last executing test programs:

28m17.492206532s ago: executing program 32 (id=621):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

26m1.672226909s ago: executing program 4 (id=1493):
r0 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
clock_getres(0x0, 0x0)
madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000180)={0x0, 0x0, 0x102, 0x6, {0x5, 0x9, 0xd, 0x58}})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_SET_EXPR={0x14, 0x11, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFT_MSG_NEWSETELEM={0x38, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r5, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40000002)
sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}, 0x20000041)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
socket(0x40000000015, 0x805, 0x0)
getsockopt(r3, 0x10117, 0xfbfffffe, 0x0, &(0x7f00000000c0)=0xfffffffffffffe6e)
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12050000003d7940c71a010019cc010203010902ac3f0100000000"], 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xcc, 0x1, 0x6, 0x3}})

25m58.511506739s ago: executing program 4 (id=1508):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b7db000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e83a02650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0)
r3 = open(&(0x7f00000003c0)='./file2\x00', 0x81, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3)

25m58.283871078s ago: executing program 4 (id=1510):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$uac3(r0, &(0x7f0000000040)={0x14, &(0x7f0000000000)={0x0, 0x2, 0x2, {0x2, 0x21}}, 0x0}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9901)
syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00')
prlimit64(0x0, 0xe, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)

25m57.088148734s ago: executing program 4 (id=1515):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0xcaf, &(0x7f0000000100)={0x0, 0xb601, 0x1, 0x5, 0x17a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1, 0x1e})
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(0xffffffffffffffff, 0x0, 0x880)
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x1, 0x3a6c40)
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
io_uring_enter(r1, 0x847ba, 0x20000000, 0xe, 0x0, 0x0)

25m56.488429293s ago: executing program 33 (id=1515):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0xcaf, &(0x7f0000000100)={0x0, 0xb601, 0x1, 0x5, 0x17a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1, 0x1e})
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(0xffffffffffffffff, 0x0, 0x880)
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x1, 0x3a6c40)
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
io_uring_enter(r1, 0x847ba, 0x20000000, 0xe, 0x0, 0x0)

24m58.29651978s ago: executing program 0 (id=1740):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000880)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@flat=@weak_handle={0x77682a85, 0xa}, @fda={0x66646185, 0x9, 0x2, 0x2d}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x19}}, &(0x7f00000003c0)={0x0, 0x18, 0x38}}, 0x40}], 0x0, 0x0, 0x0})

24m58.162763742s ago: executing program 0 (id=1742):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x40000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0x0)
r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000500)="14", 0x1, 0xfffffffffffffffd)
keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55)
syz_init_net_socket$ax25(0x3, 0x3, 0x8)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r7, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9e", 0x78}], 0x1}}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000001040)="39e6f0f5240525bf127de94fe5cfc0b0f2c98c4ac8bf0568e948e0274b0445d03a56f1bfe147fb8ac1da60b16f07dbe40e90d68b4619d12165154b679949da907d460d298e92e0d24077e89d302255e0a9626f61e6dc304713126dd04ca5e168c8f7894d2d189c22945826101c5199f90c3734146364f2195120530ab5e42614a3cb5651b1fc7b17d61955840b5c9adbeffa334d38da282e42b01ea9d6b5a7", 0x9f}, {&(0x7f0000001100)}, {&(0x7f0000001200)="e86b23ea031a0d0335d120405fcbc0e8261e54e194b7ac7427e456a0c74eba6fd030e30723c080ff9d1d60aa58929f37061fea9199560e8c9734c24ad5a9849b6dc72795f44e9954bf08f35b5483099d17afa38d10de84516fb241942b5dc2443a0df8de2b82fba03bd1aaf1a8b54a56340e1c17ec2c1f797cb9e8534005fad205586e8df9c5e5846de0a63ea0935349fbe97099bcd39d198870265cb0e9d30982731773077edf0340e001654b40167f7172daaaf09261d1a91c77ab96126862c5af4dedd795869895c3f9770a945fc27c4579371167a0e2981f9e678f36a1f5c630359af6d41a45159b21d214d2b46132bc35cb5dc8a2324c3b447144e3ec5aa60a0791c33111d4c18e54f0f61d99dc68d109530c58fbb766a533071d8f12d4fa93efa0867620756cb13183b963714fc8f641ff59bcb98d36d132c30e4aacf1585a2aa076bf6ab258ee85734651c05ab4c24c32f18f2a884ff3562b367cb24c4e35587a42b7da49d69756a1f5e1e8eac669e0b968e8d88d863f7ea0a364926f0fb64d8f347c39f68ae32be6a3d875a7470dd209327d4060c75fba01cfb285aca1e8a1bddf0759ba9485bcbb585593374041cb2354fcee8290aad5ffc690a4c8e36ae09540b10f40310567b2c82ab527d403468524a4d42488e2a8f8a144ee47e00ffbfc09aa3138237780e160e63c97700d5c1a5c8e198e223d11bcc2e684c04c42d185977aa42accf31fb8d90162e07dbf4dcc6222e0e3d81493c390a61bf506ba14b044fc268e0a04756440280d62e249857eea9234cbd65d7e08ad58bcccd4244c2ebd7c781f4661fc448e04db6a9150d48022ce3aebddba51c23ae242a9c6d8ad4f4dff925f5a7033b5f6f765d96aa316ec31ef2c022e2c381defb051b81aa9710379e8e775abe6e9d632439c998ffa48e7e54208d12a4c2e018f2873e26f6ea2c758cbd10069baba0f85d8509c5c4475b29c6358c96dd61ae8181a99cd453820f6a6509c29543b9c7db410e6d9d60082ccc2602b8cf91a59a8b8c2fcba7f43913f4b0a2842042f20488cf58de93150a9b7d0a7c4b9a84ad330ca34efbe0a878064983c915a6f24a35dfdd866f53326ecc117f84b4e46449eb5cb4164288fcbad2562e8ba76a6d18b9e58ef69973a7ff12618e4dfbeada86b059be11ed49317e47b5205d74966f72f92db62baef8809f0a9f75faec55b8ad241277a5f", 0x35f}], 0x3, &(0x7f0000002340)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8004}}, @ip_retopts={{0x10}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}], 0x48}}, {{&(0x7f0000002440)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x4, 0xc054)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)

24m56.423745881s ago: executing program 0 (id=1745):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8010743f, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x388, 0x41d9fda7)

24m55.448456716s ago: executing program 0 (id=1748):
socket$inet(0x2, 0x4000000000000001, 0xfffffffe)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp384-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
recvmmsg(r1, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000000340)=""/1, 0x1}], 0x1}, 0xe75}], 0x3aa0, 0x60002000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

24m52.805380726s ago: executing program 0 (id=1757):
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x28800, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10b)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x800)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0xb8, r0}, './file0\x00'})

24m51.506667493s ago: executing program 0 (id=1761):
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001900)={0x1, 0x0, [{0x0, 0xe4, &(0x7f0000000300)=""/228}]})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa5}, 0x94)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1)

24m36.30233266s ago: executing program 34 (id=1761):
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001900)={0x1, 0x0, [{0x0, 0xe4, &(0x7f0000000300)=""/228}]})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa5}, 0x94)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1)

16m24.577374512s ago: executing program 7 (id=2967):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xc0)
llistxattr(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x2)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r5 = accept4$rose(0xffffffffffffffff, &(0x7f0000000380)=@full={0xb, @dev, @null, 0x0, [@null, @bcast, @bcast, @null, @bcast, @bcast]}, &(0x7f0000000180)=0x40, 0x0)
ioctl$sock_rose_SIOCDELRT(r5, 0x890c, &(0x7f0000000300)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x9, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x8, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]})
connect$x25(r4, &(0x7f0000000a80), 0x12)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r6 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x0, 0x0})
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
ptrace$poke(0x420e, 0x0, 0x0, 0xfffffffffffffffe)
write$UHID_SET_REPORT_REPLY(r0, &(0x7f00000007c0)=ANY=[], 0xffe0)

16m22.937195038s ago: executing program 7 (id=2970):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r3, 0x0, 0x8, 0x0, 0x1)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x8916, 0x0)
ioctl(0xffffffffffffffff, 0x8936, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='zonefs\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
recvfrom(r5, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

16m21.910397738s ago: executing program 7 (id=2971):
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
syz_open_dev$loop(0x0, 0x1, 0x122c42)
socket$kcm(0x10, 0x6, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x101, 0xab02)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="d60400007d0000000524010000000000000000000000000000000000000000000c40000000000000000000000000000000002e00046e6f645a3dbf640237fc6225ffffff8005000000000000ff03ff92e91600059b65712c93cb3db6c231d119aaa139007002007dfa673effeb09b5351f5bde054000000000187b82d9b56928fbbf0b00002b595fcb14034354b9fd9ef196a51cd5157adc8106b494e13500cf60372d61cceab8c88641eb93b4ccf6002ab87bfc012796093f68305c4d2220837e0108e2e748501c51484ba02f109caaf91509a25500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cdb80e8d40700000037009d036f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0c41f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa75f8246bcc42eaa8c631c0c500959a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d7238593aed3b42ee7cac07de09d1d68a60333a882467d2b31aafb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fecdfd529f382066664c0fb4e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae122e6105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fc200000030e4ee2bfc7f8050851143e5161acd47150acbaf743822dfe203b108d37e914dc1e53e234c509eca4107a1712caa9da53d051c36884c79182661f3ca36bcdbfbbd267109f8319d8dd5c07099eb1b11030655f562694f61743d19421b4a19ef8b8b4ce9c993c7d6cb300c4e657a4e50a35b5cc16b8c161a8e3df9036bbcf28adcd19a6c4c291709aee5ab3e5bc5ae29f475e4d24408b5167d0faf5fc1566b705c8b60afa8aca42f7e0469188a0ef062ca18e38f9ee10ac77d2b7eb9d60ea79fdb556411e59dfbd8dbb8a2a6622ebcf84c696fa4da21bad2320d0d68e9bf4346f0686119a39e400395c8f2825ea069ae0e143bd1a44179ed8e3cea0b5e9a19cc7ffa500fa41b6c8049bde45827d54ec901d27ad125056889b3336b3f06838c5b667ae22efe3bc15b825f7fbce48027281cf9fe8fc21fc77c243de26705310eb81cf74de0293192a13f6ad057de61fd8aba8ef4439bc06a45b2b03162515a23433afeb52aedb5ab6f334653380515f779f35dc8a78c37772492a2284c21d21356d473f00f85137c7bf0636f757d3528869b3f007735cff85c9d978bf55dcc26d62d25e308f08827a91ff47bec92f8e91e7908665400aa4e39b35986239d5c7b9492c5bb26bc55b55b49ed70486e6e7da38c208450f9f79e1b4100000000000000000000000000ae51ceba44f717f0a07749239b5d08f8c5c0ad7951e0a7c7f3db8dfd3f8657258a6c04f32d57ad2873de45fa98b0f8267917ff9b3e9c0d74a5aca206fe29e0c1039f22553c2747425d831030782ee78f8ba35de318c53f094f925cc9782e94b6c870a487678bfae745dff268bda7fdec873ce4fb4b8dcba0419b30449adfef724162bfb10aafcfea48a67fae7733cc3a", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0], 0x4d6)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000a, 0x204031, r2, 0xffffd000)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r3 = userfaultfd(0x80000)
ioctl$UFFDIO_MOVE(r3, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000dd7000/0x4000)=nil, &(0x7f00001e2000/0x1000)=nil, 0x4000})

16m17.941282658s ago: executing program 7 (id=2980):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000"], 0x48)
r0 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='macvlan1\x00', 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x80)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x10000000000000, 0x2a0000)
fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, <r1=>0x0})
sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r3, &(0x7f0000000280)={0x1f, 0x41, @any, 0x400}, 0xe)
listen(r3, 0x0)
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
io_uring_enter(0xffffffffffffffff, 0x7b20, 0xe93c, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newrule={0x30, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1f}, [@FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'erspan0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x81}, 0x44004)

16m16.447749694s ago: executing program 7 (id=2984):
bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e23, @multicast1}, 0x10)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
getpgrp(0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7}, 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r3, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbda}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x1, 0x3, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x52, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb86dd60000000000000002d8000bbde800000000000000000000000001d000000000000009078020300000000000000000000000000006000209a6221809512090987"], 0x0)

16m15.564288049s ago: executing program 7 (id=2985):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYBLOB="0000000000000000b7080000000000007b8a"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = io_uring_setup(0x3aa5, &(0x7f00000002c0)={0x0, 0x32b6, 0x880, 0x0, 0x35d})
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd", 0x19)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, 0x0, 0x4008040)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x123481, 0x127)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = syz_open_dev$media(&(0x7f0000000040), 0x7fdffffe, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000080)=<r5=>0xffffffffffffffff)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, r5, 0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)

15m59.083786048s ago: executing program 35 (id=2985):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYBLOB="0000000000000000b7080000000000007b8a"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = io_uring_setup(0x3aa5, &(0x7f00000002c0)={0x0, 0x32b6, 0x880, 0x0, 0x35d})
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd", 0x19)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, 0x0, 0x4008040)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x123481, 0x127)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = syz_open_dev$media(&(0x7f0000000040), 0x7fdffffe, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000080)=<r5=>0xffffffffffffffff)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, r5, 0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)

15m45.028139206s ago: executing program 6 (id=3031):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_int(r0, 0x1, 0x3c, 0x0, &(0x7f0000000480))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
memfd_create(&(0x7f0000000700)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xcc\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\xae\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xac\b\x003\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\x06\x00\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xaaw\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10\x04\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\x9c\xce\xf5|q+\t\x11G\x1c\xe7\x9e\x88\xfb\x96\xbe\v:0', 0x2)
r4 = syz_io_uring_setup(0x110, &(0x7f0000000340)={0x0, 0x7af1, 0x80, 0x3, 0x3da}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
io_uring_register$IORING_REGISTER_FILES(r4, 0x2, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4007, @fd_index, 0x400000080001001, 0x0})
io_uring_enter(r4, 0x47f3, 0xfffffffe, 0x0, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_NAPI(r4, 0x1c, 0x0, 0x1)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r7 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, 0xffffffffffffffff, 0x0)

15m42.567603633s ago: executing program 6 (id=3036):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000000080000000000000000000850000006100000085000000a000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r3, 0x0, 0xe, 0x0, &(0x7f0000000040)="7a7fa22c2a1a89df53ef2a2d86dd", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1})
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'erspan0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r6, 0x89a2, &(0x7f0000000200)='bridge0\x00')

15m36.976659744s ago: executing program 6 (id=3046):
openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80800)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x7c1c, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'ip6gre0\x00'})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000003c0)={0xa, 0x4e24, 0x9, @mcast2, 0x80}, 0x1c)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x20}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xac800000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

15m33.622539807s ago: executing program 6 (id=3053):
socket$netlink(0x10, 0x3, 0x0)
msgget$private(0x0, 0x8)
socket$kcm(0x2d, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x28, '\x00', @buffer={"67156e93446a62b429dbc528411c5c2e13dcf1eed699475586a0f96baf9718c4", 0x20}, 0x802}]})
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r5 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x42000, 0x10)
r6 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x240880c0, &(0x7f0000000280)={0xa, 0xe20, 0x0, @mcast1}, 0x1c)
sendto$inet6(r6, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b", 0x69, 0xc001, 0x0, 0x0)
setsockopt$inet6_mtu(r6, 0x29, 0x17, &(0x7f0000000500)=0x5, 0x4)
sendto$inet6(r6, 0x0, 0x60, 0x40000, 0x0, 0x0)
r7 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x80001, 0x373}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000240)=<r9=>0x0)
ioctl$FE_DISEQC_RESET_OVERLOAD(0xffffffffffffffff, 0x6f3e, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0x0, &(0x7f00000002c0)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/188, 0xbc}, {0x0}], 0x4, 0x2, 0x1})
io_uring_enter(r7, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

15m27.155438243s ago: executing program 6 (id=3066):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x8000400)
eventfd2(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket(0x28, 0x5, 0x0)
getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, 0x0, 0x0)
syz_emit_ethernet(0x62, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f00000010c0)=""/4111)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

15m25.702951605s ago: executing program 6 (id=3067):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, 0x0)
setrlimit(0xf, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x34, 0x0, 0x20, 0x70bd29, 0xfffffffc, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x800)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000001c0)="2e0f01c866b9800000c00f326635000400000f300f20e06635800000000f22e0360fc77df3ff9e0000f2d99806000fa7c0b800008ed866db440026da02", 0x3d}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xdddd1000}, {'\x00', "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e80900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700"}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x8, @empty, 0x80ad}, 0x1c)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x1, 0x4, 0x20})
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)

15m10.060047533s ago: executing program 36 (id=3067):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, 0x0)
setrlimit(0xf, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x34, 0x0, 0x20, 0x70bd29, 0xfffffffc, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x800)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000001c0)="2e0f01c866b9800000c00f326635000400000f300f20e06635800000000f22e0360fc77df3ff9e0000f2d99806000fa7c0b800008ed866db440026da02", 0x3d}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xdddd1000}, {'\x00', "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e80900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700"}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e20, 0x8, @empty, 0x80ad}, 0x1c)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x1, 0x4, 0x20})
ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0)

2m42.224095429s ago: executing program 8 (id=5368):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000001b80)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
r3 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x345})
io_uring_enter(r3, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a40)=ANY=[], 0x2c}, 0x1, 0x1000000, 0x0, 0x24008400}, 0x4004a040)
getsockopt$inet_buf(r1, 0x0, 0x41, 0x0, &(0x7f0000001180))
sched_getaffinity(0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = semget$private(0x0, 0x20000000102, 0x0)
semctl$SETALL(r7, 0x0, 0x11, &(0x7f0000000680))
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x38400, 0x0)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)={@broadcast, @remote, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x44, 0x3a, 0x0, @private0={0xfc, 0x0, '\x00', 0xfd}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2d}, @local, [@hopopts={0x11}], "fafb17c163a3040b7758ba1b"}}}}}}}, 0x0)

2m41.644132358s ago: executing program 8 (id=5370):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000140)=0x9)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, 0x0, 0x0, 0x40408d1)
shutdown(r0, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000001380))
getdents(r2, &(0x7f0000001000)=""/4085, 0xff5)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r3, 0x29, 0x40, 0x0, &(0x7f0000000000))
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r4 = syz_open_dev$I2C(&(0x7f00000000c0), 0x8000000000000000, 0x121c80)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f00000001c0)={&(0x7f0000001840)=[{0x8001, 0x10, 0x0, 0x0}], 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}, 0x94)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20004800)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
fchdir(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYRESOCT=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

2m39.927475927s ago: executing program 8 (id=5373):
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x0)
add_key$user(0x0, &(0x7f00000005c0), 0x0, 0x0, 0xfffffffffffffffd)
prlimit64(0x0, 0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r0 = getpid()
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$isdn(0x22, 0x2, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, <r5=>r3})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1ff, 0x141941)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000})
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, 0x0)
socket$isdn(0x22, 0x2, 0x2)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r5, 0xc008aec1, &(0x7f0000000040)={0x1, 0x0, [{0x80000000, 0x7, 0x1, 0x7, 0xffff, 0x40, 0x5}]})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r7, 0x4048587b, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r7, 0x40043311, 0x0)

2m37.52551112s ago: executing program 8 (id=5381):
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e25, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf8}}, 0x7ffe}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$sock_timeval(r0, 0x1, 0x14, 0x0, &(0x7f00000002c0))
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000000c0)=0xff)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000180)=0x7a)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)

2m33.925526205s ago: executing program 8 (id=5388):
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/mnt\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2m32.714386935s ago: executing program 8 (id=5389):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x85, &(0x7f0000000180)=""/133}, 0x94)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f000001b000), 0x2000, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16], 0x5c}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x1, 0x7fff, 0x3, 0x47f}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = getpgrp(0x0)
syz_pidfd_open(r5, 0x0)
getsockopt(0xffffffffffffffff, 0x8, 0x1ff, 0x0, &(0x7f000001b080))
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
sync()
r7 = accept$alg(r6, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000880)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f000001d780)=ANY=[], 0x25a0}, 0x1, 0x0, 0x0, 0x20040080}, 0x40000)
accept4(r7, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000240)=@raw={'raw\x00', 0x3c1, 0x3, 0x500, 0x360, 0x8, 0x7f02ae, 0x360, 0x200, 0x498, 0x2e8, 0x2e8, 0x498, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2d8, 0x2f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r1}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0xfc}, @private2, [], [], 'veth0_to_team\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@mh={{0x28}, {"a27d"}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x13, 0xec, 0x5, 0x400, 'snmp\x00', 'syz0\x00', {0xffffffff8cdbbefd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)

2m17.035243855s ago: executing program 37 (id=5389):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x85, &(0x7f0000000180)=""/133}, 0x94)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f000001b000), 0x2000, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16], 0x5c}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x1, 0x7fff, 0x3, 0x47f}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = getpgrp(0x0)
syz_pidfd_open(r5, 0x0)
getsockopt(0xffffffffffffffff, 0x8, 0x1ff, 0x0, &(0x7f000001b080))
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
sync()
r7 = accept$alg(r6, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000880)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f000001d780)=ANY=[], 0x25a0}, 0x1, 0x0, 0x0, 0x20040080}, 0x40000)
accept4(r7, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000240)=@raw={'raw\x00', 0x3c1, 0x3, 0x500, 0x360, 0x8, 0x7f02ae, 0x360, 0x200, 0x498, 0x2e8, 0x2e8, 0x498, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2d8, 0x2f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r1}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0xfc}, @private2, [], [], 'veth0_to_team\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@mh={{0x28}, {"a27d"}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x13, 0xec, 0x5, 0x400, 'snmp\x00', 'syz0\x00', {0xffffffff8cdbbefd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)

1m37.02805267s ago: executing program 5 (id=5506):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c000000090000000500000000000081"], 0x0, 0x3d, 0x0, 0x1}, 0x28)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00')
exit(0xffff)
read$FUSE(r1, 0x0, 0x0)
ioctl$NBD_SET_SIZE(r1, 0xab02, 0x8)
syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x80000)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000000), 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
getsockopt$MRT6(0xffffffffffffffff, 0x29, 0xce, 0x0, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})

1m32.160171039s ago: executing program 5 (id=5513):
getpid()
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
socket$inet(0x2, 0x2, 0x0)
socket$inet(0x2, 0x80000, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f0000000180), &(0x7f00000008c0)=0x4)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0xcc09, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r3=>0x0, &(0x7f0000000480)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0})
io_uring_enter(r2, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
madvise(&(0x7f0000bdd000/0x3000)=nil, 0x3000, 0x2)
setns(0xffffffffffffffff, 0x66020000)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0x31, &(0x7f0000001600), 0x4)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)

1m31.764101528s ago: executing program 5 (id=5515):
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
kexec_load(0xd0ffbf, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
syz_emit_ethernet(0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x40010, 0xffffffffffffffff, 0x6e855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
clock_adjtime(0x0, &(0x7f00000006c0)={0x7fff, 0xf423f, 0x0, 0xa, 0x0, 0x2c43, 0xa00, 0xb000000, 0x0, 0x300, 0x0, 0x2902, 0x20, 0x100000001, 0x0, 0x0, 0x8000000000000000})
unshare(0x28040680)
r3 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x1, 0x5)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000009c0)={r4, &(0x7f0000000ac0), 0x0, 0x1}, 0x20)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_CAP_AMBIENT(0x2f, 0x5, 0x15)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x8400, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x88}}, 0x28014014)

1m20.211313344s ago: executing program 5 (id=5534):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getpeername$netrom(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r6, &(0x7f0000000040)=""/138, 0x8a)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080)
sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x10000007, 0xfffc, 0xe655, 0x2, 0x85, 0x8, 0xff}, 0x9c)

1m15.130226561s ago: executing program 5 (id=5543):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x5, &(0x7f0000000040)=[{0xe3, 0x6, 0x3, 0x8}, {0x3, 0x1f, 0x5, 0x3}, {0x7, 0xff, 0x86, 0x10001}, {0x1, 0x5, 0x7, 0x1}, {0x8, 0x6, 0x8, 0x1}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x54, r4, 0x1, 0x80000, 0x1, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x54}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008000)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT, @ANYRES32=r1, @ANYRESOCT=r5, @ANYRESOCT=0x0], 0x48)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), 0x0)
syz_open_dev$sndctrl(&(0x7f0000000280), 0x0, 0x0)
openat$dsp(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)

1m13.658292137s ago: executing program 5 (id=5545):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00'})
socket(0x11, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sched_setattr(0x0, &(0x7f00000013c0)={0x38, 0x5, 0x8, 0x8801, 0x0, 0xd, 0x8000, 0xfffffe0000000000, 0xfa11, 0xfffffffe}, 0x0)
r2 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r3, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0x100000000000f7)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRESDEC=r5], 0x31)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004)
r6 = add_key(&(0x7f0000000340)='logon\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
r7 = gettid()
sched_setattr(r7, &(0x7f0000000140)={0x38, 0x5, 0x3, 0x5, 0x6, 0x3, 0x2, 0xa1, 0x7, 0xe}, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, r6)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2})
r8 = socket(0x22, 0x802, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000180)=0x3ad3, 0x4)
sendmmsg(r8, &(0x7f0000000c80)=[{{&(0x7f0000000000)=@qipcrtr={0x2a, 0x4, 0x7fff}, 0x80, 0x0}}], 0x1, 0x4008840)

58.800728571s ago: executing program 38 (id=5545):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00'})
socket(0x11, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sched_setattr(0x0, &(0x7f00000013c0)={0x38, 0x5, 0x8, 0x8801, 0x0, 0xd, 0x8000, 0xfffffe0000000000, 0xfa11, 0xfffffffe}, 0x0)
r2 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r3, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0x100000000000f7)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRESDEC=r5], 0x31)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004)
r6 = add_key(&(0x7f0000000340)='logon\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
r7 = gettid()
sched_setattr(r7, &(0x7f0000000140)={0x38, 0x5, 0x3, 0x5, 0x6, 0x3, 0x2, 0xa1, 0x7, 0xe}, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, r6)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2})
r8 = socket(0x22, 0x802, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000180)=0x3ad3, 0x4)
sendmmsg(r8, &(0x7f0000000c80)=[{{&(0x7f0000000000)=@qipcrtr={0x2a, 0x4, 0x7fff}, 0x80, 0x0}}], 0x1, 0x4008840)

28.042787832s ago: executing program 4 (id=5568):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
getpeername$netrom(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r5, &(0x7f0000000040)=""/138, 0x8a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x10000007, 0xfffc, 0xe655, 0x2, 0x85, 0x8, 0xff}, 0x9c)

25.25082078s ago: executing program 1 (id=5627):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0xa2240, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setrlimit(0xf, 0x0)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
get_mempolicy(0x0, 0x0, 0x3, &(0x7f0000003000/0x2000)=nil, 0x3)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x15, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="11000000040000000400000008000000000000009adb6f29660f4cd5e7cfafc614ad8d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f00000001c0), 0x0}, 0x20)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x5, 0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0)

17.262861625s ago: executing program 1 (id=5640):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x18)

14.868563273s ago: executing program 1 (id=5643):
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs$namespace(r1, &(0x7f0000000000)='ns/uts\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r3, 0xffffffffffffffff, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
socket$kcm(0xa, 0x3, 0x3a)
r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0xffff2369, 0x1, 0x2})

13.290191696s ago: executing program 2 (id=5646):
fsopen(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x5, &(0x7f0000000040)=[{0xe3, 0x6, 0x3, 0x8}, {0x3, 0x1f, 0x5, 0x3}, {0x7, 0xff, 0x86, 0x10001}, {0x1, 0x5, 0x7, 0x1}, {0x8, 0x6, 0x8, 0x1}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x54, 0x0, 0x1, 0x80000, 0x1, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x54}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000000018000680050043001f0000000c00018008000140ffffffff05000500020000000500010006"], 0x64}}, 0x20000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT, @ANYRES32=r1, @ANYRESOCT=r4, @ANYRESOCT=0x0], 0x48)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), 0x0)
syz_open_dev$sndctrl(&(0x7f0000000280), 0x0, 0x0)
openat$dsp(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)

11.911165759s ago: executing program 1 (id=5648):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r0, 0x8008976)
r1 = syz_open_dev$vim2m(0x0, 0xfffffffffffffffe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x240400c4)
bpf$MAP_CREATE(0x0, &(0x7f00000014c0)=ANY=[@ANYRESOCT=r3, @ANYRESDEC=r0, @ANYRESOCT=r2, @ANYBLOB="e19aa95eff4d1d8eced7fded3074ffc46023bae62b96a272f3bb6d6777c1474674dfa1183c2f73b21dd8513a2435b3c281a0351a01752291c7253b4cf83da99d0585e211648671eb0d1f08be3b7b3dabf83dacba19836c1bfae891cf42af46f365f129e881563e55b22fcb42e9ee21cbfe3ae7b6bb9e01ecbbf0d90d80fe8fe49029946321c2db2f158de50844a27312fd096bef74fd368a64f5bdecebe36d807a36907263cf2bcefa15b43ba2648a67e22580cda537e5d821fb16a2ce6bde21a3be8e50a237d8a0ac2203a303495f933a6283a0b19476873fa8bf0d963b72dafa8cd3dfd4872fe4fc8c16b7d4e3389d567167fcc96ff2d04e0bc38a82f9a1677053fc5edcb5acf3e93fef06ac581b1c1ef1c16119677a35612e0c759923173de6a0a898fcfb4709aa01fa76b25be4a598faf57f074c1fa998af9d87c24b79321e6f940cc790def394e163403bce29f04199213dff53330f099f11786652f541a9593a6c4d04e2bb6f3e475a0786bcacc9036d170b078fd9fdddbb65c6f46ca736d89393a9ace5ca7dfc6e6793e6df871bb0a493be0f94809cf2c3adf1663a64e97c3b8128484c7ace72876c9490c40ccc4d39d03e1675bbeb7f47460e362e4d27f710e7a3e81a02e2380a2f49786d8c81cf908d93666ede88f8ef9170f7c803dbfe3aaa5670ace2982106f51b83b2ed31696897936a68aac1ffc6ee9b74830c241b9f50a00aca6e9fb1e1d4e8c04b7dc371c057efe1753712ff10d47fa34ea2a88811de051dcc085cba9f0bf2a20c460ea904ae05fe26dfe226062b9a7b61cd769437f0839999eb88e9fa168bb9110398517a3fbf2de76211a3f0551821cc0a8aeaf8208a1de102e7068c41ec65165564633f6502f077d576dda5bf1b4fcd308c6b1ca9477eb9adb14e18df9a7ab7ee476cf39508cb3eacf0b94866a53c83e50dfdc2091a30fba29fa4b0ff282e1132a196375505946447625f41c91cdb8429fdf635ba267d6b27ebb6c130352f022c870fadcc85a5d4d5f2bb468b2ed85cfdb61632b14f6f95846b6d013434e409c50d47eeaea78dfa10d7560df1d989042d24c2dccb67bf3962c0753b685326dc6632a4e8448785e3ec69b654b03fc6e1ee3b51c2628fc882215a15a3131dde3688042b28c2727ca50cb01cc83647657c06d2e288d93635e3226bf8dedb0fd218b73ede90015f756ae8f74b737d102c21815694b056f56c21d1a200aa9cae333eebfc4c4c118805524330f37c266503a2fdf50cfb3b614af922d77153581b00f5652a82ea24f66727525c4fd5db2a14acd65edc79ba26e7bfd38e53f98434ce2dc47e2e3bc25c4d3f0441b01c17511d70ba8bdc028459e750d386aaba494fd8884d2d6b0d40c1b6566905a61b8725a2d738051ba256796b7052d16122d9710d6077ad5aaaf1c0e4ef31762f1af39a6e48f34249c917f6f307c9835ec2a2829e95d07a5d921ae1dc7a24e108bc4a9f8173045d438b8c2da188c52473e59d28ac5363becbde56c9fda60a1a49a7140be6e112873fd67f331f5e3e2eb612e4baf952ad703a7a1c439edfa42232e77a5093df3cd3dd2e310c2ae30a99d91f5c3e5baae4f317eca0386aa433d1b2d42940fdd6e7730d2a512f550daffed0ff6ec8714ab1a7f9bb013a8729dc49de9dedd37ccd6bfa62726dbe8f52af3b576660953b174428d81b38e80d49d0767ea911a501d9b7ae774fc6df3d4f260bcef2097c6872d41dca410575d1bdc7b02c69d5981d0814b8491455bf7b6308b71d86b601dd901ea4f8b0ab22b717600b1ac7c716f4f36d756f63c421bc868ed6272e4221aba0ea8a799eceab5a3b6a29c528de7e06c893c7b017b8984d0365dba239f17aa1aefb130b0f113202777b806bff147585a90979f07d2ec55f8112771c7ddbf815abef5a76ed7d0c2e3036943ca8eb6ebe27766f4c06e1db7d00a01a5e9b3ba12df911e1bb22b5b6ef164cc0ed895e231f4ae536b5797b68ba8cfe4974c6f2077786db139bcf9dced462beccc60746d444781c9430d3f1361da994d527b9acc0ec340c498a63d2e228784afbafd5768db6bd6ed9d82f10a509dfecd0211b5745e4edd504fa89d7cc3280801a87f4580d1f6668e11905a24f6ef39438048484d68d833396a26d0abce6cebf578df8b0cbaeb3effb1eb3d692e18aa5b4049efc9543b9729bb132c01161c0c83ff33e806091662cc68cfef8b6fc2ec114e30e78b60653f5fed5f0d96eeeb6090cf72a5e9351dab416b661887ca25449dca2447122d6fd576423e23e12b591f842920f174a4009ee38238de47113f7b39556df2a8a038fa1d40267e7bd56a1e2a8d6a83abc143156546c484f573fb43bc0a68bb20b768209b1150b43780ec4a647f088d1d8e9890d1ae91a03bc2d139074deabc23f26f2e9570e4c169016c2ccc6bca1093f9f2907e978bb6ffcc63212231a0c13d2389ab085c578677b493db09ea54a5b541bcb60e22e4cb82ddae27f5119f6bdc957d00d629d1a3f29784b3c72d6f25701a4f97d9509102b9a0f960917beee8eece2f3dbc716569be4dcb201245d1544fe6efb68e9ea7811fd6187cb9632fcbbe9d26684f6079173c974c3dfed7eb8a695bf1a0c3f122ab054d2f76d2692ad2c3c24707facc761844093036063a46a5b65154373c7c8e704fa9843671f70d530c3eb2a9367d7f2393fad7d2078bd355d3052965651ebbbff35c1bb7d84e1c822dc6b104561647d7a51cfba35a6c0ba0138b480fcf92e43d1a2fa213cc2c5cc81e784d9e48407662631ec63a7cd1dca1980669d61355def289491b6dc2a61f8423638b10ac30b2e725f1313f300ad792f321d1ed165ff40e12207478625659852d2daf6defcb2cc1b8d8f98ae46585fca024274643d358f515dd30d20642c82b34335b04307f9dbf254125991b9ec347c44a950ccb4f627fca5c3c8822240b55b28eb44ff6372c244447ee1a1528b8a09da4f3b489dfca9e1e2bc09fce472038f3418f2b1aead1de79622924ffb1f4379daf0136b9d609ef466cb39b76501a0009e1e87df24f988f965ba61835a5ef135c22917f11f66cfa9366d6e92038736ec638448952b42c429eeebcac874af405c74b61f27fbc3ecf91da61896d8eb31dcd7350ce41fdc6d558633f263ced1dc17c1f073110812ecd83a28a0f9feac47541d100872649c45ad7e36735fb3d39cb557688f06760b5b85b1134fd49a8b6085a6b526cfe67142b9f0e7ae8e77ad36713c5ce810c817b58848a0200d8df11b9ff1f42bcb738a4c1f681fa0d3dd0635c2526c3c99bbc369d8b987247dacc5ff07b4df5ad6912d5ea345e27467286d9c0a76f44c262eaf2af01e26fe33ba48495461aa5d9de5b83cd3592df97cd2d7ca04332e9588babed9b7f62d2ca90de9ad305bceccdb82f4fc83d018cc5e157b469e6e998670ca9d0a865aec86f8b55719da0829ae0ef8b1da981df94d5c10bc2ecbab7e9088a856f219fce559f15b22dc7c81e436ccef5d482d8d20067b3a424697f21ba8d3ac07e067eeca9a12d4a302a002ec83dbe8fa4c2b85b84819b7330978a6b4675a5d1f9c7a6f3ab3f8407cf6782068adf16af486ac546c49f694548c983a26b120fe2943e4b411237154442e1ef615416d182e3ee675ac48ed2a570b9b058f56612962b2e0b01ffcca35d5486cfb0477ffa5e936c8eccc7a242a26f43224d2b0bfd5d20e80aa8c6999ccc1bf6fe46cd248d8facbb77fb7d5448c1a134b96d50f9bd2740999a6664e5da8548a0d39e3719d8196b12eca50bfe5954165f2daac9a80d2aaf0a147999bef9ecad66e8ab298e9e38de14f053c8ed9833f60f42a43714b0aa292bc5427f531cf134b63e49e303e35c53d893c8e3454119e9bb76c9550d32c8d51aef8c7d86b7ddb42e5b679facdcc34014622504df571c5d8c5ca1adda341b7a48299f44a4ba0ed206dfcee49939c22498a66390228a780d96a2f408fa9b457eea4536d0321e2c53163cd460ad1fc6b7fc918a775f242305bf00e6926497f0406780e16a5469972ab28ac0e01bafd6e103116237eb09dd18aa0d48a0aed0b016fe8dc3ba015af8bac9be84ba19731178bfe67591be0470332fbcbcd7d9b5f8d831358a0c46235a7b9043fc2a182261f9471b9463a2c63de17dd7a757d2d61ea6f6ab5eecd6cab954919d134832cad304d3584bb00c35c3ad54c62d6d9c6990d7d0075036f4922cd94c29e88e056044775ecea4ea3c70899177f917a26ebfd0f7d34b66937413ebfcef7853870d2c7281022c6c526eee6c37ab17e3deac56bd7bb5b32a948034c8aa0e1ee7828d6551b50c27ce6515a07cfb9cbec8c77f1e98f3c4570bf2b5d4a83fd5a4f650c7e06fc847bc459e93e64295c237e761ab7d9ddd36e93b2b9499645d05edd92440f44cc2f8c30572f5d7aa3ea52dc13685ed99ae97f6bca1bbe2c944aab09817b75e192aec454253234693c23e6c1996ba0c174fc40108bca6f25762128100d3a96c99d74f8c0a08deeba4143bf939523cae5d9ff4490b6117001ac4a12e1f175231798b25b373013f8929fc86dec82f458febcb1f8c2ee54cc841ca9bab9351eb1c164c5fdb74b47fb6335182a98ae23b3cb0de11c5338ab4c1c92a751620317a882af3e4784764fcd83a3b1a8a41fb9427cb8ca57bb61b4c4b9bd3204641726cd524c27c098c182cc43ad7ecb245fc43278e8d8a4e97117206e53329d691ccbadb7271979d4a4143cfbe63a6aef9f38390c58aa7d439dc56719a70e129d7944e7ebda23f5bee1a82a0f6f0b9a78bb3686c7e84fc8807aa2d04a9a11e74126a60481222450b96df2c33f05fe79eb982b30ccd0360131584714fa9b9ff12ccc6b680b403e14e7857d0da080672f913756ba9ad015830f65e62760666aefcd944f2139f60a16680f66af428c4d1e9decdf812486808e97d745c3833e3bb0b88d1925708aba1951decf9ccfb718758737d07e3f44781d9d7bae7da31c3a57ed3a314ad25f7f9a638d640e2a336f22c7e0307992f11af33651e2fa63ccbd83dd274b6773caee4e13bc2511ff8e0995db3edec0dbd04d9dc4070aa499d7701d5305b6c87aeed4c2f38c3920b986d2c3179008c9bc345bcfe20be652fbcadec0a3607100611d7a7142698bac2a94588d4f873eafbea736569e07e4f4b5af50f913a0918ba117aacbafd1d5aa9f0366fe73b8179094bd68940fe5ca3c473d5f4edef817312c514cfb5b1b96ab3d57bf1e6847834445deafd2c7a0cf135271df44c2d6479b87ca5c46da3fc261cb4bb9470335f329bb237675e084ce92438c3756a01861c113d24bd5b4c90cafffa625fc4a242dda9a6dcacba51b4df412f0e02883c2cd9a1bb43d38be2b6a68bfe6dccdec10041623d2a30f5075fd66bb744551143c034711454d52244a4a759a2b3aa905d1804a2325c2b03d6788aa2ea948c3cafaf09f25a1cd04e80b036ddab10208cc77b881d55b0b27fb9ed855b360d734c62f388a79fa7cdf4631d96af6ac7382e05ca3eeb82b7436d3f62e44695d99bda4765491fce567ce1721d328a2347a7459d7d30a737abc943cc7f144fdd1a0cf1b3f65cfb8ad363c392421c62382a74fed1731248ad7ce8f982082af524b6a5c98ac2e6f1f69d46eb36fcbde825d0b57fff85c0e83d693ddc17c0f0dfbdd32fa6daa3a744ce07330e2d2470d98420623efcb492e9149d47c2dfbde064a9e9852c9b58c391bd881b1502229ee7579207260d97d686b31374c9ea453cbcf29d5a9623c313e0d2de80c1fb7253ff20893e23df3be28", @ANYRESDEC=r2, @ANYRESHEX=r2], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xf, &(0x7f0000000100)=ANY=[], &(0x7f0000000040)='GPL\x00', 0xe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x206}, 0xfffffc25)
timer_create(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
pipe2(&(0x7f0000000000), 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000038c64bd7533902c3d1cc3a1f6214f831c43fd258f9aa127b3d5095c54f47554020acc70da9b14428ec0ecfd18f8fe9aa278a14b635938eab03027343561277936736bcf9a446bcf8a48dbcc02d96ae26b80a9c79d92bc595372f716bedf29ca3eee8f1f725318a3142f25f9a533f29489e0e500a76eed2a40f4703688200"/149], 0x8)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
lseek(r6, 0x1000000, 0x0)
memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)

10.994603931s ago: executing program 2 (id=5652):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
tgkill(0x0, r0, 0x27)
fanotify_init(0x200, 0x0)
ioctl$RTC_IRQP_READ(0xffffffffffffffff, 0x40187013, &(0x7f0000000680))
pipe2$9p(0x0, 0x84880)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffff7a, 0xffffffff, 0x210, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x88, 0x88, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x0, {0x4}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)={[], [], 0x2f})
chroot(0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204081, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000003c0)={0x54, r5, 0x1, 0x70bd2b, 0xfffffffe, {0x1e}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x4a, 0x3e, 0x1}, {0xc}, {0xc, 0x90, 0x2}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000081}, 0x20044010)

9.631654434s ago: executing program 2 (id=5655):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000800)={[0x9]}, 0x8)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000003b00)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
ppoll(&(0x7f00000000c0)=[{r2, 0xc}], 0x1, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, 0x0, 0x1)
fchmodat(r1, &(0x7f0000000000)='\x00', 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$setregset(0x4205, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2)
unshare(0x40020480)
add_key(&(0x7f00000006c0)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f0000000040))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
write$UHID_DESTROY(r5, &(0x7f0000000040), 0x4)

9.605805046s ago: executing program 4 (id=5568):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
getpeername$netrom(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read(r5, &(0x7f0000000040)=""/138, 0x8a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x10000007, 0xfffc, 0xe655, 0x2, 0x85, 0x8, 0xff}, 0x9c)

7.852043148s ago: executing program 3 (id=5658):
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs$namespace(r1, &(0x7f0000000000)='ns/uts\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r3, 0xffffffffffffffff, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
socket$kcm(0xa, 0x3, 0x3a)
r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0xffff2369, 0x1, 0x2})

7.059508478s ago: executing program 3 (id=5659):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c000000090000000500000000000081"], 0x0, 0x3d, 0x0, 0x1}, 0x28)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00')
exit(0xffff)
read$FUSE(r1, 0x0, 0x0)
ioctl$NBD_SET_SIZE(r1, 0xab02, 0x8)
syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x80000)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, 0x0, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
getsockopt$MRT6(0xffffffffffffffff, 0x29, 0xce, 0x0, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})

6.361582822s ago: executing program 9 (id=5660):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x800)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', <r5=>0x0, 0x10, 0x700, 0x4, 0x8001, {{0x9, 0x4, 0x0, 0x1, 0x24, 0x67, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @empty, {[@generic={0x86, 0x2}, @generic={0x44, 0x2}, @lsrr={0x83, 0xb, 0xd7, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f3, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x7800, 0x20, 0x0, 0x2, {{0xd, 0x4, 0x0, 0x23, 0x34, 0x80, 0x0, 0xfe, 0x4, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@end, @timestamp_addr={0x44, 0x1c, 0x7d, 0x1, 0x3, [{@local}, {@broadcast, 0x3}, {@loopback, 0x81}]}, @end]}}}}})
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x8808c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r5, @ANYRES32, @ANYRES64=r3, @ANYRES16=r0, @ANYRES32=r0, @ANYBLOB="00001c00"/28], 0x50)
r7 = mq_open(&(0x7f00000001c0)='nl80211\x00', 0x8c0, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0xb45, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r6}, 0x38)
mremap(&(0x7f000096f000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r10 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
write(r10, &(0x7f0000000280), 0x0)

5.587429575s ago: executing program 2 (id=5661):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
tgkill(0x0, r0, 0x27)
fanotify_init(0x200, 0x0)
ioctl$RTC_IRQP_READ(0xffffffffffffffff, 0x40187013, &(0x7f0000000680))
pipe2$9p(0x0, 0x84880)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffff7a, 0xffffffff, 0x210, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x88, 0x88, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x0, {0x4}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)={[], [], 0x2f})
chroot(0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204081, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)

4.6004615s ago: executing program 9 (id=5662):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r0, 0x8008976)
r1 = syz_open_dev$vim2m(0x0, 0xfffffffffffffffe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x240400c4)
bpf$MAP_CREATE(0x0, &(0x7f00000014c0)=ANY=[@ANYRESOCT=r3, @ANYRESDEC=r0, @ANYRESOCT=r2, @ANYBLOB="e19aa95eff4d1d8eced7fded3074ffc46023bae62b96a272f3bb6d6777c1474674dfa1183c2f73b21dd8513a2435b3c281a0351a01752291c7253b4cf83da99d0585e211648671eb0d1f08be3b7b3dabf83dacba19836c1bfae891cf42af46f365f129e881563e55b22fcb42e9ee21cbfe3ae7b6bb9e01ecbbf0d90d80fe8fe49029946321c2db2f158de50844a27312fd096bef74fd368a64f5bdecebe36d807a36907263cf2bcefa15b43ba2648a67e22580cda537e5d821fb16a2ce6bde21a3be8e50a237d8a0ac2203a303495f933a6283a0b19476873fa8bf0d963b72dafa8cd3dfd4872fe4fc8c16b7d4e3389d567167fcc96ff2d04e0bc38a82f9a1677053fc5edcb5acf3e93fef06ac581b1c1ef1c16119677a35612e0c759923173de6a0a898fcfb4709aa01fa76b25be4a598faf57f074c1fa998af9d87c24b79321e6f940cc790def394e163403bce29f04199213dff53330f099f11786652f541a9593a6c4d04e2bb6f3e475a0786bcacc9036d170b078fd9fdddbb65c6f46ca736d89393a9ace5ca7dfc6e6793e6df871bb0a493be0f94809cf2c3adf1663a64e97c3b8128484c7ace72876c9490c40ccc4d39d03e1675bbeb7f47460e362e4d27f710e7a3e81a02e2380a2f49786d8c81cf908d93666ede88f8ef9170f7c803dbfe3aaa5670ace2982106f51b83b2ed31696897936a68aac1ffc6ee9b74830c241b9f50a00aca6e9fb1e1d4e8c04b7dc371c057efe1753712ff10d47fa34ea2a88811de051dcc085cba9f0bf2a20c460ea904ae05fe26dfe226062b9a7b61cd769437f0839999eb88e9fa168bb9110398517a3fbf2de76211a3f0551821cc0a8aeaf8208a1de102e7068c41ec65165564633f6502f077d576dda5bf1b4fcd308c6b1ca9477eb9adb14e18df9a7ab7ee476cf39508cb3eacf0b94866a53c83e50dfdc2091a30fba29fa4b0ff282e1132a196375505946447625f41c91cdb8429fdf635ba267d6b27ebb6c130352f022c870fadcc85a5d4d5f2bb468b2ed85cfdb61632b14f6f95846b6d013434e409c50d47eeaea78dfa10d7560df1d989042d24c2dccb67bf3962c0753b685326dc6632a4e8448785e3ec69b654b03fc6e1ee3b51c2628fc882215a15a3131dde3688042b28c2727ca50cb01cc83647657c06d2e288d93635e3226bf8dedb0fd218b73ede90015f756ae8f74b737d102c21815694b056f56c21d1a200aa9cae333eebfc4c4c118805524330f37c266503a2fdf50cfb3b614af922d77153581b00f5652a82ea24f66727525c4fd5db2a14acd65edc79ba26e7bfd38e53f98434ce2dc47e2e3bc25c4d3f0441b01c17511d70ba8bdc028459e750d386aaba494fd8884d2d6b0d40c1b6566905a61b8725a2d738051ba256796b7052d16122d9710d6077ad5aaaf1c0e4ef31762f1af39a6e48f34249c917f6f307c9835ec2a2829e95d07a5d921ae1dc7a24e108bc4a9f8173045d438b8c2da188c52473e59d28ac5363becbde56c9fda60a1a49a7140be6e112873fd67f331f5e3e2eb612e4baf952ad703a7a1c439edfa42232e77a5093df3cd3dd2e310c2ae30a99d91f5c3e5baae4f317eca0386aa433d1b2d42940fdd6e7730d2a512f550daffed0ff6ec8714ab1a7f9bb013a8729dc49de9dedd37ccd6bfa62726dbe8f52af3b576660953b174428d81b38e80d49d0767ea911a501d9b7ae774fc6df3d4f260bcef2097c6872d41dca410575d1bdc7b02c69d5981d0814b8491455bf7b6308b71d86b601dd901ea4f8b0ab22b717600b1ac7c716f4f36d756f63c421bc868ed6272e4221aba0ea8a799eceab5a3b6a29c528de7e06c893c7b017b8984d0365dba239f17aa1aefb130b0f113202777b806bff147585a90979f07d2ec55f8112771c7ddbf815abef5a76ed7d0c2e3036943ca8eb6ebe27766f4c06e1db7d00a01a5e9b3ba12df911e1bb22b5b6ef164cc0ed895e231f4ae536b5797b68ba8cfe4974c6f2077786db139bcf9dced462beccc60746d444781c9430d3f1361da994d527b9acc0ec340c498a63d2e228784afbafd5768db6bd6ed9d82f10a509dfecd0211b5745e4edd504fa89d7cc3280801a87f4580d1f6668e11905a24f6ef39438048484d68d833396a26d0abce6cebf578df8b0cbaeb3effb1eb3d692e18aa5b4049efc9543b9729bb132c01161c0c83ff33e806091662cc68cfef8b6fc2ec114e30e78b60653f5fed5f0d96eeeb6090cf72a5e9351dab416b661887ca25449dca2447122d6fd576423e23e12b591f842920f174a4009ee38238de47113f7b39556df2a8a038fa1d40267e7bd56a1e2a8d6a83abc143156546c484f573fb43bc0a68bb20b768209b1150b43780ec4a647f088d1d8e9890d1ae91a03bc2d139074deabc23f26f2e9570e4c169016c2ccc6bca1093f9f2907e978bb6ffcc63212231a0c13d2389ab085c578677b493db09ea54a5b541bcb60e22e4cb82ddae27f5119f6bdc957d00d629d1a3f29784b3c72d6f25701a4f97d9509102b9a0f960917beee8eece2f3dbc716569be4dcb201245d1544fe6efb68e9ea7811fd6187cb9632fcbbe9d26684f6079173c974c3dfed7eb8a695bf1a0c3f122ab054d2f76d2692ad2c3c24707facc761844093036063a46a5b65154373c7c8e704fa9843671f70d530c3eb2a9367d7f2393fad7d2078bd355d3052965651ebbbff35c1bb7d84e1c822dc6b104561647d7a51cfba35a6c0ba0138b480fcf92e43d1a2fa213cc2c5cc81e784d9e48407662631ec63a7cd1dca1980669d61355def289491b6dc2a61f8423638b10ac30b2e725f1313f300ad792f321d1ed165ff40e12207478625659852d2daf6defcb2cc1b8d8f98ae46585fca024274643d358f515dd30d20642c82b34335b04307f9dbf254125991b9ec347c44a950ccb4f627fca5c3c8822240b55b28eb44ff6372c244447ee1a1528b8a09da4f3b489dfca9e1e2bc09fce472038f3418f2b1aead1de79622924ffb1f4379daf0136b9d609ef466cb39b76501a0009e1e87df24f988f965ba61835a5ef135c22917f11f66cfa9366d6e92038736ec638448952b42c429eeebcac874af405c74b61f27fbc3ecf91da61896d8eb31dcd7350ce41fdc6d558633f263ced1dc17c1f073110812ecd83a28a0f9feac47541d100872649c45ad7e36735fb3d39cb557688f06760b5b85b1134fd49a8b6085a6b526cfe67142b9f0e7ae8e77ad36713c5ce810c817b58848a0200d8df11b9ff1f42bcb738a4c1f681fa0d3dd0635c2526c3c99bbc369d8b987247dacc5ff07b4df5ad6912d5ea345e27467286d9c0a76f44c262eaf2af01e26fe33ba48495461aa5d9de5b83cd3592df97cd2d7ca04332e9588babed9b7f62d2ca90de9ad305bceccdb82f4fc83d018cc5e157b469e6e998670ca9d0a865aec86f8b55719da0829ae0ef8b1da981df94d5c10bc2ecbab7e9088a856f219fce559f15b22dc7c81e436ccef5d482d8d20067b3a424697f21ba8d3ac07e067eeca9a12d4a302a002ec83dbe8fa4c2b85b84819b7330978a6b4675a5d1f9c7a6f3ab3f8407cf6782068adf16af486ac546c49f694548c983a26b120fe2943e4b411237154442e1ef615416d182e3ee675ac48ed2a570b9b058f56612962b2e0b01ffcca35d5486cfb0477ffa5e936c8eccc7a242a26f43224d2b0bfd5d20e80aa8c6999ccc1bf6fe46cd248d8facbb77fb7d5448c1a134b96d50f9bd2740999a6664e5da8548a0d39e3719d8196b12eca50bfe5954165f2daac9a80d2aaf0a147999bef9ecad66e8ab298e9e38de14f053c8ed9833f60f42a43714b0aa292bc5427f531cf134b63e49e303e35c53d893c8e3454119e9bb76c9550d32c8d51aef8c7d86b7ddb42e5b679facdcc34014622504df571c5d8c5ca1adda341b7a48299f44a4ba0ed206dfcee49939c22498a66390228a780d96a2f408fa9b457eea4536d0321e2c53163cd460ad1fc6b7fc918a775f242305bf00e6926497f0406780e16a5469972ab28ac0e01bafd6e103116237eb09dd18aa0d48a0aed0b016fe8dc3ba015af8bac9be84ba19731178bfe67591be0470332fbcbcd7d9b5f8d831358a0c46235a7b9043fc2a182261f9471b9463a2c63de17dd7a757d2d61ea6f6ab5eecd6cab954919d134832cad304d3584bb00c35c3ad54c62d6d9c6990d7d0075036f4922cd94c29e88e056044775ecea4ea3c70899177f917a26ebfd0f7d34b66937413ebfcef7853870d2c7281022c6c526eee6c37ab17e3deac56bd7bb5b32a948034c8aa0e1ee7828d6551b50c27ce6515a07cfb9cbec8c77f1e98f3c4570bf2b5d4a83fd5a4f650c7e06fc847bc459e93e64295c237e761ab7d9ddd36e93b2b9499645d05edd92440f44cc2f8c30572f5d7aa3ea52dc13685ed99ae97f6bca1bbe2c944aab09817b75e192aec454253234693c23e6c1996ba0c174fc40108bca6f25762128100d3a96c99d74f8c0a08deeba4143bf939523cae5d9ff4490b6117001ac4a12e1f175231798b25b373013f8929fc86dec82f458febcb1f8c2ee54cc841ca9bab9351eb1c164c5fdb74b47fb6335182a98ae23b3cb0de11c5338ab4c1c92a751620317a882af3e4784764fcd83a3b1a8a41fb9427cb8ca57bb61b4c4b9bd3204641726cd524c27c098c182cc43ad7ecb245fc43278e8d8a4e97117206e53329d691ccbadb7271979d4a4143cfbe63a6aef9f38390c58aa7d439dc56719a70e129d7944e7ebda23f5bee1a82a0f6f0b9a78bb3686c7e84fc8807aa2d04a9a11e74126a60481222450b96df2c33f05fe79eb982b30ccd0360131584714fa9b9ff12ccc6b680b403e14e7857d0da080672f913756ba9ad015830f65e62760666aefcd944f2139f60a16680f66af428c4d1e9decdf812486808e97d745c3833e3bb0b88d1925708aba1951decf9ccfb718758737d07e3f44781d9d7bae7da31c3a57ed3a314ad25f7f9a638d640e2a336f22c7e0307992f11af33651e2fa63ccbd83dd274b6773caee4e13bc2511ff8e0995db3edec0dbd04d9dc4070aa499d7701d5305b6c87aeed4c2f38c3920b986d2c3179008c9bc345bcfe20be652fbcadec0a3607100611d7a7142698bac2a94588d4f873eafbea736569e07e4f4b5af50f913a0918ba117aacbafd1d5aa9f0366fe73b8179094bd68940fe5ca3c473d5f4edef817312c514cfb5b1b96ab3d57bf1e6847834445deafd2c7a0cf135271df44c2d6479b87ca5c46da3fc261cb4bb9470335f329bb237675e084ce92438c3756a01861c113d24bd5b4c90cafffa625fc4a242dda9a6dcacba51b4df412f0e02883c2cd9a1bb43d38be2b6a68bfe6dccdec10041623d2a30f5075fd66bb744551143c034711454d52244a4a759a2b3aa905d1804a2325c2b03d6788aa2ea948c3cafaf09f25a1cd04e80b036ddab10208cc77b881d55b0b27fb9ed855b360d734c62f388a79fa7cdf4631d96af6ac7382e05ca3eeb82b7436d3f62e44695d99bda4765491fce567ce1721d328a2347a7459d7d30a737abc943cc7f144fdd1a0cf1b3f65cfb8ad363c392421c62382a74fed1731248ad7ce8f982082af524b6a5c98ac2e6f1f69d46eb36fcbde825d0b57fff85c0e83d693ddc17c0f0dfbdd32fa6daa3a744ce07330e2d2470d98420623efcb492e9149d47c2dfbde064a9e9852c9b58c391bd881b1502229ee7579207260d97d686b31374c9ea453cbcf29d5a9623c313e0d2de80c1fb7253ff20893e23df3be28", @ANYRESDEC=r2, @ANYRESHEX=r2], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xf, &(0x7f0000000100)=ANY=[], &(0x7f0000000040)='GPL\x00', 0xe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x206}, 0xfffffc25)
timer_create(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
pipe2(&(0x7f0000000000), 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000038c64bd7533902c3d1cc3a1f6214f831c43fd258f9aa127b3d5095c54f47554020acc70da9b14428ec0ecfd18f8fe9aa278a14b635938eab03027343561277936736bcf9a446bcf8a48dbcc02d96ae26b80a9c79d92bc595372f716bedf29ca3eee8f1f725318a3142f25f9a533f29489e0e500a76eed2a40f4703688200"/149], 0x8)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
lseek(r5, 0x1000000, 0x0)
memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)

4.162213616s ago: executing program 2 (id=5663):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000800)={[0x9]}, 0x8)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000003b00)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
ppoll(&(0x7f00000000c0)=[{r2, 0xc}], 0x1, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, 0x0, 0x1)
fchmodat(r1, &(0x7f0000000000)='\x00', 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$setregset(0x4205, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2)
unshare(0x40020480)
add_key(&(0x7f00000006c0)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f0000000040))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
write$UHID_DESTROY(r5, &(0x7f0000000040), 0x4)

4.135530862s ago: executing program 3 (id=5664):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x18)

4.062613532s ago: executing program 3 (id=5665):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0xa2240, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setrlimit(0xf, 0x0)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
get_mempolicy(0x0, 0x0, 0x3, &(0x7f0000003000/0x2000)=nil, 0x3)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x15, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="11000000040000000400000008000000000000009adb6f29660f4cd5e7cfafc614ad8d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f00000001c0), 0x0}, 0x20)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x5, 0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0)

4.004845529s ago: executing program 9 (id=5666):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0xa2240, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setrlimit(0xf, 0x0)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
get_mempolicy(0x0, 0x0, 0x3, &(0x7f0000003000/0x2000)=nil, 0x3)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x15, 0x0, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="11000000040000000400000008000000000000009adb6f29660f4cd5e7cfafc614ad8d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4}, &(0x7f00000001c0), 0x0}, 0x20)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x5, 0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0)

3.990390823s ago: executing program 1 (id=5667):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0xa002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r4 = timerfd_create(0x8, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresgid(0x0, 0x0, 0xee01)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
exit(0x7ffd)
read$FUSE(r6, &(0x7f0000002140)={0x2020}, 0x2020)
statx(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1000, 0x0, &(0x7f0000000480))
timerfd_settime(r4, 0x2, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0)
timerfd_create(0x8, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004"], 0x48)
ioctl$TIOCMGET(r0, 0x5415, 0x0)

3.11528889s ago: executing program 3 (id=5668):
syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x106)
mount$9p_fd(0x0, 0x0, &(0x7f0000000000), 0x8c, &(0x7f0000000300)=ANY=[])
mount(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x2014050, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='yeah', 0x39)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0x9b})

2.210734871s ago: executing program 9 (id=5669):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
tgkill(0x0, r0, 0x27)
fanotify_init(0x200, 0x0)
ioctl$RTC_IRQP_READ(0xffffffffffffffff, 0x40187013, &(0x7f0000000680))
pipe2$9p(0x0, 0x84880)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r3, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)={[], [], 0x2f})
chroot(0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204081, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000003c0)={0x54, r5, 0x1, 0x70bd2b, 0xfffffffe, {0x1e}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x4a, 0x3e, 0x1}, {0xc}, {0xc, 0x90, 0x2}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000081}, 0x20044010)

1.392668018s ago: executing program 1 (id=5670):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0xa002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r3 = timerfd_create(0x8, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresgid(0x0, 0x0, 0xee01)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
exit(0x7ffd)
read$FUSE(r5, &(0x7f0000002140)={0x2020}, 0x2020)
statx(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1000, 0x0, &(0x7f0000000480))
timerfd_settime(r3, 0x2, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0)
timerfd_create(0x8, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)

1.278059319s ago: executing program 9 (id=5671):
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs$namespace(r1, &(0x7f0000000000)='ns/uts\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
socket$kcm(0xa, 0x3, 0x3a)
r3 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000140)={0xffff2369, 0x1, 0x2})

1.179175641s ago: executing program 2 (id=5672):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0xa002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
timerfd_create(0x8, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresgid(0x0, 0x0, 0xee01)

131.393258ms ago: executing program 9 (id=5673):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0xa002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r3 = timerfd_create(0x8, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresgid(0x0, 0x0, 0xee01)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
exit(0x7ffd)
read$FUSE(r5, &(0x7f0000002140)={0x2020}, 0x2020)
statx(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1000, 0x0, &(0x7f0000000480))
timerfd_settime(r3, 0x2, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0)
timerfd_create(0x8, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)

0s ago: executing program 3 (id=5674):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x800)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', <r5=>0x0, 0x10, 0x700, 0x4, 0x8001, {{0xa, 0x4, 0x0, 0x1, 0x28, 0x67, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @empty, {[@generic={0x86, 0x2}, @generic={0x44, 0x2}, @ra={0x94, 0x4}, @lsrr={0x83, 0xb, 0xd7, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f3, 0x0)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x8808c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r5, @ANYRES32, @ANYRES64=r3, @ANYRES16=r0, @ANYRES32=r0, @ANYBLOB="00001c00"/28], 0x50)
r7 = mq_open(&(0x7f00000001c0)='nl80211\x00', 0x8c0, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0xb45, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r6}, 0x38)
mremap(&(0x7f000096f000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r10 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
write(r10, &(0x7f0000000280), 0x0)

kernel console output (not intermixed with test programs):

erface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1550.961930][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1550.969338][   T29] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 1550.987793][   T29] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1551.000557][   T29] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1551.012303][   T29] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 1551.023243][   T29] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1551.036403][   T29] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1551.045645][   T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1551.071047][   T29] usb 2-1: config 0 descriptor??
[ 1551.088534][T25052] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1551.121337][T25052] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1551.136745][   T29] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1551.244814][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1551.358960][    T9] usb 2-1: USB disconnect, device number 4
[ 1551.365046][T24647] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[ 1551.377308][    T9] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[ 1551.452354][T16325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1551.499956][   T29] usb 6-1: new high-speed USB device number 107 using dummy_hcd
[ 1551.530243][T24647] usb 10-1: Using ep0 maxpacket: 8
[ 1551.542540][T24647] usb 10-1: config index 0 descriptor too short (expected 30, got 18)
[ 1551.562221][T24647] usb 10-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1551.577842][T24647] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1551.588605][T24647] usb 10-1: Product: syz
[ 1551.593034][T24647] usb 10-1: Manufacturer: syz
[ 1551.605686][T24647] usb 10-1: SerialNumber: syz
[ 1551.613167][T24647] usb 10-1: config 0 descriptor??
[ 1551.622089][T24647] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1551.630475][T24647] usb 10-1: setting power ON
[ 1551.635690][T24647] dvb-usb: bulk message failed: -22 (2/0)
[ 1551.648982][T24647] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1551.658737][T24647] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1551.667457][T24647] usb 10-1: media controller created
[ 1551.669538][   T29] usb 6-1: Using ep0 maxpacket: 32
[ 1551.683437][T24647] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1551.684369][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1551.703491][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1551.714501][   T29] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1551.723902][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1551.724289][T24647] usb 10-1: selecting invalid altsetting 6
[ 1551.733959][   T29] usb 6-1: config 0 descriptor??
[ 1551.739845][T24647] usb 10-1: digital interface selection failed (-22)
[ 1551.751281][T25073] overlayfs: failed to clone lowerpath
[ 1551.752056][   T29] hub 6-1:0.0: USB hub found
[ 1551.758739][T24647] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1551.772952][T24647] usb 10-1: setting power OFF
[ 1551.778668][T24647] dvb-usb: bulk message failed: -22 (2/0)
[ 1551.786413][T24647] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1551.795935][T24647] (NULL device *): no alternate interface
[ 1551.815230][T24647] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1551.886005][T24647] usb 10-1: USB disconnect, device number 33
[ 1551.974134][   T29] hub 6-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1552.282325][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1552.385496][   T29] hid-generic 0003:046D:C31C.0031: item fetching failed at offset 0/1
[ 1552.398136][   T29] hid-generic 0003:046D:C31C.0031: probe with driver hid-generic failed with error -22
[ 1552.473262][   T30] kauditd_printk_skb: 30 callbacks suppressed
[ 1552.473316][   T30] audit: type=1400 audit(2000000916.997:1909): avc:  denied  { read } for  pid=25087 comm="syz.3.4873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1552.600446][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1552.652210][T25099] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1553.350549][    T9] usb 6-1: USB disconnect, device number 107
[ 1553.352229][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1553.364777][   T29] usb 10-1: new high-speed USB device number 34 using dummy_hcd
[ 1553.423253][T18111] usb 9-1: USB disconnect, device number 35
[ 1553.574646][   T29] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1553.595088][   T29] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1553.619217][   T29] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1553.659789][   T29] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1553.689000][   T29] usb 10-1: config 0 descriptor??
[ 1553.934795][T25118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4881'.
[ 1554.146690][T25129] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1555.205738][T18111] net_ratelimit: 2 callbacks suppressed
[ 1555.205750][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1555.304007][ T3518] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1555.699706][    T9] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[ 1555.862586][    T9] usb 9-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[ 1555.883734][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.904238][    T9] usb 9-1: Product: syz
[ 1555.913853][    T9] usb 9-1: Manufacturer: syz
[ 1555.925394][    T9] usb 9-1: SerialNumber: syz
[ 1555.942574][    T9] usb 9-1: config 0 descriptor??
[ 1555.961018][    T9] gspca_main: sq905c-2.14.0 probing 2770:9052
[ 1556.292841][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1556.459801][T13797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1556.567947][    T9] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[ 1556.575866][    T9] sq905c 9-1:0.0: probe with driver sq905c failed with error -71
[ 1556.592971][    T9] usb 9-1: USB disconnect, device number 36
[ 1556.609569][T18111] usb 6-1: new high-speed USB device number 108 using dummy_hcd
[ 1556.883102][T18111] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1556.895722][T18111] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1556.906989][T18111] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1557.000354][T25160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4898'.
[ 1557.009270][T25160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4898'.
[ 1557.314887][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1557.329433][T18111] usb 6-1: Product: syz
[ 1557.336139][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1557.348731][T18111] usb 6-1: Manufacturer: syz
[ 1557.366396][T18111] usb 6-1: SerialNumber: syz
[ 1557.383574][T18111] hub 6-1:1.0: bad descriptor, ignoring hub
[ 1557.393545][   T29] usb 10-1: USB disconnect, device number 34
[ 1557.406855][T18111] hub 6-1:1.0: probe with driver hub failed with error -5
[ 1557.979565][    T9] usb 10-1: new high-speed USB device number 35 using dummy_hcd
[ 1558.109671][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1558.459637][T24647] usb 6-1: reset high-speed USB device number 108 using dummy_hcd
[ 1558.639570][    T9] usb 10-1: Using ep0 maxpacket: 32
[ 1558.651073][    T9] usb 10-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[ 1558.661680][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1558.669833][    T9] usb 10-1: Product: syz
[ 1558.675091][    T9] usb 10-1: Manufacturer: syz
[ 1558.680136][    T9] usb 10-1: SerialNumber: syz
[ 1558.695407][    T9] usb 10-1: config 0 descriptor??
[ 1558.919765][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1559.239641][T24647] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[ 1559.259863][T18111] usb 6-1: USB disconnect, device number 108
[ 1559.320248][    T9] peak_usb 10-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[ 1559.347155][    T9] peak_usb 10-1:0.0 can0: sending command failure: -22
[ 1559.367441][    T9] peak_usb 10-1:0.0 can0: sending command failure: -22
[ 1559.411339][T24647] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1559.431405][T24647] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1559.464435][T24647] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1559.484693][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1559.490330][    T9] peak_usb 10-1:0.0: probe with driver peak_usb failed with error -22
[ 1559.511604][T24647] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1559.541224][    T9] usb 10-1: USB disconnect, device number 35
[ 1559.560496][T24647] usb 9-1: config 0 descriptor??
[ 1559.800463][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1560.360278][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1560.788600][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1561.204470][T25214] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4914'.
[ 1561.213512][T25214] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4914'.
[ 1561.781797][ T1292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1561.866558][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1562.649590][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1562.851465][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1562.862532][    T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1562.884595][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1562.904043][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1562.917481][T24179] usb 9-1: USB disconnect, device number 37
[ 1562.937818][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1562.939891][T24647] usb 6-1: new high-speed USB device number 109 using dummy_hcd
[ 1562.954463][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1562.999231][T25234] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1563.045227][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1563.119813][T24647] usb 6-1: Using ep0 maxpacket: 32
[ 1563.126182][T24647] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[ 1563.139556][T24647] usb 6-1: config 0 has no interface number 0
[ 1563.163912][T24647] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1563.202896][T24647] usb 6-1: config 0 interface 85 has no altsetting 0
[ 1563.225338][T24647] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1563.235873][T24647] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1563.256036][T24647] usb 6-1: Product: syz
[ 1563.264815][T24647] usb 6-1: Manufacturer: syz
[ 1563.286719][T24647] usb 6-1: SerialNumber: syz
[ 1563.321309][T24647] usb 6-1: config 0 descriptor??
[ 1563.401132][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1563.421358][T16325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1563.430496][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1563.439033][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1563.670376][T24179] usb 2-1: USB disconnect, device number 5
[ 1563.951222][T25254] binder: 25250:25254 ioctl 4018620d 0 returned -22
[ 1564.144663][T24647] appletouch 6-1:0.85: Geyser mode initialized.
[ 1564.157938][T24647] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input78
[ 1564.198595][    C0] appletouch 6-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64
[ 1564.427367][T24179] usb 6-1: USB disconnect, device number 109
[ 1564.468181][T24179] appletouch 6-1:0.85: input: appletouch disconnected
[ 1564.735814][T25270] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1565.116979][   T30] audit: type=1326 audit(2000000929.627:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.473553][   T30] audit: type=1326 audit(2000000929.627:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.506195][   T30] audit: type=1326 audit(2000000929.627:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.560259][ T1292] net_ratelimit: 3 callbacks suppressed
[ 1565.560275][ T1292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1565.578302][   T30] audit: type=1326 audit(2000000929.627:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.602397][   T30] audit: type=1326 audit(2000000929.637:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.678519][   T30] audit: type=1326 audit(2000000929.637:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.713796][   T30] audit: type=1326 audit(2000000929.637:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.879761][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1565.901223][   T30] audit: type=1326 audit(2000000929.637:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1565.985849][   T30] audit: type=1326 audit(2000000929.637:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1566.043545][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1566.059542][   T30] audit: type=1326 audit(2000000929.637:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25274 comm="syz.3.4933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1c98d9c799 code=0x7ffc0000
[ 1566.083474][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1566.091875][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1566.105639][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1566.252192][   T29] usb 10-1: new high-speed USB device number 36 using dummy_hcd
[ 1566.440024][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1566.614189][   T29] usb 10-1: Using ep0 maxpacket: 8
[ 1566.651992][   T29] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1566.667025][   T29] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1566.737722][   T29] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.768566][   T29] usb 10-1: config 0 descriptor??
[ 1566.883138][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1566.949824][T24646] usb 9-1: new high-speed USB device number 38 using dummy_hcd
[ 1566.996388][   T29] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1567.099953][T24646] usb 9-1: Using ep0 maxpacket: 8
[ 1567.109849][T24646] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1567.123955][T24646] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1567.158453][T24646] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1567.169747][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1567.191915][T24646] usb 9-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1567.209330][T24646] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1567.234741][T24646] usb 9-1: Product: syz
[ 1567.241633][T24179] usb 10-1: USB disconnect, device number 36
[ 1567.244092][T24646] usb 9-1: Manufacturer: syz
[ 1567.267357][T24646] usb 9-1: SerialNumber: syz
[ 1567.280346][T24646] usb 9-1: config 0 descriptor??
[ 1567.294547][T25296] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[ 1567.369532][T24646] rc_core: IR keymap rc-streamzap not found
[ 1567.380913][T24646] Registered IR keymap rc-empty
[ 1567.396005][T24646] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[ 1567.427140][T24646] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input79
[ 1567.565530][T24179] usb 9-1: USB disconnect, device number 38
[ 1568.013769][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1569.202764][T25336] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1570.149900][T25344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4956'.
[ 1570.779256][T25365] overlayfs: failed to clone lowerpath
[ 1570.800024][T24647] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[ 1570.831504][T25365] overlayfs: failed to clone lowerpath
[ 1570.981372][T24647] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1571.001584][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 90 seconds
[ 1571.012535][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 90 seconds
[ 1571.024125][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 90 seconds
[ 1571.105285][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 90 seconds
[ 1571.135482][T24647] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1571.196203][T24647] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1571.209780][T24647] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1571.217776][T24647] usb 9-1: Product: syz
[ 1571.225627][T24647] usb 9-1: Manufacturer: syz
[ 1571.331995][T24179] net_ratelimit: 11 callbacks suppressed
[ 1571.332007][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1571.389747][T24647] usb 9-1: SerialNumber: syz
[ 1571.571526][T16325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1571.662968][T25356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1571.690138][T25356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1571.732562][T24647] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -22
[ 1571.790028][T24647] usb 9-1: USB disconnect, device number 39
[ 1572.259578][T24647] usb 9-1: new high-speed USB device number 40 using dummy_hcd
[ 1572.359889][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1572.409528][T24647] usb 9-1: Using ep0 maxpacket: 8
[ 1572.415682][T24647] usb 9-1: config index 0 descriptor too short (expected 301, got 72)
[ 1572.424287][T24647] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1572.445863][T24647] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1572.459330][T24647] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1572.478644][T24647] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1572.492220][T25400] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1572.503421][T24647] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1572.519905][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1572.530442][T24647] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1573.498445][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1573.575152][T24647] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1573.585839][T24647] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1573.619971][T24647] usb 9-1: can't set config #16, error -71
[ 1573.648455][T24647] usb 9-1: USB disconnect, device number 40
[ 1573.681132][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1574.626608][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1574.789844][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1575.103967][T12526] lec:lec_start_xmit: lec0:No lecd attached
[ 1575.379558][T24646] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[ 1575.551376][T24646] usb 2-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0xED, changing to 0x8D
[ 1575.563552][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1575.577306][T24646] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x8D has invalid maxpacket 52921, setting to 64
[ 1575.588623][T24646] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1575.597094][T24646] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1575.607554][T24646] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1575.616828][T24646] usb 2-1: Product: syz
[ 1575.621055][T24646] usb 2-1: Manufacturer: syz
[ 1575.628927][T24646] usb 2-1: SerialNumber: syz
[ 1575.643272][T24646] usb 2-1: config 0 descriptor??
[ 1575.643291][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1575.664384][T24646] usb 2-1: selecting invalid altsetting 0
[ 1575.910292][T24646] usb 2-1: USB disconnect, device number 6
[ 1576.559414][T25456] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4995'.
[ 1576.692254][T24179] net_ratelimit: 1 callbacks suppressed
[ 1576.692265][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1576.800064][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 510 seconds
[ 1576.814025][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 510 seconds
[ 1576.825109][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 510 seconds
[ 1576.836601][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 510 seconds
[ 1577.031259][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1577.139616][T24179] usb 10-1: new high-speed USB device number 37 using dummy_hcd
[ 1577.239567][T18111] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1577.299563][T24179] usb 10-1: Using ep0 maxpacket: 32
[ 1577.307246][T24179] usb 10-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1577.318497][T24179] usb 10-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1577.336168][T24179] usb 10-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1577.355271][T24179] usb 10-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1577.381325][T24179] usb 10-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1577.390993][T24179] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1577.399082][T24179] usb 10-1: Product: syz
[ 1577.404051][T24179] usb 10-1: Manufacturer: syz
[ 1577.410655][T24646] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[ 1577.410827][T18111] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1577.432918][T24179] usb 10-1: SerialNumber: syz
[ 1577.450185][T18111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1577.462948][T25474] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1577.464786][    C1] imon 10-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1577.486196][T18111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1577.495981][T18111] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1577.517063][T24179] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/input/input80
[ 1577.551725][T18111] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1577.567019][T18111] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1577.582901][T18111] usb 2-1: Manufacturer: syz
[ 1577.601549][T18111] usb 2-1: config 0 descriptor??
[ 1577.631340][T24646] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1577.642817][T24646] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1577.664207][T24646] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[ 1577.696338][T24646] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1577.715654][T24646] usb 9-1: config 0 descriptor??
[ 1577.729668][T24179] imon 10-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1577.745028][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1577.753279][T24179]  (id 0x00)
[ 1577.829533][T24179] rc_core: IR keymap rc-imon-pad not found
[ 1577.835425][T24179] Registered IR keymap rc-empty
[ 1577.844701][T24179] imon 10-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1577.866107][T24179] imon 10-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1577.940872][T24179] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0
[ 1577.985075][T24179] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0/input81
[ 1578.010545][T24179] imon 10-1:155.0: iMON device (15c2:ffdc, intf0) on usb<10:37> initialized
[ 1578.109247][T18111] appleir 0003:05AC:8243.0032: unknown main item tag 0x0
[ 1578.149744][T18111] appleir 0003:05AC:8243.0032: hiddev1,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 1578.162000][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1578.200276][T24647] usb 10-1: USB disconnect, device number 37
[ 1578.218610][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.236283][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.248362][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.259808][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.266765][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.297352][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.306088][T24646] cp2112 0003:10C4:EA90.0033: unknown main item tag 0x0
[ 1578.318987][T24646] cp2112 0003:10C4:EA90.0033: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0
[ 1578.370298][T18111] usb 2-1: USB disconnect, device number 7
[ 1578.413554][T24646] cp2112 0003:10C4:EA90.0033: Part Number: 0x82 Device Version: 0xFE
[ 1578.599997][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1578.619536][T24647] usb 6-1: new high-speed USB device number 110 using dummy_hcd
[ 1578.769890][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1578.792625][T24647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1578.812768][T24647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1578.828404][T24646] cp2112 0003:10C4:EA90.0033: error setting SMBus config
[ 1578.842747][T24646] cp2112 0003:10C4:EA90.0033: probe with driver cp2112 failed with error -71
[ 1578.853850][T24647] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1578.890663][T24646] usb 9-1: USB disconnect, device number 41
[ 1578.899585][T24647] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1578.927501][T24647] usb 6-1: Manufacturer: syz
[ 1578.939186][T24647] usb 6-1: config 0 descriptor??
[ 1579.138487][T25500] netlink: 7 bytes leftover after parsing attributes in process `syz.1.5012'.
[ 1579.154457][T25502] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1579.163200][T25502] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1579.172996][T25502] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1579.626493][T24647] uclogic 0003:256C:006D.0034: failed retrieving Huion firmware version: -71
[ 1579.659088][T24647] uclogic 0003:256C:006D.0034: failed probing parameters: -71
[ 1579.733475][T25520] overlayfs: workdir and upperdir must be separate subtrees
[ 1580.110145][T24647] uclogic 0003:256C:006D.0034: probe with driver uclogic failed with error -71
[ 1580.137694][T24647] usb 6-1: USB disconnect, device number 110
[ 1580.279504][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5170 ms
[ 1580.287558][    C1] lec:lec_tx_timeout: lec0
[ 1582.478259][T18111] net_ratelimit: 6 callbacks suppressed
[ 1582.478276][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1582.519698][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1582.738551][T25534] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer.
[ 1582.827208][   T30] kauditd_printk_skb: 25 callbacks suppressed
[ 1582.827225][   T30] audit: type=1400 audit(2000000947.347:1945): avc:  denied  { read } for  pid=25549 comm="syz.3.5027" name="file0" dev="tmpfs" ino=5930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1582.946915][   T30] audit: type=1400 audit(2000000947.377:1946): avc:  denied  { open } for  pid=25549 comm="syz.3.5027" path="/1115/file0" dev="tmpfs" ino=5930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1583.086142][   T30] audit: type=1400 audit(2000000947.377:1947): avc:  denied  { ioctl } for  pid=25549 comm="syz.3.5027" path="/1115/file0" dev="tmpfs" ino=5930 ioctlcmd=0x5451 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1583.425399][ T1292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1583.498100][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1583.955101][   T29] usb 10-1: new high-speed USB device number 38 using dummy_hcd
[ 1584.109517][   T29] usb 10-1: Using ep0 maxpacket: 32
[ 1584.128059][   T29] usb 10-1: config 0 has an invalid interface number: 85 but max is 0
[ 1584.136905][   T29] usb 10-1: config 0 has no interface number 0
[ 1584.144880][   T29] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1584.157984][   T29] usb 10-1: config 0 interface 85 has no altsetting 0
[ 1584.185923][   T29] usb 10-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1584.195849][   T29] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1584.208389][   T29] usb 10-1: Product: syz
[ 1584.223372][   T29] usb 10-1: Manufacturer: syz
[ 1584.228586][   T29] usb 10-1: SerialNumber: syz
[ 1584.275900][   T29] usb 10-1: config 0 descriptor??
[ 1584.519705][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1584.543292][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1584.963240][   T29] appletouch 10-1:0.85: Geyser mode initialized.
[ 1584.975706][   T29] input: appletouch as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.85/input/input82
[ 1585.035752][   T30] audit: type=1400 audit(2000000949.557:1948): avc:  denied  { write } for  pid=25584 comm="syz.1.5037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1585.183181][   T29] usb 10-1: USB disconnect, device number 38
[ 1585.200490][   T29] appletouch 10-1:0.85: input: appletouch disconnected
[ 1585.560235][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1585.570353][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1585.654425][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1586.604071][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1587.639670][   T29] net_ratelimit: 1 callbacks suppressed
[ 1587.639687][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1588.268056][ T1292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1588.600307][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1588.682828][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1589.630215][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1590.289781][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1590.719658][T18111] usb 6-1: new full-speed USB device number 111 using dummy_hcd
[ 1590.881102][T18111] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1590.909350][T18111] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[ 1590.935970][T18111] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1591.013507][T18111] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1591.028030][T25668] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1591.064115][T25668] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1591.083685][T18111] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1591.311064][T25668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1591.320196][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1591.368578][T25668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1591.489922][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1591.551090][   T30] audit: type=1400 audit(2000000956.077:1949): avc:  denied  { map } for  pid=25693 comm="syz.8.5070" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1591.639868][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1591.829616][T24646] usb 9-1: new low-speed USB device number 42 using dummy_hcd
[ 1592.457043][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1592.536711][T24646] usb 9-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1592.557014][T24646] usb 9-1: config 0 has an invalid interface number: 0 but max is -1
[ 1592.608345][T24646] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1592.632691][T24646] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1592.678720][T24646] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1592.715856][T24646] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1592.752242][T24646] usb 9-1: string descriptor 0 read error: -22
[ 1592.758615][T24646] usb 9-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1592.789756][T24646] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1592.862872][T24646] usb 9-1: config 0 descriptor??
[ 1592.868966][T25694] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[ 1592.893001][T24646] hub 9-1:0.0: bad descriptor, ignoring hub
[ 1592.921072][T24646] hub 9-1:0.0: probe with driver hub failed with error -5
[ 1592.967565][T24646] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input83
[ 1593.131921][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1593.175565][T24646] usb 9-1: USB disconnect, device number 42
[ 1593.482332][T24646] usb 6-1: USB disconnect, device number 111
[ 1593.482595][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1593.605718][T25725] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1593.614007][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1593.652184][T25725] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5078'.
[ 1593.682738][T25725] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5078'.
[ 1593.716504][T25725] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5078'.
[ 1593.743771][T25725] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5078'.
[ 1593.786086][T25730] binder: 25726:25730 ioctl 4018620d 0 returned -22
[ 1593.906328][T25731] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1594.300463][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1594.538691][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1594.679928][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1594.969639][   T29] usb 9-1: new high-speed USB device number 43 using dummy_hcd
[ 1595.121428][   T29] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1595.139020][   T29] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1595.186175][   T29] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1595.209226][   T29] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1595.223964][   T29] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1595.257339][   T29] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1595.270443][   T29] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1595.285560][   T29] usb 9-1: Product: syz
[ 1595.294337][   T29] usb 9-1: Manufacturer: syz
[ 1595.303943][   T29] cdc_wdm 9-1:1.0: skipping garbage
[ 1595.309299][   T30] audit: type=1400 audit(2000000959.827:1950): avc:  denied  { getopt } for  pid=25762 comm="syz.3.5091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1595.339089][   T29] cdc_wdm 9-1:1.0: skipping garbage
[ 1595.369391][   T29] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1595.385724][   T29] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1595.385941][T25767] mac80211_hwsim hwsim13 syzkaller0: Caught tx_queue_len zero misconfig
[ 1595.410876][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1595.603295][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1595.650215][    C1] wdm_int_callback: 67 callbacks suppressed
[ 1595.650236][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.662714][    C1] wdm_int_callback: 67 callbacks suppressed
[ 1595.662734][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.676904][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.683502][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.689769][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.696335][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.702607][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.709187][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.715435][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.722024][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.728440][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.730366][T25776] overlayfs: failed to clone upperpath
[ 1595.735029][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.735275][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.753091][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.759569][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.766161][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.772374][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.778938][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.785147][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1595.791722][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1595.969716][T24646] usb 10-1: new high-speed USB device number 39 using dummy_hcd
[ 1596.129648][T24646] usb 10-1: Using ep0 maxpacket: 16
[ 1596.138348][T24646] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1596.148018][T24646] usb 10-1: config 0 has no interface number 0
[ 1596.159126][T24646] usb 10-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1596.169124][T24646] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1596.178135][T24646] usb 10-1: Product: syz
[ 1596.183208][T24646] usb 10-1: Manufacturer: syz
[ 1596.188037][T24646] usb 10-1: SerialNumber: syz
[ 1596.202197][T24646] usb 10-1: config 0 descriptor??
[ 1596.234642][T24646] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1596.259571][T18111] usb 9-1: USB disconnect, device number 43
[ 1596.265490][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1596.497209][T25784] [U] 
[ 1596.500840][T25784] [U] K{�
[ 1596.504209][T25784] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[ 1596.514508][T25784] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[ 1596.530656][T25784] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[ 1596.541240][T25784] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[ 1596.577555][T25784] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[ 1596.601733][T25784] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[ 1596.612920][T25784] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[ 1596.624684][T25784] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[ 1596.647965][T25784] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[ 1596.666953][T25784] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_��
�%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"�
��G�d���2@T8��������t8.Rc+�@�ꦇp�u�
p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���
_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[ 1596.714176][T25784] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[ 1596.722831][T25784] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�
[K@����2�Ǭ���p"^`���	��
[ 1596.736450][T25784] [U] 22��Ʃ���x?0;3u�
[ 1596.740934][T25784] [U] ޜ�
��sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_
�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�F
P��Ș|$��)�
KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[ 1596.766006][T25784] [U] [�['xn�'�����,mr��/����1D=!D�x91B�
w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[ 1596.775430][T25784] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[ 1596.784133][T25784] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[ 1596.790415][T25784] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[ 1596.802969][T25784] [U] �ec�
[ 1596.806074][T25784] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[ 1596.845414][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1597.174143][T25779] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUd
ǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[ 1597.190698][T24646] gspca_spca1528: reg_w err -110
[ 1597.217467][T24646] spca1528 10-1:0.1: probe with driver spca1528 failed with error -110
[ 1597.282038][   T29] usb 10-1: USB disconnect, device number 39
[ 1598.062120][   T30] audit: type=1400 audit(2000000962.587:1951): avc:  denied  { read } for  pid=25809 comm="syz.8.5105" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1598.210087][ T3518] net_ratelimit: 3 callbacks suppressed
[ 1598.210102][ T3518] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1599.582839][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1600.282558][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1600.321808][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1600.330554][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1600.637045][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1600.759818][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1600.863892][   T30] audit: type=1326 audit(2000000965.347:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25840 comm="syz.9.5116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da879c799 code=0x7ffc0000
[ 1600.929623][   T30] audit: type=1326 audit(2000000965.347:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25840 comm="syz.9.5116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f0da879c799 code=0x7ffc0000
[ 1601.055096][   T30] audit: type=1326 audit(2000000965.347:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25840 comm="syz.9.5116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da879c799 code=0x7ffc0000
[ 1601.151445][   T30] audit: type=1326 audit(2000000965.347:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25840 comm="syz.9.5116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da879c799 code=0x7ffc0000
[ 1601.191140][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 120 seconds
[ 1601.203380][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 120 seconds
[ 1601.214475][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 120 seconds
[ 1601.225596][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 120 seconds
[ 1601.460257][ T3518] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1601.676243][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1602.766975][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1602.774475][ T1295] lec:lec_start_xmit: lec0:No lecd attached
[ 1602.819055][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.188990][T25878] binder: 25877:25878 ioctl c0306201 2000000003c0 returned -14
[ 1603.219499][    C1] net_ratelimit: 565 callbacks suppressed
[ 1603.219515][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.250076][T25876] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.258476][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.277622][T25876] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.285944][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.303869][T25876] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.312215][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.321000][T25876] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.329404][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.343091][T25876] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1603.418680][T25883] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1605.255863][T25910] sch_tbf: burst 256 is lower than device syzkaller0 mtu (1500) !
[ 1605.273167][T25910] syzkaller0: entered promiscuous mode
[ 1605.290444][T25910] syzkaller0: entered allmulticast mode
[ 1605.569549][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1605.751924][    T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1605.789723][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1605.829590][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1605.838564][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1605.908257][    T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1605.978211][    T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1606.008925][    T9] usb 2-1: Product: syz
[ 1606.033123][    T9] usb 2-1: Manufacturer: syz
[ 1606.093458][    T9] cdc_wdm 2-1:1.0: skipping garbage
[ 1606.120878][    T9] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1606.133850][T25931] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1606.359695][T25934] netlink: 16 bytes leftover after parsing attributes in process `syz.9.5140'.
[ 1606.393524][    T9] usb 2-1: USB disconnect, device number 8
[ 1606.840336][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 540 seconds
[ 1606.851455][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 540 seconds
[ 1606.862453][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 1606.869941][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 540 seconds
[ 1606.884129][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 540 seconds
[ 1607.089957][    T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1607.098787][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1607.126925][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1607.159851][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1607.264925][    T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1607.274010][    T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1607.281997][    T9] usb 2-1: Product: syz
[ 1607.289870][    T9] usb 2-1: Manufacturer: syz
[ 1607.350490][    T9] cdc_wdm 2-1:1.0: skipping garbage
[ 1607.355719][    T9] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1607.979870][T25935] netlink: 16 bytes leftover after parsing attributes in process `syz.9.5140'.
[ 1608.166940][   T30] audit: type=1400 audit(2000000972.687:1956): avc:  denied  { transfer } for  pid=25956 comm="syz.8.5146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1608.279533][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5500 ms
[ 1608.287538][    C1] lec:lec_tx_timeout: lec0
[ 1609.083626][T18111] net_ratelimit: 175 callbacks suppressed
[ 1609.083643][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1609.209796][    T9] usb 9-1: new full-speed USB device number 44 using dummy_hcd
[ 1609.329822][T16325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1609.365325][    T9] usb 9-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1609.386652][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1609.417577][    T9] usb 9-1: config 0 descriptor??
[ 1609.452080][    T9] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1609.481386][T18111] usb 2-1: USB disconnect, device number 9
[ 1609.913746][    T9] gp8psk: usb in 128 operation failed.
[ 1609.922588][ T5873] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1610.346763][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1610.379919][    T9] gp8psk: usb in 146 operation failed.
[ 1610.405226][    T9] gp8psk: failed to get FW version
[ 1610.570375][    T9] gp8psk: usb in 149 operation failed.
[ 1610.575843][    T9] gp8psk: failed to get FPGA version
[ 1610.648340][T25985] syzkaller0: entered promiscuous mode
[ 1610.829979][    T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1610.840750][    T9] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1611.151596][ T3518] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1611.281492][    T9] usb 9-1: USB disconnect, device number 44
[ 1611.375293][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1611.391841][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1611.402942][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1611.413097][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1611.523148][T25997] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1611.657922][T25997] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1611.826030][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1612.060146][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1612.178318][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1612.231970][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1612.290457][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1612.305286][T25997] wlan0 speed is unknown, defaulting to 1000
[ 1612.486881][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1612.929734][    T9] usb 6-1: new high-speed USB device number 112 using dummy_hcd
[ 1613.055247][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1613.156392][    T9] usb 6-1: device descriptor read/64, error -71
[ 1613.430585][T13797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1613.699668][    T9] usb 6-1: new high-speed USB device number 113 using dummy_hcd
[ 1613.842847][T26042] syzkaller0: entered promiscuous mode
[ 1613.848564][T26042] syzkaller0: entered allmulticast mode
[ 1613.854735][    T9] usb 6-1: device descriptor read/64, error -71
[ 1613.970117][    T9] usb usb6-port1: attempt power cycle
[ 1614.309558][    T9] usb 6-1: new high-speed USB device number 114 using dummy_hcd
[ 1614.341924][    T9] usb 6-1: device descriptor read/8, error -71
[ 1614.601102][    T9] usb 6-1: new high-speed USB device number 115 using dummy_hcd
[ 1614.604245][T24179] net_ratelimit: 1 callbacks suppressed
[ 1614.604258][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1614.660645][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1614.739834][    T9] usb 6-1: device descriptor read/8, error -71
[ 1614.849755][    T9] usb usb6-port1: unable to enumerate USB device
[ 1615.644146][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1615.790463][ T3518] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1616.064888][   T30] audit: type=1400 audit(2000000980.587:1957): avc:  denied  { connect } for  pid=26072 comm="syz.1.5177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1616.403723][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1616.735149][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1616.752373][   T30] audit: type=1400 audit(2000000981.277:1958): avc:  denied  { append } for  pid=26075 comm="syz.5.5178" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1617.359955][   T30] audit: type=1400 audit(2000000981.807:1959): avc:  denied  { read write } for  pid=26082 comm="syz.1.5179" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1617.425314][   T30] audit: type=1400 audit(2000000981.807:1960): avc:  denied  { open } for  pid=26082 comm="syz.1.5179" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1617.540431][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1617.614580][T26095] binder: 26087:26095 ioctl 4018620d 0 returned -22
[ 1617.857111][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1617.873450][   T30] audit: type=1400 audit(2000000981.807:1961): avc:  denied  { ioctl } for  pid=26082 comm="syz.1.5179" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1618.984209][T24179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1619.422475][T16325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1620.060034][T26134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5190'.
[ 1620.401377][   T29] net_ratelimit: 1 callbacks suppressed
[ 1620.401393][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1620.504541][T26134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5190'.
[ 1620.640940][T13797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1620.686354][T26134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5190'.
[ 1621.479688][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1621.557552][T26155] (syz.9.5194,26155,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1621.567116][T26155] (syz.9.5194,26155,0):ocfs2_fill_super:1177 ERROR: status = -22
[ 1621.972002][T16327] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1622.520137][T24646] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1622.529634][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1622.605204][T26171] binder: 26169:26171 ioctl 4018620d 0 returned -22
[ 1622.724005][T26174] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1622.742093][T26174] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1622.770745][T26174] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1622.784841][T26175] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1623.945057][T26188] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1624.151570][T26203] netlink: 48 bytes leftover after parsing attributes in process `syz.9.5204'.
[ 1625.594672][T24647] net_ratelimit: 38 callbacks suppressed
[ 1625.594703][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1625.775136][   T30] audit: type=1400 audit(2000000990.267:1962): avc:  denied  { accept } for  pid=26220 comm="syz.9.5207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1626.119768][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1626.137424][T26227] SET target dimension over the limit!
[ 1626.231285][ T3518] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1626.506110][T26235] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[ 1626.513572][T26235] cramfs: wrong magic
[ 1626.696345][T26241] syzkaller0: entered promiscuous mode
[ 1626.740825][T26241] syzkaller0: entered allmulticast mode
[ 1627.160079][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1627.379738][T16338] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1627.658330][T26252] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5217'.
[ 1627.669536][T26252] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5217'.
[ 1627.739288][   T30] audit: type=1400 audit(2000000992.257:1963): avc:  denied  { append } for  pid=26249 comm="syz.8.5216" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 1628.492900][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1628.615566][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1629.020139][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880514c3c00: rx timeout, send abort
[ 1629.038039][   T30] audit: type=1400 audit(2000000993.557:1964): avc:  denied  { read } for  pid=5160 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1629.090559][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1629.154636][   T30] audit: type=1400 audit(2000000993.557:1965): avc:  denied  { search } for  pid=5160 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1629.265332][   T30] audit: type=1400 audit(2000000993.557:1966): avc:  denied  { append } for  pid=5160 comm="syslogd" name="messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1629.361985][   T30] audit: type=1400 audit(2000000993.557:1967): avc:  denied  { open } for  pid=5160 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1629.452992][   T30] audit: type=1400 audit(2000000993.557:1968): avc:  denied  { getattr } for  pid=5160 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1629.528384][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880514c3c00: abort rx timeout. Force session deactivation
[ 1629.559792][T18111] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1630.359838][T16338] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1630.600104][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1631.490066][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1631.639960][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1631.649806][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1631.773635][T26293] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[ 1631.780164][T26293] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1631.799794][T26293] vhci_hcd vhci_hcd.0: Device attached
[ 1631.800515][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 150 seconds
[ 1631.817031][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 150 seconds
[ 1631.833116][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 150 seconds
[ 1631.846594][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 150 seconds
[ 1632.059743][T26294] vhci_hcd: connection closed
[ 1632.059947][   T58] vhci_hcd vhci_hcd.8: stop threads
[ 1632.069933][    T9] usb 50-1: SetAddress Request (2) to port 0
[ 1632.076480][    T9] usb 50-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1632.085437][   T58] vhci_hcd vhci_hcd.8: release socket
[ 1632.239529][   T58] vhci_hcd vhci_hcd.8: disconnect device
[ 1632.640104][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1632.681281][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1633.720038][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1633.872581][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1634.550192][T26319] netlink: 'syz.3.5233': attribute type 6 has an invalid length.
[ 1634.708090][ T5873] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1635.167028][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1636.239622][T17644] net_ratelimit: 1 callbacks suppressed
[ 1636.239640][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1636.468835][   T30] audit: type=1800 audit(2000001000.967:1969): pid=26339 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.9.5232" name="bus" dev="overlay" ino=2407 res=0 errno=0
[ 1636.830496][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1636.920009][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 570 seconds
[ 1636.930976][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 570 seconds
[ 1636.942048][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 570 seconds
[ 1636.953119][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 570 seconds
[ 1637.169642][    T9] usb 50-1: device descriptor read/8, error -110
[ 1637.320290][T17644] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1637.460866][T26357] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1637.469684][T26357] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1637.478589][T26357] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1637.772191][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1638.013577][    T9] usb usb50-port1: attempt power cycle
[ 1638.055850][T26351] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1638.065044][T26351] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1638.120563][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1638.875880][    T9] usb usb50-port1: unable to enumerate USB device
[ 1639.331816][T26375] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1639.772320][T12526] lec:lec_start_xmit: lec0:No lecd attached
[ 1641.550870][   T29] net_ratelimit: 10 callbacks suppressed
[ 1641.550886][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.663603][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1642.263388][T26419] syzkaller0: entered promiscuous mode
[ 1642.268866][T26419] syzkaller0: entered allmulticast mode
[ 1642.661879][T26427] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1642.670125][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1643.031435][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1643.235608][T26429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1643.251524][T25178] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1643.296791][T26429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1644.040158][T24647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1644.196188][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1644.595633][T26447] overlayfs: workdir and upperdir must be separate subtrees
[ 1644.973818][   T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1645.255004][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1645.319510][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5550 ms
[ 1645.327531][    C1] lec:lec_tx_timeout: lec0
[ 1645.828164][T26465] syz0: rxe_newlink: already configured on bridge_slave_1
[ 1645.842413][T26465] netlink: 'syz.1.5264': attribute type 2 has an invalid length.
[ 1645.850245][T26465] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5264'.
[ 1646.600826][T16338] net_ratelimit: 1 callbacks suppressed
[ 1646.600842][T16338] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1647.089838][ T5873] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1647.327181][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1647.372839][T26479] netlink: 136 bytes leftover after parsing attributes in process `syz.3.5271'.
[ 1647.608840][T26485] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1647.617132][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1647.788408][T26485] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1647.796877][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1648.337581][T26490] bridge0: port 1(erspan0) entered disabled state
[ 1648.873844][T26490] bridge0: port 3(syz_tun) entered disabled state
[ 1649.086939][T26490] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1649.231254][T26490] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1649.609916][   T58] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1649.621635][   T58] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1649.655585][   T58] netdevsim netdevsim3 eth0: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1649.707129][   T58] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1649.739492][   T58] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1649.856499][   T58] netdevsim netdevsim3 eth1: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1649.894262][   T58] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1649.934453][   T58] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1650.268538][   T58] netdevsim netdevsim3 eth2: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1650.362880][   T58] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1650.371546][   T58] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1650.380083][   T58] netdevsim netdevsim3 eth3: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1650.541948][T26524] comedi comedi1: aio_iiro_16: I/O port conflict (0x4f23,8)
[ 1651.003503][   T30] audit: type=1400 audit(2000001015.527:1970): avc:  denied  { getopt } for  pid=26521 comm="syz.9.5282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1651.577125][T17644] usb 10-1: new full-speed USB device number 40 using dummy_hcd
[ 1651.634813][T26531] bridge1: entered promiscuous mode
[ 1651.640169][T26531] bridge1: entered allmulticast mode
[ 1651.734205][T26534] syzkaller0: entered promiscuous mode
[ 1651.784672][T26534] syzkaller0: entered allmulticast mode
[ 1651.844374][T26535] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1652.007113][T26533] tipc: Resetting bearer <eth:syzkaller0>
[ 1653.057009][T26544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1653.065769][T26544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1654.658448][T26533] tipc: Disabling bearer <eth:syzkaller0>
[ 1654.977105][T26543] wlan0 speed is unknown, defaulting to 1000
[ 1655.605068][T17644] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1655.670738][T17644] usb 10-1: unable to read config index 0 descriptor/start: -71
[ 1655.678412][T17644] usb 10-1: can't read configurations, error -71
[ 1657.095240][   T30] audit: type=1326 audit(2000000003.380:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26562 comm="syz.1.5293" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b0f79c799 code=0x0
[ 1661.943941][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 180 seconds
[ 1661.954932][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 180 seconds
[ 1661.966068][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 180 seconds
[ 1661.977066][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 180 seconds
[ 1662.059820][T26595] orangefs_mount: mount request failed with -4
[ 1663.163230][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1663.172750][ T1295] lec:lec_start_xmit: lec0:No lecd attached
[ 1663.595850][T26627] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1665.731306][   T30] audit: type=1326 audit(2000000012.020:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26636 comm="syz.9.5309" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0da879c799 code=0x0
[ 1666.103789][   T30] audit: type=1400 audit(2000000012.390:1973): avc:  denied  { accept } for  pid=26641 comm="syz.8.5311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1666.331902][T26645] 9p: Bad value for 'rfdno'
[ 1666.699147][T26660] overlayfs: workdir and upperdir must be separate subtrees
[ 1667.006063][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 600 seconds
[ 1667.017705][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 600 seconds
[ 1667.034050][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 600 seconds
[ 1667.045347][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 600 seconds
[ 1668.081809][   T30] audit: type=1400 audit(2000000014.370:1974): avc:  denied  { setopt } for  pid=26671 comm="syz.9.5317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1668.209729][T24647] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1668.279474][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5110 ms
[ 1668.287469][    C1] lec:lec_tx_timeout: lec0
[ 1668.469133][T24647] usb 2-1: Using ep0 maxpacket: 8
[ 1668.501246][T24647] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[ 1668.532486][T24647] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1669.010636][T24647] usb 2-1: Product: syz
[ 1669.014860][T24647] usb 2-1: Manufacturer: syz
[ 1669.032111][T24647] usb 2-1: SerialNumber: syz
[ 1669.069279][T24647] usb 2-1: config 0 descriptor??
[ 1669.165519][T26683] nftables ruleset with unbound chain
[ 1669.291924][T24647] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[ 1669.629750][ T5873] usb 6-1: new high-speed USB device number 116 using dummy_hcd
[ 1669.698425][T26690] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1f
[ 1669.722434][T26674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1669.794663][ T5873] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1669.814211][T26674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1669.830152][ T5873] usb 6-1: config 0 has no interfaces?
[ 1669.852616][ T5873] usb 6-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1669.876106][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1669.907573][ T5873] usb 6-1: Product: syz
[ 1669.925830][T24647] usb write operation failed. (-71)
[ 1669.932234][ T5873] usb 6-1: Manufacturer: syz
[ 1669.946501][T24647] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1669.961363][ T5873] usb 6-1: SerialNumber: syz
[ 1670.054348][ T5873] usb 6-1: config 0 descriptor??
[ 1670.060164][T24647] dvbdev: DVB: registering new adapter (Terratec H7)
[ 1670.079387][T24647] usb 2-1: media controller created
[ 1670.084985][T24647] usb read operation failed. (-71)
[ 1670.090464][T24647] usb write operation failed. (-71)
[ 1670.521480][T24647] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[ 1670.534359][T24647] usb 2-1: USB disconnect, device number 10
[ 1670.543325][T19138] udevd[19138]: setting mode of /dev/bus/usb/002/010 to 020664 failed: No such file or directory
[ 1670.570652][T19138] udevd[19138]: setting owner of /dev/bus/usb/002/010 to uid=0, gid=0 failed: No such file or directory
[ 1670.699030][ T5873] usb 6-1: USB disconnect, device number 116
[ 1670.989860][T26708] overlayfs: workdir and upperdir must be separate subtrees
[ 1672.216079][T26710] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[ 1673.928274][T26726] loop5: detected capacity change from 0 to 7
[ 1674.869503][ T5873] usb 10-1: new high-speed USB device number 42 using dummy_hcd
[ 1674.946060][T26726] Dev loop5: unable to read RDB block 7
[ 1674.964232][T26726]  loop5: unable to read partition table
[ 1675.004911][T26726] loop5: partition table beyond EOD, truncated
[ 1675.039575][T26726] loop_reread_partitions: partition scan of loop5 (���W������ý�*���	���%���4FLQk݊5) failed (rc=-5)
[ 1675.075333][ T5873] usb 10-1: config 0 has no interfaces?
[ 1675.091287][ T5873] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1675.105914][ T5873] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1675.124991][ T5873] usb 10-1: Product: syz
[ 1675.129332][ T5873] usb 10-1: Manufacturer: syz
[ 1675.134651][ T5873] usb 10-1: SerialNumber: syz
[ 1675.156425][ T5873] usb 10-1: config 0 descriptor??
[ 1675.206196][T26747] overlayfs: failed to clone lowerpath
[ 1675.213567][   T30] audit: type=1400 audit(2000000021.500:1975): avc:  denied  { connect } for  pid=26743 comm="syz.8.5336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1675.286770][   T30] audit: type=1400 audit(2000000021.570:1976): avc:  denied  { read } for  pid=26749 comm="syz.5.5334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1675.339720][ T5873] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1675.527405][T26733] blk_print_req_error: 10 callbacks suppressed
[ 1675.527438][T26733] I/O error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[ 1675.544114][T26733] buffer_io_error: 10 callbacks suppressed
[ 1675.544143][T26733] Buffer I/O error on dev loop5, logical block 0, lost async page write
[ 1675.779560][ T5873] usb 2-1: Using ep0 maxpacket: 8
[ 1675.785958][ T5873] usb 2-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1675.794465][ T5873] usb 2-1: config 250 has an invalid interface number: 228 but max is -1
[ 1675.826842][ T5873] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1675.868538][ T5873] usb 2-1: config 250 has no interface number 0
[ 1675.868825][T18111] usb 10-1: USB disconnect, device number 42
[ 1676.349601][ T5873] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1676.375629][ T5873] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1676.416083][ T5873] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has an invalid bInterval 255, changing to 11
[ 1676.481115][ T5873] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 59391, setting to 1024
[ 1677.169687][ T5873] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[ 1677.221984][ T5873] usb 2-1: config 250 interface 228 has no altsetting 0
[ 1677.254487][ T5873] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1677.269069][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1677.293377][ T5873] usb 2-1: Product: syz
[ 1677.313603][ T5873] usb 2-1: SerialNumber: syz
[ 1677.345904][ T5873] hub 2-1:250.228: bad descriptor, ignoring hub
[ 1677.359764][ T5873] hub 2-1:250.228: probe with driver hub failed with error -5
[ 1677.396986][T26763] fuse: Unknown parameter '0x0000000000000003'
[ 1677.969548][   T30] audit: type=1400 audit(2000000024.250:1977): avc:  denied  { bind } for  pid=26765 comm="syz.8.5343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1678.009693][T17644] usb 2-1: USB disconnect, device number 11
[ 1678.691050][T26779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5341'.
[ 1679.697770][T26786] bridge3: entered promiscuous mode
[ 1679.703048][T26786] bridge3: entered allmulticast mode
[ 1680.503252][   T30] audit: type=1400 audit(2000000026.790:1978): avc:  denied  { setattr } for  pid=26792 comm="syz.5.5348" name="secretmem" dev="secretmem" ino=117794 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1680.699611][T26798] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[ 1683.921353][T26825] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5356'.
[ 1685.334722][   T30] audit: type=1400 audit(2000000031.620:1979): avc:  denied  { read open } for  pid=26840 comm="syz.3.5359" path="/" dev="configfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1685.442510][T26843] 9p: Bad value for 'rfdno'
[ 1686.402648][   T30] audit: type=1400 audit(2000000032.690:1980): avc:  denied  { read } for  pid=26850 comm="syz.8.5363" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1686.520362][   T30] audit: type=1400 audit(2000000032.690:1981): avc:  denied  { open } for  pid=26850 comm="syz.8.5363" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1688.239527][ T5873] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[ 1688.390616][ T5873] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1688.432970][ T5873] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1688.453032][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1688.513965][ T5873] usb 6-1: Product: syz
[ 1688.518209][ T5873] usb 6-1: Manufacturer: syz
[ 1688.541141][ T5873] usb 6-1: SerialNumber: syz
[ 1691.696776][ T5873] cdc_ncm 6-1:1.0: bind() failure
[ 1691.812115][ T5873] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 1691.832242][ T5873] cdc_ncm 6-1:1.1: bind() failure
[ 1691.854786][ T5873] usb 6-1: USB disconnect, device number 117
[ 1692.028014][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 210 seconds
[ 1692.039014][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 210 seconds
[ 1692.050500][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 210 seconds
[ 1692.061781][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 210 seconds
[ 1692.898426][T26909] random: crng reseeded on system resumption
[ 1694.580169][T26905] delete_channel: no stack
[ 1694.905146][T26924] binder: 26922:26924 ioctl 4018620d 0 returned -22
[ 1695.053753][   T30] audit: type=1400 audit(2000000041.340:1982): avc:  denied  { create } for  pid=26930 comm="syz.1.5380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[ 1695.128333][   T30] audit: type=1400 audit(2000000041.410:1983): avc:  denied  { getopt } for  pid=26930 comm="syz.1.5380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1695.914032][T26945] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1697.079604][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 630 seconds
[ 1697.093521][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 630 seconds
[ 1697.109533][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 630 seconds
[ 1697.120816][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 630 seconds
[ 1702.693101][   T30] audit: type=1326 audit(2000000048.980:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26996 comm="syz.3.5393" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1c98d9c799 code=0x0
[ 1703.541828][T12526] lec:lec_start_xmit: lec0:No lecd attached
[ 1704.397941][T27028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5399'.
[ 1705.140241][T27036] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5402'.
[ 1705.151202][T27036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5402'.
[ 1706.149623][ T5873] usb 6-1: new full-speed USB device number 118 using dummy_hcd
[ 1707.871285][T27060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1707.880414][T27060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1708.112432][T27058] wlan0 speed is unknown, defaulting to 1000
[ 1709.329444][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5790 ms
[ 1709.337450][    C1] lec:lec_tx_timeout: lec0
[ 1709.574429][ T5873] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1709.615065][ T5873] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1709.879768][ T5873] usb 6-1: can't read configurations, error -71
[ 1712.068796][   T30] audit: type=1400 audit(2000000058.350:1985): avc:  denied  { remount } for  pid=27094 comm="syz.1.5417" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1713.058858][T27113] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1713.279765][T18111] usb 10-1: new high-speed USB device number 43 using dummy_hcd
[ 1713.441970][T18111] usb 10-1: Using ep0 maxpacket: 16
[ 1713.453488][T18111] usb 10-1: config 166 has an invalid interface number: 177 but max is 1
[ 1713.464103][T18111] usb 10-1: config 166 has an invalid interface number: 34 but max is 1
[ 1713.747051][T27115] /dev/nullb0: Can't lookup blockdev
[ 1713.899569][T18111] usb 10-1: config 166 has no interface number 0
[ 1713.905922][T18111] usb 10-1: config 166 has no interface number 1
[ 1713.925849][T18111] usb 10-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1713.939636][T18111] usb 10-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1713.960923][T18111] usb 10-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[ 1713.972006][T18111] usb 10-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1713.989663][T18111] usb 10-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[ 1714.004534][T18111] usb 10-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[ 1714.017193][T18111] usb 10-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1714.108283][T18111] usb 10-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1714.227029][ T5873] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1714.252128][T27124] overlayfs: overlapping lowerdir path
[ 1715.082830][T18111] usb 10-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[ 1715.096080][T18111] usb 10-1: config 166 interface 177 has no altsetting 0
[ 1715.103130][T18111] usb 10-1: config 166 interface 34 has no altsetting 0
[ 1715.504874][T18111] usb 10-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[ 1715.532476][T18111] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1715.610415][T18111] usb 10-1: Product: syz
[ 1715.614979][T18111] usb 10-1: Manufacturer: syz
[ 1715.617071][ T5873] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1715.619840][T18111] usb 10-1: SerialNumber: syz
[ 1715.652788][ T5873] usb 2-1: config 0 has no interfaces?
[ 1715.666491][ T5873] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1715.686119][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1715.737366][ T5873] usb 2-1: config 0 descriptor??
[ 1715.833598][T18111] ums-realtek 10-1:166.177: USB Mass Storage device detected
[ 1715.845504][T27132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1715.856622][T27132] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1715.865541][T27132] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1715.892504][T27132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1715.922068][T27132] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1716.143645][T18111] ums-realtek 10-1:166.34: USB Mass Storage device detected
[ 1716.262979][ T5821] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1716.288922][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1716.298178][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1716.322715][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1716.335829][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1716.533667][T18111] ums-realtek 10-1:166.34: probe with driver ums-realtek failed with error -5
[ 1716.929122][T18111] uvcvideo 10-1:166.34: Found UVC 0.00 device syz (0bda:0138)
[ 1716.940737][T18111] uvcvideo 10-1:166.34: No valid video chain found.
[ 1716.955940][T18111] usb 10-1: USB disconnect, device number 43
[ 1717.098188][T27129] wlan0 speed is unknown, defaulting to 1000
[ 1718.319947][T18111] usb 2-1: USB disconnect, device number 12
[ 1718.359710][ T5821] Bluetooth: hci0: command tx timeout
[ 1718.654095][T27129] chnl_net:caif_netlink_parms(): no params data found
[ 1719.267358][T27129] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1719.274846][T27129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1719.283159][T27129] bridge_slave_0: entered allmulticast mode
[ 1719.290503][T27129] bridge_slave_0: entered promiscuous mode
[ 1719.297752][T27129] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1719.434970][T27129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1719.486655][T27129] bridge_slave_1: entered allmulticast mode
[ 1719.772536][T27129] bridge_slave_1: entered promiscuous mode
[ 1719.934518][T27129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1719.974028][T27129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1720.188865][T27188] overlayfs: unescaped trailing colons in lowerdir mount option.
[ 1720.347803][T27190] /dev/nullb0: Can't lookup blockdev
[ 1720.574954][ T5821] Bluetooth: hci0: command tx timeout
[ 1721.253818][T27129] team0: Port device team_slave_0 added
[ 1721.354495][T27129] team0: Port device team_slave_1 added
[ 1722.161330][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 240 seconds
[ 1722.172215][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 240 seconds
[ 1722.183163][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 240 seconds
[ 1722.194108][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 240 seconds
[ 1722.319965][T27129] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1722.343296][T27129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1722.467754][T27129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1722.509853][T27129] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1722.516806][T27129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1722.560625][T27129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1722.600397][ T5821] Bluetooth: hci0: command tx timeout
[ 1722.670635][T27129] hsr_slave_0: entered promiscuous mode
[ 1722.692241][T27129] hsr_slave_1: entered promiscuous mode
[ 1722.707304][T27129] debugfs: 'hsr0' already exists in 'hsr'
[ 1722.724869][T27129] Cannot create hsr debugfs directory
[ 1722.830225][   T29] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 1722.989466][   T29] usb 6-1: Using ep0 maxpacket: 16
[ 1723.084736][T27209] trusted_key: encrypted_key: insufficient parameters specified
[ 1723.389207][T27215] overlayfs: failed to clone upperpath
[ 1724.302519][T27226] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=27226 comm=syz.3.5438
[ 1724.679949][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1724.688417][ T1295] lec:lec_start_xmit: lec0:No lecd attached
[ 1724.689496][ T5821] Bluetooth: hci0: command tx timeout
[ 1724.985908][   T30] audit: type=1400 audit(2000000071.270:1986): avc:  denied  { lock } for  pid=27237 comm="syz.1.5440" path="socket:[119316]" dev="sockfs" ino=119316 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1725.043955][T27238] openvswitch: netlink: Invalid VLAN frame
[ 1725.164736][   T29] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1725.213420][   T29] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1725.221144][   T29] usb 6-1: can't read configurations, error -71
[ 1726.186155][T27255] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[ 1726.679008][   T30] audit: type=1400 audit(2000000072.930:1987): avc:  denied  { map } for  pid=27258 comm="syz.9.5444" path="socket:[119368]" dev="sockfs" ino=119368 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1727.388959][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 660 seconds
[ 1727.400190][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 660 seconds
[ 1727.411243][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 660 seconds
[ 1727.422323][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 660 seconds
[ 1727.481450][T27129] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1727.503139][T27129] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1727.822505][T27129] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1727.840664][T27129] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1727.932484][   T30] audit: type=1400 audit(2000000074.220:1988): avc:  denied  { getopt } for  pid=27256 comm="syz.3.5443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1728.238104][T27129] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1728.300716][T27129] 8021q: adding VLAN 0 to HW filter on device team0
[ 1728.504757][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1728.511836][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1728.675500][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1728.682615][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1728.796985][T27129] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1728.849868][T27129] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1729.462688][T27129] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1729.593025][T27129] veth0_vlan: entered promiscuous mode
[ 1730.228381][T27129] veth1_vlan: entered promiscuous mode
[ 1730.279451][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5590 ms
[ 1730.287492][    C1] lec:lec_tx_timeout: lec0
[ 1730.354541][T27129] veth0_macvtap: entered promiscuous mode
[ 1730.405968][T27323] 8021q: adding VLAN 0 to HW filter on device batadv2
[ 1730.414643][T27323] batadv2: entered allmulticast mode
[ 1730.501817][T27323] team0: Port device batadv2 added
[ 1730.537913][T27129] veth1_macvtap: entered promiscuous mode
[ 1730.661820][T27129] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1731.184322][T27129] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1731.575810][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1731.693427][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1731.908389][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1731.917160][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1732.255557][T16325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1732.286882][T16325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1732.401374][T25178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1732.425867][T25178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1734.712485][T27390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5457'.
[ 1736.087261][T27402] rdma_rxe: rxe_newlink: failed to add lo
[ 1736.095401][T27402] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[ 1737.049172][T27427] tmpfs: Bad value for 'nr_blocks'
[ 1737.836441][T27434] netlink: 'syz.3.5466': attribute type 1 has an invalid length.
[ 1738.081100][T27443] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5466'.
[ 1738.244191][T27441] bond4: (slave bridge4): Enslaving as a backup interface with an up link
[ 1738.264768][T16327] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1738.295161][T27443] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1738.431004][T16327] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1738.965635][T27464] x_tables: ip6_tables: mh match: only valid for protocol 135
[ 1739.846995][T27477] overlayfs: overlapping lowerdir path
[ 1742.409732][   T29] usb 10-1: new high-speed USB device number 44 using dummy_hcd
[ 1742.639610][   T29] usb 10-1: Using ep0 maxpacket: 16
[ 1742.661032][   T29] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1742.754108][   T29] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1742.812251][   T29] usb 10-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1742.865882][   T29] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1742.936931][   T29] usb 10-1: Product: syz
[ 1742.968506][   T29] usb 10-1: Manufacturer: syz
[ 1743.014985][   T29] usb 10-1: SerialNumber: syz
[ 1743.055300][   T29] r8152-cfgselector 10-1: Unknown version 0x0000
[ 1743.085245][   T29] r8152-cfgselector 10-1: config 0 descriptor??
[ 1744.360867][T27549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5482'.
[ 1744.486955][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805d270000: rx timeout, send abort
[ 1744.995226][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805d270000: abort rx timeout. Force session deactivation
[ 1746.094100][ T5873] r8152-cfgselector 10-1: USB disconnect, device number 44
[ 1747.971441][T27633] overlayfs: overlapping lowerdir path
[ 1750.186779][T27658] openvswitch: netlink: IP tunnel TTL not specified.
[ 1751.536792][   T30] audit: type=1400 audit(2000000097.820:1989): avc:  denied  { getopt } for  pid=27667 comm="syz.5.5496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1753.557847][T18797] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 270 seconds
[ 1753.568885][T18797] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 270 seconds
[ 1753.586931][T18797] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 270 seconds
[ 1753.598451][T18797] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 270 seconds
[ 1755.599523][   T29] usb 10-1: new high-speed USB device number 45 using dummy_hcd
[ 1755.785419][   T29] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1755.804776][   T29] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1755.821451][   T29] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1755.835704][   T29] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1755.885510][   T29] usb 10-1: config 0 descriptor??
[ 1758.000124][T18797] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 690 seconds
[ 1758.010995][T18797] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 690 seconds
[ 1758.021988][T18797] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 690 seconds
[ 1758.033129][T18797] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 690 seconds
[ 1758.613176][ T5873] usb 10-1: USB disconnect, device number 45
[ 1762.012501][T27751] Failed to initialize the IGMP autojoin socket (err -2)
[ 1764.330611][   T30] audit: type=1400 audit(2000000878.616:1990): avc:  denied  { append } for  pid=27747 comm="syz.5.5515" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1767.578303][T27782] overlayfs: overlapping lowerdir path
[ 1767.837417][T12526] lec:lec_start_xmit: lec0:No lecd attached
[ 1768.027356][T27807] binder: 27803:27807 ioctl 4018620d 0 returned -22
[ 1772.120526][T27840] wireguard: wg0: Could not create IPv4 socket
[ 1772.891861][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5310 ms
[ 1772.899902][    C1] lec:lec_tx_timeout: lec0
[ 1774.149758][T27855] wireguard: wg0: Could not create IPv4 socket
[ 1776.955323][T27877] overlayfs: workdir and upperdir must be separate subtrees
[ 1780.484826][   T30] audit: type=1326 audit(2000000895.572:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.519807][   T30] audit: type=1326 audit(2000000895.572:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.519856][   T30] audit: type=1326 audit(2000000895.604:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.519897][   T30] audit: type=1326 audit(2000000895.604:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.519935][   T30] audit: type=1326 audit(2000000895.604:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.519973][   T30] audit: type=1326 audit(2000000895.604:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.520012][   T30] audit: type=1326 audit(2000000895.604:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.520047][   T30] audit: type=1326 audit(2000000895.604:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.520087][   T30] audit: type=1326 audit(2000000895.604:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1780.520126][   T30] audit: type=1326 audit(2000000895.604:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27899 comm="syz.5.5545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c1f39c799 code=0x7ffc0000
[ 1781.772810][T27918] wireguard: wg0: Could not create IPv4 socket
[ 1783.973791][T27722] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 300 seconds
[ 1783.973829][T27722] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 300 seconds
[ 1783.973852][T27722] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 300 seconds
[ 1783.973875][T27722] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 300 seconds
[ 1785.093569][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1785.097247][ T1295] lec:lec_start_xmit: lec0:No lecd attached
[ 1787.764632][T27722] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 720 seconds
[ 1787.764669][T27722] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 720 seconds
[ 1787.764690][T27722] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 720 seconds
[ 1787.764712][T27722] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 720 seconds
[ 1788.889624][T27967] binder: 27964:27967 ioctl 4018620d 0 returned -22
[ 1790.036276][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5190 ms
[ 1790.044290][    C1] lec:lec_tx_timeout: lec0
[ 1794.067281][T27132] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1794.208089][T27132] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1794.228949][T27132] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1794.243409][T27132] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1794.251289][T27132] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1794.718385][T28013] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1794.754518][T28010] Failed to initialize the IGMP autojoin socket (err -2)
[ 1795.211394][T28021] overlayfs: overlapping lowerdir path
[ 1795.698944][T28010] chnl_net:caif_netlink_parms(): no params data found
[ 1796.651987][T28038] wireguard: wg0: Could not create IPv4 socket
[ 1796.666037][T27132] Bluetooth: hci6: command tx timeout
[ 1796.887290][T28010] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1796.921476][T28010] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1796.939995][T28010] bridge_slave_0: entered allmulticast mode
[ 1797.095551][T28010] bridge_slave_0: entered promiscuous mode
[ 1797.221230][T28050] overlayfs: overlapping lowerdir path
[ 1798.350169][T28010] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1798.376338][T28010] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1798.564509][T28010] bridge_slave_1: entered allmulticast mode
[ 1798.676914][T27132] Bluetooth: hci6: command tx timeout
[ 1798.713142][T28010] bridge_slave_1: entered promiscuous mode
[ 1799.142587][T28010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1799.300834][T28072] overlayfs: overlapping lowerdir path
[ 1800.153102][T16325] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1800.334398][T28073] overlayfs: failed to clone lowerpath
[ 1800.397355][T16325] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1800.411673][T16325] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1800.629278][T27132] Bluetooth: hci6: command tx timeout
[ 1800.695797][T28010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1800.790054][T28080] overlayfs: overlapping lowerdir path
[ 1801.197205][T28010] smc: adding net device veth1_to_team with user defined pnetid ����
[ 1801.874451][T28010] team0: Port device team_slave_0 added
[ 1802.015112][T16325] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1802.037206][T16325] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1802.060985][T16325] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1802.494432][T28101] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer.
[ 1802.626943][T27132] Bluetooth: hci6: command tx timeout
[ 1802.713754][T28010] team0: Port device team_slave_1 added
[ 1803.219659][T16325] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1803.241627][T16325] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1803.272158][T16325] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1803.356144][T28010] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1803.376625][T28010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1803.666702][T28010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1803.703348][T28010] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1803.722801][T28010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1803.843429][T28010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1804.012388][T16325] netdevsim netdevsim5 netdevsim0 (unregistering): left allmulticast mode
[ 1804.975201][T28132] overlayfs: overlapping lowerdir path
[ 1805.717027][T28010] hsr_slave_0: entered promiscuous mode
[ 1805.850208][T28010] hsr_slave_1: entered promiscuous mode
[ 1805.882777][T28010] debugfs: 'hsr0' already exists in 'hsr'
[ 1805.907511][T28010] Cannot create hsr debugfs directory
[ 1806.204093][T16325] erspan0: left allmulticast mode
[ 1806.223641][T16325] erspan0: left promiscuous mode
[ 1806.260398][T16325] bridge0: port 3(erspan0) entered disabled state
[ 1806.285967][T16325] bridge_slave_1: left allmulticast mode
[ 1806.292616][T16325] bridge_slave_1: left promiscuous mode
[ 1806.306029][T16325] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1806.394608][T16325] bridge_slave_0: left allmulticast mode
[ 1806.507497][T16325] bridge_slave_0: left promiscuous mode
[ 1806.513267][T16325] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1806.639044][T28147] overlayfs: overlapping lowerdir path
[ 1807.050813][T16325] bond_slave_0: left promiscuous mode
[ 1807.078083][T16325] bond_slave_1: left promiscuous mode
[ 1808.263759][T16325] bond1 (unregistering): (slave macvlan2): Removing an active aggregator
[ 1808.307929][T16325] bond1 (unregistering): (slave macvlan2): Releasing backup interface
[ 1808.394646][T16325] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1808.449591][T16325] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1808.492855][T16325] bond0 (unregistering): Released all slaves
[ 1808.540123][T16325] bond1 (unregistering): Released all slaves
[ 1808.658387][T28146] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1808.815069][T16325] !: left promiscuous mode
[ 1809.621390][T16325] tipc: Disabling bearer <eth:syzkaller0>
[ 1809.636102][T16325] tipc: Left network mode
[ 1809.680560][T28010] smc: adding net device geneve1 with user defined pnetid SYZ2
[ 1809.838824][T16325] IPVS: stopping master sync thread 24706 ...
[ 1809.942923][T28172] overlayfs: failed to clone lowerpath
[ 1809.953387][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1809.953401][   T30] audit: type=1400 audit(2000000926.492:2009): avc:  denied  { mount } for  pid=28168 comm="syz.3.5597" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1812.883332][T16325] hsr_slave_0: left promiscuous mode
[ 1812.890300][T16325] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1812.911362][T16325] batadv0: mtu less than device minimum
[ 1812.924371][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1812.935608][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1812.946406][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1812.957205][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1812.967994][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1812.978783][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1812.989575][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1813.000367][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1813.011153][T16325] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1813.047602][T16325] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1813.048130][T27722] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 330 seconds
[ 1813.068373][T27722] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 330 seconds
[ 1813.079672][T27722] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 330 seconds
[ 1813.091438][T27722] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 330 seconds
[ 1813.103052][T16325] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1813.122889][T16325] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1813.130525][T16325] batman_adv: batadv0: Interface deactivated: dummy0
[ 1813.138086][T16325] batman_adv: batadv0: Removing interface: dummy0
[ 1813.186158][T16325] veth1_macvtap: left promiscuous mode
[ 1813.201014][T16325] veth1_vlan: left promiscuous mode
[ 1813.206320][T16325] veth0_vlan: left promiscuous mode
[ 1813.427601][T16325] pim6reg99999999 (unregistering): left allmulticast mode
[ 1814.147804][T16325] team0 (unregistering): Port device team_slave_1 removed
[ 1814.198932][T16325] team0 (unregistering): Port device team_slave_0 removed
[ 1814.444505][T28208] tipc: Started in network mode
[ 1814.451650][T28208] tipc: Node identity 7f000001, cluster identity 4711
[ 1814.459863][T28208] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1814.582008][T28010] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 1815.131164][T28219] overlayfs: overlapping lowerdir path
[ 1815.492474][T28010] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 1815.520936][T28010] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 1815.556275][T28010] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 1815.846188][T16325] IPVS: stop unused estimator thread 0...
[ 1816.470956][T28010] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1816.644732][T28010] 8021q: adding VLAN 0 to HW filter on device team0
[ 1816.705676][T27722] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 750 seconds
[ 1816.716576][T27722] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 750 seconds
[ 1816.728284][T27722] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 750 seconds
[ 1816.739649][T27722] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 750 seconds
[ 1816.959223][T16327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1816.966306][T16327] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1817.048352][T28242] overlayfs: overlapping lowerdir path
[ 1817.588465][T16327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1817.595539][T16327] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1818.381811][T28250] bridge0: port 3(erspan0) entered blocking state
[ 1818.504406][T28250] bridge0: port 3(erspan0) entered disabled state
[ 1818.615514][T28250] erspan0: entered allmulticast mode
[ 1819.959372][T28250] erspan0: entered promiscuous mode
[ 1820.218656][T28250] bridge0: port 3(erspan0) entered blocking state
[ 1820.225116][T28250] bridge0: port 3(erspan0) entered forwarding state
[ 1820.469606][T28010] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1821.741506][T28315] overlayfs: overlapping lowerdir path
[ 1821.825564][T28316] netlink: 32 bytes leftover after parsing attributes in process `syz.9.5617'.
[ 1822.219520][T28010] veth0_vlan: entered promiscuous mode
[ 1822.331775][T28010] veth1_vlan: entered promiscuous mode
[ 1822.609055][T28010] veth0_macvtap: entered promiscuous mode
[ 1822.686603][T28010] veth1_macvtap: entered promiscuous mode
[ 1822.979667][T28010] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1823.153314][T28010] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1823.517696][T28010] net_ratelimit: 30 callbacks suppressed
[ 1823.517713][T28010] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1823.659427][T28010] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1823.719143][T28010] wireguard: wg0: Could not create IPv4 socket
[ 1823.809908][T28010] wireguard: wg1: Could not create IPv4 socket
[ 1823.856434][T28010] wireguard: wg2: Could not create IPv4 socket
[ 1825.848190][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1825.868568][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1825.877948][ T5821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1825.886043][ T5821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1825.894188][ T5821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1825.933552][T28374] Failed to initialize the IGMP autojoin socket (err -2)
[ 1825.954295][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1826.115282][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1826.214834][    T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1826.256204][    T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1826.324926][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1826.391957][    T9] usb 2-1: config 0 descriptor??
[ 1826.745640][    T9] usb 2-1: USB disconnect, device number 13
[ 1827.840549][ T5821] Bluetooth: hci3: command tx timeout
[ 1829.823766][ T5821] Bluetooth: hci3: command tx timeout
[ 1830.226778][T28374] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 1830.986517][T28374] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 1831.057789][T28374] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 1832.030975][ T5821] Bluetooth: hci3: command tx timeout
[ 1832.085407][T28374] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 1832.624895][T28449] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1833.861996][T28374] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1834.008658][T27132] Bluetooth: hci3: command tx timeout
[ 1834.058029][T28374] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1834.173572][T28374] wireguard: wg0: Could not create IPv4 socket
[ 1834.228266][T28374] wireguard: wg1: Could not create IPv4 socket
[ 1834.265635][T28374] wireguard: wg2: Could not create IPv4 socket
[ 1836.281822][T28509] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5638'.
[ 1836.295017][T28378] Bluetooth: hci0: command 0x0406 tx timeout
[ 1838.106807][T28531] overlayfs: overlapping lowerdir path
[ 1838.245600][T28531] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5642'.
[ 1838.710106][T28533] overlayfs: failed to clone lowerpath
[ 1839.176371][T28532] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5645'.
[ 1841.694327][T28566] netlink: 32 bytes leftover after parsing attributes in process `syz.9.5650'.
[ 1841.739371][T27722] block nbd2: Possible stuck request ffff888027818000: control (read@0,1024B). Runtime 360 seconds
[ 1841.750735][T27722] block nbd2: Possible stuck request ffff888027818200: control (read@1024,1024B). Runtime 360 seconds
[ 1841.763606][T27722] block nbd2: Possible stuck request ffff888027818400: control (read@2048,1024B). Runtime 360 seconds
[ 1841.777068][T27722] block nbd2: Possible stuck request ffff888027818600: control (read@3072,1024B). Runtime 360 seconds
[ 1842.261435][T28573] overlayfs: overlapping lowerdir path
[ 1842.344841][T28574] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5652'.
[ 1843.543195][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1843.551271][ T1295] lec:lec_start_xmit: lec0:No lecd attached
[ 1844.218650][T28599] Failed to initialize the IGMP autojoin socket (err -2)
[ 1844.753192][T27132] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1844.763614][T27132] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1844.771722][T27132] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1844.779491][T27132] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1844.795800][T27132] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1845.430727][T27722] block nbd0: Possible stuck request ffff888027398000: control (read@0,1024B). Runtime 780 seconds
[ 1845.441556][T27722] block nbd0: Possible stuck request ffff888027398200: control (read@1024,1024B). Runtime 780 seconds
[ 1845.452679][T27722] block nbd0: Possible stuck request ffff888027398400: control (read@2048,1024B). Runtime 780 seconds
[ 1845.463944][T27722] block nbd0: Possible stuck request ffff888027398600: control (read@3072,1024B). Runtime 780 seconds
[ 1845.555532][T28614] Failed to initialize the IGMP autojoin socket (err -2)
[ 1846.890457][ T5821] Bluetooth: hci3: command tx timeout
[ 1847.557434][T28664] overlayfs: overlapping lowerdir path
[ 1848.863839][ T5821] Bluetooth: hci3: command tx timeout
[ 1848.954140][T28614] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 1849.092382][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[ 1849.100383][    C1] lec:lec_tx_timeout: lec0
[ 1849.105027][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1849.204673][T28614] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 1849.438277][T28614] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 1849.532334][T28614] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 1849.550676][T28696] Failed to initialize the IGMP autojoin socket (err -2)
[ 1850.717673][T28723] overlayfs: overlapping lowerdir path
[ 1850.799812][T28724] netlink: 32 bytes leftover after parsing attributes in process `syz.9.5669'.
[ 1850.873370][ T5821] Bluetooth: hci3: command tx timeout
[ 1853.561559][ T5821] Bluetooth: hci3: command tx timeout
[ 1853.874227][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1853.882231][    C1] lec:lec_tx_timeout: lec0
[ 1854.609128][   T31] INFO: task syz.8.5389:26968 blocked for more than 144 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1854.665778][   T31]       Tainted: G             L      syzkaller #0
[ 1854.674040][   T30] audit: type=1400 audit(2000000972.460:2010): avc:  denied  { write } for  pid=5790 comm="syz-executor" path="pipe:[4724]" dev="pipefs" ino=4724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1855.693948][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1855.702642][   T31] task:syz.8.5389      state:D stack:28136 pid:26968 tgid:26965 ppid:17192  task_flags:0x400140 flags:0x00080002
[ 1856.084201][   T31] Call Trace:
[ 1856.087513][   T31]  <TASK>
[ 1856.090444][   T31]  __schedule+0xfee/0x6120
[ 1856.122305][   T31]  ? __lock_acquire+0x4a5/0x2630
[ 1856.127287][   T31]  ? __pfx___schedule+0x10/0x10
[ 1856.146267][   T31]  ? find_held_lock+0x2b/0x80
[ 1856.160384][   T31]  ? schedule+0x2bf/0x390
[ 1856.164731][   T31]  schedule+0xdd/0x390
[ 1856.168802][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1856.188873][   T31]  __mutex_lock+0xc9a/0x1b90
[ 1856.193480][   T31]  ? sync_bdevs+0x153/0x480
[ 1856.197993][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1856.217641][   T31]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1856.223300][   T31]  ? iput.part.0+0x1a0/0xf50
[ 1856.236749][   T31]  ? sync_bdevs+0x153/0x480
[ 1856.241261][   T31]  sync_bdevs+0x153/0x480
[ 1856.245592][   T31]  ksys_sync+0xb0/0xf0
[ 1856.265170][   T31]  ? __pfx_ksys_sync+0x10/0x10
[ 1856.269949][   T31]  ? do_syscall_64+0x95/0xf80
[ 1856.274634][   T31]  __do_sys_sync+0xe/0x20
[ 1856.288327][   T31]  do_syscall_64+0x106/0xf80
[ 1856.292915][   T31]  ? clear_bhb_loop+0x40/0x90
[ 1856.312862][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1856.318766][   T31] RIP: 0033:0x7f88d059c799
[ 1856.331799][   T31] RSP: 002b:00007f88ce7b4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1856.340217][   T31] RAX: ffffffffffffffda RBX: 00007f88d0816180 RCX: 00007f88d059c799
[ 1856.360659][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1856.368635][   T31] RBP: 00007f88d0816180 R08: 0000000000000000 R09: 0000000000000000
[ 1856.408235][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1856.416215][   T31] R13: 00007f88d0816218 R14: 00007f88d0816180 R15: 00007fffa6a09fa8
[ 1856.465217][   T31]  </TASK>
[ 1856.468317][   T31] 
[ 1856.468317][   T31] Showing all locks held in the system:
[ 1856.522373][   T31] 1 lock held by khungtaskd/31:
[ 1856.527234][   T31]  #0: ffffffff8e7e75a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[ 1856.642085][   T31] 2 locks held by getty/5563:
[ 1856.658542][   T31]  #0: ffff8880339c00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1856.674709][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500
[ 1856.709348][   T31] 2 locks held by syz-executor/5803:
[ 1856.732005][   T31] 2 locks held by kworker/u8:12/16325:
[ 1856.737462][   T31]  #0: ffff88801f726148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[ 1856.789125][   T31]  #1: ffffc90003da7d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[ 1856.835963][   T31] 1 lock held by udevd/17265:
[ 1856.846022][   T31]  #0: ffff8880272b6358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[ 1856.855362][   T31] 2 locks held by kworker/0:3/17734:
[ 1856.903453][   T31]  #0: ffff88813fe67148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[ 1856.932137][   T31]  #1: ffffc90005fffd08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[ 1856.960589][   T31] 3 locks held by kworker/1:8/18111:
[ 1856.966102][   T31]  #0: ffff88813fe67148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[ 1857.008821][   T31]  #1: ffffc900050c7d08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[ 1857.021161][   T31]  #2: ffff88802b25e240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0
[ 1857.031418][   T31] 1 lock held by udevd/20955:
[ 1857.036087][   T31]  #0: ffff88802734e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[ 1857.045558][   T31] 1 lock held by syz.8.5389/26968:
[ 1857.052490][   T31]  #0: ffff88802734e358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[ 1857.062354][   T31] 4 locks held by syz-executor/28614:
[ 1857.067815][   T31]  #0: ffff8880514d0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0
[ 1857.077433][   T31]  #1: ffff8880514d00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240
[ 1857.087489][   T31]  #2: ffffffff908a9448 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280
[ 1857.097537][   T31]  #3: ffff88805969a2f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770
[ 1857.107167][   T31] 1 lock held by syz.3.5665/28683:
[ 1857.112271][   T31]  #0: ffffffff906110a8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220
[ 1857.122073][   T31] 1 lock held by syz.9.5666/28684:
[ 1857.127179][   T31]  #0: ffffffff8e7f31b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[ 1857.137876][   T31] 1 lock held by syz.2.5672/28747:
[ 1857.143571][   T31]  #0: ffffffff8e7f31b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[ 1857.153835][   T31] 5 locks held by dhcpcd-run-hook/28783:
[ 1857.159989][   T31] 
[ 1857.163009][   T31] =============================================
[ 1857.163009][   T31] 
[ 1857.171746][   T31] NMI backtrace for cpu 1
[ 1857.171761][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1857.171785][   T31] Tainted: [L]=SOFTLOCKUP
[ 1857.171791][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1857.171801][   T31] Call Trace:
[ 1857.171807][   T31]  <TASK>
[ 1857.171815][   T31]  dump_stack_lvl+0x100/0x190
[ 1857.171846][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[ 1857.171866][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1857.171895][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[ 1857.171927][   T31]  sys_info+0x141/0x190
[ 1857.171951][   T31]  watchdog+0xd25/0x1050
[ 1857.171982][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1857.172007][   T31]  ? __kthread_parkme+0x18c/0x230
[ 1857.172035][   T31]  ? kthread+0x13a/0x450
[ 1857.172051][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1857.172072][   T31]  kthread+0x370/0x450
[ 1857.172088][   T31]  ? __pfx_kthread+0x10/0x10
[ 1857.172106][   T31]  ret_from_fork+0x754/0xd80
[ 1857.172125][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1857.172145][   T31]  ? __switch_to+0x7b4/0x1120
[ 1857.172167][   T31]  ? __pfx_kthread+0x10/0x10
[ 1857.172186][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1857.172220][   T31]  </TASK>
[ 1857.172227][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1857.297552][    C0] NMI backtrace for cpu 0
[ 1857.297568][    C0] CPU: 0 UID: 0 PID: 28783 Comm: sed Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1857.297588][    C0] Tainted: [L]=SOFTLOCKUP
[ 1857.297594][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1857.297602][    C0] RIP: 0010:unwind_next_frame+0x4d6/0x1ea0
[ 1857.297623][    C0] Code: e8 6f f3 ff ff 48 89 c1 48 85 c0 0f 84 2d 0b 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 <4c> 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 bd 13 00 00 0f b6 41 05
[ 1857.297636][    C0] RSP: 0018:ffffc900067c6aa0 EFLAGS: 00000a06
[ 1857.297649][    C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff922c2b84
[ 1857.297658][    C0] RDX: 1ffffffff2458571 RSI: 0000000000000000 RDI: ffffffff91698834
[ 1857.297667][    C0] RBP: ffffc900067c6b58 R08: ffffffff922c2b8a R09: 0000000000000007
[ 1857.297676][    C0] R10: 0000000000000200 R11: 00000000000a89d0 R12: ffffc900067c6b60
[ 1857.297685][    C0] R13: ffffc900067c6b10 R14: ffffc900067c6b45 R15: ffffffff922c2b89
[ 1857.297694][    C0] FS:  0000000000000000(0000) GS:ffff888124345000(0000) knlGS:0000000000000000
[ 1857.297708][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1857.297718][    C0] CR2: 00007f83ec80efe8 CR3: 0000000066b85000 CR4: 00000000003526f0
[ 1857.297727][    C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[ 1857.297735][    C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1857.297744][    C0] Call Trace:
[ 1857.297749][    C0]  <TASK>
[ 1857.297755][    C0]  ? mas_wr_store_entry+0xf07/0x2390
[ 1857.297775][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1857.297794][    C0]  arch_stack_walk+0x94/0xf0
[ 1857.297812][    C0]  ? mas_wr_store_entry+0xf07/0x2390
[ 1857.297832][    C0]  stack_trace_save+0x8e/0xc0
[ 1857.297849][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1857.297867][    C0]  ? __lock_acquire+0x4a5/0x2630
[ 1857.297887][    C0]  kasan_save_stack+0x30/0x50
[ 1857.297905][    C0]  ? kasan_save_stack+0x30/0x50
[ 1857.297922][    C0]  ? kasan_record_aux_stack+0xa7/0xc0
[ 1857.297938][    C0]  ? __call_rcu_common.constprop.0+0xa5/0x9b0
[ 1857.297959][    C0]  ? __kfree_rcu_sheaf+0x329/0x720
[ 1857.297979][    C0]  ? kvfree_call_rcu+0x1b6/0x4f0
[ 1857.297995][    C0]  ? ma_free_rcu+0x40/0x60
[ 1857.298008][    C0]  ? mas_wr_node_store+0xdce/0x13b0
[ 1857.298024][    C0]  ? mas_wr_store_entry+0xf07/0x2390
[ 1857.298055][    C0]  kasan_record_aux_stack+0xa7/0xc0
[ 1857.298070][    C0]  ? __pfx_rcu_free_sheaf+0x10/0x10
[ 1857.298087][    C0]  __call_rcu_common.constprop.0+0xa5/0x9b0
[ 1857.298114][    C0]  __kfree_rcu_sheaf+0x329/0x720
[ 1857.298134][    C0]  kvfree_call_rcu+0x1b6/0x4f0
[ 1857.298150][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1857.298169][    C0]  ma_free_rcu+0x40/0x60
[ 1857.298182][    C0]  mas_wr_node_store+0xdce/0x13b0
[ 1857.298201][    C0]  ? __pfx_mas_wr_node_store+0x10/0x10
[ 1857.298217][    C0]  ? vm_mmap_pgoff+0x29e/0x470
[ 1857.298239][    C0]  ? __lock_acquire+0x4a5/0x2630
[ 1857.298261][    C0]  mas_wr_store_entry+0xf07/0x2390
[ 1857.298280][    C0]  ? trace_ma_write+0x7d/0x230
[ 1857.298295][    C0]  mas_store_prealloc+0x6e5/0xfb0
[ 1857.298315][    C0]  ? __pfx_mas_store_prealloc+0x10/0x10
[ 1857.298336][    C0]  ? __vma_link_file+0x194/0x220
[ 1857.298352][    C0]  ? vma_iter_store_overwrite+0x392/0x650
[ 1857.298371][    C0]  vma_complete+0x9f4/0xf70
[ 1857.298389][    C0]  __split_vma+0xa4b/0xd90
[ 1857.298407][    C0]  ? __pfx___split_vma+0x10/0x10
[ 1857.298425][    C0]  ? __pfx_mas_prev+0x10/0x10
[ 1857.298444][    C0]  vms_gather_munmap_vmas+0x39f/0x1500
[ 1857.298464][    C0]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[ 1857.298482][    C0]  ? mas_walk+0x6ef/0x9b0
[ 1857.298500][    C0]  __mmap_region+0x492/0x29e0
[ 1857.298518][    C0]  ? mas_ascend+0x53d/0xb30
[ 1857.298532][    C0]  ? __pfx___mmap_region+0x10/0x10
[ 1857.298549][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1857.298568][    C0]  ? mas_next_node+0x7f8/0xf30
[ 1857.298588][    C0]  ? __pfx_mt_validate_nulls+0x10/0x10
[ 1857.298607][    C0]  ? mas_ascend+0x53d/0xb30
[ 1857.298623][    C0]  ? __lock_acquire+0x4a5/0x2630
[ 1857.298647][    C0]  ? find_held_lock+0x2b/0x80
[ 1857.298663][    C0]  ? avc_has_perm_noaudit+0x11e/0x3b0
[ 1857.298688][    C0]  ? mm_get_unmapped_area_vmflags+0xd7/0x130
[ 1857.298706][    C0]  mmap_region+0x180/0x3e0
[ 1857.298725][    C0]  do_mmap+0xc63/0x12f0
[ 1857.298740][    C0]  ? __pfx_do_mmap+0x10/0x10
[ 1857.298753][    C0]  ? __pfx_down_write_killable+0x10/0x10
[ 1857.298774][    C0]  vm_mmap_pgoff+0x29e/0x470
[ 1857.298790][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1857.298802][    C0]  ? __fget_files+0x215/0x3d0
[ 1857.298819][    C0]  ? __fget_files+0x21f/0x3d0
[ 1857.298834][    C0]  ksys_mmap_pgoff+0x3c8/0x650
[ 1857.298848][    C0]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[ 1857.298862][    C0]  ? __pfx_ksys_read+0x10/0x10
[ 1857.298883][    C0]  __x64_sys_mmap+0x125/0x190
[ 1857.298897][    C0]  do_syscall_64+0x106/0xf80
[ 1857.298913][    C0]  ? clear_bhb_loop+0x40/0x90
[ 1857.298929][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1857.298942][    C0] RIP: 0033:0x7f83ecae0242
[ 1857.298954][    C0] Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
[ 1857.298967][    C0] RSP: 002b:00007ffcc5ad19b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 1857.298979][    C0] RAX: ffffffffffffffda RBX: 00007f83ec7fe000 RCX: 00007f83ecae0242
[ 1857.298989][    C0] RDX: 0000000000000001 RSI: 0000000000001000 RDI: 00007f83ec7fe000
[ 1857.298997][    C0] RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000004000
[ 1857.299006][    C0] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffcc5ad1a40
[ 1857.299015][    C0] R13: 00007f83ecab5050 R14: 00007ffcc5ad1df0 R15: 00000fff98b5a33a
[ 1857.299029][    C0]  </TASK>
[ 1858.013746][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1858.020622][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1858.031291][   T31] Tainted: [L]=SOFTLOCKUP
[ 1858.035609][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1858.045651][   T31] Call Trace:
[ 1858.048922][   T31]  <TASK>
[ 1858.051847][   T31]  dump_stack_lvl+0x100/0x190
[ 1858.056532][   T31]  vpanic+0x552/0x970
[ 1858.060511][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1858.065009][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[ 1858.071167][   T31]  panic+0xd1/0xe0
[ 1858.074879][   T31]  ? __pfx_panic+0x10/0x10
[ 1858.079289][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[ 1858.085449][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[ 1858.091606][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[ 1858.097761][   T31]  ? watchdog.cold+0x198/0x1ca
[ 1858.102517][   T31]  ? watchdog+0xd35/0x1050
[ 1858.106937][   T31]  watchdog.cold+0x1a9/0x1ca
[ 1858.111533][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1858.116208][   T31]  ? __kthread_parkme+0x18c/0x230
[ 1858.121233][   T31]  ? kthread+0x13a/0x450
[ 1858.125466][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1858.130137][   T31]  kthread+0x370/0x450
[ 1858.134194][   T31]  ? __pfx_kthread+0x10/0x10
[ 1858.138765][   T31]  ret_from_fork+0x754/0xd80
[ 1858.143338][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1858.148431][   T31]  ? __switch_to+0x7b4/0x1120
[ 1858.153092][   T31]  ? __pfx_kthread+0x10/0x10
[ 1858.157661][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1858.162419][   T31]  </TASK>
[ 1858.165613][   T31] Kernel Offset: disabled
[ 1858.169910][   T31] Rebooting in 86400 seconds..