c8e4cc16c5b7f3f6cf92bc0aec8c7826c2e759d6062c7409e2e770e3780bbff8e390bc9b551d12c5d295dda72b46cbf9a20c76f6881d69ec27a003b6edb5b2983483d06b246cc3cbd2c8524e601ce0d45c7441bb9e1dcd676ccb5ac3a9e59e6d65c4eee6b120b6bb71eafc80f9ca5de3529ff04fc2f3546"})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0x228, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x70, 0xd8, 0x0, {0xff0f000000000000}}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288)
ioctl$KVM_RUN(r5, 0xae80, 0x1000000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000040)={0x1, @pix={0xc2, 0x80000001, 0x35315258, 0x5, 0xff, 0x8, 0x0, 0x6, 0x0, 0x0, 0x2}})

8m16.046620523s ago: executing program 1 (id=866):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x80800)
connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x707c, 0x400, 0x3, 0x288}, 0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r7, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS(r9, 0xc048aeca, &(0x7f0000000200))

8m14.202283594s ago: executing program 1 (id=870):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000027c0000000039a0040005000c0001800600060008"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000001c0)={r1, 0x90b, 0xf6, 0x7})
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r2, &(0x7f0000000040)="8b305cba121116e46129fde61659064c32481f53dcc7d4c3008d3873a5a81083f79e5bb6b60f704f3860814d5b93d0b693ccc068d47a542a70683a03c9d9374143a0b010106ddb8c1cd53311b5b3f430b6d7b316b84c9e53a192767edce1d3b36129a9e82738a3d48677b27a05ea2a07bf5af72041396f46ef1324922da29c9e3907014da021df9a04a28285f6e42ac76c05a9f1b91600a1b49b6c10dbaf35fb687836ba84be735991aebb05133c04568c77e413546114dc4238d79f62c07ec83e4d1455c0819ad34d4082698ce8e92e9125ffea79fbf91609684727b23c4897", 0xe0, 0x80, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10)

8m10.566424688s ago: executing program 1 (id=879):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@private0, @empty, 0x1d, 0x2}})
getsockname(0xffffffffffffffff, &(0x7f0000000080)=@xdp={0x2c, 0x0, <r1=>0x0}, &(0x7f0000000100)=0x80)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000140)=0xb16)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000180)=<r2=>0x0)
setuid(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = open(&(0x7f00000001c0)='./file0\x00', 0x18000, 0x1c0)
ioctl$IOMMU_GET_HW_INFO(r4, 0x3b8a, &(0x7f0000000280)={0x28, 0x0, 0x0, 0x6a, &(0x7f0000000200)=""/106})
write$UHID_CREATE2(r4, &(0x7f00000002c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xd0, 0x2, 0x6, 0x6, 0x1, 0x10000, "fcd87de99f77a3e9b893d74479988ce7f6a5af5192a60486b22fbf42b5c9e2329d2264de71b36b46320c808947b4f78395a9da72bc58378f4399951b2c84f36560b31dd7aa73b52ede2139afc4cb9e4a7cd0fd641cb00d815835d76c945c5877200d2f6860ab0dd7882b3f17de77b4c338524cef69cd68f06d78ce4e1d2a0ddfbdf88efd0335051c4c5286eca9b664d163fd8c8bff981ec6c02fc15c08f423865d3e0d6b17ab86a202a8ab28d8e99e8405695793f8153a3a8dfda5504d6bc4bcb7fec94932d6eb60301a7e0afb85196f"}}, 0x1e8)
r5 = syz_open_dev$mouse(&(0x7f00000004c0), 0xfffffffffffffffa, 0x4200)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, r5, 0x4, '\x00', r1, 0xffffffffffffffff, 0x5, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000c, 0x13, r4, 0xa062f000)
ioctl$PIO_FONTX(r5, 0x4b6c, &(0x7f0000000980)={0x56, 0x11, &(0x7f0000000580)="9c4e7080ddd15c7cbd82217aa5499f5cd3af726d2502c46040b5fe7499db3b84cdd3aa938aec94a488c07ee662d662635c244472b08930fdb80d11b4aac29cff4230a97e4b0af769d9d74b9471cd4b8d36e5dfdbd47df1655b0a97e3d070ab9c5750483fb28d1eec8b84d6f31276e01e343f81413e7d92e7f74d4af2af57ee41ed6b96954e7e74c0f698cc31432c500354c88a098e8fb3161b147ada52a7473ccd3f37de220fc0fb93b818ba9d13bf6310ff9ca6805a790ad147b1f4a5118f1a5e9346b84e1775b74ecf0bddfc9a1f4057ce55d487fb84535827d9bac97bb9b12f42724253cccf0bc42235cf82379824d303660a181274cf13b9d9ff0640418b6238899ff5f95f410fce1ca53c90f90d5d511852b37af4c15b2e358cc1d8561fe51a6469f1baab9fd2fc0e3603dd75d09ff9589df8eaa0b17b3234341541f79c1221efe2bc2d592e62d4bd1e3603f7736bd78c01f56c1826d13a83586bfaf88ba4155c949e0ccf3e54c5d7ffd43ee87aeb757a561f6f85adea8fb9dc105fc9660addf6e612a17a1f73f7e568b86f86b09ef65fb91bacbc822c0e4452d345d5fb2c2db2288d93f80baa142ab515e0a5ed8d1aaafb9bda0d8a44c68f031bcd2e3d6e0b85b616afcb6c1f604d38580d2b85be574da28302ad335eaf1273cb177081ca2cb14c73fba37e1aaca9dc3d46b697f2c6efb969fe572b814ed6c074fdcc5ae6c03818b5daa061370cb132a19fb05e84e79a1937755c2bbbd9609a9708581a24f7efb741cb66c98bb73f459056df92075e32576e5d5b99e4db15dec4958ca7f346426e394a15ba13d74fbbe1c95fb68d252ff29c4eeb95a3038b9ce9831e93c2db5869d351e9d6a9f3b428a20b56cb3b16828296636c0ff4533970db0fc3b54e95080442b3130d6d68761cb272c2258a4f4fa770439f332c84ab902b546ec9e04774aac41215965977a2b5201fd30be10c0886a57ff9541541f8fa25c17cfd3dd5595d89b9c7990f1abaa27afbeb627df04dc334a997c3b96952fd8f464f18f054ec9c21f7c2a3cc2ae0559f1b1ac44a543540db2711bf929487fb84848284d62aa412c82af9ebe39a0973d33361dd5a8367b8732ee572a8e800574331ba0ef2cb9fe930ac2cabfac7b65d34b648afe87acc76b2c51ebff0647209c14a070fd57aa186233e6820bc1aaa98165dba5fab59505b80ad1a2873ecd656fb2255c2ee17c524ecfb90fa63c0a9c72de2917ce5da2e0be4c7124404de807500f82b3ce69f7f733d42023f0b02893c4d50e062afa63301efe3648f40a29c8b5ea90ed4477a320cd4c9710207eaa3e29422c8daa06d496917dc39e7d0dcd00eb018aa77213da0a79374be4e19ed40cc390e3b6872b82c79cd0e67b128c8f6ca014462f63f73d65f65afc80aba9fd20b6d16f7ed0e4f0e0848dd7aeeb1107db49b741646"})
r6 = open$dir(&(0x7f00000009c0)='./file0\x00', 0x202000, 0x41)
faccessat(r6, &(0x7f0000000a00)='./file0\x00', 0x124)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r7, 0x541b, &(0x7f0000000a40))
splice(r6, &(0x7f0000000a80)=0x3, r5, &(0x7f0000000ac0)=0x352, 0xde, 0xc)
setsockopt$inet_tcp_int(r5, 0x6, 0x5, &(0x7f0000000b00)=0x5, 0x4)
poll(&(0x7f0000000b40)=[{r3, 0x210}, {r4, 0x104}, {0xffffffffffffffff, 0x11}], 0x3, 0x3)
ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000000b80))
semget$private(0x0, 0x3, 0x220)
mount$cgroup(0x0, &(0x7f0000000bc0)='./file0\x00', &(0x7f0000000c00), 0x20000, &(0x7f0000000c40)={[{@favordynmods}], [{@smackfstransmute}, {@appraise}, {@measure}, {@euid_gt={'euid>', r2}}, {@seclabel}]})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r4, 0xc0286687, &(0x7f0000000d00)={0x3, 0x3, 0x35, &(0x7f0000000cc0)=""/53})
ioctl$INCFS_IOC_FILL_BLOCKS(r8, 0x80106720, &(0x7f0000000f00)={0x3, &(0x7f0000000e80)=[{0x1, 0x83, &(0x7f0000000d40)="2242cd2849fcccb76f5e5826afe5f8dfaff9b36fc3586c1618202d64edc035a36e27ff02556e24f3b09fb487a7cd52dc8f1aae81adb53b62da9c8f69826710dba2678316d6cdf395c534d2fcb8247ad6fc347f674d847906ae52f6c01123879ce5351b93b73a357c62aab1ba74a5497260a9c6f421138a218ef71934e62f404b4535f4", 0x1, 0x1}, {0x8, 0x2c, &(0x7f0000000e00)="39ba9802c5b9f8ab8c3aa32df94d951a662d10643de659a1aa7f4fb3bf9b59caebbac2d5ae5bb46ff72f9c65"}, {0x80000001, 0xe, &(0x7f0000000e40)="17fe790e3f90b52a8fab6dbd5f73", 0x0, 0x1}]})
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000fc0)=[@text32={0x20, &(0x7f0000000f40)="c7442400e57a0000c7442402a10b0000c7442406000000000f0114240f01cfc4c24d9cd16565660f3881049cb9b8080000b80f00c0feba000000000f300ffe8e0b000000c4e201beb35c00000066b8f2008ee8b805000000b9ef0000000f01d92e0fc735197cd307", 0x68}], 0x1, 0x1, &(0x7f0000001000)=[@flags={0x3, 0x80000}, @dstype3={0x7, 0x3}], 0x2)
write(r3, &(0x7f0000001040)="80bd9b792c761b441d9c5d3ccdc524e24825969524292bdce44edb632d5a869fff83b629b8623583b6dc05228428d8e4bc35a3f0378e872fef2b396caca370f753db06756c40fce66bc7e6f678dfe47bfce89755f55ab19779618565910865459dc9b1ef09d7ebd5358001b3e69227d446f7af70290d7d65beae77d7b26b791c9ba712623820c9b6a87c7d9b637445f52bad161bb3bc94945975ed4124be1424819d8fd9367e3772f872dcc76f69337cde380fffe49722253f903ca66fd718f1ae7683e069048783d1c46ccfaa29560205157c9fe33bb64986f0c91556c89219f9b47642ad1685d73abe7514b086de94cc2c0326258e", 0xf6)

8m9.808359835s ago: executing program 1 (id=881):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x4000003ce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x60402)
writev(r1, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000200)="e7071c9f10fe7f7569fe4f59c8a25ff4b601bdd4a46091085c24e7df", 0x1c}], 0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040041}, 0x890)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x1c, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r5, 0x80, 0x8f}}, 0x1c}}, 0x20000000)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r6, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, 0x3, 0x1, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40001)

8m8.42050406s ago: executing program 35 (id=881):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x4000003ce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x60402)
writev(r1, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000200)="e7071c9f10fe7f7569fe4f59c8a25ff4b601bdd4a46091085c24e7df", 0x1c}], 0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040041}, 0x890)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x1c, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r5, 0x80, 0x8f}}, 0x1c}}, 0x20000000)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r6, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, 0x3, 0x1, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40001)

2m27.240315203s ago: executing program 8 (id=1730):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0xfcff, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1018, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

2m26.186714389s ago: executing program 8 (id=1736):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f0000000300)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x4048884)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=@delqdisc={0x104, 0x25, 0x1, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x5, 0xf}, {0xfff2, 0xffff}, {0xfff1, 0x60a4077d5dba3cc5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_RATE={0x6, 0x5, {0x1, 0x3}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xe}, @TCA_RATE={0x6, 0x5, {0x3, 0x8}}, @TCA_STAB={0xc0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x7, 0xb4c, 0xc, 0x2, 0x5, 0x3ff, 0x4}}, {0xc, 0x2, [0x2, 0xaa, 0x4, 0x9]}}, {{0x1c, 0x1, {0x1, 0x40, 0xc659, 0x2, 0x0, 0x80000000, 0x2, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x5f, 0x40, 0x9, 0xa99, 0x0, 0x0, 0x9}}, {0x4}}, {{0x1c, 0x1, {0x6, 0xfc, 0x400, 0xff, 0x0, 0x4, 0x5}}, {0x4}}, {{0x1c, 0x1, {0xd3, 0x8, 0x5, 0x5, 0x2, 0x0, 0x3, 0x7}}, {0x12, 0x2, [0xfffe, 0x1, 0x6, 0x8, 0x8000, 0x6, 0x7f]}}]}]}, 0x104}}, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000440)={0xa, 0x0, [{0x6, 0x0, 0xe, [0x7fffffff, 0x40, 0x4, 0xb, 0x3, 0x314e, 0x6, 0x3]}, {0x1ff, 0xe3a, 0x3ff, [0x4, 0x2, 0xfffffffb, 0xd06, 0x1a, 0x4, 0x3, 0x7fff]}, {0x9, 0x5, 0x81, [0x3bf, 0x207, 0x49, 0x8, 0x7, 0xb, 0x7, 0x9]}, {0x7ff, 0x9, 0xb5, [0x1ff, 0x0, 0x8, 0x80000001, 0x6, 0x7, 0xb, 0x1000]}, {0x4, 0xffffffff, 0x6, [0x3, 0x5, 0x5, 0x8, 0x0, 0x8, 0x8e, 0x6]}, {0x7, 0x1, 0x2, [0x9, 0x9, 0x2, 0x7fff, 0x7, 0x3, 0x73b0, 0x8]}, {0x1, 0xfffffffa, 0xffffffff, [0x81, 0x4, 0x300, 0x6b3, 0x1, 0x1, 0x7, 0xb59fb7d]}, {0x7f, 0x5, 0x80000000, [0x1, 0x7, 0x9, 0x6, 0x6, 0x6, 0x0, 0x1]}, {0xa96, 0xffff84f8, 0x7, [0x6, 0x9, 0x3, 0x2, 0xf8, 0x3ff, 0x1]}, {0xf, 0x3ff, 0x800, [0x9, 0xc, 0x2, 0x0, 0x81, 0x4, 0xffff0000, 0x7]}]})

2m23.58717447s ago: executing program 8 (id=1740):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000003440)={0x0, 0x0, &(0x7f0000003400)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="140000001e0003040000ffff8db6ce6f0000000022714ebe4ad99ff756a7950af933a3f4da448247744685231274ff09887bce7fe640122b88673b1cf17b9c2f27b8daaeaca1295a3e7986e1fd28e807080afeacec9766af3512b18da001d16475579985a600023f460602b08bd64a63e48eb579d781066fc63ef13a679498584137689e6e29e2fa5995ba1abce9834aec0300e5cdb7c0d4ee2ad3d94a468fcfdeba1123f129091262dda1443b8143e204ec6d4a764a564eeaa96a8694e4d4"], 0x14}], 0x1}, 0x0)
r2 = syz_open_dev$dri(0x0, 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x3, 0x0, 0x0, [<r5=>0x0], [0x0, 0xffffffff], [0x8], [0x0, 0x400000000000000, 0x0, 0x2]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x3ff, 0x5, 0x8})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r5})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x110, &(0x7f0000000400)={0x0, 0xfac6, 0x800, 0x3, 0x287}, &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
syz_io_uring_setup(0xa94, 0x0, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r8, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x6, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x10})
io_uring_enter(0xffffffffffffffff, 0x6ed2, 0x8000dae5, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa080006000100000006590c6d25df0ab15d299e"], 0x38}}, 0x0)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r10, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)

2m22.176667408s ago: executing program 8 (id=1742):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)={0x0, 0xffff}, 0x0)
pipe(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(0x0)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0)
write(0xffffffffffffffff, &(0x7f0000000240)="94", 0x1)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x8f5, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0xd9)
write(r1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m17.492557842s ago: executing program 8 (id=1755):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
recvmmsg(r5, &(0x7f0000000340)=[{{&(0x7f00000002c0)=@isdn, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)=""/249}]}, 0x8}], 0x14, 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000002d40)=[{{&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f00000027c0), 0x0, &(0x7f0000002840)=""/170, 0xaa}, 0x800}, {{&(0x7f0000002900)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000002980)=""/115, 0x73}, {&(0x7f0000002a00)=""/207, 0xcf}, {&(0x7f00000002c0)=""/45, 0x2d}, {&(0x7f0000002b00)=""/207, 0xcf}, {&(0x7f0000002c00)=""/183, 0xb7}], 0x5}, 0x564b}], 0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setrlimit(0x1, &(0x7f00000001c0)={0x7, 0x8f})
r7 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r7, 0x0, 0x0, 0x1001f0)
lseek(r7, 0x1fd, 0x3)

2m15.931463222s ago: executing program 8 (id=1760):
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}}, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10)
getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000080)=""/1, &(0x7f00000000c0)=0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002340)={0x2020}, 0xff86)
ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f0000000140)=0x8)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008)

2m0.117951911s ago: executing program 36 (id=1760):
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}}, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10)
getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000080)=""/1, &(0x7f00000000c0)=0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002340)={0x2020}, 0xff86)
ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f0000000140)=0x8)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008)

19.794503795s ago: executing program 0 (id=2001):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sg(&(0x7f0000007f00), 0x1, 0x48903)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x52cd, 0x2)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={<r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0xee01, r3, 0xffffffffffffffff)
quotactl_fd$Q_GETFMT(r0, 0xffffffff80000402, r3, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f00000002c0)=0x3)
sched_setscheduler(r4, 0x5, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r8, 0x0, 0x7fffffc}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="790004000000000000007e0000000800570009000000dbb81a0dcc11a9ec92c4959c167d3892a991f6caacc56c11583e9f448ab0f41cee8b851edb4611e2383d983bcac9ef02f5b8a76303a4d836015f41f3e78a7fe4bf"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000200)={@host})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, 0x0)

13.583768765s ago: executing program 9 (id=2012):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)={<r5=>0x0, 0xffff}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={r5, @in={{0x2, 0x0, @multicast2}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x10001}, 0x9c)
getpgid(r1)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
tee(r6, r8, 0x8f5, 0x0)
write$binfmt_script(r8, 0x0, 0xd9)
write(r7, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11.423884306s ago: executing program 0 (id=2018):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

11.073324166s ago: executing program 0 (id=2020):
r0 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, 0x0, 0x0, <r3=>0x0, 0x1})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$IOMMU_IOAS_UNMAP$ALL(0xffffffffffffffff, 0x3b86, &(0x7f0000000c00)={0x18})
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(r5, &(0x7f00000002c0)=ANY=[], 0x32)
sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681", 0xe}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
sendmsg$IPVS_CMD_ZERO(r3, 0x0, 0x4004)
sendmmsg(r1, &(0x7f0000001ac0), 0x0, 0x50)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f905, 0x0, '\x00', @p_u32=0x0}})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002640)=@delchain={0x114, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xd8, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xc0, 0x1, [@m_simple={0xbc, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x85, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec7b2a9ceab9c40c5f9bd00ceff17d69ca7a27324ef7a1ad28d4b3c6a826826e9c291c16ab3d13e1f337751959e47bf0fe515b70ea5a3584d9cdba83a705d3257305f931866cf9f1faa34fce0e8a7ee76e20f05d4e1adbee4b"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x114}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)

10.668641884s ago: executing program 2 (id=2021):
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000b40)=0x3)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x3c, r2, 0x20, 0x30bd2c, 0x0, {}, [@ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0x8}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x6}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0xad0}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2400c000}, 0x10)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r7 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
sendfile(r7, r7, 0x0, 0x4800000009)

9.213027454s ago: executing program 7 (id=2023):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x8)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x13, 0x0, 0x3b)

8.944645242s ago: executing program 2 (id=2024):
r0 = socket$netlink(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={0x0, 0x18}}, 0x8040)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$unix(0x1, 0x1, 0x0)
r4 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000280), 0x2, 0x0)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
ppoll(&(0x7f0000000440)=[{r4, 0x4000}, {r3, 0x9041}, {r5, 0x82d0}], 0x3, &(0x7f0000000480)={0x77359400}, &(0x7f00000007c0)={[0x8000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, &(0x7f0000000380)=[0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r8=>0x0, 0x69, &(0x7f0000000400)=[{}, {}], 0x10, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0xdd, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085", @ANYRESDEC=r0, @ANYRESOCT, @ANYRES8=r7, @ANYRESHEX=r1], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r10, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002800800020011000000060001"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090)
sendmsg$nl_route(r9, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x0)

8.316626234s ago: executing program 6 (id=2025):
mknod(0x0, 0x1000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000004f52fd096658427cce3c754c0e4100cf7d8251ae28a0bad55e0d8bbb7eadff4c7512aadf5ab8177d55dda07c3356e68a26a6ea99d246d562841e587177849a68934772bb664475c553ab2d374549e872d4309a2c1f67e6c97245cc8eee5ed1b599b91d0618db3dff272eaa38f744f61edae4de9efc5e71b0b2f17af39f47b2449e01460d7fee891f9c09625d18b206b7f7d4fe985b1d20ad6c83dd73816f7b069c5fef9b04048369a1ba7a37602b983cf4c4eef984b3a70d82c3a925e75bad49231d694eac72d224dcd0a57bbce77a3bb7be26b20184235945b389eea8e90f5ac942bc8f8f38272f9d5d7f3105fca3180c5f6fe88e284f5a0d917f5272c340502cbead518bc140e1f01dab6c5b259492e56e48cbb71dcc659fa0fbc142b57ab17380010b305b45bd323f5e0411e5d7900918dffa578582893733fec334b70bb72f1151c3ec06d179d9dc63bef2f2993e6db03288851be9f4abc54378d7550f474b131e3ba81c7b596b721b39242110b599837918fea50836a22106a9c3fe697e08f007fcfbcde3c704f5f098e5badbd041e68edab2c3834eec58148fcc89180f639f7aebfd88d83d03eeb4d4210e41ae24ce3765"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
brk(0x55555ede6001)
open(0x0, 0x143142, 0xa2)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
pause()
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x62040200)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x8, 0x0, 0x0, 0x0, 0xe, 0x1c, "fee8a2ab780e00001ea8ffffffff0000000000000004ddb49a000000000000000000f8ff000800000000000000000000000000001400", "2809e8dbe108598948f8ffd54a07c21d875397bdb22d0008b420a1819e01177d3d458dd4992861ac00000080ffffffffffffffff001700", "90be8bf4bd00000000000000000000000000001000"}})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

7.75771552s ago: executing program 2 (id=2026):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000002000f000000050030000000000005002f000000000008000300", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={@mcast1, @private2, @local, 0x9, 0x7, 0x0, 0x600, 0x5, 0x2000000, r2})
r3 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x6, 0x8, 0x2)

7.632634989s ago: executing program 7 (id=2027):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x0, 0x84)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x4e01c2, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', <r3=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@empty, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4e24, 0x0, 0x4e21, 0x6, 0x2, 0xa0, 0xe0, 0x89, r3, r4}, {0x500, 0x9, 0x5e8b, 0x9, 0x9, 0x1, 0x7}, {0x5, 0x9, 0x5, 0x5b}, 0x8001, 0x0, 0x1, 0x1, 0x3, 0x1}, {{@in6=@remote, 0x4d3, 0xff}, 0x2, @in=@loopback, 0x3503, 0x7, 0x0, 0xf0, 0x6, 0x80000001, 0x4}}, 0xe8)
sendmsg$SMC_PNETID_DEL(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x30, r1, 0x1, 0x70bd25, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBPORT={0x5, 0x3}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x30}, 0x1, 0x40030000000000, 0x0, 0x44880}, 0x20000000)

7.629765126s ago: executing program 0 (id=2028):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00')
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x9, 0xc934}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000a3006e76d05664679e05ccc69b1b01dca3a2d41c7e04027a2fc2b50000010013a26e"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
mknod$loop(&(0x7f00000190c0)='./file1\x00', 0xfff, 0x1)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@broadcast, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x2b, 0x0, 0xee01}, {0x1}, {}, 0x0, 0x0, 0x1, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0xa, @in, 0x0, 0x4, 0xbf3170a1cee07220, 0x0, 0x100000}}, 0xe8)
sendmmsg$inet6(r4, &(0x7f0000000a80)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xe00}}], 0x1, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r5, 0x4004662b, 0x0)
sched_setscheduler(r0, 0x0, &(0x7f0000000180)=0x9)
unshare(0x2c020400)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
r6 = open(&(0x7f00009e1000)='./file0\x00', 0x163d40, 0x0)
r7 = socket$inet6(0xa, 0x8, 0xfffffffd)
connect$inet6(r6, &(0x7f00000003c0)={0xa, 0x3, 0xffffffff, @mcast2, 0x3}, 0x1c)
close(r7)
msgget$private(0x0, 0x240)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)

7.524159568s ago: executing program 9 (id=2029):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = creat(&(0x7f0000000200)='./file1\x00', 0x12e)
close(r1)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0xc)
listen(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x205, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x70}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x80001, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x4000, &(0x7f0000000680)=ANY=[@ANYBLOB='smackfsfloor'])
r6 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000040), 0x3f00}], 0x20}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="7e70c875def8f843bc64c0980d75f826235edb1053ae6eb3830a35dbcdbed148cf4a2572bff5c687c6088ea6bee62fa12a38e16b02130ed240b9cb8b9b1d483c7e0df42647a751145b3b1e293d8c6868162452d4c1dde0fc42fbf4ff51f25da45dc67f9d70f79c8d346cc35b7dc20110020f2c0abe56af226b937b71fd", @ANYRESOCT=r3, @ANYRES16=0x0], 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r9}, &(0x7f0000000240), &(0x7f00000003c0)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r10, r7, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
socket$kcm(0x29, 0x5, 0x0)
syz_emit_ethernet(0xe, &(0x7f0000001980)=ANY=[@ANYBLOB="aa00000084000000000000000000"], 0x0)

7.471268481s ago: executing program 2 (id=2030):
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}}, 0x0)
mount(&(0x7f00000000c0)=@sr0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='pstore\x00', 0x400, &(0x7f0000000280)='-#\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10)
getsockopt$sock_buf(r3, 0x1, 0x1a, &(0x7f0000000080)=""/1, &(0x7f00000000c0)=0x1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f00000019c0)={0x2020}, 0x2020)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000340)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f0000000140)=0x8)
sendfile(r1, r1, 0x0, 0x40008)

7.056580095s ago: executing program 7 (id=2031):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x7)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0)
unshare(0x400)
pwrite64(r5, &(0x7f0000001980)="a633c4d8", 0xfffffffffffffed4, 0x2)
ioctl$TCFLSH(r4, 0x8925, 0x2000000000000)

5.920802591s ago: executing program 7 (id=2032):
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000004c0), 0x13f, 0x9}}, 0x20)
socket(0x2, 0x2, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c8, 0x12)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = dup(r3)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e657400000005000400ffffe00005000500020000000900020073797a320000"], 0x64}}, 0x0)

5.831676931s ago: executing program 9 (id=2033):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket(0x10, 0x3, 0x0)
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000180)={0x7, @pix={0xa, 0x7, 0x39565559, 0x5, 0x1a000000, 0xff, 0xc, 0x3ed3e09a, 0x1, 0x0, 0x2, 0x3}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000580)={'syztnl1\x00', &(0x7f0000000500)={'gretap0\x00', <r7=>0x0, 0x80, 0x51, 0x4, 0x6, {{0x13, 0x4, 0x3, 0x7, 0x4c, 0x64, 0x0, 0x4, 0x2f, 0x0, @remote, @broadcast, {[@rr={0x7, 0xf, 0xb1, [@multicast2, @dev={0xac, 0x14, 0x14, 0x3f}, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @generic={0x89, 0xb, "d5baeed21a3683eb89"}, @generic={0x44, 0xa, "3136d1a20250854e"}, @lsrr={0x83, 0x13, 0xba, [@local, @private=0xa010102, @multicast2, @broadcast]}]}}}}})
connect$packet(r1, &(0x7f00000005c0)={0x11, 0xf6, r7, 0x1, 0xfe, 0x6, @broadcast}, 0x14)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x10, [0x3, 0x1, 0x3f7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x787, 0x10000000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, 0x1, 0xfffffffe, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3, 0x0, 0x6, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0xffffffff, 0xedc0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa0000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x2, 0x0, 0x2000079, 0xfffffffe, 0x0, 0x0, 0x10000, 0x40000, 0x8, 0xc0000000, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffff8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d7, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffe6], [0xffffffff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x200006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc, 0xfffffffc, 0x44, 0x4000400, 0xfffffffc, 0x0, 0xfffffffd], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0x2, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0xd, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x3, 0x2, 0x0, 0x0, 0x100000]}, 0x45c)
r8 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r8, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0xffff, @empty}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000700)="1ed8b7f9d457", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a"], 0x40}, 0x20000000)

5.284512584s ago: executing program 6 (id=2034):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0xfffffffffffffee7)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x50)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000001000010300000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000150a01020000c20000000000000000000800034000000006"], 0x1c}, 0x1, 0x0, 0x0, 0x10024804}, 0x24040808)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
socket$inet6(0xa, 0x805, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000380)={0xc})
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, 0x0)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
setns(r8, 0x24020000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)

5.060623661s ago: executing program 9 (id=2035):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x4e20, 0x6, @mcast2, 0xd}}}, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
getpid()
socket$inet6(0xa, 0x3, 0xfe)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dy'])
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x2c, r4, 0x1, 0x40000000, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004801}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x4d)
lchown(&(0x7f0000001f40)='./file0\x00', 0xffffffffffffffff, 0xffffffffffffffff)

3.599149415s ago: executing program 6 (id=2036):
r0 = socket$kcm(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b7090000000000001801000020646c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000d00)=r2, 0x4)
syz_emit_ethernet(0x3a, &(0x7f0000000580)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}, {0x3, 0x0, 0x18, 0x0, @wg=@data={0x220, 0x4, 0x80000000000003ff}}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000bc0)=@newtaction={0x348, 0x30, 0x300, 0x71bd22, 0x25dfdbff, {}, [{0x334, 0x1, [@m_bpf={0x98, 0x6, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x59, 0x6, "bfb48d1c9cbd39c403490f71e7c26903a2429639badf09f7f1460a1a37776d69ba43d012403ff817b805f05e15fda7d5abfefd6f88a71220a3dc2a6660c265b59ed90ce6980eda6d48215f2ed37602646c6855209b"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ct={0x60, 0x15, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x5, 0x3, 0x7, 0x3}}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e20}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @broadcast}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_connmark={0x14c, 0x1d, 0x0, 0x0, {{0xd}, {0x100, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xa54, 0x1, 0x1, 0x0, 0x7ff}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x2a, 0xffffffffffffffff, 0x2, 0xf}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xc, 0x1, 0x1, 0x4, 0x9}, 0xff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x600, 0x7, 0x2, 0x7, 0x7f}, 0x6}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0x246f, 0x3, 0x2, 0xc}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x409, 0x7, 0x61, 0x7}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2d9, 0x8, 0x8, 0x5, 0x1}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xe, 0x4, 0x1, 0x9cb0, 0x100}, 0xc}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x2, 0xffffffffffffffff, 0x1, 0xe9}, 0x2}}]}, {0x1d, 0x6, "00fd996c0961009eaf47a57fbcdc83003bb1bb54b96dcc3537"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}, @m_connmark={0xa4, 0x13, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x7, 0x3, 0x7, 0x2}, 0x5a}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0xdbc6, 0x1, 0x401, 0xdbc0}, 0x6a}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5a, 0x1fe2e218, 0x0, 0x7fff, 0x9}, 0xfeff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xf, 0x1, 0x4, 0x8001, 0xaf0a}, 0xa26}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ctinfo={0x48, 0x1d, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x7, 0x14, 0x2, 0x1, 0xe9}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x348}, 0x1, 0x0, 0x0, 0x2404c8d0}, 0x20040800)
r3 = socket(0x10, 0x803, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f0000000200)=ANY=[@ANYBLOB='b 122'], 0xa)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

3.572545772s ago: executing program 9 (id=2037):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, &(0x7f0000000000)={0x0, [0x0, 0xffff133a, 0x3], [{0x0, 0x0, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xe6f6}], 0xc})
unshare(0x2040600)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='ip6_vti0\x00', 0x10)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

3.171651972s ago: executing program 0 (id=2038):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000093000040"])
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xd}}, 0x8)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x3b)

3.168922923s ago: executing program 6 (id=2039):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000cc0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000bc0)=[{{&(0x7f0000000240)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000000)=""/43, 0x2b}, {&(0x7f0000000100)=""/13, 0xd}, {&(0x7f00000001c0)=""/14, 0xe}, {&(0x7f0000000d00)=""/235, 0xeb}, {&(0x7f0000000400)=""/176, 0xb0}, {&(0x7f00000004c0)=""/208, 0xd0}, {&(0x7f00000005c0)=""/79, 0x4f}], 0x7}, 0x4}, {{&(0x7f0000000700)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000780)=""/17, 0x11}, {&(0x7f00000007c0)=""/210, 0xd2}, {&(0x7f00000008c0)=""/185, 0xb9}, {&(0x7f0000000980)=""/78, 0x4e}, {&(0x7f0000000a00)=""/52, 0x34}], 0x5, &(0x7f0000000ac0)=""/248, 0xf8}, 0xebc4}], 0x2, 0x10000, &(0x7f0000000c40))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0)
pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x880)
write$P9_RLERRORu(r3, &(0x7f0000000340)={0x16, 0x7, 0x2, {{0x9, '],+%(.!$@'}, 0x2}}, 0x16)
r4 = creat(&(0x7f00000006c0)='./file0\x00', 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x2, 0x0, &(0x7f00000002c0)='\x00\x00', 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40}, 0x50)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14142b080004000500000030001a"], 0x78}}, 0x0)
write$binfmt_elf32(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r4)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

2.246959487s ago: executing program 9 (id=2040):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)={<r5=>0x0, 0xffff}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={r5, @in={{0x2, 0x0, @multicast2}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x10001}, 0x9c)
getpgid(r1)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
tee(r6, r8, 0x8f5, 0x0)
write$binfmt_script(r8, 0x0, 0xd9)
write(r7, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.688388106s ago: executing program 0 (id=2041):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="1400000013000159993dde440113e90005"], 0x14}], 0x1, 0x0, 0x0, 0x24049080}, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
write$binfmt_elf32(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="48c5"], 0x69)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000200)={0x40, 0x15}, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x84, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x70, 0x1, [@m_tunnel_key={0x6c, 0x1, 0x0, 0x0, {{0xf}, {0x3c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x0, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, {0x4}, {0xfffffe4f}, {0xc}}}]}]}, 0x84}}, 0x0)

1.515684952s ago: executing program 7 (id=2042):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f0000000300)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x4048884)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=@delqdisc={0x104, 0x25, 0x1, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x5, 0xf}, {0xfff2, 0xffff}, {0xfff1, 0x60a4077d5dba3cc5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_RATE={0x6, 0x5, {0x1, 0x3}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xe}, @TCA_RATE={0x6, 0x5, {0x3, 0x8}}, @TCA_STAB={0xc0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x7, 0xb4c, 0xc, 0x2, 0x5, 0x3ff, 0x4}}, {0xc, 0x2, [0x2, 0xaa, 0x4, 0x9]}}, {{0x1c, 0x1, {0x1, 0x40, 0xc659, 0x2, 0x0, 0x80000000, 0x2, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x5f, 0x40, 0x9, 0xa99, 0x0, 0x0, 0x9}}, {0x4}}, {{0x1c, 0x1, {0x6, 0xfc, 0x400, 0xff, 0x0, 0x4, 0x5}}, {0x4}}, {{0x1c, 0x1, {0xd3, 0x8, 0x5, 0x5, 0x2, 0x0, 0x3, 0x7}}, {0x12, 0x2, [0xfffe, 0x1, 0x6, 0x8, 0x8000, 0x6, 0x7f]}}]}]}, 0x104}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000440)={0xa, 0x0, [{0x6, 0x0, 0xe, [0x7fffffff, 0x40, 0x4, 0xb, 0x3, 0x314e, 0x6, 0x3]}, {0x1ff, 0xe3a, 0x3ff, [0x4, 0x2, 0xfffffffb, 0xd06, 0x1a, 0x4, 0x3, 0x7fff]}, {0x9, 0x5, 0x81, [0x3bf, 0x207, 0x49, 0x8, 0x7, 0xb, 0x7, 0x9]}, {0x7ff, 0x9, 0xb5, [0x1ff, 0x0, 0x8, 0x80000001, 0x6, 0x7, 0xb, 0x1000]}, {0x4, 0xffffffff, 0x6, [0x3, 0x5, 0x5, 0x8, 0x0, 0x8, 0x8e, 0x6]}, {0x7, 0x1, 0x2, [0x9, 0x9, 0x2, 0x7fff, 0x7, 0x3, 0x73b0, 0x8]}, {0x1, 0xfffffffa, 0xffffffff, [0x81, 0x4, 0x300, 0x6b3, 0x1, 0x1, 0x7, 0xb59fb7d]}, {0x7f, 0x5, 0x80000000, [0x1, 0x7, 0x9, 0x6, 0x6, 0x6, 0x0, 0x1]}, {0xa96, 0xffff84f8, 0x7, [0x6, 0x9, 0x3, 0x2, 0xf8, 0x3ff, 0x1]}, {0xf, 0x3ff, 0x800, [0x9, 0xc, 0x2, 0x0, 0x81, 0x4, 0xffff0000, 0x7]}]})

1.490237455s ago: executing program 2 (id=2043):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_open_dev$sndctrl(&(0x7f0000000900), 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000940)=0x9)
open(&(0x7f0000000180)='./file0\x00', 0x8240, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r3 = accept(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000011c40)=[{{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000005f40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0xde3ebb5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r5, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x40002040)
ioctl$TUNSETNOCSUM(r6, 0xc040ff0b, 0x8000000000)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="7438c0000af5a1a79ee42291b557c599de029164a8c403d8efa48b51ce8ff200aca02b3418fe729df8a32af469070893955941abd939bc601dcf43379cf286ef72a6b3bbb0788868260c0579b21967a5264542ec1be7114ce0d41a5cc09a066ff3b904fb8772209ba49f871b1079727a46fb517c2860d1220b081b216e42d0cf6ebb9e8282c64ee45fcbf6a7a293c888c5", @ANYRES16=0x0, @ANYBLOB="00000000000000000000440000000c009900000000000000000004002380"], 0x24}}, 0x8040)
sendmmsg$alg(r3, &(0x7f0000000680)=[{0x0, 0x0, 0x0}], 0x1, 0x0)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000140)="0200000009800089", 0x8)
r7 = socket(0x25, 0x1, 0x5)
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r1, 0x40405514, &(0x7f0000000040)={0x9, 0x6, 0x6, 0x159, 'syz1\x00', 0x8})
setsockopt$inet6_mtu(r7, 0x29, 0x17, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x4, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="ceaa000000000000711037000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.132588013s ago: executing program 6 (id=2044):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmmsg$inet(r0, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="f37481d90eeaead391345b4da9d27e24c9c670da3afc5c00"/50, 0x32}, {&(0x7f0000000140)="ead5e96719a44591801f33", 0xb}, {&(0x7f0000000180)="f3f97053495b072215aee864193557c0dabdd253711d5ed9b131c5abd8796e5759ab1f639211e68e24bf4471b6ab1429b165c7248cded82bfb4a3f48e8d0", 0x3e}], 0x3, &(0x7f0000000240)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@timestamp_addr={0x44, 0x1c, 0x93, 0x1, 0x0, [{@broadcast}, {}, {@private}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x50}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)="c1ad061c5d914eadd95de7fb63eb7b0306d91c25f3fba6c97eda8ade2420dfe1fe0f5c7a01d724be33a44f1cd52028110d8f7dd4b3421a3fe4b2066d179f938ba15c3956e1aaad35035bcde7b90ed59ee2de06c8a4af3de95bda", 0x5a}], 0x1}}, {{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000480)="f41fa963edcd5e2a", 0x8}, {&(0x7f00000004c0)="0c71e8d7705b19c24e8c3ec98b4243ae0be48cd79f024361b8082d328363e63e360e122e7ec929c89aea0b338987609655fb5f5f91cd457584f30946f63e00fd0e8c536ae0106beb7d02fb4eb35db10c37c4bf3f2c6df9254d540598ae9b7098b74908c7da448e8891bc1b46f58553776f43370d090df693f3a4e4a724dbb498e51860bd766e36c41c0a0ee41019a0b05b519107c1fbb944f26f16f9fc127f3cd86c3fdbcf169912fc1c42a4a7051d3e85591ccd24b19681da775dc34c98ad24ab07c6feab583ba1f5efb430a06d66c039dbf40a84f04cfdfca240676e96579502925e57864815d3fe17edaf5cdbc3a4b48843c22372f9f1cf363d8428fe6341fb474ba53db6be689703ce5f7b6639b3493a5aca4c9316df8b4600d73533021932eb359ce7c1f00a54cb1318076ccb00e27ba0934db1867e078ee47b86d3e367b96ba948c3aa029c365eb0dc99685c5fd7bfbd1916b889da42d6ad1ab2466e989b5c8304b1e2190d4efeb9ccbd3a7a48c3b393470fc215e164cb91e238c5a28c4f40b4b99ee8f9481fe62e0bcf0a9831e491dc1150ad9c023217df6432487219a3083b310958cdbc217f99d02a19414987ff1bc176e3267c205827f466ea1912cbc0e304faf034602b85db010d8796d2ab18c2c4badf39db5312ad908d8555c30d0cc7d3bce8b4fcfc5764ed6e8bf4e8e4af6bbb3f82ac014f021dc6cb81cebe4b7d071e4d019719d1b0354ce0a2ff3b66ba7bf0f4598bde90a9115ddc4f197bcd881e0cd0baabb57316e75d108b14acc668ee906acf7bffdff3aef11ecf107b3eccd67a56c6b26e0a9a72d404a7a2dd3da8759e676c0eef6a95890d4f647269d1bf972d75307bd867819f385df6f57a7c28332307f444d1157c303c30a478b056d6e11111398aafcb6fff1b6a985cf888afa04586e35e7d3b292d254acf08a6bd38fbbd22bc9919052e6693c1e454aade6348679e027d1b102618476c9ab1f9928fc7f505046cb8383b9e1d79b961895502cded12f1842705102dffddc11f7bea0bd53833f1a455e661f6bda92d35b1159e1489cf762da76c125060ffedc7cc54238b3bd2d894a91d92a6c5cce9bf5417674a2bd0e38271912f7481e58ec7ab422db826482ffb80ce45dab2cb43105356c292a2fd1db8a758b37d56f46721163f24c075d980a37917cca20acce274c404828efaed50b881a5481f9ad268e99e25884db25426d5a5f338f405748817bba32b89e4c18b0f061e6758d46b5f0f2865b1c41be4f7ff999d289538a8fca45b2cf76a2fc398b7913db0ea85ee4d00156432f764ef888094dceb05c68da62fdf667b511276ac97dcf0b34819d9307cf0066267f94ab80fcc19c9f3d682e6e375ac25d7d6b71ae6d084ca1ed7e21b46b1ca0abc6cd50b3aa40e341cfc0a75f2040cc71c26e6cff3d76cc6c629051c47d8b950d01de19d324f2705e37a7a41364ecc70e5021ef955b50144860dafe6fc8b14fb6c451c0444aef66c3081097b6072c304f17206810b4e937bd5673720071d5f1d964f8bb21ab4ffbda1ece1e95005c6abdf00f78681f37c34936e8c9ba1bf420ba0dbfb84698931da95003dd2a34f59a179420ce004664f0495d1548e04e544c238599e6c41831d05c568607f0cd59153422fea60f7de8c4c1ab308b977e2280372c1f57506c22caf84ef2d912b3dbdd9d05fd1fe78ea2965f9542b0010009efea9c642f1", 0x4c6}], 0x2}}, {{0x0, 0x0, &(0x7f0000004240)=[{&(0x7f0000003140)="01", 0x1}], 0x1}}], 0x4, 0xc080)

302.27606ms ago: executing program 6 (id=2045):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r1 = memfd_create(&(0x7f0000000140)='\vem\xda\x99[R@M\xfc\xfe\x9b#*\xff', 0x0)
write(r1, &(0x7f0000000040)="0600", 0x2)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)=ANY=[], 0xe)
sendfile(r1, r1, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r3)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10)

261.997301ms ago: executing program 7 (id=2046):
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r6, 0xb03, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20040880)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)='memory.pressure\x00', 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r3, 0x0, 0x0)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000440)=ANY=[], 0x1f)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0x9, '\x00', @p_u8=&(0x7f0000000040)}}) (fail_nth: 2)

0s ago: executing program 2 (id=2047):
socket$packet(0x11, 0x2, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x8}, {0x6}]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x93}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff)
capset(&(0x7f0000000b00)={0x19980330}, &(0x7f0000000000)={0x0, 0x0, 0x8})
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000ffd9dd00000010000100050808004149004006040800", 0x58}], 0x1)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x5c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@FOU_ATTR_IPPROTO={0x5, 0x3, 0x87}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_PEER_V6={0x14, 0x9, @loopback}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

kernel console output (not intermixed with test programs):

00007fa681f8e929
[  628.717043][T11482] RDX: 0000000000000094 RSI: 0000200000000600 RDI: 0000000000000005
[  628.717053][T11482] RBP: 00007fa682db7090 R08: 0000000000000000 R09: 0000000000000000
[  628.717064][T11482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.717075][T11482] R13: 0000000000000000 R14: 00007fa6821b5fa0 R15: 00007ffcef56da98
[  628.717107][T11482]  </TASK>
[  629.015303][T11424] Bluetooth: hci0: command tx timeout
[  629.033891][T11482] Mem-Info:
[  629.037074][T11482] active_anon:305 inactive_anon:6693 isolated_anon:0
[  629.037074][T11482]  active_file:14175 inactive_file:41410 isolated_file:0
[  629.037074][T11482]  unevictable:768 dirty:279 writeback:0
[  629.037074][T11482]  slab_reclaimable:10801 slab_unreclaimable:100572
[  629.037074][T11482]  mapped:32061 shmem:3226 pagetables:1124
[  629.037074][T11482]  sec_pagetables:0 bounce:0
[  629.037074][T11482]  kernel_misc_reclaimable:0
[  629.037074][T11482]  free:1304094 free_pcp:13506 free_cma:0
[  629.092085][T11482] Node 0 active_anon:1220kB inactive_anon:29732kB active_file:56504kB inactive_file:165640kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131268kB dirty:1120kB writeback:0kB shmem:14448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11788kB pagetables:4432kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  629.127008][T11482] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  629.182741][T11482] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  629.212184][T11482] lowmem_reserve[]: 0 2501 2503 2503 2503
[  629.218006][T11482] Node 0 DMA32 free:1297840kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1216kB inactive_anon:30992kB active_file:54740kB inactive_file:165572kB unevictable:1536kB writepending:1116kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:32148kB local_pcp:20336kB free_cma:0kB
[  629.264340][   T12] hsr_slave_0: left promiscuous mode
[  629.265658][T11482] lowmem_reserve[]: 0 0 1 1 1
[  629.274695][T11482] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1764kB inactive_file:68kB unevictable:0kB writepending:4kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  629.308610][   T12] hsr_slave_1: left promiscuous mode
[  629.321295][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  629.344414][T11482] lowmem_reserve[]: 0 0 0 0 0
[  629.351079][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  629.365464][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  629.367646][T11482] Node 1 
[  629.387486][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  629.389995][T11482] Normal free:3899228kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21888kB local_pcp:9792kB free_cma:0kB
[  629.461208][T11482] lowmem_reserve[]: 0 0 0 0 0
[  629.474587][T11482] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  629.497300][T11482] Node 0 DMA32: 8*4kB (ME) 584*8kB (UM) 611*16kB (UME) 547*32kB (UME) 261*64kB (UME) 51*128kB (UM) 68*256kB (UME) 27*512kB (UME) 19*1024kB (UM) 2*2048kB (M) 290*4096kB (UM) = 1297840kB
[  629.526799][   T12] veth1_macvtap: left promiscuous mode
[  629.536821][T11482] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  629.538582][   T12] veth0_macvtap: left promiscuous mode
[  629.587320][T11482] Node 1 Normal: 171*4kB (UE) 40*8kB (UME) 31*16kB (UME) 118*32kB (UME) 33*64kB (UME) 5*128kB (UME) 4*256kB (UME) 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 948*4096kB (M) = 3899228kB
[  629.598759][   T12] veth1_vlan: left promiscuous mode
[  629.619841][   T12] veth0_vlan: left promiscuous mode
[  629.642182][T11482] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  629.669769][T11482] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  629.713593][T11482] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  629.743955][T11482] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  629.776243][T11482] 59865 total pagecache pages
[  629.788042][T11482] 0 pages in swap cache
[  629.799129][T11482] Free swap  = 124996kB
[  629.807810][T11482] Total swap = 124996kB
[  629.823887][T11482] 2097051 pages RAM
[  629.836640][T11482] 0 pages HighMem/MovableOnly
[  629.842360][T11487] Falling back ldisc for ttyS3.
[  629.854043][T11482] 424572 pages reserved
[  629.868340][T11482] 0 pages cma reserved
[  631.051311][ T5817] Bluetooth: hci0: command tx timeout
[  632.274991][   T12] team0 (unregistering): Port device team_slave_1 removed
[  632.345885][   T12] team0 (unregistering): Port device team_slave_0 removed
[  633.037034][T11518] ceph: No mds server is up or the cluster is laggy
[  633.272029][   T24] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  633.411708][T11423] bridge0: port 1(bridge_slave_0) entered blocking state
[  633.421895][T11423] bridge0: port 1(bridge_slave_0) entered disabled state
[  633.435955][T11423] bridge_slave_0: entered allmulticast mode
[  633.467856][T11423] bridge_slave_0: entered promiscuous mode
[  634.338005][T11423] bridge0: port 2(bridge_slave_1) entered blocking state
[  634.412220][   T24] usb 7-1: Using ep0 maxpacket: 8
[  634.443308][   T24] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  634.443339][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.443360][   T24] usb 7-1: Product: syz
[  634.443374][   T24] usb 7-1: Manufacturer: syz
[  634.443390][   T24] usb 7-1: SerialNumber: syz
[  634.448173][T11423] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.485136][   T24] usb 7-1: config 0 descriptor??
[  634.508726][T11423] bridge_slave_1: entered allmulticast mode
[  634.795831][T11423] bridge_slave_1: entered promiscuous mode
[  634.859339][T11543] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  634.941114][   T24] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  635.193013][T11542] mkiss: ax0: crc mode is auto.
[  635.324371][T11423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  635.666666][T11423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  636.194073][T11423] team0: Port device team_slave_0 added
[  636.352851][T11423] team0: Port device team_slave_1 added
[  636.382964][T11555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.394863][T11555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  637.259715][T11423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  637.266815][T11423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.293951][   T24] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  637.315180][   T24] usb 7-1: USB disconnect, device number 17
[  637.325606][T11423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  637.341980][T11423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  637.350789][T11423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  637.381357][T11423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  640.151410][T11423] hsr_slave_0: entered promiscuous mode
[  640.205748][T11581] loop5: detected capacity change from 0 to 16384
[  640.212758][T11423] hsr_slave_1: entered promiscuous mode
[  640.249243][T11423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  640.260985][T11423] Cannot create hsr debugfs directory
[  640.295236][T11581] loop5: detected capacity change from 16384 to 16383
[  640.791833][T11587] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1180'.
[  642.033463][T11601] netlink: 'syz.6.1186': attribute type 10 has an invalid length.
[  642.041490][T11601] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1186'.
[  642.094393][T11601] team0: Device geneve0 is up. Set it down before adding it as a team port
[  642.132873][T11601] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  643.470054][T11616] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1190'.
[  644.846674][T11423] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  645.106249][T11423] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  645.139546][T11423] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  645.974043][T11423] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  647.479493][T11650] hsr0 speed is unknown, defaulting to 1000
[  647.503519][T11650] hsr0 speed is unknown, defaulting to 1000
[  647.863519][T11650] hsr0 speed is unknown, defaulting to 1000
[  647.894260][T11650] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  648.055608][T11650] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  648.082231][T11423] 8021q: adding VLAN 0 to HW filter on device bond0
[  648.144126][T11423] 8021q: adding VLAN 0 to HW filter on device team0
[  648.201681][ T6063] bridge0: port 1(bridge_slave_0) entered blocking state
[  648.208933][ T6063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  648.246734][T11669] FAULT_INJECTION: forcing a failure.
[  648.246734][T11669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.285597][T11669] CPU: 1 UID: 0 PID: 11669 Comm: syz.2.1204 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  648.285627][T11669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.285647][T11669] Call Trace:
[  648.285656][T11669]  <TASK>
[  648.285665][T11669]  dump_stack_lvl+0x189/0x250
[  648.285700][T11669]  ? __pfx____ratelimit+0x10/0x10
[  648.285728][T11669]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.285755][T11669]  ? __pfx__printk+0x10/0x10
[  648.285789][T11669]  should_fail_ex+0x414/0x560
[  648.285819][T11669]  _copy_to_user+0x31/0xb0
[  648.285841][T11669]  simple_read_from_buffer+0xe1/0x170
[  648.285872][T11669]  proc_fail_nth_read+0x1df/0x250
[  648.285903][T11669]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.285934][T11669]  ? rw_verify_area+0x258/0x650
[  648.285954][T11669]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.285983][T11669]  vfs_read+0x200/0x980
[  648.286014][T11669]  ? __pfx_vfs_read+0x10/0x10
[  648.286033][T11669]  ? fdget+0x149/0x1e0
[  648.286061][T11669]  ? do_mq_getsetattr+0x1d4/0x380
[  648.286093][T11669]  ? __x64_sys_mq_getsetattr+0x1cb/0x230
[  648.286117][T11669]  ? __pfx___x64_sys_mq_getsetattr+0x10/0x10
[  648.286150][T11669]  ksys_read+0x145/0x250
[  648.286175][T11669]  ? __pfx_ksys_read+0x10/0x10
[  648.286202][T11669]  ? do_syscall_64+0xbe/0x3b0
[  648.286224][T11669]  do_syscall_64+0xfa/0x3b0
[  648.286240][T11669]  ? lockdep_hardirqs_on+0x9c/0x150
[  648.286267][T11669]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.286292][T11669]  ? clear_bhb_loop+0x60/0xb0
[  648.286317][T11669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.286336][T11669] RIP: 0033:0x7f5d5d18d33c
[  648.286355][T11669] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  648.286371][T11669] RSP: 002b:00007f5d5e084030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  648.286393][T11669] RAX: ffffffffffffffda RBX: 00007f5d5d3b5fa0 RCX: 00007f5d5d18d33c
[  648.286407][T11669] RDX: 000000000000000f RSI: 00007f5d5e0840a0 RDI: 0000000000000003
[  648.286419][T11669] RBP: 00007f5d5e084090 R08: 0000000000000000 R09: 0000000000000000
[  648.286431][T11669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.286443][T11669] R13: 0000000000000000 R14: 00007f5d5d3b5fa0 R15: 00007ffdc42fa4c8
[  648.286474][T11669]  </TASK>
[  648.295492][T11650] hsr0 speed is unknown, defaulting to 1000
[  648.308989][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.532921][ T6063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  648.554877][T11650] hsr0 speed is unknown, defaulting to 1000
[  648.640834][T11650] hsr0 speed is unknown, defaulting to 1000
[  648.703140][T11650] hsr0 speed is unknown, defaulting to 1000
[  648.737370][T11650] hsr0 speed is unknown, defaulting to 1000
[  651.144144][T11702] mkiss: ax0: crc mode is auto.
[  651.299988][T11695] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  651.419701][T11423] 8021q: adding VLAN 0 to HW filter on device batadv0
[  653.295096][T11723] netlink: 'syz.2.1214': attribute type 9 has an invalid length.
[  653.659366][T11423] veth0_vlan: entered promiscuous mode
[  653.681606][ T5943] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  653.702935][T11423] veth1_vlan: entered promiscuous mode
[  653.842414][ T5943] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  653.858210][T11423] veth0_macvtap: entered promiscuous mode
[  653.870441][ T5943] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  653.892586][ T5943] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.893813][T11423] veth1_macvtap: entered promiscuous mode
[  653.989408][ T5943] usb 3-1: config 0 descriptor??
[  654.210399][ T5943] pwc: Askey VC010 type 2 USB webcam detected.
[  654.424708][T11423] batman_adv: batadv0: Interface activated: batadv_slave_0
[  654.465864][T11423] batman_adv: batadv0: Interface activated: batadv_slave_1
[  654.525727][T11423] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  654.537547][T11423] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  654.559378][T11423] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  654.569979][T11423] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  654.704822][ T5943] pwc: recv_control_msg error -32 req 02 val 2b00
[  654.743238][ T5943] pwc: recv_control_msg error -32 req 02 val 2700
[  654.774960][ T5943] pwc: recv_control_msg error -32 req 02 val 2c00
[  654.810224][ T5943] pwc: recv_control_msg error -32 req 04 val 1000
[  654.835313][ T5943] pwc: recv_control_msg error -32 req 04 val 1300
[  654.869848][ T1014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  654.878033][ T5943] pwc: recv_control_msg error -32 req 04 val 1400
[  654.934797][ T5943] pwc: recv_control_msg error -32 req 02 val 2000
[  654.942491][ T1014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  654.962771][ T5943] pwc: recv_control_msg error -32 req 02 val 2100
[  655.956649][ T5943] pwc: recv_control_msg error -32 req 04 val 1500
[  655.971964][ T5943] pwc: recv_control_msg error -32 req 02 val 2500
[  656.002182][ T5943] pwc: recv_control_msg error -32 req 02 val 2400
[  656.193899][ T5943] pwc: recv_control_msg error -32 req 02 val 2600
[  656.259341][ T5943] pwc: recv_control_msg error -32 req 02 val 2900
[  656.397146][ T6402] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  656.468686][ T6402] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  656.514937][ T5943] pwc: recv_control_msg error -32 req 04 val 1100
[  656.563323][T11756] mkiss: ax0: crc mode is auto.
[  656.604926][ T5943] pwc: Registered as video103.
[  656.676646][ T5943] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9
[  657.662723][T11774] loop2: detected capacity change from 0 to 7
[  657.834469][T11774]  loop2: [CUMANA/ADFS] p1 [ADFS] p1
[  658.018450][T11774] loop2: partition table partially beyond EOD, truncated
[  658.253230][T11774] loop2: p1 size 2989602745 extends beyond EOD, truncated
[  658.893956][  T980] usb 3-1: USB disconnect, device number 23
[  659.179723][T11092] udevd[11092]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  659.667758][T11801] syzkaller1: entered promiscuous mode
[  659.687451][T11801] syzkaller1: entered allmulticast mode
[  661.165851][T11809] mkiss: ax0: crc mode is auto.
[  661.644561][T11819] FAULT_INJECTION: forcing a failure.
[  661.644561][T11819] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  661.858381][T11819] CPU: 1 UID: 0 PID: 11819 Comm: syz.8.1237 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  661.858413][T11819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  661.858425][T11819] Call Trace:
[  661.858434][T11819]  <TASK>
[  661.858443][T11819]  dump_stack_lvl+0x189/0x250
[  661.858478][T11819]  ? __pfx____ratelimit+0x10/0x10
[  661.858506][T11819]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.858542][T11819]  ? __pfx__printk+0x10/0x10
[  661.858563][T11819]  ? __might_fault+0xb0/0x130
[  661.858600][T11819]  should_fail_ex+0x414/0x560
[  661.858632][T11819]  _copy_from_user+0x2d/0xb0
[  661.858652][T11819]  kstrtouint_from_user+0xc4/0x170
[  661.858682][T11819]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  661.858730][T11819]  proc_fail_nth_write+0x88/0x240
[  661.858759][T11819]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  661.858792][T11819]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  661.858821][T11819]  vfs_write+0x27e/0xa90
[  661.858855][T11819]  ? __pfx_vfs_write+0x10/0x10
[  661.858880][T11819]  ? __fget_files+0x2a/0x420
[  661.858910][T11819]  ? __fget_files+0x3a0/0x420
[  661.858934][T11819]  ? __fget_files+0x2a/0x420
[  661.858976][T11819]  ksys_write+0x145/0x250
[  661.858996][T11819]  ? __fget_files+0x3a0/0x420
[  661.859023][T11819]  ? __pfx_ksys_write+0x10/0x10
[  661.859051][T11819]  ? do_syscall_64+0xbe/0x3b0
[  661.859074][T11819]  do_syscall_64+0xfa/0x3b0
[  661.859089][T11819]  ? lockdep_hardirqs_on+0x9c/0x150
[  661.859117][T11819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.859135][T11819]  ? clear_bhb_loop+0x60/0xb0
[  661.859160][T11819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.859178][T11819] RIP: 0033:0x7f171118d3df
[  661.859197][T11819] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  661.859213][T11819] RSP: 002b:00007f170ef70030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  661.859235][T11819] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f171118d3df
[  661.859249][T11819] RDX: 0000000000000001 RSI: 00007f170ef700a0 RDI: 0000000000000006
[  661.859261][T11819] RBP: 00007f170ef70090 R08: 0000000000000000 R09: 0000000000000000
[  661.859272][T11819] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  661.859283][T11819] R13: 0000000000000000 R14: 00007f17113b6080 R15: 00007ffd6ee31248
[  661.859316][T11819]  </TASK>
[  667.097934][T11861] hsr0 speed is unknown, defaulting to 1000
[  667.218407][  T980] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  667.818305][  T980] usb 1-1: Using ep0 maxpacket: 32
[  668.263695][T11861] veth1_vlan: left promiscuous mode
[  668.301085][  T980] usb 1-1: unable to get BOS descriptor or descriptor too short
[  668.309053][  T980] usb 1-1: no configurations
[  668.318125][  T980] usb 1-1: can't read configurations, error -22
[  668.344415][T11873] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1249'.
[  668.857480][   T30] audit: type=1326 audit(1750555142.752:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  669.488427][   T30] audit: type=1326 audit(1750555142.752:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  669.868871][   T30] audit: type=1326 audit(1750555142.762:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  670.155147][   T30] audit: type=1326 audit(1750555142.762:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  670.449767][T11890] xt_SECMARK: invalid mode: 2
[  671.025126][T11887] macvlan2: entered promiscuous mode
[  671.138640][   T30] audit: type=1326 audit(1750555142.762:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  671.188983][T11887] bridge0: entered promiscuous mode
[  671.296760][T11895] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1256'.
[  671.410206][   T30] audit: type=1326 audit(1750555142.762:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  671.438201][   T30] audit: type=1326 audit(1750555142.772:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  671.461005][   T30] audit: type=1326 audit(1750555142.772:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.8.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171118e929 code=0x7ffc0000
[  674.826328][T11915] Falling back ldisc for ptm0.
[  677.200733][T11941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1267'.
[  677.264229][T11941] erspan1: entered promiscuous mode
[  677.271222][T11941] erspan1: entered allmulticast mode
[  679.961352][    T9] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  680.546169][    T9] usb 9-1: device descriptor read/64, error -71
[  681.363914][    T9] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  681.778172][T11982] netlink: 'syz.0.1279': attribute type 2 has an invalid length.
[  681.787478][T11982] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1279'.
[  681.951753][T11984] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1275'.
[  682.038430][    T9] usb 9-1: device descriptor read/64, error -71
[  682.159068][    T9] usb usb9-port1: attempt power cycle
[  682.623929][    T9] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  683.048555][    T9] usb 9-1: device descriptor read/8, error -71
[  683.196336][T11997] netlink: 2384 bytes leftover after parsing attributes in process `syz.8.1284'.
[  685.518245][    C0] hrtimer: interrupt took 49152 ns
[  685.938330][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  686.376582][ T5943] usb 1-1: new low-speed USB device number 32 using dummy_hcd
[  686.800739][ T5943] usb 1-1: config 1 has an invalid interface descriptor of length 6, skipping
[  686.812796][ T5943] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  686.838865][ T5943] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  686.883889][ T5943] usb 1-1: string descriptor 0 read error: -22
[  686.898759][ T5943] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  686.912356][ T5943] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.064952][ T5943] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  687.772240][ T5943] usb 1-1: USB disconnect, device number 32
[  688.639361][T12046] tipc: Started in network mode
[  688.644312][T12046] tipc: Node identity 6, cluster identity 4711
[  688.798614][T12046] tipc: Node number set to 6
[  689.781460][T12057] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1299'.
[  690.245587][T12063] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1300'.
[  690.400035][T12064] No control pipe specified
[  692.987167][T12089] i2c i2c-0: Invalid block write size 33
[  693.097505][T12087] hsr0 speed is unknown, defaulting to 1000
[  694.096635][T12121] FAULT_INJECTION: forcing a failure.
[  694.096635][T12121] name failslab, interval 1, probability 0, space 0, times 0
[  694.139409][T12121] CPU: 0 UID: 0 PID: 12121 Comm: syz.8.1316 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  694.139440][T12121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  694.139451][T12121] Call Trace:
[  694.139459][T12121]  <TASK>
[  694.139467][T12121]  dump_stack_lvl+0x189/0x250
[  694.139501][T12121]  ? __pfx____ratelimit+0x10/0x10
[  694.139537][T12121]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.139563][T12121]  ? __pfx__printk+0x10/0x10
[  694.139584][T12121]  ? __pfx___might_resched+0x10/0x10
[  694.139616][T12121]  ? fs_reclaim_acquire+0x7d/0x100
[  694.139646][T12121]  should_fail_ex+0x414/0x560
[  694.139674][T12121]  should_failslab+0xa8/0x100
[  694.139699][T12121]  __kmalloc_noprof+0xcb/0x4f0
[  694.139720][T12121]  ? tomoyo_encode+0x28b/0x550
[  694.139752][T12121]  tomoyo_encode+0x28b/0x550
[  694.139787][T12121]  tomoyo_realpath_from_path+0x58d/0x5d0
[  694.139826][T12121]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  694.139850][T12121]  tomoyo_path_number_perm+0x1e8/0x5a0
[  694.139877][T12121]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  694.139920][T12121]  ? __lock_acquire+0xab9/0xd20
[  694.139970][T12121]  ? __fget_files+0x2a/0x420
[  694.139999][T12121]  ? __fget_files+0x2a/0x420
[  694.140022][T12121]  ? __fget_files+0x3a0/0x420
[  694.140045][T12121]  ? __fget_files+0x2a/0x420
[  694.140074][T12121]  security_file_ioctl+0xcb/0x2d0
[  694.140100][T12121]  __se_sys_ioctl+0x47/0x170
[  694.140124][T12121]  do_syscall_64+0xfa/0x3b0
[  694.140140][T12121]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.140166][T12121]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.140185][T12121]  ? clear_bhb_loop+0x60/0xb0
[  694.140208][T12121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.140226][T12121] RIP: 0033:0x7f171118e929
[  694.140245][T12121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.140261][T12121] RSP: 002b:00007f170eff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  694.140283][T12121] RAX: ffffffffffffffda RBX: 00007f17113b5fa0 RCX: 00007f171118e929
[  694.140296][T12121] RDX: 0000200000001780 RSI: 00000000c00c6211 RDI: 0000000000000003
[  694.140308][T12121] RBP: 00007f170eff6090 R08: 0000000000000000 R09: 0000000000000000
[  694.140320][T12121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  694.140331][T12121] R13: 0000000000000000 R14: 00007f17113b5fa0 R15: 00007ffd6ee31248
[  694.140364][T12121]  </TASK>
[  694.140467][T12121] ERROR: Out of memory at tomoyo_realpath_from_path.
[  697.185519][T12158] sp0: Synchronizing with TNC
[  697.848694][    T9] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  698.082932][    T9] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  698.357893][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[  698.648878][    T9] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  698.702741][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.810611][    T9] usb 3-1: Product: syz
[  698.908588][    T9] usb 3-1: Manufacturer: syz
[  699.028692][    T9] usb 3-1: SerialNumber: syz
[  699.379177][    T9] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input12
[  699.441093][    T9] usb 3-1: USB disconnect, device number 24
[  703.067889][T12214] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1345'.
[  703.243525][T12218] gtp0: entered promiscuous mode
[  703.265750][T12218] gtp0: entered allmulticast mode
[  703.387050][T12223] usb usb8: usbfs: process 12223 (syz.7.1346) did not claim interface 0 before use
[  703.474156][T12221] netlink: 36 bytes leftover after parsing attributes in process `syz.8.1347'.
[  704.633600][T12218] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  705.385570][T12218] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.054429][T12238] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1343'.
[  706.363053][T12248] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1353'.
[  706.385146][T12248] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1353'.
[  706.672070][T12218] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.212213][T12218] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.431806][T12218] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  707.632712][T12218] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  708.350474][T12218] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  708.617974][T12218] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  709.378759][T12271] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1361'.
[  709.518385][T12271] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1361'.
[  710.217376][T12273] ALSA: mixer_oss: invalid OSS volume ''
[  711.210191][T12296] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  711.310575][T12287] hsr0 speed is unknown, defaulting to 1000
[  711.518767][ T5943] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  711.769240][ T5943] usb 9-1: Using ep0 maxpacket: 16
[  711.981016][ T5943] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  712.045107][ T5943] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  712.275452][ T5943] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  712.285492][ T5943] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.295319][ T5943] usb 9-1: Product: syz
[  712.300220][ T5943] usb 9-1: Manufacturer: syz
[  712.304971][ T5943] usb 9-1: SerialNumber: syz
[  712.348379][ T5943] usb 9-1: config 0 descriptor??
[  712.637950][ T5943] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  713.191239][ T5943] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class)
[  713.652476][ T5943] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  714.108750][ T5943] em28xx 9-1:0.0: Config register raw data: 0xfffffffb
[  715.650010][T12326] binder: 12325:12326 ioctl c0306201 0 returned -14
[  715.919469][T12339] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1371'.
[  716.057958][T12345] netlink: 256 bytes leftover after parsing attributes in process `syz.7.1376'.
[  716.100780][T12345] netlink: 72 bytes leftover after parsing attributes in process `syz.7.1376'.
[  716.237106][ T5943] em28xx 9-1:0.0: Unknown AC97 audio processor detected!
[  716.280320][ T5943] em28xx 9-1:0.0: couldn't setup AC97 register 2
[  716.307251][ T5943] em28xx 9-1:0.0: couldn't setup AC97 register 4
[  716.351528][ T5943] em28xx 9-1:0.0: couldn't setup AC97 register 6
[  716.394051][ T5943] em28xx 9-1:0.0: couldn't setup AC97 register 54
[  716.417311][ T5943] em28xx 9-1:0.0: couldn't setup AC97 register 56
[  716.443131][ T5943] usb 9-1: USB disconnect, device number 8
[  716.675214][T12355] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1379'.
[  716.687942][T12355] fuse: Bad value for 'fd'
[  716.739315][T12356] No control pipe specified
[  717.998260][T12375] syzkaller1: entered promiscuous mode
[  718.003829][T12375] syzkaller1: entered allmulticast mode
[  719.963708][T12391] binder: 12389:12391 ioctl 541b 200000000140 returned -22
[  719.972016][T12391] binder: BINDER_SET_CONTEXT_MGR already set
[  719.978660][T12391] binder: 12389:12391 ioctl 4018620d 200000000040 returned -16
[  719.988720][T12391] Smack: duplicate mount options
[  721.331982][ T5943] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  721.384082][T12398] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1390'.
[  721.689581][ T5943] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  721.797137][ T5943] usb 1-1: config 0 interface 0 has no altsetting 0
[  722.189960][ T5943] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  722.330478][ T5943] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  722.464935][ T5943] usb 1-1: Product: syz
[  722.587964][ T5943] usb 1-1: Manufacturer: syz
[  722.769500][ T5943] usb 1-1: SerialNumber: syz
[  722.824135][ T5943] usb 1-1: config 0 descriptor??
[  722.844374][T12406] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1394'.
[  722.893339][ T5943] usb 1-1: selecting invalid altsetting 0
[  723.049389][ T5876] usb 1-1: USB disconnect, device number 33
[  723.223008][T10472] udevd[10472]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  724.027547][T12411] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  724.053231][T12421] openvswitch: netlink: Tunnel attr 40 out of range max 16
[  724.074349][T12421] FAULT_INJECTION: forcing a failure.
[  724.074349][T12421] name failslab, interval 1, probability 0, space 0, times 0
[  724.091817][T12421] CPU: 1 UID: 0 PID: 12421 Comm: syz.7.1399 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  724.091845][T12421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  724.091857][T12421] Call Trace:
[  724.091865][T12421]  <TASK>
[  724.091874][T12421]  dump_stack_lvl+0x189/0x250
[  724.091907][T12421]  ? __pfx____ratelimit+0x10/0x10
[  724.091936][T12421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.091963][T12421]  ? __pfx__printk+0x10/0x10
[  724.091990][T12421]  ? __pfx___might_resched+0x10/0x10
[  724.092017][T12421]  ? fs_reclaim_acquire+0x7d/0x100
[  724.092050][T12421]  should_fail_ex+0x414/0x560
[  724.092081][T12421]  should_failslab+0xa8/0x100
[  724.092116][T12421]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  724.092140][T12421]  ? __alloc_skb+0x112/0x2d0
[  724.092167][T12421]  __alloc_skb+0x112/0x2d0
[  724.092194][T12421]  netlink_ack+0x146/0xa50
[  724.092213][T12421]  ? __pfx_genl_rcv_msg+0x10/0x10
[  724.092236][T12421]  ? ref_tracker_free+0x63a/0x7d0
[  724.092265][T12421]  ? __pfx_ref_tracker_free+0x10/0x10
[  724.092302][T12421]  netlink_rcv_skb+0x28c/0x470
[  724.092326][T12421]  ? __pfx_genl_rcv_msg+0x10/0x10
[  724.092365][T12421]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  724.092408][T12421]  ? down_read+0x1ad/0x2e0
[  724.092432][T12421]  genl_rcv+0x28/0x40
[  724.092457][T12421]  netlink_unicast+0x758/0x8d0
[  724.092491][T12421]  netlink_sendmsg+0x805/0xb30
[  724.092526][T12421]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.092559][T12421]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  724.092582][T12421]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.092605][T12421]  __sock_sendmsg+0x219/0x270
[  724.092638][T12421]  ____sys_sendmsg+0x505/0x830
[  724.092670][T12421]  ? __pfx_____sys_sendmsg+0x10/0x10
[  724.092707][T12421]  ? import_iovec+0x74/0xa0
[  724.092731][T12421]  ___sys_sendmsg+0x21f/0x2a0
[  724.092759][T12421]  ? __pfx____sys_sendmsg+0x10/0x10
[  724.092828][T12421]  ? __fget_files+0x2a/0x420
[  724.092853][T12421]  ? __fget_files+0x3a0/0x420
[  724.092892][T12421]  __x64_sys_sendmsg+0x19b/0x260
[  724.092919][T12421]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  724.092955][T12421]  ? __pfx_ksys_write+0x10/0x10
[  724.092975][T12421]  ? rcu_is_watching+0x15/0xb0
[  724.093009][T12421]  ? do_syscall_64+0xbe/0x3b0
[  724.093031][T12421]  do_syscall_64+0xfa/0x3b0
[  724.093047][T12421]  ? lockdep_hardirqs_on+0x9c/0x150
[  724.093073][T12421]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.093091][T12421]  ? clear_bhb_loop+0x60/0xb0
[  724.093115][T12421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.093134][T12421] RIP: 0033:0x7f0b9798e929
[  724.093153][T12421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.093169][T12421] RSP: 002b:00007f0b9874d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  724.093191][T12421] RAX: ffffffffffffffda RBX: 00007f0b97bb5fa0 RCX: 00007f0b9798e929
[  724.093205][T12421] RDX: 0000000004008094 RSI: 0000200000000100 RDI: 0000000000000003
[  724.093218][T12421] RBP: 00007f0b9874d090 R08: 0000000000000000 R09: 0000000000000000
[  724.093230][T12421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  724.093242][T12421] R13: 0000000000000000 R14: 00007f0b97bb5fa0 R15: 00007ffe89d24a98
[  724.093276][T12421]  </TASK>
[  724.659856][T12430] No control pipe specified
[  725.374690][T12433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'.
[  725.770089][T12439] 9pnet_fd: Insufficient options for proto=fd
[  725.780085][T12439] netlink: 'syz.7.1401': attribute type 10 has an invalid length.
[  725.793364][   T49] bond0: (slave bond_slave_0): interface is now down
[  725.820622][   T49] bond0: (slave bond_slave_1): interface is now down
[  725.832867][   T49] bond0: (slave batadv0): interface is now down
[  725.852526][   T49] bond0: now running without any active interface!
[  726.982661][T12454] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1407'.
[  727.683962][T12459] syzkaller1: entered promiscuous mode
[  727.689663][T12459] syzkaller1: entered allmulticast mode
[  728.772872][T12464] FAULT_INJECTION: forcing a failure.
[  728.772872][T12464] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  728.786321][T12464] CPU: 1 UID: 0 PID: 12464 Comm: syz.7.1409 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  728.786347][T12464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  728.786358][T12464] Call Trace:
[  728.786366][T12464]  <TASK>
[  728.786374][T12464]  dump_stack_lvl+0x189/0x250
[  728.786406][T12464]  ? __pfx____ratelimit+0x10/0x10
[  728.786432][T12464]  ? __pfx_dump_stack_lvl+0x10/0x10
[  728.786459][T12464]  ? __pfx__printk+0x10/0x10
[  728.786477][T12464]  ? __might_fault+0xb0/0x130
[  728.786512][T12464]  should_fail_ex+0x414/0x560
[  728.786540][T12464]  _copy_from_user+0x2d/0xb0
[  728.786559][T12464]  ___sys_sendmsg+0x158/0x2a0
[  728.786585][T12464]  ? __pfx____sys_sendmsg+0x10/0x10
[  728.786649][T12464]  ? __fget_files+0x2a/0x420
[  728.786672][T12464]  ? __fget_files+0x3a0/0x420
[  728.786708][T12464]  __sys_sendmmsg+0x227/0x430
[  728.786737][T12464]  ? __pfx___sys_sendmmsg+0x10/0x10
[  728.786756][T12464]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  728.786814][T12464]  ? ksys_write+0x22a/0x250
[  728.786838][T12464]  ? __pfx_ksys_write+0x10/0x10
[  728.786856][T12464]  ? rcu_is_watching+0x15/0xb0
[  728.786890][T12464]  __x64_sys_sendmmsg+0xa0/0xc0
[  728.786915][T12464]  do_syscall_64+0xfa/0x3b0
[  728.786929][T12464]  ? lockdep_hardirqs_on+0x9c/0x150
[  728.786954][T12464]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.786972][T12464]  ? clear_bhb_loop+0x60/0xb0
[  728.786995][T12464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.787013][T12464] RIP: 0033:0x7f0b9798e929
[  728.787030][T12464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  728.787045][T12464] RSP: 002b:00007f0b9874d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  728.787066][T12464] RAX: ffffffffffffffda RBX: 00007f0b97bb5fa0 RCX: 00007f0b9798e929
[  728.787080][T12464] RDX: 0000000000000002 RSI: 0000200000003b00 RDI: 0000000000000004
[  728.787099][T12464] RBP: 00007f0b9874d090 R08: 0000000000000000 R09: 0000000000000000
[  728.787110][T12464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  728.787120][T12464] R13: 0000000000000000 R14: 00007f0b97bb5fa0 R15: 00007ffe89d24a98
[  728.787151][T12464]  </TASK>
[  732.098966][  T980] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  732.156075][T12495] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  732.173375][T12496] No control pipe specified
[  732.307249][  T980] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  732.325888][  T980] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  732.461584][  T980] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  732.635427][  T980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.789843][  T980] usb 7-1: Product: syz
[  732.935111][T12504] loop6: detected capacity change from 0 to 524287999
[  732.936859][  T980] usb 7-1: Manufacturer: syz
[  732.988265][  T980] usb 7-1: SerialNumber: syz
[  733.208927][T10470] Buffer I/O error on dev loop6, logical block 65535999, async page read
[  734.398127][  T980] usb 7-1: 0:2 : does not exist
[  734.427588][  T980] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[  735.387999][T12517] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1424'.
[  735.416228][  T980] usb 7-1: USB disconnect, device number 18
[  738.364449][T12527] sp0: Synchronizing with TNC
[  738.692278][T11092] udevd[11092]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  738.701363][T12529] binder: 12523:12529 ioctl c0306201 200000000080 returned -14
[  739.028517][  T890] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  739.227083][  T890] usb 7-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice= 0.00
[  739.269311][  T890] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.303422][  T890] usb 7-1: Product: syz
[  739.307717][  T890] usb 7-1: Manufacturer: syz
[  739.341724][  T890] usb 7-1: SerialNumber: syz
[  739.357751][  T890] usb 7-1: config 0 descriptor??
[  739.394918][  T890] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -22
[  739.945468][T12553] sp0: Synchronizing with TNC
[  741.571639][T12559] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  741.721006][T12530] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1427'.
[  741.825767][    T9] usb 7-1: USB disconnect, device number 19
[  744.703297][   T30] audit: type=1800 audit(1750555218.652:160): pid=12572 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.6.1438" name="/" dev="sockfs" ino=36420 res=0 errno=0
[  745.032838][T12584] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1441'.
[  745.676434][T12596] No control pipe specified
[  746.128637][    T9] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[  746.389005][    T9] usb 9-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85
[  746.439609][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.447675][    T9] usb 9-1: Product: syz
[  746.499548][    T9] usb 9-1: Manufacturer: syz
[  746.514407][    T9] usb 9-1: SerialNumber: syz
[  746.551127][    T9] usb 9-1: config 0 descriptor??
[  746.586681][    T9] usb 9-1: selecting invalid altsetting 1
[  746.605831][    T9] technisat-usb2: could not set alternate setting to 0
[  747.273524][    T9] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in cold state, will try to load a firmware
[  747.328464][    T9] usb 9-1: Direct firmware load for dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw failed with error -2
[  747.333068][T12613] pimreg: entered allmulticast mode
[  747.348304][    T9] usb 9-1: Falling back to sysfs fallback for: dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw
[  747.379827][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  747.424500][T12613] pimreg: left allmulticast mode
[  748.295762][T12619] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1448'.
[  749.461632][ T5817] Bluetooth: hci0: command 0x0406 tx timeout
[  749.753321][T12627] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1452'.
[  750.005808][T12627] fuse: Bad value for 'fd'
[  752.269423][  T980] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  752.472328][  T980] usb 3-1: Using ep0 maxpacket: 16
[  752.504404][  T980] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  752.527374][  T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  752.556775][  T980] usb 3-1: Product: syz
[  752.575067][  T980] usb 3-1: Manufacturer: syz
[  752.598594][  T980] usb 3-1: SerialNumber: syz
[  753.051411][  T980] r8152-cfgselector 3-1: Unknown version 0x0000
[  753.057749][  T980] r8152-cfgselector 3-1: config 0 descriptor??
[  755.333078][T12659] x_tables: duplicate underflow at hook 3
[  755.545183][ T5943] r8152-cfgselector 3-1: USB disconnect, device number 25
[  757.355868][T12688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1468'.
[  757.419036][T12688] fuse: Bad value for 'fd'
[  759.178717][T12714] usb usb8: usbfs: process 12714 (syz.6.1477) did not claim interface 0 before use
[  760.566889][T12730] mkiss: ax0: crc mode is auto.
[  761.381459][T12734] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1483'.
[  761.414614][T12734] fuse: Bad value for 'fd'
[  761.668440][ T5896] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  761.898270][ T5896] usb 1-1: Using ep0 maxpacket: 8
[  762.043513][ T5896] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  762.086452][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.375559][ T5896] usb 1-1: Product: syz
[  762.380640][ T5896] usb 1-1: Manufacturer: syz
[  762.402797][ T5896] usb 1-1: SerialNumber: syz
[  762.570693][ T5896] usb 1-1: config 0 descriptor??
[  762.648772][T12741] i2c i2c-0: Invalid block write size 33
[  762.777521][T11424] Bluetooth: hci0: unexpected event for opcode 0x2003
[  762.958593][ T5896] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  763.047112][T12745] syzkaller1: entered promiscuous mode
[  763.052799][T12745] syzkaller1: entered allmulticast mode
[  765.134918][T12762] syzkaller1: entered promiscuous mode
[  765.140924][T12762] syzkaller1: entered allmulticast mode
[  765.579517][ T5896] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  766.417111][T12775] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1495'.
[  766.522284][T12775] fuse: Bad value for 'fd'
[  767.408234][T12781] hsr0 speed is unknown, defaulting to 1000
[  767.512944][ T5943] usb 1-1: USB disconnect, device number 34
[  768.097470][T11424] Bluetooth: hci0: unexpected event for opcode 0x2003
[  770.505165][T12812] syzkaller1: entered promiscuous mode
[  770.511034][T12812] syzkaller1: entered allmulticast mode
[  771.941919][T12824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1507'.
[  771.989271][T12824] fuse: Bad value for 'fd'
[  776.265229][T12863] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1518'.
[  776.395617][T12867] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1521'.
[  776.418797][T12862] netlink: 4344 bytes leftover after parsing attributes in process `syz.7.1520'.
[  777.349281][T12879] fuse: Bad value for 'fd'
[  777.562900][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031faa400: rx timeout, send abort
[  778.390626][T12895] netlink: 52 bytes leftover after parsing attributes in process `syz.7.1526'.
[  778.844946][T12902] syzkaller1: entered promiscuous mode
[  778.850775][T12902] syzkaller1: entered allmulticast mode
[  780.766911][T12922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1534'.
[  780.818561][T12922] fuse: Bad value for 'fd'
[  781.656922][T12932] tmpfs: Bad value for 'mpol'
[  782.164837][T12934] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1537'.
[  782.218423][T12748] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  782.380496][T12748] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  782.416819][T12748] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  782.426170][T12748] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.438588][T12748] usb 3-1: Product: syz
[  782.442886][T12748] usb 3-1: Manufacturer: syz
[  782.457814][T12748] usb 3-1: SerialNumber: syz
[  782.474274][T12748] usb 3-1: config 0 descriptor??
[  782.872842][T12748] usb 3-1: USB disconnect, device number 26
[  783.973117][T12963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1547'.
[  784.181102][T12963] fuse: Bad value for 'fd'
[  785.898551][ T5896] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  785.965905][T12993] netlink: 72 bytes leftover after parsing attributes in process `syz.8.1557'.
[  786.161177][ T5896] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  786.175818][ T5896] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  786.199140][ T5896] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  786.209859][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.231492][T12981] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  786.277826][ T5896] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  786.548334][ T5896] usb 1-1: USB disconnect, device number 35
[  786.763685][T13009] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1564'.
[  786.798649][T13009] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1564'.
[  786.828552][T13009] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  787.087677][T13009] loop8: detected capacity change from 0 to 1
[  787.196408][T13009] Dev loop8: unable to read RDB block 1
[  787.217347][T13009]  loop8: unable to read partition table
[  787.228334][T13009] loop8: partition table beyond EOD, truncated
[  787.236203][T13009] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  787.677325][T13015] sp0: Synchronizing with TNC
[  788.936209][T13025] netlink: 'syz.8.1569': attribute type 1 has an invalid length.
[  788.983605][T13025] netlink: 144 bytes leftover after parsing attributes in process `syz.8.1569'.
[  789.034055][T13025] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1569'.
[  789.333231][T13035] FAULT_INJECTION: forcing a failure.
[  789.333231][T13035] name failslab, interval 1, probability 0, space 0, times 0
[  790.148191][T13035] CPU: 1 UID: 0 PID: 13035 Comm: syz.0.1574 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  790.148222][T13035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  790.148234][T13035] Call Trace:
[  790.148242][T13035]  <TASK>
[  790.148251][T13035]  dump_stack_lvl+0x189/0x250
[  790.148284][T13035]  ? __pfx____ratelimit+0x10/0x10
[  790.148312][T13035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  790.148340][T13035]  ? __pfx__printk+0x10/0x10
[  790.148363][T13035]  ? __pfx___might_resched+0x10/0x10
[  790.148391][T13035]  ? fs_reclaim_acquire+0x7d/0x100
[  790.148424][T13035]  should_fail_ex+0x414/0x560
[  790.148453][T13035]  should_failslab+0xa8/0x100
[  790.148480][T13035]  __kmalloc_noprof+0xcb/0x4f0
[  790.148503][T13035]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  790.148551][T13035]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  790.148586][T13035]  genl_family_rcv_msg_doit+0xb8/0x300
[  790.148622][T13035]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  790.148652][T13035]  ? rcu_is_watching+0x15/0xb0
[  790.148681][T13035]  ? cap_capable+0x11f/0x460
[  790.148705][T13035]  ? safesetid_security_capable+0xa9/0x1a0
[  790.148732][T13035]  ? bpf_lsm_capable+0x9/0x20
[  790.148759][T13035]  ? security_capable+0x7e/0x2e0
[  790.148795][T13035]  genl_rcv_msg+0x60e/0x790
[  790.148838][T13035]  ? __pfx_genl_rcv_msg+0x10/0x10
[  790.148864][T13035]  ? __pfx_hwsim_new_edge_nl+0x10/0x10
[  790.148905][T13035]  netlink_rcv_skb+0x205/0x470
[  790.148928][T13035]  ? __pfx_genl_rcv_msg+0x10/0x10
[  790.148957][T13035]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  790.149002][T13035]  ? down_read+0x1ad/0x2e0
[  790.149026][T13035]  genl_rcv+0x28/0x40
[  790.149050][T13035]  netlink_unicast+0x758/0x8d0
[  790.149084][T13035]  netlink_sendmsg+0x805/0xb30
[  790.149119][T13035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  790.149159][T13035]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  790.149182][T13035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  790.149205][T13035]  __sock_sendmsg+0x219/0x270
[  790.149238][T13035]  ____sys_sendmsg+0x505/0x830
[  790.149269][T13035]  ? __pfx_____sys_sendmsg+0x10/0x10
[  790.149305][T13035]  ? import_iovec+0x74/0xa0
[  790.149329][T13035]  ___sys_sendmsg+0x21f/0x2a0
[  790.149357][T13035]  ? __pfx____sys_sendmsg+0x10/0x10
[  790.149427][T13035]  ? __fget_files+0x2a/0x420
[  790.149451][T13035]  ? __fget_files+0x3a0/0x420
[  790.149489][T13035]  __x64_sys_sendmsg+0x19b/0x260
[  790.149516][T13035]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  790.149553][T13035]  ? __pfx_ksys_write+0x10/0x10
[  790.149583][T13035]  ? rcu_is_watching+0x15/0xb0
[  790.149617][T13035]  ? do_syscall_64+0xbe/0x3b0
[  790.149639][T13035]  do_syscall_64+0xfa/0x3b0
[  790.149655][T13035]  ? lockdep_hardirqs_on+0x9c/0x150
[  790.149682][T13035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.149701][T13035]  ? clear_bhb_loop+0x60/0xb0
[  790.149725][T13035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.149743][T13035] RIP: 0033:0x7fa681f8e929
[  790.149760][T13035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  790.149777][T13035] RSP: 002b:00007fa682db7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  790.149800][T13035] RAX: ffffffffffffffda RBX: 00007fa6821b5fa0 RCX: 00007fa681f8e929
[  790.149815][T13035] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  790.149836][T13035] RBP: 00007fa682db7090 R08: 0000000000000000 R09: 0000000000000000
[  790.149849][T13035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  790.149860][T13035] R13: 0000000000000000 R14: 00007fa6821b5fa0 R15: 00007ffcef56da98
[  790.149894][T13035]  </TASK>
[  791.739833][T13053] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  792.178307][ T5827] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  792.338206][ T5827] usb 3-1: Using ep0 maxpacket: 8
[  792.384463][ T5827] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  792.518039][ T5827] usb 3-1: config 0 has no interface number 0
[  792.535957][ T5827] usb 3-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=a7.70
[  792.545581][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  792.561596][ T5827] usb 3-1: Product: syz
[  792.565989][ T5827] usb 3-1: Manufacturer: syz
[  792.574799][ T5827] usb 3-1: SerialNumber: syz
[  792.736671][ T5827] usb 3-1: config 0 descriptor??
[  792.994312][T13061] netlink: 'syz.2.1582': attribute type 1 has an invalid length.
[  793.036030][T13061] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1582'.
[  793.069426][T13061] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1582'.
[  793.107620][ T5827] usb 3-1: bad CDC descriptors
[  793.154322][ T5827] usb 3-1: USB disconnect, device number 27
[  794.361934][T13043] delete_channel: no stack
[  794.726240][T13086] syzkaller1: entered promiscuous mode
[  794.732272][T13086] syzkaller1: entered allmulticast mode
[  794.823887][T13092] 9pnet_fd: Insufficient options for proto=fd
[  794.848440][T13092] fuse: Unknown parameter 'fd0x000000000000000b'
[  795.002320][T13096] fuse: Bad value for 'user_id'
[  795.007349][T13096] fuse: Bad value for 'user_id'
[  797.334587][T13123] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  803.181365][T13142] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  803.238559][ T5896] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  803.588269][ T5896] usb 7-1: Using ep0 maxpacket: 32
[  803.723868][ T5896] usb 7-1: config 0 interface 0 has no altsetting 0
[  803.765049][ T5896] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  803.796209][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.845035][ T5896] usb 7-1: Product: syz
[  803.870122][ T5896] usb 7-1: Manufacturer: syz
[  803.874873][ T5896] usb 7-1: SerialNumber: syz
[  804.022568][T13145] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1604'.
[  804.055908][ T5896] usb 7-1: config 0 descriptor??
[  804.518411][T13138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  804.742094][T13138] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.128582][ T5896] gs_usb 7-1:0.0: Couldn't send data format (err=-110)
[  805.135179][T13152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  805.143463][ T5896] gs_usb 7-1:0.0: probe with driver gs_usb failed with error -110
[  805.184880][T13152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.534301][ T5943] usb 7-1: USB disconnect, device number 20
[  805.583411][T13156] No control pipe specified
[  806.800278][T13168] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  807.723380][T13180] i2c i2c-0: Invalid block write size 33
[  808.307530][T13187] program syz.7.1616 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  808.817926][    T9] dvb-usb: did not find the firmware file 'dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  808.836520][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  809.841140][    T9] usb 9-1: USB disconnect, device number 9
[  809.881349][T13194] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  810.098221][ T5943] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  810.238437][  T890] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  810.260600][ T5943] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  810.297828][ T5943] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 3
[  810.367490][ T5943] usb 7-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  810.408477][  T890] usb 1-1: Using ep0 maxpacket: 32
[  810.417238][  T890] usb 1-1: config 0 has an invalid interface number: 92 but max is 0
[  810.449217][ T5943] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.457847][  T890] usb 1-1: config 0 has no interface number 0
[  811.065422][  T890] usb 1-1: config 0 interface 92 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  811.100916][ T5943] usb 7-1: config 0 descriptor??
[  811.108517][  T890] usb 1-1: config 0 interface 92 has no altsetting 0
[  811.120677][  T890] usb 1-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=a8.eb
[  811.134065][  T890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.143058][  T890] usb 1-1: Product: syz
[  811.147368][  T890] usb 1-1: Manufacturer: syz
[  811.153904][  T890] usb 1-1: SerialNumber: syz
[  811.177204][  T890] usb 1-1: config 0 descriptor??
[  811.195255][T13200] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  811.415013][T13200] netlink: 'syz.0.1620': attribute type 1 has an invalid length.
[  811.438385][T13200] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1620'.
[  811.547687][  T890] redrat3 1-1:0.92: Couldn't find all endpoints
[  811.607040][T13193] hsr0 speed is unknown, defaulting to 1000
[  811.942788][  T890] usb 1-1: USB disconnect, device number 36
[  813.799778][ T5943] Bluetooth: Can't get state to change to load configuration err
[  814.068731][ T5943] Bluetooth: Loading sysconfig file failed
[  814.075454][ T5943] ath3k 7-1:0.0: probe with driver ath3k failed with error -16
[  814.148471][ T5943] usb 7-1: USB disconnect, device number 21
[  814.234950][T13239] hsr0 speed is unknown, defaulting to 1000
[  814.404760][T13243] hsr0 speed is unknown, defaulting to 1000
[  814.428525][T11088] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  814.610751][T11088] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  814.636531][T11088] usb 3-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00
[  814.680944][T11088] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.721614][T11088] usb 3-1: config 0 descriptor??
[  815.179619][T11088] ortek 0003:05A4:8003.0008: unknown main item tag 0x0
[  815.186578][T11088] ortek 0003:05A4:8003.0008: unknown main item tag 0x0
[  815.287213][T11088] ortek 0003:05A4:8003.0008: unknown main item tag 0x0
[  815.307206][T11088] ortek 0003:05A4:8003.0008: unknown main item tag 0x0
[  815.324737][T11088] ortek 0003:05A4:8003.0008: unknown main item tag 0x0
[  815.378514][T11088] ortek 0003:05A4:8003.0008: hidraw0: USB HID v0.00 Device [HID 05a4:8003] on usb-dummy_hcd.2-1/input0
[  815.545592][T11088] usb 3-1: USB disconnect, device number 28
[  815.756567][T13258] fido_id[13258]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  818.279939][T11424] Bluetooth: hci0: unexpected event for opcode 0x0403
[  818.654162][T13285] FAULT_INJECTION: forcing a failure.
[  818.654162][T13285] name failslab, interval 1, probability 0, space 0, times 0
[  818.667357][T13285] CPU: 0 UID: 0 PID: 13285 Comm: syz.8.1641 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  818.667383][T13285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  818.667395][T13285] Call Trace:
[  818.667404][T13285]  <TASK>
[  818.667413][T13285]  dump_stack_lvl+0x189/0x250
[  818.667444][T13285]  ? irqentry_exit+0x74/0x90
[  818.667475][T13285]  ? __pfx_dump_stack_lvl+0x10/0x10
[  818.667522][T13285]  should_fail_ex+0x414/0x560
[  818.667553][T13285]  should_failslab+0xa8/0x100
[  818.667588][T13285]  __kmalloc_noprof+0xcb/0x4f0
[  818.667611][T13285]  ? io_cache_alloc_new+0x40/0x100
[  818.667644][T13285]  io_cache_alloc_new+0x40/0x100
[  818.667673][T13285]  io_rsrc_node_alloc+0x172/0x280
[  818.667708][T13285]  io_sqe_buffer_register+0xea/0x20e0
[  818.667747][T13285]  ? __might_fault+0xb0/0x130
[  818.667772][T13285]  ? __pfx_io_sqe_buffer_register+0x10/0x10
[  818.667812][T13285]  __io_register_rsrc_update+0x55e/0x11b0
[  818.667864][T13285]  ? __pfx___io_register_rsrc_update+0x10/0x10
[  818.667917][T13285]  io_register_rsrc_update+0x196/0x1a0
[  818.667950][T13285]  ? __pfx_io_register_rsrc_update+0x10/0x10
[  818.667982][T13285]  ? __fget_files+0x2a/0x420
[  818.668011][T13285]  ? io_is_uring_fops+0xd/0x50
[  818.668035][T13285]  __se_sys_io_uring_register+0x795/0x11b0
[  818.668069][T13285]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  818.668114][T13285]  ? do_syscall_64+0xbe/0x3b0
[  818.668137][T13285]  do_syscall_64+0xfa/0x3b0
[  818.668156][T13285]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.668173][T13285]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  818.668191][T13285]  ? clear_bhb_loop+0x60/0xb0
[  818.668215][T13285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.668234][T13285] RIP: 0033:0x7f171118e929
[  818.668253][T13285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  818.668269][T13285] RSP: 002b:00007f170efb4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  818.668291][T13285] RAX: ffffffffffffffda RBX: 00007f17113b6160 RCX: 00007f171118e929
[  818.668305][T13285] RDX: 0000200000000600 RSI: 0000000000000010 RDI: 0000000000000005
[  818.668317][T13285] RBP: 00007f170efb4090 R08: 0000000000000000 R09: 0000000000000000
[  818.668344][T13285] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001
[  818.668356][T13285] R13: 0000000000000000 R14: 00007f17113b6160 R15: 00007ffd6ee31248
[  818.668389][T13285]  </TASK>
[  819.922577][T13294] sp0: Synchronizing with TNC
[  822.356621][T13306] syz.8.1648 (13306): /proc/13305/oom_adj is deprecated, please use /proc/13305/oom_score_adj instead.
[  822.401125][T13306] can0: slcan on pty36.
[  823.099102][T13305] can0 (unregistered): slcan off pty36.
[  825.219305][T11088] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  825.898478][T11088] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  825.907620][T11088] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.921185][T11088] usb 3-1: Product: syz
[  825.925431][T11088] usb 3-1: Manufacturer: syz
[  825.931109][T11088] usb 3-1: SerialNumber: syz
[  826.003609][T11088] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  826.048973][T13330] hsr0 speed is unknown, defaulting to 1000
[  826.321329][T13330] hsr0 speed is unknown, defaulting to 1000
[  826.371171][ T5943] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  827.047425][T13342] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1658'.
[  827.851335][ T5943] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  827.942936][ T5943] ath9k_htc: Failed to initialize the device
[  828.736261][ T5943] usb 3-1: ath9k_htc: USB layer deinitialized
[  829.074505][T11088] usb 3-1: USB disconnect, device number 29
[  829.519799][T13364] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1665'.
[  829.917581][T13375] hsr0 speed is unknown, defaulting to 1000
[  830.005480][T13382] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1671'.
[  830.105163][T13382] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1671'.
[  830.241630][T13375] hsr0 speed is unknown, defaulting to 1000
[  830.884345][T13392] vivid-007: =================  START STATUS  =================
[  830.928216][T13392] vivid-007: Enable Output Cropping: true
[  830.956177][T13392] vivid-007: Enable Output Composing: true
[  831.029040][T13390] sp0: Synchronizing with TNC
[  831.067118][T13392] vivid-007: Enable Output Scaler: true
[  831.111355][T13392] vivid-007: Tx RGB Quantization Range: Automatic
[  831.128502][T13392] vivid-007: Transmit Mode: HDMI
[  831.139026][T13392] vivid-007: Hotplug Present: 0x00000000
[  831.164861][T13392] vivid-007: RxSense Present: 0x00000000
[  831.255431][T13407] autofs4:pid:13407:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[  831.278229][T13392] vivid-007: EDID Present: 0x00000000
[  831.298372][T13404] netlink: 'syz.2.1676': attribute type 12 has an invalid length.
[  831.306246][T13404] netlink: 'syz.2.1676': attribute type 29 has an invalid length.
[  831.322268][T13407] xt_nfacct: accounting object `syz1' does not exists
[  831.333185][T13392] vivid-007: ==================  END STATUS  ==================
[  831.343745][T13404] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1676'.
[  831.358188][T13404] netlink: 'syz.2.1676': attribute type 1 has an invalid length.
[  831.384402][T13404] netlink: 'syz.2.1676': attribute type 2 has an invalid length.
[  831.418341][T13404] netlink: 39 bytes leftover after parsing attributes in process `syz.2.1676'.
[  831.488298][ T5896] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  831.642002][T13410] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1678'.
[  831.667873][ T5896] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  831.700910][ T5896] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  831.744490][ T5896] usb 7-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  831.788385][ T5896] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.819872][T13415] binder: BINDER_SET_CONTEXT_MGR already set
[  831.820527][ T5896] usb 7-1: config 0 descriptor??
[  831.826533][T13415] binder: 13411:13415 ioctl 4018620d 200000000040 returned -16
[  831.872456][T13415] binder: 13411:13415 ioctl c0306201 2000000003c0 returned -14
[  831.880609][T13415] binder: 13411:13415 ioctl c0306201 2000000001c0 returned -14
[  832.551311][   T30] audit: type=1326 audit(1750555306.502:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  832.658853][   T30] audit: type=1326 audit(1750555306.502:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  832.764129][    T9] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  832.809481][   T30] audit: type=1326 audit(1750555306.502:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  832.942217][   T30] audit: type=1326 audit(1750555306.502:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.004714][   T30] audit: type=1326 audit(1750555306.502:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.055930][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  833.101950][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  833.147811][   T30] audit: type=1326 audit(1750555306.502:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.188423][    T9] usb 1-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  833.308365][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.322472][   T30] audit: type=1326 audit(1750555306.502:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.366207][    T9] usb 1-1: config 0 descriptor??
[  833.385798][   T30] audit: type=1326 audit(1750555306.502:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.456050][T13432] hsr0 speed is unknown, defaulting to 1000
[  833.612155][   T30] audit: type=1326 audit(1750555306.502:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.634178][   T30] audit: type=1326 audit(1750555306.502:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13411 comm="syz.2.1679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7fc00000
[  833.749682][T13435] hsr0 speed is unknown, defaulting to 1000
[  833.923421][    T9] redragon 0003:0C45:760B.0009: hidraw0: USB HID v0.00 Device [HID 0c45:760b] on usb-dummy_hcd.0-1/input0
[  834.014347][T13424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  834.045323][T13424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.093005][T13424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  834.150147][T13424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.189780][ T5896] usbhid 7-1:0.0: can't add hid device: -71
[  834.195870][ T5896] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  834.323227][T11088] usb 1-1: USB disconnect, device number 37
[  834.346100][T13442] fido_id[13442]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  834.347882][ T5896] usb 7-1: USB disconnect, device number 22
[  834.411548][T13446] sp0: Synchronizing with TNC
[  834.702514][T13460] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1692'.
[  835.562765][T13482] sp0: Synchronizing with TNC
[  837.418204][T11088] IPVS: starting estimator thread 0...
[  837.508875][T13497] IPVS: using max 23 ests per chain, 55200 per kthread
[  837.579506][T13500] mkiss: ax0: crc mode is auto.
[  838.892255][T13513] hsr0 speed is unknown, defaulting to 1000
[  839.362050][T13513] hsr0 speed is unknown, defaulting to 1000
[  840.127134][T13524] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1710'.
[  841.226413][T13529] Falling back ldisc for ptm0.
[  841.489840][    C1] vcan0: j1939_tp_rxtimer: 0xffff888058499c00: rx timeout, send abort
[  842.914966][T13546] overlayfs: failed to resolve './file0': -2
[  843.220052][T13554] overlayfs: failed to resolve './file0': -2
[  843.428509][ T5943] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[  843.612451][ T5943] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  843.624749][T13546] FAULT_INJECTION: forcing a failure.
[  843.624749][T13546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  843.649441][ T5943] usb 9-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  843.672997][T13546] CPU: 1 UID: 0 PID: 13546 Comm: syz.7.1717 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  843.673026][T13546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  843.673038][T13546] Call Trace:
[  843.673046][T13546]  <TASK>
[  843.673055][T13546]  dump_stack_lvl+0x189/0x250
[  843.673089][T13546]  ? __pfx____ratelimit+0x10/0x10
[  843.673117][T13546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  843.673144][T13546]  ? __pfx__printk+0x10/0x10
[  843.673177][T13546]  should_fail_ex+0x414/0x560
[  843.673206][T13546]  _copy_to_user+0x31/0xb0
[  843.673237][T13546]  copy_regset_to_user+0x136/0x210
[  843.673270][T13546]  ptrace_request+0x12fa/0x2250
[  843.673302][T13546]  ? do_raw_spin_lock+0x121/0x290
[  843.673321][T13546]  ? raw_spin_rq_lock_nested+0x2a/0x140
[  843.673349][T13546]  ? __pfx_ptrace_request+0x10/0x10
[  843.673381][T13546]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  843.673407][T13546]  ? lockdep_hardirqs_on+0x9c/0x150
[  843.673434][T13546]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  843.673459][T13546]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  843.673487][T13546]  ? do_raw_spin_unlock+0x122/0x240
[  843.673511][T13546]  ? wait_task_inactive+0x42a/0x7d0
[  843.673561][T13546]  ? __pfx_wait_task_inactive+0x10/0x10
[  843.673607][T13546]  arch_ptrace+0x289/0x410
[  843.673635][T13546]  __se_sys_ptrace+0x159/0x400
[  843.673667][T13546]  ? __pfx___se_sys_ptrace+0x10/0x10
[  843.673692][T13546]  ? rcu_is_watching+0x15/0xb0
[  843.673725][T13546]  ? do_syscall_64+0xbe/0x3b0
[  843.673747][T13546]  do_syscall_64+0xfa/0x3b0
[  843.673763][T13546]  ? lockdep_hardirqs_on+0x9c/0x150
[  843.673789][T13546]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.673808][T13546]  ? clear_bhb_loop+0x60/0xb0
[  843.673832][T13546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.673851][T13546] RIP: 0033:0x7f0b9798e929
[  843.673868][T13546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  843.673884][T13546] RSP: 002b:00007f0b9874d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  843.673906][T13546] RAX: ffffffffffffffda RBX: 00007f0b97bb5fa0 RCX: 00007f0b9798e929
[  843.673921][T13546] RDX: 0000000000000001 RSI: 00000000000003d1 RDI: 0000000000004204
[  843.673933][T13546] RBP: 00007f0b9874d090 R08: 0000000000000000 R09: 0000000000000000
[  843.673945][T13546] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001
[  843.673957][T13546] R13: 0000000000000000 R14: 00007f0b97bb5fa0 R15: 00007ffe89d24a98
[  843.673989][T13546]  </TASK>
[  843.674168][ T5943] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.953365][ T5943] usb 9-1: config 0 descriptor??
[  843.959544][T13555] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  844.467518][T13573] sp0: Synchronizing with TNC
[  845.035062][T13579] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1726'.
[  845.074451][ T5943] elan 0003:04F3:0755.000A: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.8-1/input0
[  845.092618][ T5943] usb 9-1: USB disconnect, device number 10
[  846.165194][T13585] fido_id[13585]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  846.323775][T13589] fuse: Unknown parameter 'fl'
[  846.665204][T13595] netlink: 'syz.7.1731': attribute type 5 has an invalid length.
[  847.301742][T13599] binder: 13597:13599 ioctl c0306201 200000000280 returned -14
[  848.524780][ T5896] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  849.735672][ T5817] Bluetooth: hci5: command 0x1003 tx timeout
[  849.742603][T11424] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  849.772983][ T5896] usb 7-1: Using ep0 maxpacket: 8
[  850.168316][ T5896] usb 7-1: unable to get BOS descriptor or descriptor too short
[  850.224216][ T5896] usb 7-1: unable to read config index 0 descriptor/start: -71
[  850.238265][ T5896] usb 7-1: can't read configurations, error -71
[  852.079262][T13642] mkiss: ax0: crc mode is auto.
[  856.827392][T13675] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1756'.
[  856.883500][T13681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  856.907025][T13681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  857.206201][T11088] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  857.308688][  T890] usb 7-1: new full-speed USB device number 25 using dummy_hcd
[  857.949566][  T890] usb 7-1: config 0 has an invalid interface number: 11 but max is 0
[  857.957725][  T890] usb 7-1: config 0 has no interface number 0
[  857.984010][  T890] usb 7-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  858.017885][  T890] usb 7-1: config 0 interface 11 has no altsetting 0
[  858.057289][  T890] usb 7-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  858.098408][  T890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  858.134993][  T890] usb 7-1: config 0 descriptor??
[  858.154600][T13680] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  858.204817][T13680] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  859.090874][  T890] keyspan 7-1:0.11: Keyspan 2 port adapter converter detected
[  859.124212][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 81
[  859.138558][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 82
[  859.147557][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 1
[  859.160697][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 2
[  859.170634][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 85
[  859.179690][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 5
[  859.207893][  T890] usb 7-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  859.796849][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 83
[  860.156370][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 84
[  860.464577][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 3
[  860.577650][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 4
[  860.602284][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 86
[  860.624237][  T890] keyspan 7-1:0.11: found no endpoint descriptor for endpoint 6
[  861.936274][  T890] usb 7-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  863.147277][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1768'.
[  863.203057][  T890] usb 7-1: USB disconnect, device number 25
[  863.276338][T13723] erspan0: entered promiscuous mode
[  863.282606][T13723] vlan0: entered promiscuous mode
[  863.285970][  T890] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  863.562376][  T890] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  864.548531][  T890] keyspan 7-1:0.11: device disconnected
[  867.432451][T13738] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1774'.
[  867.547821][   T30] kauditd_printk_skb: 46 callbacks suppressed
[  867.547841][   T30] audit: type=1326 audit(1750555341.492:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13732 comm="syz.2.1773" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5d5d18e929 code=0x0
[  868.026888][T13748] 8021q: VLANs not supported on ipvlan1
[  869.268336][T13764] ptrace attach of "./syz-executor exec"[13765] was attempted by "./syz-executor exec"[13764]
[  869.418298][    T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  870.252412][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.300005][    T9] usb 1-1: config index 0 descriptor too short (expected 24436, got 92)
[  870.328717][    T9] usb 1-1: config 78 has too many interfaces: 127, using maximum allowed: 32
[  870.358115][    T9] usb 1-1: config 78 has an invalid descriptor of length 144, skipping remainder of the config
[  870.384315][    T9] usb 1-1: config 78 has 0 interfaces, different from the descriptor's value: 127
[  870.416080][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  870.428124][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.438876][    T9] usb 1-1: Product: syz
[  870.456238][    T9] usb 1-1: Manufacturer: syz
[  870.471675][    T9] usb 1-1: SerialNumber: syz
[  871.340310][T13780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  871.351671][T13780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  871.373619][T13780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  871.383798][T13780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  871.393416][T13781] syz.2.1788: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  871.409049][T13781] CPU: 1 UID: 0 PID: 13781 Comm: syz.2.1788 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  871.409076][T13781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  871.409088][T13781] Call Trace:
[  871.409097][T13781]  <TASK>
[  871.409105][T13781]  dump_stack_lvl+0x189/0x250
[  871.409142][T13781]  ? __pfx_dump_stack_lvl+0x10/0x10
[  871.409170][T13781]  ? __pfx__printk+0x10/0x10
[  871.409183][T13781]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  871.409202][T13781]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  871.409222][T13781]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  871.409253][T13781]  warn_alloc+0x214/0x310
[  871.409279][T13781]  ? stack_depot_save_flags+0x40/0x900
[  871.409306][T13781]  ? __pfx_warn_alloc+0x10/0x10
[  871.409329][T13781]  ? kasan_save_track+0x4f/0x80
[  871.409341][T13781]  ? xskq_create+0x56/0x170
[  871.409361][T13781]  ? xsk_init_queue+0xb0/0x110
[  871.409384][T13781]  ? xsk_setsockopt+0x43f/0x710
[  871.409405][T13781]  ? do_sock_setsockopt+0x257/0x3e0
[  871.409425][T13781]  ? __x64_sys_setsockopt+0x18b/0x220
[  871.409444][T13781]  ? do_syscall_64+0xfa/0x3b0
[  871.409459][T13781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  871.409478][T13781]  __vmalloc_node_range_noprof+0x125/0x12f0
[  871.409511][T13781]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  871.409538][T13781]  ? __kasan_kmalloc+0x93/0xb0
[  871.409564][T13781]  vmalloc_user_noprof+0xad/0xf0
[  871.409589][T13781]  ? xskq_create+0xbf/0x170
[  871.409615][T13781]  xskq_create+0xbf/0x170
[  871.409633][T13781]  xsk_init_queue+0xb0/0x110
[  871.409648][T13781]  xsk_setsockopt+0x43f/0x710
[  871.409663][T13781]  ? __pfx_xsk_setsockopt+0x10/0x10
[  871.409679][T13781]  ? __lock_acquire+0xab9/0xd20
[  871.409714][T13781]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  871.409735][T13781]  ? __pfx_xsk_setsockopt+0x10/0x10
[  871.409760][T13781]  do_sock_setsockopt+0x257/0x3e0
[  871.409780][T13781]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  871.409796][T13781]  ? __fget_files+0x2a/0x420
[  871.409814][T13781]  __x64_sys_setsockopt+0x18b/0x220
[  871.409835][T13781]  do_syscall_64+0xfa/0x3b0
[  871.409849][T13781]  ? lockdep_hardirqs_on+0x9c/0x150
[  871.409876][T13781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  871.409893][T13781]  ? clear_bhb_loop+0x60/0xb0
[  871.409917][T13781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  871.409931][T13781] RIP: 0033:0x7f5d5d18e929
[  871.409943][T13781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  871.409953][T13781] RSP: 002b:00007f5d5e063038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  871.409965][T13781] RAX: ffffffffffffffda RBX: 00007f5d5d3b6080 RCX: 00007f5d5d18e929
[  871.409974][T13781] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  871.409981][T13781] RBP: 00007f5d5d210b39 R08: 0000000000000052 R09: 0000000000000000
[  871.409992][T13781] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  871.410003][T13781] R13: 0000000000000000 R14: 00007f5d5d3b6080 R15: 00007ffdc42fa4c8
[  871.410035][T13781]  </TASK>
[  871.410068][T13781] Mem-Info:
[  871.723140][T13781] active_anon:6044 inactive_anon:10397 isolated_anon:0
[  871.723140][T13781]  active_file:14478 inactive_file:41402 isolated_file:0
[  871.723140][T13781]  unevictable:768 dirty:122 writeback:0
[  871.723140][T13781]  slab_reclaimable:10881 slab_unreclaimable:101886
[  871.723140][T13781]  mapped:35741 shmem:12179 pagetables:1372
[  871.723140][T13781]  sec_pagetables:0 bounce:0
[  871.723140][T13781]  kernel_misc_reclaimable:0
[  871.723140][T13781]  free:1292572 free_pcp:13452 free_cma:0
[  871.769816][T13781] Node 0 active_anon:24176kB inactive_anon:41588kB active_file:57716kB inactive_file:165608kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142964kB dirty:488kB writeback:0kB shmem:47180kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12008kB pagetables:5348kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  871.804868][T13781] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  871.836882][T13781] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  871.866662][T13781] lowmem_reserve[]: 0 2501 2503 2503 2503
[  871.872971][T13781] Node 0 DMA32 free:1255424kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24172kB inactive_anon:41548kB active_file:55952kB inactive_file:165540kB unevictable:1536kB writepending:488kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:32168kB local_pcp:13032kB free_cma:0kB
[  871.906123][T13781] lowmem_reserve[]: 0 0 1 1 1
[  871.911182][T13781] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1764kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  871.940719][T13781] lowmem_reserve[]: 0 0 0 0 0
[  871.945617][T13781] Node 1 Normal free:3899484kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21632kB local_pcp:12096kB free_cma:0kB
[  871.977748][T13781] lowmem_reserve[]: 0 0 0 0 0
[  871.983175][T13781] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  871.996167][T13781] Node 0 DMA32: 610*4kB (UME) 307*8kB (UE) 200*16kB (UME) 250*32kB (UME) 169*64kB (UM) 75*128kB (UM) 79*256kB (UM) 31*512kB (UME) 7*1024kB (UM) 6*2048kB (UM) 284*4096kB (UM) = 1255328kB
[  872.014999][T13781] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  872.027502][T13781] Node 1 Normal: 171*4kB (UE) 40*8kB (UME) 31*16kB (UME) 122*32kB (UME) 35*64kB (UME) 5*128kB (UME) 4*256kB (UME) 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 948*4096kB (M) = 3899484kB
[  872.046132][T13781] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  872.055753][T13781] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  872.066715][T13781] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  872.076703][T13781] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  872.086450][T13781] 68056 total pagecache pages
[  872.091219][T13781] 0 pages in swap cache
[  872.095409][T13781] Free swap  = 124996kB
[  872.099875][T13781] Total swap = 124996kB
[  872.104178][T13781] 2097051 pages RAM
[  872.108131][T13781] 0 pages HighMem/MovableOnly
[  872.113041][T13781] 424572 pages reserved
[  872.117320][T13781] 0 pages cma reserved
[  874.758181][    T9] usb 1-1: USB disconnect, device number 39
[  874.922721][T13793] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1789'.
[  877.334419][T13814] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1799'.
[  877.455699][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  877.465940][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  877.492853][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  877.502555][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  877.510822][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  877.572705][T13807] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1797'.
[  877.965053][T13815] hsr0 speed is unknown, defaulting to 1000
[  878.007072][   T12] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.055778][T13822] tipc: Started in network mode
[  878.058606][   T24] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  878.060778][T13822] tipc: Node identity , cluster identity 4711
[  878.076161][T13822] tipc: Failed to set node id, please configure manually
[  878.091525][T13822] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  878.121057][T13827] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1802'.
[  878.165355][   T12] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.231373][   T24] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  878.241193][   T24] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  878.252578][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  878.361925][   T12] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.448784][T13839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1807'.
[  878.574093][T13836] Falling back ldisc for ptm0.
[  878.647937][   T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  878.659764][   T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  878.685596][   T24] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  878.695272][   T24] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  878.703598][   T24] usb 7-1: Product: syz
[  878.707958][   T24] usb 7-1: Manufacturer: syz
[  878.929020][   T24] cdc_wdm 7-1:1.0: skipping garbage
[  878.968921][   T24] cdc_wdm 7-1:1.0: skipping garbage
[  878.974177][   T12] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.985556][   T24] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  879.038582][   T24] cdc_wdm 7-1:1.0: Unknown control protocol
[  879.422081][ T5189] udevd[5189]: worker [12533] terminated by signal 33 (Unknown signal 33)
[  879.448385][ T5189] udevd[5189]: worker [12533] failed while handling '/devices/platform/dummy_hcd.6/usb7/7-1'
[  879.608459][T11424] Bluetooth: hci0: command tx timeout
[  880.581434][T12748] usb 7-1: USB disconnect, device number 27
[  880.799206][   T12] bridge_slave_1: left allmulticast mode
[  880.805016][   T12] bridge_slave_1: left promiscuous mode
[  880.816375][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  880.849469][   T12] bridge_slave_0: left allmulticast mode
[  880.855307][   T12] bridge_slave_0: left promiscuous mode
[  880.895862][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  880.963507][T13860] netlink: 'syz.6.1812': attribute type 11 has an invalid length.
[  881.689549][T11424] Bluetooth: hci0: command tx timeout
[  881.988688][    T9] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  882.160346][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  882.191118][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  882.202501][    T9] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  882.218421][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.231285][    T9] usb 3-1: config 0 descriptor??
[  882.519448][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  882.533749][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  882.565143][   T12] bond0 (unregistering): Released all slaves
[  882.664345][T13815] chnl_net:caif_netlink_parms(): no params data found
[  882.795395][    T9] hid-steam 0003:28DE:1142.000B: unknown main item tag 0x0
[  882.802809][    T9] hid-steam 0003:28DE:1142.000B: unknown main item tag 0x0
[  882.810352][    T9] hid-steam 0003:28DE:1142.000B: unknown main item tag 0x0
[  882.817641][    T9] hid-steam 0003:28DE:1142.000B: unknown main item tag 0x0
[  882.824946][    T9] hid-steam 0003:28DE:1142.000B: unknown main item tag 0x0
[  882.836399][    T9] hid-steam 0003:28DE:1142.000B: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  883.720651][T13879] netlink: 'syz.2.1815': attribute type 29 has an invalid length.
[  883.768230][T11424] Bluetooth: hci0: command tx timeout
[  883.801296][T13879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1815'.
[  884.350095][    T9] usb 3-1: USB disconnect, device number 30
[  884.752804][T13815] bridge0: port 1(bridge_slave_0) entered blocking state
[  884.767159][T13815] bridge0: port 1(bridge_slave_0) entered disabled state
[  884.775895][T13815] bridge_slave_0: entered allmulticast mode
[  884.786200][T13815] bridge_slave_0: entered promiscuous mode
[  884.949412][T13815] bridge0: port 2(bridge_slave_1) entered blocking state
[  884.956638][T13815] bridge0: port 2(bridge_slave_1) entered disabled state
[  884.964050][    T9] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  885.005846][T13815] bridge_slave_1: entered allmulticast mode
[  885.039439][T13815] bridge_slave_1: entered promiscuous mode
[  885.848376][T11424] Bluetooth: hci0: command tx timeout
[  885.971784][    T9] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  885.991324][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.012383][    T9] usb 1-1: Product: syz
[  886.016648][    T9] usb 1-1: Manufacturer: syz
[  886.061602][    T9] usb 1-1: SerialNumber: syz
[  886.111793][    T9] usb 1-1: config 0 descriptor??
[  886.186604][T13903] sp0: Synchronizing with TNC
[  886.777381][    T9] usb 1-1: Firmware: major: 108, minor: 98, hardware type: RZUSB (3)
[  886.880313][   T12] hsr_slave_0: left promiscuous mode
[  886.903629][   T12] hsr_slave_1: left promiscuous mode
[  886.939187][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  886.979060][    T9] usb 1-1: Read permanent extended address 9a:c2:40:7a:db:ee:53:6d from device
[  886.982613][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  887.024469][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  887.051387][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  887.121608][   T12] veth1_macvtap: left promiscuous mode
[  887.137466][   T12] veth0_macvtap: left promiscuous mode
[  887.147778][   T12] veth1_vlan: left promiscuous mode
[  887.158639][   T12] veth0_vlan: left promiscuous mode
[  888.628483][T13927] trusted_key: encrypted_key: insufficient parameters specified
[  892.949820][T13932] Falling back ldisc for ptm1.
[  893.601219][T13940] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input16
[  893.661833][   T12] team0 (unregistering): Port device team_slave_1 removed
[  894.015646][   T12] team0 (unregistering): Port device team_slave_0 removed
[  896.095373][T13815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  896.467288][T13815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  896.531448][    T9] usb 1-1: USB disconnect, device number 40
[  897.490484][T13815] team0: Port device team_slave_0 added
[  897.579496][T13815] team0: Port device team_slave_1 added
[  898.505884][T13970] Falling back ldisc for ptm0.
[  898.741770][T13815] batman_adv: batadv0: Adding interface: batadv_slave_0
[  898.786223][T13815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  898.849218][T13815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  898.879536][T13815] batman_adv: batadv0: Adding interface: batadv_slave_1
[  898.899763][T13815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  898.970811][T13815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  899.030452][   T12] IPVS: stop unused estimator thread 0...
[  899.108210][T11088] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  899.150973][T13815] hsr_slave_0: entered promiscuous mode
[  899.172652][T13815] hsr_slave_1: entered promiscuous mode
[  899.207995][T13815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  899.236370][T13815] Cannot create hsr debugfs directory
[  900.110369][T11088] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  900.132127][T11088] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  900.168188][T11088] usb 3-1: config 0 has no interface number 1
[  900.174396][T11088] usb 3-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  900.251866][T11088] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.279157][T13988] sp0: Synchronizing with TNC
[  900.425261][T11088] usb 3-1: config 0 descriptor??
[  900.460714][T11088] usb 3-1: unknown number of interfaces: 2
[  900.731531][T13815] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  900.769334][T13815] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  900.789726][T13815] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  900.837632][T13815] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  901.028272][T11088] usb 3-1: USB disconnect, device number 31
[  901.280702][T13815] 8021q: adding VLAN 0 to HW filter on device bond0
[  901.371802][T13815] 8021q: adding VLAN 0 to HW filter on device team0
[  901.394582][ T6402] bridge0: port 1(bridge_slave_0) entered blocking state
[  901.401827][ T6402] bridge0: port 1(bridge_slave_0) entered forwarding state
[  901.516652][ T6402] bridge0: port 2(bridge_slave_1) entered blocking state
[  901.523932][ T6402] bridge0: port 2(bridge_slave_1) entered forwarding state
[  902.220571][T14013] mkiss: ax0: crc mode is auto.
[  903.121203][   T30] audit: type=1326 audit(1750555377.052:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14015 comm="syz.6.1854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x0
[  903.163333][   T30] audit: type=1326 audit(1750555377.102:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14015 comm="syz.6.1854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x0
[  903.251011][T13815] 8021q: adding VLAN 0 to HW filter on device batadv0
[  905.811365][T13815] veth0_vlan: entered promiscuous mode
[  905.831404][T13815] veth1_vlan: entered promiscuous mode
[  905.923586][T13815] veth0_macvtap: entered promiscuous mode
[  905.935264][T13815] veth1_macvtap: entered promiscuous mode
[  905.942662][  T890] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  906.011828][T13815] batman_adv: batadv0: Interface activated: batadv_slave_0
[  906.035980][T13815] batman_adv: batadv0: Interface activated: batadv_slave_1
[  906.064941][T13815] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  906.084950][T13815] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  906.096245][T13815] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  906.111808][  T890] usb 3-1: config 0 has an invalid interface number: 111 but max is 3
[  906.124010][  T890] usb 3-1: config 0 has an invalid interface number: 100 but max is 3
[  906.132786][T13815] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  906.146619][  T890] usb 3-1: config 0 has an invalid interface number: 57 but max is 3
[  906.166313][  T890] usb 3-1: config 0 has an invalid interface number: 44 but max is 3
[  906.183454][  T890] usb 3-1: config 0 descriptor has 1 excess byte, ignoring
[  906.198457][  T890] usb 3-1: config 0 has 5 interfaces, different from the descriptor's value: 4
[  906.284363][  T890] usb 3-1: config 0 has no interface number 0
[  906.311041][  T890] usb 3-1: config 0 has no interface number 1
[  906.331208][  T890] usb 3-1: config 0 has no interface number 3
[  906.372886][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  906.377940][  T890] usb 3-1: config 0 has no interface number 4
[  906.400804][  T890] usb 3-1: config 0 interface 111 altsetting 6 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  906.421992][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  906.442400][  T890] usb 3-1: config 0 interface 111 altsetting 6 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  906.490751][  T890] usb 3-1: config 0 interface 111 altsetting 6 endpoint 0xF has invalid maxpacket 512, setting to 64
[  906.513061][  T890] usb 3-1: config 0 interface 111 altsetting 6 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  906.514703][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  906.527790][  T890] usb 3-1: too many endpoints for config 0 interface 2 altsetting 132: 133, using maximum allowed: 30
[  906.605273][  T890] usb 3-1: config 0 interface 2 altsetting 132 has 1 endpoint descriptor, different from the interface descriptor's value: 133
[  906.609668][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  906.667452][  T890] usb 3-1: config 0 interface 44 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  906.712793][  T890] usb 3-1: config 0 interface 111 has no altsetting 0
[  906.761437][  T890] usb 3-1: config 0 interface 2 has no altsetting 0
[  906.806104][  T890] usb 3-1: config 0 interface 100 has no altsetting 0
[  906.851691][T14052] netlink: 52 bytes leftover after parsing attributes in process `syz.9.1790'.
[  906.852375][  T890] usb 3-1: config 0 interface 44 has no altsetting 0
[  907.056753][  T890] usb 3-1: New USB device found, idVendor=0403, idProduct=fd4a, bcdDevice=6c.c0
[  907.075060][  T890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.121998][  T890] usb 3-1: Product: syz
[  907.160675][  T890] usb 3-1: Manufacturer: syz
[  907.189753][  T890] usb 3-1: SerialNumber: syz
[  907.313695][  T890] usb 3-1: config 0 descriptor??
[  907.659779][  T890] ftdi_sio 3-1:0.111: FTDI USB Serial Device converter detected
[  907.713172][  T890] ftdi_sio ttyUSB0: unknown device type: 0x6cc0
[  907.786011][  T890] ftdi_sio 3-1:0.2: FTDI USB Serial Device converter detected
[  907.899643][T14062] mkiss: ax0: crc mode is auto.
[  908.569562][  T890] ftdi_sio ttyUSB1: unknown device type: 0x6cc0
[  908.582776][  T890] ftdi_sio 3-1:0.100: FTDI USB Serial Device converter detected
[  908.592000][  T890] ftdi_sio ttyUSB2: unknown device type: 0x6cc0
[  908.729728][  T890] ftdi_sio 3-1:0.57: FTDI USB Serial Device converter detected
[  908.762677][  T890] ftdi_sio ttyUSB3: unknown device type: 0x6cc0
[  908.785793][  T890] ftdi_sio 3-1:0.44: FTDI USB Serial Device converter detected
[  908.801315][  T890] ftdi_sio ttyUSB4: unknown device type: 0x6cc0
[  908.859834][  T890] usb 3-1: USB disconnect, device number 32
[  908.913804][  T890] ftdi_sio 3-1:0.111: device disconnected
[  908.948781][  T890] ftdi_sio 3-1:0.2: device disconnected
[  908.987059][  T890] ftdi_sio 3-1:0.100: device disconnected
[  909.015991][  T890] ftdi_sio 3-1:0.57: device disconnected
[  910.321977][  T890] ftdi_sio 3-1:0.44: device disconnected
[  910.422149][T14074] sp0: Synchronizing with TNC
[  913.171630][T14097] netlink: 52 bytes leftover after parsing attributes in process `syz.9.1876'.
[  915.083413][T14110] mkiss: ax0: crc mode is auto.
[  916.012595][T14116] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1882'.
[  916.043784][T14116] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1882'.
[  917.908199][    T9] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  919.064753][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  919.906347][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  919.917710][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  919.931019][    T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  919.940208][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.950351][    T9] usb 7-1: config 0 descriptor??
[  921.421147][    T9] usb 7-1: can't set config #0, error -71
[  922.131328][    T9] usb 7-1: USB disconnect, device number 28
[  923.576216][T14154] mkiss: ax0: crc mode is auto.
[  924.523355][T14160] binder: 14158:14160 ioctl c0306201 0 returned -14
[  924.845659][T14166] sp0: Synchronizing with TNC
[  927.073868][T14191] hsr0 speed is unknown, defaulting to 1000
[  927.186097][T14199] syzkaller1: entered promiscuous mode
[  927.191695][T14199] syzkaller1: entered allmulticast mode
[  927.362013][T14191] hsr0 speed is unknown, defaulting to 1000
[  930.825303][T14211] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1900'.
[  931.152237][T14219] syz.7.1904 (14219): attempted to duplicate a private mapping with mremap.  This is not supported.
[  931.682249][T14224] !
: renamed from dummy0 (while UP)
[  931.707106][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  932.080917][T14236] mkiss: ax0: crc mode is auto.
[  932.745371][T14233] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1908'.
[  933.724176][T14244] sp0: Synchronizing with TNC
[  936.449506][T14270] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1916'.
[  937.273417][T14279] syzkaller1: entered promiscuous mode
[  937.279004][T14279] syzkaller1: entered allmulticast mode
[  938.411013][T14284] Falling back ldisc for ptm1.
[  940.087650][T14298] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[  941.201972][T14305] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1925'.
[  941.609473][   T24] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  942.148959][   T24] usb 10-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  942.149042][   T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  942.149102][   T24] usb 10-1: Product: syz
[  942.149157][   T24] usb 10-1: Manufacturer: syz
[  942.149211][   T24] usb 10-1: SerialNumber: syz
[  942.204811][   T24] usb 10-1: config 0 descriptor??
[  944.422153][T14307] hsr0 speed is unknown, defaulting to 1000
[  946.169509][T14335] Falling back ldisc for ptm0.
[  946.516630][T14340] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  947.212621][T14347] kAFS: No cell specified
[  947.479291][   T24] usb-storage 10-1:0.0: USB Mass Storage device detected
[  952.815240][   T24] usb 10-1: USB disconnect, device number 2
[  953.220004][T14370] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1942'.
[  953.729284][T14376] syzkaller1: entered promiscuous mode
[  953.734887][T14376] syzkaller1: entered allmulticast mode
[  954.445793][T14389] mkiss: ax0: crc mode is auto.
[  955.617479][ T5943] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  955.928360][ T5943] usb 7-1: Using ep0 maxpacket: 16
[  956.775494][ T5943] usb 7-1: config 0 has an invalid interface number: 69 but max is 0
[  956.794280][ T5943] usb 7-1: config 0 has no interface number 0
[  956.814969][ T5943] usb 7-1: config 0 interface 69 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  956.842525][ T5943] usb 7-1: config 0 interface 69 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  956.901898][ T5943] usb 7-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice=f9.c2
[  956.953976][ T5943] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.969078][ T5943] usb 7-1: Product: syz
[  956.981941][ T5943] usb 7-1: Manufacturer: syz
[  956.994781][ T5943] usb 7-1: SerialNumber: syz
[  957.009517][ T5943] usb 7-1: config 0 descriptor??
[  957.045515][ T5943] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.69/input/input17
[  957.259698][ T5174] bcm5974 7-1:0.69: could not read from device
[  957.268372][T12748] usb 7-1: USB disconnect, device number 29
[  957.353954][T14411] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1952'.
[  958.545965][T14426] FAULT_INJECTION: forcing a failure.
[  958.545965][T14426] name failslab, interval 1, probability 0, space 0, times 0
[  958.585809][T14426] CPU: 0 UID: 0 PID: 14426 Comm: syz.2.1957 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  958.585841][T14426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  958.585853][T14426] Call Trace:
[  958.585862][T14426]  <TASK>
[  958.585871][T14426]  dump_stack_lvl+0x189/0x250
[  958.585905][T14426]  ? __pfx____ratelimit+0x10/0x10
[  958.585934][T14426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  958.585962][T14426]  ? __pfx__printk+0x10/0x10
[  958.585986][T14426]  ? __pfx___might_resched+0x10/0x10
[  958.586013][T14426]  ? fs_reclaim_acquire+0x7d/0x100
[  958.586046][T14426]  should_fail_ex+0x414/0x560
[  958.586076][T14426]  should_failslab+0xa8/0x100
[  958.586103][T14426]  kmem_cache_alloc_noprof+0x73/0x3c0
[  958.586125][T14426]  ? getname_flags+0xb8/0x540
[  958.586156][T14426]  getname_flags+0xb8/0x540
[  958.586187][T14426]  __x64_sys_symlink+0x5d/0x90
[  958.586213][T14426]  do_syscall_64+0xfa/0x3b0
[  958.586229][T14426]  ? lockdep_hardirqs_on+0x9c/0x150
[  958.586256][T14426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.586276][T14426]  ? clear_bhb_loop+0x60/0xb0
[  958.586299][T14426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.586318][T14426] RIP: 0033:0x7f5d5d18e929
[  958.586336][T14426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  958.586353][T14426] RSP: 002b:00007f5d5e084038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  958.586375][T14426] RAX: ffffffffffffffda RBX: 00007f5d5d3b5fa0 RCX: 00007f5d5d18e929
[  958.586399][T14426] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000001000
[  958.586412][T14426] RBP: 00007f5d5e084090 R08: 0000000000000000 R09: 0000000000000000
[  958.586424][T14426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  958.586435][T14426] R13: 0000000000000000 R14: 00007f5d5d3b5fa0 R15: 00007ffdc42fa4c8
[  958.586466][T14426]  </TASK>
[  959.318072][ T5876] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  959.375970][T14436] sp0: Synchronizing with TNC
[  959.495446][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  959.517494][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  959.549764][ T5876] usb 3-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  959.577420][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.637405][ T5876] usb 3-1: config 0 descriptor??
[  960.283991][ T5876] usbhid 3-1:0.0: can't add hid device: -71
[  960.300930][ T5876] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  960.327080][ T5876] usb 3-1: USB disconnect, device number 33
[  960.530622][T14448] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1964'.
[  963.051574][T14477] syzkaller1: entered promiscuous mode
[  963.057287][T14477] syzkaller1: entered allmulticast mode
[  965.070713][T14486] sp0: Synchronizing with TNC
[  965.373999][   T30] audit: type=1326 audit(1750555439.322:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  965.533351][   T30] audit: type=1326 audit(1750555439.322:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  965.744284][   T30] audit: type=1326 audit(1750555439.322:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  966.955022][   T30] audit: type=1326 audit(1750555439.322:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  967.419660][   T30] audit: type=1326 audit(1750555439.322:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  967.437276][T14516] tmpfs: Unknown parameter '/'
[  967.449247][T14515] FAULT_INJECTION: forcing a failure.
[  967.449247][T14515] name failslab, interval 1, probability 0, space 0, times 0
[  967.463975][   T30] audit: type=1326 audit(1750555439.322:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  967.486006][T14515] CPU: 1 UID: 0 PID: 14515 Comm: syz.2.1984 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  967.486034][T14515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  967.486045][T14515] Call Trace:
[  967.486053][T14515]  <TASK>
[  967.486061][T14515]  dump_stack_lvl+0x189/0x250
[  967.486092][T14515]  ? __pfx____ratelimit+0x10/0x10
[  967.486116][T14515]  ? __pfx_dump_stack_lvl+0x10/0x10
[  967.486140][T14515]  ? __pfx__printk+0x10/0x10
[  967.486154][T14515]  ? __local_bh_enable_ip+0x12d/0x1c0
[  967.486186][T14515]  ? sctp_get_port_local+0xe4c/0x1610
[  967.486212][T14515]  should_fail_ex+0x414/0x560
[  967.486248][T14515]  should_failslab+0xa8/0x100
[  967.486272][T14515]  __kmalloc_cache_noprof+0x70/0x3d0
[  967.486293][T14515]  ? sctp_add_bind_addr+0x8c/0x370
[  967.486314][T14515]  sctp_add_bind_addr+0x8c/0x370
[  967.486329][T14515]  ? sctp_auto_asconf_init+0x15c/0x1e0
[  967.486354][T14515]  sctp_do_bind+0x5ab/0x940
[  967.486387][T14515]  sctp_connect_new_asoc+0x25c/0x690
[  967.486411][T14515]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  967.486438][T14515]  ? sctp_get_af_specific+0x29/0x80
[  967.486454][T14515]  ? sctp_inet6_send_verify+0x80/0x300
[  967.486470][T14515]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[  967.486495][T14515]  __sctp_connect+0x5ba/0xd50
[  967.486528][T14515]  ? __pfx___sctp_connect+0x10/0x10
[  967.486553][T14515]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  967.486573][T14515]  ? security_sctp_bind_connect+0x7e/0x2e0
[  967.486598][T14515]  sctp_getsockopt_connectx3+0x2c4/0x440
[  967.486619][T14515]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[  967.486637][T14515]  ? __local_bh_enable_ip+0x12d/0x1c0
[  967.486659][T14515]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  967.486693][T14515]  sctp_getsockopt+0x98a/0xb60
[  967.486716][T14515]  do_sock_getsockopt+0x35d/0x650
[  967.486739][T14515]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  967.486758][T14515]  ? do_syscall_64+0x80/0x3b0
[  967.486772][T14515]  ? __fget_files+0x3a0/0x420
[  967.486792][T14515]  ? __fget_files+0x2a/0x420
[  967.486827][T14515]  __x64_sys_getsockopt+0x1a5/0x250
[  967.486846][T14515]  ? do_syscall_64+0x80/0x3b0
[  967.486862][T14515]  ? do_syscall_64+0x80/0x3b0
[  967.486880][T14515]  do_syscall_64+0xfa/0x3b0
[  967.486894][T14515]  ? lockdep_hardirqs_on+0x9c/0x150
[  967.486917][T14515]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.486933][T14515]  ? clear_bhb_loop+0x60/0xb0
[  967.486955][T14515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.486971][T14515] RIP: 0033:0x7f5d5d18e929
[  967.486987][T14515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  967.487001][T14515] RSP: 002b:00007f5d5e084038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  967.487021][T14515] RAX: ffffffffffffffda RBX: 00007f5d5d3b5fa0 RCX: 00007f5d5d18e929
[  967.487033][T14515] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003
[  967.487043][T14515] RBP: 00007f5d5e084090 R08: 0000200000000080 R09: 0000000000000000
[  967.487054][T14515] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  967.487064][T14515] R13: 0000000000000000 R14: 00007f5d5d3b5fa0 R15: 00007ffdc42fa4c8
[  967.487093][T14515]  </TASK>
[  967.936155][   T30] audit: type=1326 audit(1750555439.322:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  967.982761][T14516] program syz.6.1983 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  967.996783][   T30] audit: type=1326 audit(1750555439.322:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  968.037743][   T30] audit: type=1326 audit(1750555439.322:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  968.186147][   T30] audit: type=1326 audit(1750555439.322:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14494 comm="syz.2.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x7ffc0000
[  968.908388][T14528] tc_dump_action: action bad kind
[  970.438249][T14541] netdevsim netdevsim9 netdevsim0: entered promiscuous mode
[  973.604359][T14556] binder: 14555:14556 ioctl c018620c 200000000040 returned -1
[  973.630857][T14556] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  973.660108][T14571] netlink: 'syz.6.2000': attribute type 10 has an invalid length.
[  974.125275][ T5876] usb 7-1: new full-speed USB device number 30 using dummy_hcd
[  974.165747][T14576] vlan2: entered allmulticast mode
[  974.171225][T14576] dummy0: entered allmulticast mode
[  974.278472][ T5876] usb 7-1: device descriptor read/64, error -71
[  974.311249][T14580] sp0: Synchronizing with TNC
[  974.569126][ T5876] usb 7-1: new full-speed USB device number 31 using dummy_hcd
[  974.597581][T14583] futex_wake_op: syz.2.2003 tries to shift op by 32; fix this program
[  974.718167][ T5876] usb 7-1: device descriptor read/64, error -71
[  974.862809][ T5876] usb usb7-port1: attempt power cycle
[  975.262866][ T5876] usb 7-1: new full-speed USB device number 32 using dummy_hcd
[  975.409550][ T5876] usb 7-1: device descriptor read/8, error -71
[  975.828247][ T5876] usb 7-1: new full-speed USB device number 33 using dummy_hcd
[  976.138798][ T5876] usb 7-1: device descriptor read/8, error -71
[  976.265179][ T5876] usb usb7-port1: unable to enumerate USB device
[  978.553853][T14599] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  980.820662][T14615] can0: slcan on ttyS3.
[  981.445512][T14616] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2010'.
[  981.600207][T14615] can0 (unregistered): slcan off ttyS3.
[  982.405692][T14632] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4)
[  982.638546][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  982.638566][   T30] audit: type=1326 audit(1750555456.582:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  982.929106][   T30] audit: type=1326 audit(1750555456.582:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  982.953589][   T30] audit: type=1326 audit(1750555456.582:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  983.044099][   T30] audit: type=1326 audit(1750555456.582:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  983.502296][   T30] audit: type=1326 audit(1750555456.582:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  984.428245][   T30] audit: type=1326 audit(1750555456.582:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  984.791840][T14649] afs: Unknown parameter 'dy'
[  985.320998][   T30] audit: type=1326 audit(1750555456.582:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  985.376993][   T30] audit: type=1326 audit(1750555456.582:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  985.411553][   T30] audit: type=1326 audit(1750555456.582:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3f3bb8d290 code=0x7ffc0000
[  985.433943][   T30] audit: type=1326 audit(1750555456.582:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.6.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3bb8e929 code=0x7ffc0000
[  985.997840][T14657] hsr0 speed is unknown, defaulting to 1000
[  986.887492][T14684] sp0: Synchronizing with TNC
[  988.730984][T14696] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2034'.
[  989.115294][T14699] afs: Unknown parameter 'dy'
[  992.248962][T12748] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  992.478691][T12748] usb 1-1: Using ep0 maxpacket: 16
[  993.153459][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  993.193153][T12748] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  993.226042][T12748] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  993.266923][T12748] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  993.303312][T12748] usb 1-1: Product: syz
[  993.342828][T12748] usb 1-1: Manufacturer: syz
[  993.347496][T12748] usb 1-1: SerialNumber: syz
[  993.420541][T12748] usb 1-1: config 0 descriptor??
[  993.734005][T14736] FAULT_INJECTION: forcing a failure.
[  993.734005][T14736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  993.735716][T14736] 
[  993.735725][T14736] ======================================================
[  993.735733][T14736] WARNING: possible circular locking dependency detected
[  993.735741][T14736] 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 Not tainted
[  993.735752][T14736] ------------------------------------------------------
[  993.735759][T14736] syz.7.2046/14736 is trying to acquire lock:
[  993.735769][T14736] ffffffff8e132fc0 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x13a/0xc40
[  993.735818][T14736] 
[  993.735818][T14736] but task is already holding lock:
[  993.735824][T14736] ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  993.735869][T14736] 
[  993.735869][T14736] which lock already depends on the new lock.
[  993.735869][T14736] 
[  993.735876][T14736] 
[  993.735876][T14736] the existing dependency chain (in reverse order) is:
[  993.735883][T14736] 
[  993.735883][T14736] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  993.735907][T14736]        lock_acquire+0x120/0x360
[  993.735930][T14736]        _raw_spin_lock_nested+0x32/0x50
[  993.735954][T14736]        raw_spin_rq_lock_nested+0x2a/0x140
[  993.735976][T14736]        task_rq_lock+0xbc/0x470
[  993.735998][T14736]        cgroup_move_task+0x9a/0x590
[  993.736020][T14736]        css_set_move_task+0x658/0x9e0
[  993.736037][T14736]        cgroup_post_fork+0x1ef/0x790
[  993.736053][T14736]        copy_process+0x3862/0x3c00
[  993.736078][T14736]        kernel_clone+0x224/0x7f0
[  993.736093][T14736]        user_mode_thread+0xdd/0x140
[  993.736109][T14736]        rest_init+0x23/0x300
[  993.736125][T14736]        start_kernel+0x47d/0x500
[  993.736148][T14736]        x86_64_start_reservations+0x24/0x30
[  993.736166][T14736]        x86_64_start_kernel+0x143/0x1c0
[  993.736183][T14736]        common_startup_64+0x13e/0x147
[  993.736200][T14736] 
[  993.736200][T14736] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  993.736225][T14736]        lock_acquire+0x120/0x360
[  993.736245][T14736]        _raw_spin_lock_irqsave+0xa7/0xf0
[  993.736276][T14736]        try_to_wake_up+0x6e/0x1290
[  993.736293][T14736]        __wake_up_common_lock+0x137/0x1f0
[  993.736312][T14736]        tty_port_default_wakeup+0xa2/0xf0
[  993.736331][T14736]        serial8250_tx_chars+0x72e/0x970
[  993.736347][T14736]        serial8250_handle_irq+0x633/0xbb0
[  993.736363][T14736]        serial8250_default_handle_irq+0xbf/0x1b0
[  993.736383][T14736]        serial8250_interrupt+0xa5/0x1d0
[  993.736406][T14736]        __handle_irq_event_percpu+0x28c/0x980
[  993.736424][T14736]        handle_irq_event+0x8b/0x1e0
[  993.736441][T14736]        handle_edge_irq+0x267/0x9c0
[  993.736465][T14736]        __common_interrupt+0x143/0x250
[  993.736485][T14736]        common_interrupt+0xb6/0xe0
[  993.736503][T14736]        asm_common_interrupt+0x26/0x40
[  993.736520][T14736]        pv_native_safe_halt+0x13/0x20
[  993.736542][T14736]        default_idle+0x13/0x20
[  993.736557][T14736]        default_idle_call+0x74/0xb0
[  993.736573][T14736]        do_idle+0x1e8/0x510
[  993.736596][T14736]        cpu_startup_entry+0x44/0x60
[  993.736619][T14736]        rest_init+0x2de/0x300
[  993.736635][T14736]        start_kernel+0x47d/0x500
[  993.736657][T14736]        x86_64_start_reservations+0x24/0x30
[  993.736674][T14736]        x86_64_start_kernel+0x143/0x1c0
[  993.736691][T14736]        common_startup_64+0x13e/0x147
[  993.736707][T14736] 
[  993.736707][T14736] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  993.736732][T14736]        lock_acquire+0x120/0x360
[  993.736752][T14736]        _raw_spin_lock_irqsave+0xa7/0xf0
[  993.736773][T14736]        __wake_up_common_lock+0x2f/0x1f0
[  993.736791][T14736]        tty_port_default_wakeup+0xa2/0xf0
[  993.736808][T14736]        serial8250_tx_chars+0x72e/0x970
[  993.736823][T14736]        serial8250_handle_irq+0x633/0xbb0
[  993.736838][T14736]        serial8250_default_handle_irq+0xbf/0x1b0
[  993.736858][T14736]        serial8250_interrupt+0xa5/0x1d0
[  993.736879][T14736]        __handle_irq_event_percpu+0x28c/0x980
[  993.736896][T14736]        handle_irq_event+0x8b/0x1e0
[  993.736912][T14736]        handle_edge_irq+0x267/0x9c0
[  993.736936][T14736]        __common_interrupt+0x143/0x250
[  993.736955][T14736]        common_interrupt+0xb6/0xe0
[  993.736973][T14736]        asm_common_interrupt+0x26/0x40
[  993.736989][T14736]        pv_native_safe_halt+0x13/0x20
[  993.737010][T14736]        default_idle+0x13/0x20
[  993.737025][T14736]        default_idle_call+0x74/0xb0
[  993.737041][T14736]        do_idle+0x1e8/0x510
[  993.737063][T14736]        cpu_startup_entry+0x44/0x60
[  993.737086][T14736]        rest_init+0x2de/0x300
[  993.737103][T14736]        start_kernel+0x47d/0x500
[  993.737123][T14736]        x86_64_start_reservations+0x24/0x30
[  993.737141][T14736]        x86_64_start_kernel+0x143/0x1c0
[  993.737158][T14736]        common_startup_64+0x13e/0x147
[  993.737174][T14736] 
[  993.737174][T14736] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  993.737199][T14736]        lock_acquire+0x120/0x360
[  993.737218][T14736]        _raw_spin_lock_irqsave+0xa7/0xf0
[  993.737239][T14736]        serial8250_console_write+0x17e/0x1ba0
[  993.737264][T14736]        console_flush_all+0x728/0xc40
[  993.737280][T14736]        console_unlock+0xc4/0x270
[  993.737304][T14736]        vprintk_emit+0x5b7/0x7a0
[  993.737328][T14736]        _printk+0xcf/0x120
[  993.737342][T14736]        register_console+0xa8b/0xf90
[  993.737359][T14736]        univ8250_console_init+0x52/0x90
[  993.737383][T14736]        console_init+0x1a1/0x670
[  993.737398][T14736]        start_kernel+0x2cc/0x500
[  993.737419][T14736]        x86_64_start_reservations+0x24/0x30
[  993.737436][T14736]        x86_64_start_kernel+0x143/0x1c0
[  993.737452][T14736]        common_startup_64+0x13e/0x147
[  993.737468][T14736] 
[  993.737468][T14736] -> #0 (console_owner){-.-.}-{0:0}:
[  993.737492][T14736]        validate_chain+0xb9b/0x2140
[  993.737515][T14736]        __lock_acquire+0xab9/0xd20
[  993.737535][T14736]        lock_acquire+0x120/0x360
[  993.737554][T14736]        console_flush_all+0x6d2/0xc40
[  993.737569][T14736]        console_unlock+0xc4/0x270
[  993.737592][T14736]        vprintk_emit+0x5b7/0x7a0
[  993.737615][T14736]        _printk+0xcf/0x120
[  993.737629][T14736]        should_fail_ex+0x3f5/0x560
[  993.737647][T14736]        strncpy_from_user+0x36/0x290
[  993.737664][T14736]        strncpy_from_user_nofault+0x72/0x150
[  993.737685][T14736]        bpf_probe_read_user_str+0x2a/0x70
[  993.737708][T14736]        bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  993.737722][T14736]        bpf_trace_run4+0x3f2/0x4a0
[  993.737740][T14736]        __bpf_trace_sched_switch+0x17a/0x1e0
[  993.737758][T14736]        __traceiter_sched_switch+0x9a/0xd0
[  993.737776][T14736]        __schedule+0x22d4/0x4cb0
[  993.737796][T14736]        preempt_schedule_irq+0xb5/0x150
[  993.737818][T14736]        irqentry_exit+0x6f/0x90
[  993.737840][T14736]        asm_sysvec_reschedule_ipi+0x1a/0x20
[  993.737857][T14736]        kasan_check_range+0xbe/0x2c0
[  993.737878][T14736]        __asan_memset+0x22/0x50
[  993.737893][T14736]        tomoyo_path_number_perm+0xb3/0x5a0
[  993.737913][T14736]        security_file_ioctl+0xcb/0x2d0
[  993.737939][T14736]        __se_sys_ioctl+0x47/0x170
[  993.737954][T14736]        do_syscall_64+0xfa/0x3b0
[  993.737965][T14736]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  993.737977][T14736] 
[  993.737977][T14736] other info that might help us debug this:
[  993.737977][T14736] 
[  993.737982][T14736] Chain exists of:
[  993.737982][T14736]   console_owner --> &p->pi_lock --> &rq->__lock
[  993.737982][T14736] 
[  993.738004][T14736]  Possible unsafe locking scenario:
[  993.738004][T14736] 
[  993.738008][T14736]        CPU0                    CPU1
[  993.738013][T14736]        ----                    ----
[  993.738017][T14736]   lock(&rq->__lock);
[  993.738026][T14736]                                lock(&p->pi_lock);
[  993.738037][T14736]                                lock(&rq->__lock);
[  993.738047][T14736]   lock(console_owner);
[  993.738056][T14736] 
[  993.738056][T14736]  *** DEADLOCK ***
[  993.738056][T14736] 
[  993.738060][T14736] 4 locks held by syz.7.2046/14736:
[  993.738068][T14736]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  993.738104][T14736]  #1: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0
[  993.738137][T14736]  #2: ffffffff8e133020 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120
[  993.738166][T14736]  #3: ffffffff8e01a8f0 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40
[  993.738197][T14736] 
[  993.738197][T14736] stack backtrace:
[  993.738205][T14736] CPU: 0 UID: 0 PID: 14736 Comm: syz.7.2046 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  993.738222][T14736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  993.738230][T14736] Call Trace:
[  993.738236][T14736]  <TASK>
[  993.738242][T14736]  dump_stack_lvl+0x189/0x250
[  993.738271][T14736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  993.738290][T14736]  ? __pfx__printk+0x10/0x10
[  993.738303][T14736]  ? print_lock_name+0xde/0x100
[  993.738325][T14736]  print_circular_bug+0x2ee/0x310
[  993.738347][T14736]  check_noncircular+0x134/0x160
[  993.738369][T14736]  validate_chain+0xb9b/0x2140
[  993.738396][T14736]  __lock_acquire+0xab9/0xd20
[  993.738414][T14736]  ? console_flush_all+0x13a/0xc40
[  993.738427][T14736]  lock_acquire+0x120/0x360
[  993.738442][T14736]  ? console_flush_all+0x13a/0xc40
[  993.738458][T14736]  ? do_raw_spin_unlock+0x122/0x240
[  993.738471][T14736]  ? console_flush_all+0x13a/0xc40
[  993.738484][T14736]  console_flush_all+0x6d2/0xc40
[  993.738497][T14736]  ? console_flush_all+0x13a/0xc40
[  993.738511][T14736]  ? console_flush_all+0x13a/0xc40
[  993.738526][T14736]  ? __pfx_console_flush_all+0x10/0x10
[  993.738542][T14736]  ? is_printk_cpu_sync_owner+0x32/0x40
[  993.738559][T14736]  console_unlock+0xc4/0x270
[  993.738579][T14736]  ? __pfx_console_unlock+0x10/0x10
[  993.738599][T14736]  ? is_printk_cpu_sync_owner+0x32/0x40
[  993.738615][T14736]  vprintk_emit+0x5b7/0x7a0
[  993.738635][T14736]  ? __pfx_vprintk_emit+0x10/0x10
[  993.738654][T14736]  ? strncpy_from_user+0x24e/0x290
[  993.738670][T14736]  ? __lock_acquire+0xab9/0xd20
[  993.738689][T14736]  _printk+0xcf/0x120
[  993.738701][T14736]  ? __pfx____ratelimit+0x10/0x10
[  993.738720][T14736]  ? __pfx__printk+0x10/0x10
[  993.738733][T14736]  ? bpf_trace_run2+0x322/0x4b0
[  993.738750][T14736]  should_fail_ex+0x3f5/0x560
[  993.738766][T14736]  strncpy_from_user+0x36/0x290
[  993.738782][T14736]  strncpy_from_user_nofault+0x72/0x150
[  993.738800][T14736]  bpf_probe_read_user_str+0x2a/0x70
[  993.738819][T14736]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  993.738830][T14736]  bpf_trace_run4+0x3f2/0x4a0
[  993.738845][T14736]  ? bpf_trace_run4+0x19c/0x4a0
[  993.738859][T14736]  ? __pfx_bpf_trace_run4+0x10/0x10
[  993.738874][T14736]  ? __pv_queued_spin_lock_slowpath+0xa05/0xb60
[  993.738896][T14736]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  993.738912][T14736]  __bpf_trace_sched_switch+0x17a/0x1e0
[  993.738927][T14736]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  993.738941][T14736]  ? rcu_read_lock_sched_held+0x89/0x100
[  993.738962][T14736]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  993.738982][T14736]  ? plist_check_list+0x308/0x330
[  993.738999][T14736]  ? task_psi_group+0x50/0x1a0
[  993.739019][T14736]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[  993.739034][T14736]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  993.739049][T14736]  __traceiter_sched_switch+0x9a/0xd0
[  993.739065][T14736]  __schedule+0x22d4/0x4cb0
[  993.739089][T14736]  ? strncpy_from_user+0x1b1/0x290
[  993.739107][T14736]  ? strncpy_from_user+0x24e/0x290
[  993.739122][T14736]  ? preempt_schedule_irq+0xb5/0x150
[  993.739139][T14736]  ? strncpy_from_user+0x257/0x290
[  993.739151][T14736]  ? __pfx___schedule+0x10/0x10
[  993.739165][T14736]  ? bpf_trace_run4+0x19c/0x4a0
[  993.739179][T14736]  ? preempt_schedule_irq+0xaa/0x150
[  993.739194][T14736]  preempt_schedule_irq+0xb5/0x150
[  993.739208][T14736]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  993.739224][T14736]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  993.739239][T14736]  irqentry_exit+0x6f/0x90
[  993.739254][T14736]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  993.739271][T14736] RIP: 0010:kasan_check_range+0xbe/0x2c0
[  993.739286][T14736] Code: cb 48 f7 d3 4c 01 fb 41 80 3b 00 0f 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd 83 e5 07 0f 84 b5 00 00 00 <41> 80 3b 00 4d 89 dc 0f 85 75 01 00 00 83 fd 07 0f 84 8d 00 00 00
[  993.739296][T14736] RSP: 0018:ffffc9001035fba8 EFLAGS: 00000202
[  993.739306][T14736] RAX: ffffffff84787401 RBX: dffffc0000000001 RCX: ffffffff84787433
[  993.739315][T14736] RDX: 0000000000000001 RSI: 00000000000000b0 RDI: ffffc9001035fd10
[  993.739322][T14736] RBP: 0000000000000002 R08: ffffc9001035fdbf R09: 1ffff9200206bfb7
[  993.739330][T14736] R10: dffffc0000000000 R11: fffff5200206bfa2 R12: 0000000000000016
[  993.739338][T14736] R13: 000000000000000d R14: fffff5200206bfb8 R15: 1ffff9200206bfa2
[  993.739347][T14736]  ? tomoyo_path_number_perm+0x81/0x5a0
[  993.739359][T14736]  ? tomoyo_path_number_perm+0xb3/0x5a0
[  993.739374][T14736]  __asan_memset+0x22/0x50
[  993.739384][T14736]  tomoyo_path_number_perm+0xb3/0x5a0
[  993.739397][T14736]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  993.739409][T14736]  ? rcu_is_watching+0x15/0xb0
[  993.739424][T14736]  ? trace_sched_exit_tp+0x38/0x120
[  993.739436][T14736]  ? __schedule+0x16c0/0x4cb0
[  993.739451][T14736]  ? __lock_acquire+0xab9/0xd20
[  993.739464][T14736]  ? hook_file_ioctl+0x1b8/0x530
[  993.739475][T14736]  ? __pfx_hook_file_ioctl+0x10/0x10
[  993.739489][T14736]  ? __fget_files+0x2a/0x420
[  993.739503][T14736]  ? __fget_files+0x2a/0x420
[  993.739516][T14736]  ? __fget_files+0x3a0/0x420
[  993.739528][T14736]  ? __fget_files+0x2a/0x420
[  993.739542][T14736]  security_file_ioctl+0xcb/0x2d0
[  993.739555][T14736]  __se_sys_ioctl+0x47/0x170
[  993.739566][T14736]  do_syscall_64+0xfa/0x3b0
[  993.739576][T14736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  993.739586][T14736]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  993.739596][T14736]  ? clear_bhb_loop+0x60/0xb0
[  993.739608][T14736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  993.739618][T14736] RIP: 0033:0x7f0b9798e929
[  993.739627][T14736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  993.739636][T14736] RSP: 002b:00007f0b957f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  993.739647][T14736] RAX: ffffffffffffffda RBX: 00007f0b97bb6160 RCX: 00007f0b9798e929
[  993.739655][T14736] RDX: 0000200000000100 RSI: 00000000c0205648 RDI: 000000000000000d
[  993.739662][T14736] RBP: 00007f0b957f6090 R08: 0000000000000000 R09: 0000000000000000
[  993.739669][T14736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  993.739675][T14736] R13: 0000000000000000 R14: 00007f0b97bb6160 R15: 00007ffe89d24a98
[  993.739686][T14736]  </TASK>
[  995.163172][T14736] CPU: 0 UID: 0 PID: 14736 Comm: syz.7.2046 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) 
[  995.163191][T14736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  995.163198][T14736] Call Trace:
[  995.163205][T14736]  <TASK>
[  995.163212][T14736]  dump_stack_lvl+0x189/0x250
[  995.163232][T14736]  ? __pfx____ratelimit+0x10/0x10
[  995.163247][T14736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  995.163262][T14736]  ? __pfx__printk+0x10/0x10
[  995.163273][T14736]  ? bpf_trace_run2+0x322/0x4b0
[  995.163288][T14736]  should_fail_ex+0x414/0x560
[  995.163303][T14736]  strncpy_from_user+0x36/0x290
[  995.163316][T14736]  strncpy_from_user_nofault+0x72/0x150
[  995.163331][T14736]  bpf_probe_read_user_str+0x2a/0x70
[  995.163346][T14736]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  995.163357][T14736]  bpf_trace_run4+0x3f2/0x4a0
[  995.163369][T14736]  ? bpf_trace_run4+0x19c/0x4a0
[  995.163380][T14736]  ? __pfx_bpf_trace_run4+0x10/0x10
[  995.163391][T14736]  ? __pv_queued_spin_lock_slowpath+0xa05/0xb60
[  995.163409][T14736]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  995.163422][T14736]  __bpf_trace_sched_switch+0x17a/0x1e0
[  995.163434][T14736]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  995.163446][T14736]  ? rcu_read_lock_sched_held+0x89/0x100
[  995.163461][T14736]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  995.163477][T14736]  ? plist_check_list+0x308/0x330
[  995.163491][T14736]  ? task_psi_group+0x50/0x1a0
[  995.163506][T14736]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[  995.163518][T14736]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  995.163529][T14736]  __traceiter_sched_switch+0x9a/0xd0
[  995.163542][T14736]  __schedule+0x22d4/0x4cb0
[  995.163559][T14736]  ? strncpy_from_user+0x1b1/0x290
[  995.163571][T14736]  ? strncpy_from_user+0x24e/0x290
[  995.163582][T14736]  ? preempt_schedule_irq+0xb5/0x150
[  995.163596][T14736]  ? strncpy_from_user+0x257/0x290
[  995.163608][T14736]  ? __pfx___schedule+0x10/0x10
[  995.163622][T14736]  ? bpf_trace_run4+0x19c/0x4a0
[  995.163635][T14736]  ? preempt_schedule_irq+0xaa/0x150
[  995.163650][T14736]  preempt_schedule_irq+0xb5/0x150
[  995.163665][T14736]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  995.163681][T14736]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  995.163696][T14736]  irqentry_exit+0x6f/0x90
[  995.163711][T14736]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  995.163723][T14736] RIP: 0010:kasan_check_range+0xbe/0x2c0
[  995.163738][T14736] Code: cb 48 f7 d3 4c 01 fb 41 80 3b 00 0f 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd 83 e5 07 0f 84 b5 00 00 00 <41> 80 3b 00 4d 89 dc 0f 85 75 01 00 00 83 fd 07 0f 84 8d 00 00 00
[  995.163748][T14736] RSP: 0018:ffffc9001035fba8 EFLAGS: 00000202
[  995.163759][T14736] RAX: ffffffff84787401 RBX: dffffc0000000001 RCX: ffffffff84787433
[  995.163768][T14736] RDX: 0000000000000001 RSI: 00000000000000b0 RDI: ffffc9001035fd10
[  995.163775][T14736] RBP: 0000000000000002 R08: ffffc9001035fdbf R09: 1ffff9200206bfb7
[  995.163783][T14736] R10: dffffc0000000000 R11: fffff5200206bfa2 R12: 0000000000000016
[  995.163791][T14736] R13: 000000000000000d R14: fffff5200206bfb8 R15: 1ffff9200206bfa2
[  995.163800][T14736]  ? tomoyo_path_number_perm+0x81/0x5a0
[  995.163813][T14736]  ? tomoyo_path_number_perm+0xb3/0x5a0
[  995.163828][T14736]  __asan_memset+0x22/0x50
[  995.163839][T14736]  tomoyo_path_number_perm+0xb3/0x5a0
[  995.163852][T14736]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  995.163865][T14736]  ? rcu_is_watching+0x15/0xb0
[  995.163879][T14736]  ? trace_sched_exit_tp+0x38/0x120
[  995.163892][T14736]  ? __schedule+0x16c0/0x4cb0
[  995.163907][T14736]  ? __lock_acquire+0xab9/0xd20
[  995.163920][T14736]  ? hook_file_ioctl+0x1b8/0x530
[  995.163932][T14736]  ? __pfx_hook_file_ioctl+0x10/0x10
[  995.163945][T14736]  ? __fget_files+0x2a/0x420
[  995.163959][T14736]  ? __fget_files+0x2a/0x420
[  995.163972][T14736]  ? __fget_files+0x3a0/0x420
[  995.163985][T14736]  ? __fget_files+0x2a/0x420
[  995.163999][T14736]  security_file_ioctl+0xcb/0x2d0
[  995.164013][T14736]  __se_sys_ioctl+0x47/0x170
[  995.164025][T14736]  do_syscall_64+0xfa/0x3b0
[  995.164035][T14736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  995.164045][T14736]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  995.164056][T14736]  ? clear_bhb_loop+0x60/0xb0
[  995.164067][T14736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  995.164078][T14736] RIP: 0033:0x7f0b9798e929
[  995.164088][T14736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  995.164096][T14736] RSP: 002b:00007f0b957f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  995.164113][T14736] RAX: ffffffffffffffda RBX: 00007f0b97bb6160 RCX: 00007f0b9798e929
[  995.164121][T14736] RDX: 0000200000000100 RSI: 00000000c0205648 RDI: 000000000000000d
[  995.164129][T14736] RBP: 00007f0b957f6090 R08: 0000000000000000 R09: 0000000000000000
[  995.164135][T14736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  995.164142][T14736] R13: 0000000000000000 R14: 00007f0b97bb6160 R15: 00007ffe89d24a98
[  995.164153][T14736]  </TASK>
[  995.933470][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  995.933483][   T30] audit: type=1326 audit(1750555469.882:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.2.2047" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d5d18e929 code=0x0
[  996.844086][T12748] usb 1-1: USB disconnect, device number 41