last executing test programs:

15m1.460110552s ago: executing program 4 (id=2946):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f00000000c0)=0x5)
setxattr$incfs_metadata(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840), &(0x7f0000000280), 0x0, 0x1)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000e40), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x8, 0x0, 0x0, 0xb49, 0x9, 0x7ff, 0x0, 0x3}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000040)={0x2})
io_uring_register$IORING_UNREGISTER_EVENTFD(r4, 0x5, 0x0, 0x0)
getdents64(r4, &(0x7f0000001f00)=""/4093, 0xffd)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x200})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x2a, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x2, 0x1000000000000002, 0x0)
unshare(0x42000000)
migrate_pages(0x0, 0x8f9, &(0x7f0000000140)=0x51b, &(0x7f00000001c0)=0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000000000000bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000035040000500000001d400200000000006504040000ff3f00b4030000000000001d440000000000007a0a00fe000000000f03000000000000b5000000000000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af2542ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b1100886475923906f88b53987ad0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d64364f56e24e6d2128c7e0ec82770c8204a1ddeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7dfcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d3490dd97adab638cca595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8c83c3d8cbfedc038395342846e1b207974e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfcd7ad0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f9212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0000cf70a91c76e8b14de02b884114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad8508f7550cad7ec93af7fb1b50c75ba1ee7baa19faf67256b56a355b6a686ba99d0a8950f0937f778af083e055f5138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516466df3e7d1daac43738612e4fee18a22da19fcdb4c2811e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96735600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003ebfbdc1f9be78537756ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca311a28ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1e1979e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a508460f2d0455cf79a43746979f99f60037e84fb478199dc1020f4beb98b8074bf7df8b5e783637da7418fd3aa81cff202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adde305ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0d0274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1ecbf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cbf5d6b6898335792747588d49df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed4254332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d943622000000000000000000000000000000000000000000000000000000000000000000000000000000000000f112fc8a4942d7453cf29cbbef3a567ea0a2a8a0561dfb6cfe7f1812405e1a092b382adc0698c377b0a1f49afb6ba26f8e28cf68b0065857b36276931c318cb84f748a26c4d81a0322ce21e7d9c002006cf8ac6402e036cf9344a1cb1b8603276000144268a0aa584a92188f55318dde1d1b09319c00d0de3471ab4243ac0f49516a690c514ba6449f0a804fcac3f30bf4a933d32c889283aa092cca9aa349b624c5ed2b66fa0439f54f83c9ff8be083221609c8696433da46c91ac52e5b1d159daed1af0cda0ee05ae770a7ea467d5602b441e748b7f22496f8453fb6b7cc2dd3a8ce15fd76387fc02d4e2b7b4502a80000000000000000000000000000000000000000e046c0756c0955a81165e4212a1a58334fe51269f228ad32fba2bdae0172278d3bb48c370f6b59c0c7ba9b0aaae317d3f8104fd696bc76268923c396b017003ddcd205c05311dcae277e5b0000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)

14m54.924546381s ago: executing program 4 (id=2959):
socket$inet6(0xa, 0x3, 0xff)
syz_open_dev$sg(0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x3ac7ffa, 0x8040)
open_tree(r0, &(0x7f0000000100)='./file0\x00', 0x88000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xd, 0x400009, 0x8, 0xa}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000040)=0x10000)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, 0x0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed00ffbf030000000000001d440000000000007a0a00fe00ffffffc303000010010000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendmsg$nl_route_sched(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=@gettaction={0x34, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}]}, 0x34}}, 0x0)

14m52.159747443s ago: executing program 4 (id=2965):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="7c010000190001000000000000000000fc020000000000000000000000000000000000000000000000000000000000000000000300000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000003e225e70b0277e420000000000000000000000000000000000000000000000000000000000000000000000000000c40005"], 0x17c}}, 0x0)

14m51.936791421s ago: executing program 4 (id=2966):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x300, 0x4)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
sendto(r0, &(0x7f0000000540)="1db4d479c5faee911d50fbdf12a30d564a0e992d5f77ad426077a9f0ca1475183db32443011ff101251bcef8f165533aacd8c755793dc1ae99ad602c7cca2944de604d849a1e3b22905b0d26e9ff30b83f38a29b2530d22bdb6e73ef2a359249c3e2", 0x62, 0x8004, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000400)="8c", 0x1, 0x40004, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd", 0x8d, 0x0, 0x0, 0x0)

14m50.919917119s ago: executing program 4 (id=2967):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000680)=@newtaction={0x5c, 0x30, 0xfffffffffffff9cf, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x58, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x44, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_BITS={0x38, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '/dev/autofs\x00'}]}]}]}]}, 0x58}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {0x0}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

14m50.650660009s ago: executing program 4 (id=2969):
r0 = io_uring_setup(0x7fdb, &(0x7f0000000080)={0x0, 0x80000000, 0x0, 0xffffffff, 0x8})
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r1, 0x0, 0x0)
syz_fuse_handle_req(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r6)
close_range(r0, 0xffffffffffffffff, 0x0)

14m35.093026832s ago: executing program 32 (id=2969):
r0 = io_uring_setup(0x7fdb, &(0x7f0000000080)={0x0, 0x80000000, 0x0, 0xffffffff, 0x8})
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r1, 0x0, 0x0)
syz_fuse_handle_req(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r6)
close_range(r0, 0xffffffffffffffff, 0x0)

2m43.638347363s ago: executing program 1 (id=5478):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet(0x2, 0x80001, 0x84)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x95}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000040)={0x2, 0x5, 0x0, 0x2, r6}, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="c70e0000", @ANYRES16=r0, @ANYBLOB="010029bd7000fedbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="040024000a0018000303030303030000"], 0x2c}}, 0x0)

2m43.524347833s ago: executing program 1 (id=5479):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="183e000000000000000000000000930018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000b70900000000000055090100000000007b00000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x6, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
syz_emit_ethernet(0x76, &(0x7f0000000140)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x9, 0x6, 'EAC', 0x8000, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, [@hopopts={0x89}], "98efd03a7e60b623"}}}}}}}, 0x0) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x64000600) (async)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8983, &(0x7f00000000c0)={0x8, 'veth1_virt_wifi\x00', {'ip6tnl0\x00'}, 0x7}) (async)
getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f00000003c0)=""/4096, &(0x7f0000000000)=0x1000)

2m43.251869426s ago: executing program 1 (id=5480):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000200), 0x4) (fail_nth: 2)

2m42.452003836s ago: executing program 1 (id=5482):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
syz_open_dev$ptys(0xc, 0x3, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x759a01, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r6, 0xc054561d, &(0x7f00000000c0)={0x6, "13f20afd86c17f9dfa507069d57c6684154bc7ec29052b9ec48e707a4f251dd9", 0x0, 0x100, 0x0, 0x3, 0x4})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f00000004c0)={{0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, [0x0, 0x0, 0x0, 0x9]})
socket$tipc(0x1e, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000015900)=[{{&(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001040)=[{&(0x7f0000000a80)="362d97cb334616facc417d733573b2f7937d29f81426390afcf1a833a04e10fe19aac2568bf5e377d6b0acf6039e80ef798bc607fedb2ef8b2c43ff823fdadd43902f11bec0367e73b3db0028d7923787cf7a94ef8dc2044259af7cd6b018dae6813c5b82646ba58e12ccdc04e811387208ddf724e17def13e4d0f21b6bd9c80d44979a22d846dae0cd3188b5fedd12ae367cfa333412f5cdf54172a8bead67f0d38067425013db3bfd790c2ec95ec1e403cad70fd734a7b4120d050de4049696303c9103aa839bcbfc43f109777b0c4b3bc2180578bd788f9b51f14688c845a7fa2fed606ceea13c8d722ed200309d09566aa709badb02525b76040", 0xfc}, {&(0x7f0000000140)="aebdd994b70b41111a6083feaba81c05", 0x10}, {&(0x7f0000005840)="dae40009b45ab4f71ab44c006b503d2875838d4fbd1d627eb2be8b4e4b51cd99df3f0167a1491a91577f0a57be9584044444c5fee2d74ed9bdac56078c25aab962ebfa79f8d29421fc5407e3364bba2030d54d272680df1cf5d8368665cf27e880ad3558ef59fe7d593df556dd67234b9c5f9890a5d3c0e2caffbe1758e8aed7d5b07e7627a5f95528afe0f572a5cfab0000", 0x92}, {&(0x7f0000005900)="931713fa37b5e42e4b0ea21fa5858960c264d1319fc0da65a9911c72165958ea19f74a8542a97a311291a0e7a85cf0daead0588d21c7212046cb10e21d8bd4add48c3b8f0e54f31b8f942443d1b38ba5e0ee6136a43e59e5ccb3e57461b073f67e6c3056b37917569175d16c2ecce36b4fb66862dd2298c5a5ebf35f8f3f3b662669ba3c00149643d5143af8897f885f926d15af1c2830ce3df7f5a499130c4df0ee93025cfc3d02d05759012ceb00b38c69ceee666352d9ab74a4e73cd385075177894ea32076fadf7531ecaac9279f264c1c0a6f55b711d909ee75367ff9c6b82fc27b4847fd982da438f6704978091f44f4310b60d610dc04df", 0xfb}, {&(0x7f0000000d40)="ded5b1fdb60225fe93265ed96329a1ef4799a4e10ff01a7cda7e261979a4ad53ed9c257b8a18ecf7a2073269df9e869d7ae5ca8b46626333e8c74033475e8429313a548cfedcfad0d3f539d22bfdb4486e3b7d78c07cbe6a344833b91f0e1950c0c3ac5413", 0x65}, {&(0x7f0000000e00)="fe30768f9f7b607ff1b0a4ee69a4120c47a02fba3727e25312b59730e7345ff1119c9ae15c04b5826a0f53f2f887a7c14514890e4b63e97cc77ce3ff145e6874e39a2ff008f140b28122f4621071ef11", 0x50}, {&(0x7f0000000e80)="484374100080c3d6d7571cc0ed9c7f11e2b4e6f77507c95bfbe92a8ba0a1e4dceb26b76c4797cb3a9e28c60bd7b431b852067a1349e2263d9a9445821101a1f713770289b60fa51bd5dbe7b6ab1f1e8a2bb98adcadde609521d8d235bec2eb9ba087185baa3aacb0cc4d40fa84c949c5d3ace05a40d478503c8a59399c03f6b8db2068ae85afd0f4849fcbd70357ea1304534a1535e37eabcbe950a2c8564301539172f831a2997f56d6d9c493a2b182287e86b2234ebca7c29201b6d5b96a0aa8ef73ab4e1a60ccc8c7c9fc6fa6711ab88ced13d8bdba2727", 0xd9}, {&(0x7f0000000f80)="f5e301c785c336cf9a07a49de0872d4d7a0889df1ac09e1822f314bdbcd69e79aa226126df29b73db9cad7b369337d9fbcf545f890b0a65132984568c1cbb6ac002803a67b9df0e70c0b4b9e7035e2b40b2901764900d6d3957866083294cd5f1fe40221a6e508d60f86e4f695f395726e11b52e61e26669ed08e9508f7ac2248a30277002b5072efd24d9400a53c47cffe56212e8bd9288b1614b85b9bac276", 0xa0}], 0x8, 0x0, 0x0, 0x50}}, {{&(0x7f00000010c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000044c0)=[{&(0x7f0000001140)="5cbfacf964fc113de12c9b11bb56", 0xe}, {&(0x7f00000031c0)="09dc852e13f19110efe7e362818d740c21bf99cf7b8618803fd7feb29672aac555ef11a1308753509f3496ee51d6df36e2a1ff10254d26a0e0c6a7b669e8e3acb3f3fa53134ce8641f7e3f4540f53ace4fd856ff95479e3acc36342d23127020248a4c5c52fff99bd2051548cd576c7301fe95bd463337ecdd7a5881c142eb13f44a1e4436c6fff3218b4d3de304701a57ae88edfd5e970b5560dfbde47003868158324a8d7bc9c757fa823025bb58327a460707e2a74d16ebfd71d5f266e9b0dec1a7ac3aafc10a", 0xc8}, {&(0x7f00000032c0)="e9ad7d35c67fd42a34de651ee3c24d389f29d91f7c9ceaae7fc69a2bab36e2086fa9710b", 0xffffffffffffffae}, {&(0x7f0000003300)="3a39f793cb250c", 0x7}, {&(0x7f0000003340)="590883b3779587e11ba8315c6c58559c98034f745d2bb55764d1b47dac906ffbbe2cc721bcee0cd9c9005061461383de0dd7472215927a6adbcd8b4a087b55ff9cd786af2b6741cbe829a410b4e519f2cc9ecc61577edd4af5dba22c667210b23e7297d34ea5ae30c329ea4fbdf4b4bae047612dc8e61d4e1227b963a67af488f41c72cc3fcac65eb9b5d9a907950745949a00a63b1c5fb6e52baa01baa64f840d7d0c15b73735b53b776721eb6f217ed6076318433d2fd1c4379d2aee3623396ede8630e5e37a85a79f9c920f7bae172725ff2f19a08c5d583bd8c4b0bda715d0b9888064f00a0ce8ea8f1f5a0b4e0e73bf518684ce7e7bdfe57e2ecddd", 0xfe}, {&(0x7f0000003440)="b9f7efbf11fbd0ac65a580536d02f46846116d03070f4905a6d959cc6f0e5dca952728b5687e7ad363b7168f944d02836f8e13a675a8cf50437ee0633ca8ab07ae15b5c70907", 0x46}, {&(0x7f00000034c0)="e39861044aa873aa33465b24cb3edd250ad0acc6a17062e067d53eddacf13c86ec921349d5913fb27eb993e77529b7dca92926bba74b2c8a0cb71cd9884ed5667758983d69455fd452556e3fdaecacdf55b96faf4c712d7746b39a35707203cd90ca80faeb8f79474c5ced0d37cafcd9b133571f9d4591462888a3909a81d0bed37030037ff191da52872e7aa1c0b8de8c790d67fd6f5a1338f37a38e5c224582ef950fefb8a1a41d3e02eecdd086b80f5e48039c9337e7645d2deb7190cf6a9add5284f0eedcd9feb7136c718de77f97c917ec543f55a51f7f02eabb44af9c6b01c63f158bbda005ba7fde09d5de0f2477964c73477dba3ec2afe54f56f6a7ceeb4c36cac521c127791bc0243ff8fff83f0b8ef03a4b0f75eaadbe305e7e60f81772901623974b154c501f43410c3f1049922834593bd07d33aa7a0c13f29073df03caa99b42274ac22499644631c61b17fd3ee3c051ce5837ebcaf0bc31550f0099f89a1180ff9d99e317880654ea6faf63c90ac2902111b9b029c3efaf3e6296e280cd97d8cf273f06ec0deada889217aea248c740d04a79152f5d95a759187940f14ac91095bba7410daeecaeecf5ae89f9f82080826568a1864a1197fd3a2e054a1b7a03ae28f88100e88dd4494d49c0c4c897ccb53cfd055b04cbf7d148c8b0c2cdc6b1a59811191bb090c85d18b61da0a0628746380c09808ed85486f12a185b2d6a8362d2a71f87dd0d455e8aabb928b7df20b140236a2b7d2f0653480d75ebbe36bebc26462b2eb2d0b8dc0684ee6375e2dcf9cd90a2d806e08747a08932d7085c8034b1a7ab0506f1183a8e8a12ce555a1633829742c509278c1fffa12841e96afb0502cdfa288ede9e820219ccf40f903f877cf187bde69bcec3b380d401221ebdc80caae8377c5f5d79d104f2acf57060799aa90c9f60fb3141fe2bab7546aeb48605915d12de1853aca4bf7435c85da09500e54aa804df2987f99dae28b2ffb4f558244984f2e9ef23107fafff1e648e6626a3219ab8f599b170404a08b3d1b561ddbfe4bf670049d0a8e99f20a9c377e524dfc49767e2d65b4cadb5fd595206a4843afad761058063d5492db4ee5551f7c0009281289c77e02bed20ba1784a92f68538fdbb9649e9e1c5fe9ca1b03ebde2b2930d663526d13ddccc3f3ef3392d2b43d7eacbde4efabcf46c5b62e7616bef7619cfa5c0d98d715dab0dd93771b4dac9e6767050217845efb20287c347a70efa07c3a870d4f86a974b9e327a6db54d3cd10cafef2cadf0d45b9185a5dff2b0bb724e44b7effd148e4cf9c383797ab4bbf3260e592b15c59fb6a8f35987d1ccde16c5ddf0f7d62bd4ea80e47595d4e2ee40cc2ae69c989276d56b8fb5310c6bf085e0d64922841ca02f06d96e733b5a52d9f2f75937e3bd92ef292cff4a1ffeaf2df42551e595259e9dae9f9ba69238c75ed638406dfcbf9d6a7be2dd9d47c0d25b134f8f8f2ba91ea83493ef2037ae051117b1f0cd5b529fca1f951d449e62c6dbe8497a135e756dd22a790dca983ff3444f1673bbf85c9fb7d64567689caeebdcdfd75126bd0c5e791f320a1e8f96606f969f7a15c2382def378bcb4386b6116c9e4860b556f81c4d6de6f3ae090b70adf3f0b4fd9561b97e82fc5f4a098f586a517ab863a7b58402cb174ea92a0d2b6bc2be553a97e5b6bb324f65e6b1a328e844b9861b2b0fd823d53ea309d7fdab819fb2c6d917f8c7a42b79e86e0da4fb6a1f35e6d2d7d0a0b6e78d7a91b2d71973fca6cc20c0946bcaff5ddf760ce5ea1ccf01aa6d57c6774943931847aa7913815ad6aa8cb0e11ce2fa347aa4f6a18d71df242ad9ec969a80f5aade2df2ca056baa42ed82c132a31d9a1bdbd582a1e01ebca60b8be560573f555cb07462796012d2594e181eec0f60dcc6b08c1de63b3dbacd44d86fc238fe8c6b66d1b0df5e9852f0305764129f39c804872a9a8f9f89811f66f818800b3990afd55e390cef0e2834924a961bf6b8ef1e25b090bc9f7e132817853b722df8bd75368d754d66433630c9b2209b22e065b379ba99a126fa118297e3acf491c3946ac119c17b899f5894dbfe611ac2dbaa98854a17d2056e2a0f87bf44af4365d6a6e79ebc4a75081a0e6294c3ac2b323c8d6c6c426d4967b7b495c9354fe1658e83d7592bc8d9112a292dc032f67c1f3d9d1ae913888fd95f4bcd81b885cc9cc66fca4e87e5e2599bc5c0c26b636c060faadceb98e34fe542f465719e6162a9f7098e1730d57bd31516deef497750806c55a6d07212a65537243ee33dbc8abeff786c43c5e4441275fb3a41980d2db3e06909ad92833b72e7e17f5c0082bbd3ccb725bed89fa1b63b71edc24ab74b2aceaef373c000e7d858a247f0bf04ee2131fde8bdf08400ee9486e40fe2da29043e24ded23b6029461b875687bf7e14411270d20850fa10bc9a8b985a1bd9e4c84e60ad47cfd2e827e8b94931f67d6830c19e468f56887ff85fde0c1c21fd2ec56236f0f02d14b4c783d272094a47aef7498a3797796dd90c260dee2dafec0a14b5f36a88fd53b11dcab14558cf0b1a525ee1a6f1e7bf0a2e8c2625e5797f29f816afded7f2834f018f829797930b195493893c8ec2b2564c8b0e1526060a2c6106d67f9bfc1af14ad5c08335b5c0c19414849d51498693012be2b1efc55a9e84f2791d63e552552336a0d427d7338d225ebf97fc7897eee5b5d464418fa4a055efa88da760b9bd5e5d46fdd223a1f7a1867f2255ed2112ba31a6bb65ddcf64cbe8e28905a32cc2babcd95f54d21bd8b570a4f68eb299f97b364bdfba995eb8dd46999a6c98ef8391db0183b0db2612747824bee653bfe1105b7a03e04ded36584ee64fd74bf60692217764478f4ff5eb3b98c3653e9457eaf74c8592a56c2814abc244d038a068eb8fbdf19b2140af9f7e760c2b0486f209b2a6afa67391e6c5eae32cbec3ec2e343e13e56995bce5009efd4d9a21688b6a10f1165b44bf3d56e2fff67efc0c190e0021d84b75e76fbae4dd30aa64d52c1c740280b62c32e0ff312e6eb1dad960f24df863697491f765f4bcc8a549c7abf1e8f6623f8a43399ccd3aaa30dfc77d30da1a4602a2f24d975e7ebfbd7cdb8cd2743b35464a732263f62c4f9567937649df708af822678d644355254eeae73e37b6f71af761ffceb91f7a528811ed0ce05db6a8df3d553284946b58730c39a5bf02c8c3ce672650e1226b987fe73b9739b3a36bc3e43c0e675636a33f5b4ce49b1806864621b8533310196bffc667da72724dd34411baad3a847dcb94cb485c027627180c740509fe002cbddcfdedaedbc3fcd7a624dcc1a7633073834743e58e124a300767c38248378eee7baed62f0e3c82fb61a2f2b687e0199770ecd618401cef4e873780fc24ae4e662dfe15f3f7cdba5b4fc146843ee0d8205670e407ec1872dedce99e890d15d294bb2899c93b74808ef64ba497cc2609c96ce23614083fef404c0cce53536dde19bbd86e266192f771eb070c0736e7947e981cfb95a12b905f4f53c1ec80de61b80ba1400b75d88a1ef22bef222c78b776ca2000d3c1b5c1f73883ddab222d2212b82cca970305ff9be6705fc7d76045c185a0f9f5c9e06e0949924907f749df3c476b1d07a074775a5861fa6ec4d807a81d99bfe311be51086da3c997f4d41eea63844fd93804fad8f333877a8123bf13119bdffe0a55c6dd25935a35108eb207bf794ed507057692bf565cafbee1faf42d0f06c1265ac215a0cdcb06624a25eacf1055c1a8fe0d8a6fc8e61f7a9bba7a6bb4f11fa69d7d60cfe1a70c6e220d97e4439f1846fffedc7399ce9e280b636db523b303da2c8bdcd2b589fa79cc1d88c578fc44142a183ab6347c8938319e897e91048a9b6413ad9d1de80c3964564558717ceee39a8ffad4e14a26e13da60601d24d31f46c3bcaa936648cef6723e755929d31addcfbc49a2ad1740aa0ecdf8f94b89d0b3e3b46e65a92c2be04afdb29191643d5396a672bb020ad4b4c6f2e272eaa55bd988f6fbc5830b48d3e2a8fb90aa59f41c7673145c2d54d2c5f2c91f79c2a0edc00c7c83f1984689dedbb3efa4c3318b1adc189c261a2c18b4632f2630b5ee9ee0d8bbdb478aa90c0d84cf9ba95ea7933742e06265a7b058be015bab5186c5837cf161aff75d2e520a75897785863cce2a2752384aba34f6f9f9690de27282d2a90300543371b16d5b7fade1c8b53c1405d28ec7fc56c11db93638d749b913c600378a0713630a1378798cb889385fc5855c0636fe4a127ec1185acb63c79680655786be3726b573cb3d1622e9a9c88a675fb31164ece31b2f8308fc98ba6a6709c1c48d0687e25e2e8baa8b8fdba1a3003af264df361c8aa528248f724afb86f6699babaed9da18bac057acf673a1f2e48b7819aab7a5d2d45b4f5afb9de665503bf9fb5236df77b4e72e5bec1342d13dc9cae389ee15bc9e2af41dff442fcf920b70a1c0b68990b6b83795d8012ff5e6668e41fafe66f68c78069937978fb37847d9ba9eff26fdaaaca783e04f2a45c32a7094e86ef5408dfba6a3357566d22a97f9ab7dfe1b3dd22a655092cfc2f32a123ef5ca0e7daf7d0ab27ee224c7a1c0272c8b94accce5c017d339eca5d393a6e8de8695856ab3cf20103807ab22b99d5b58f4416f01049faa869ef5555bf680532ec05b21093639f218785e29e77b53151cde6a04947fdcf80f608c5d0bbd089d7d37d4cf2b7568072383abc88557f43b14d4435ff9a2d0098dab974139252fe606d9c04147edf32b2064d1d992e8c691260b8ff3769c4502c0a874dea8b4251c759ca86987798672e0179765e3f6b4f228308ca619f6078bed85bf63717356387e3bb3db9b3e67b99aaa808d6cf97edd5243d4f6474ad93573a743819bac39fb5c35e7f3d1fcf063cc2156812cea524fbe723d2ef8c41c41eb5b66670081be43241fb5aa16cfa0f1409606715eb3cbe5ed7670730a7b244ca66bcd89b80ef4a089823355057ae71bb334b0a22950950888c5e3c3e765295897a5be34695ce0ef93a3be76660afe08a869118838050980b752421c9e64b5d7e3d13d8a3ded4dd1dd09352b124db615df5929a0131be492a4909aeed293fee4cfaccbfb9e0ab3fa62031e65cecacb2ad4e1733dd1ae8cb6a44df085c5032b194e1a1eaa53fa4879a29af8630ea61f5e0f5962ef35b285f9a97c249ab7a60520fe6ff34918e431a766f766a930bf2e2c0b6fd0baea77dce1e41d058df455febf56912e22704174e6f70d0b7ad91b9628806f4539f6ebd823e6ae6cc77b86e41ecfa83499526aa42d23386042eb86ff006fda9f8636928d2ef4f4d64f4acd77e89728a72667351a5a37d874e76996f33ae5ddf35d4d3046ce6b28815a42a0279eaf9383daf7fc7b15ad6134d9046560dffbdd1b250693e4ea9b11a1c9b4482563593b38e47b621738868150cfbc1b6f6856c606052c0e046a6d71a60200d265994fbbfefd43b9f4c3293a160592a1b41f1cc757fea52b661cfeb3722f6a6e6541c9da46cf3451f1ab86ff7ef9cbff053381ac340615b70f55481c9f8ce2ebae2ebe9bb66e9c3e5ff3217e4b40001fbd38b4aa3878a10d2f468baa57505c00c8abd7a2a109d01a5de3bbb46e4d6be7712f24386ab11b36e2aae276f082171e2e66d1053dfdee2bf85dc09f17e440f209c436671e2890076ccc5dbfee7a48e312dc962f3e00f99cdafb5ab8d0617da277128317a6142fd6126c9e0cdebc3242dc66e2395f9ef9872ba304431c635", 0x1000}], 0x7, 0x0, 0x0, 0x400d5}}, {{&(0x7f0000004540)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000057c0)=[{&(0x7f00000045c0)="46b4ae05805c4144fce0410ae9dfc90c6ab8cf7fe18ce006e284dd8c27d990cfdfd7acbfa5bb4db0bb14b861b09c0ad39d82a68670dbadb527ed43dd2b8fdc90c0d6e71d6e914bf3671e35388dc5e8d37b1da98f17d77d83bd97a80c0f493cc6d2de40f048ce57095c68355078149a", 0x6f}, {&(0x7f0000004640)="b173bad9d5ae072a86cc0f221bc3a235096f0cf3942d2ceab53a08545ead9ff38267c3dc033e473b0741591d9f539cf9a4613083429b0271cc1bec3c3c4691f39771f1e3c66da1888d67ebf185046d4b77c51ddb3a13a1665a4bd0969a977a7c7c87", 0x62}, {&(0x7f00000046c0)="763467ad1bb1251611a87fa3b51d38be49f771b69776f61f81d7bb49c312716bae87aae33e3dc1dd08ff676013dd09eb08613cca2918fed23ee5e023e1b4dd3c7719d0e5aef19b68dfb095ba486adac41eb5614c8ee6feeddd5f262dbabf628c0000", 0x62}, {&(0x7f0000004740)="0b61b6276ee205", 0x7}, {&(0x7f0000004780)="8e3bfddd0eb76593a5e88c828cdea2daf2ab4527fe7bde64e048f48943022413976d58f936f43ea2ea9d20fcfa81e21543d6f4af1e9620634bbc97a948068f577d42a14d49a0847f190a5f62255ca826b6d48f875aaa8f8a1e567bcdad6552ac9769280a200774710253549ef578ec7a27ca251343c184a6e2b24c5200222f6c0ed60ba22d6ba3a7376adb2bc389b76162e62555d485faf805a2b8ec5f63f4c5214154162733f7bb169555b89f3ff884a9a1d3f8e7835d52f5072666ed778c74644cbd207892f3e84fe420da8fd13c0e834c4b5f9ef0f3f8cbbd010a0dea4fd7733567b1439fde35cd2e1424c6f8836a3c0f2a0a040f2763a7f0b83232a17c7487ceba6c73c497b06d71b004369c5c52fe57b482528f025502ec9c3a870d3be41fee8c8732e85ba8714b00c409248f051979f135855ececf72ca74ccbc9f3c2fc5ffebad11cf332b37e93f3d30b8e13d0ca42fe42b74306110dae0467f93eef4191df2c4c0e870785e9973255dc53dd0305401d0172f50b137d432948f3e46448383335b64bcd51e47e514fdc5bafb041a1601916f3d8dbe6ad99fe49bd07d4b8e8ed0da90ddd958a5a5963b53223ff704687c5b588150960eb38ffa19cfc33b1fac12a014d4c0999987fabdd8df5b52e206d44b88638379ecbc30979fadad772225b2a5ab6e878d90463a7e91c3b7b24da89d15ccf4c5f54776adb7d9e33142b43481e1a27b0547e57fac01f54413e8220e799eabb08574b96dd9101713a5475a60937fab6a8dd594e8ccc01c3cea775b38bf71362383c38721e0ba0c73ff5323cedb3ec46b5cbbadd2f0a2877b02c930c6243eb41c30e952a5cb4439ecbc6f7809823d9c9108d6499c5c6d25226de0a05f44f1409e4d51c05323b72781d8d43d884d38c556d23a4f57d12c157153891a773352f2842021dade8e5c0455117846bb634b32f3bda7c9ca3cc44044f7331f1d162b852067f7af217243a1a6ced6612c739d62cdf352ea625285720649ea0645bf5661987aa34ce5d9fadf084b6929eea902b62c0bbbe4c7e8f321570e0f5d477a862ba6678d3049339ae18589d9f4a1bfc548c4b0dc8b9c2e4cf7d267dae3872c6865ffcdfa4e0be6997981b97834e02ff1309f99d459d94769e254222894a5bf326f9f62599396f2daaa6c135eadc3ea0211155851f19c46a7b38fdd3c634ed9e04deccf04ab6504234403f08997eb3298024bcc9e5a02a901e0963ebbc62d8bd4cd9fe70ac2e6d6e47a60078cce2ce776d99b47be9cc1172cdbb786f14e2fbed29693254405c3248ecb51a118880524442125b0570b1a1cbe15e5921d1d75a08fbf6354cd82aa11bb572e38115112e2d614f598c5912246cf09de76ff2b63fc8accb27e2b271cf6e1c3b84acd6e39a0231237b6c28860e39eb5da0c667f2a80193f44eb759583ab83c49ea29d9d2e220a6404ff0c32c68487bc207d8d4171fd1747985bbe8f1b97481cba0e8786f628403d2699668149c8bf78d4d49c7f092bb755b41886918971e6168fcc444d474b6aa1f72df29fcd15849d611e60064bd8b7f6d60b9fc79f53208be4d29270e42f7b5b5333b5835767f96858eb13981189dd4988c0850b3313c11585de991c5aac373e5a747bf38fa6f22065d863c58d9e1e995d5fcee07d7c23a0db0baac02a6e833ef34fd217f666ab0ace1ad1dfad44d960520f02fcd75f55aad2540b279fb33d20c7399e69df1836dec40fd8719603237562475818b5d96e51e1b3b487789bc2e19fedcd83f9490b5217426545a18c93a8335991a016bde7f3c6535322e375b20cfcecb540d148ecc8bbd2c2bbb45aa72bcbfcae2ea50a252d8bf7debab40e60e53beb4521e1a0094f66a415cc464d8ad8b7c9e54b5b43a8c7c43dfd8a290be2e46070fd4d797d933e259e298cc7ce761008845e3cd267f609263b1202c511207ba7b2963cf5ec4af3f3bfb51a9c4d957b294e82c06af1e07b21d020f4c702b97ce25d195f539cf51537ae723fdb8c1cd7a1b30812e56a515e34c38526af90af33f2ae516a26242fb37e176ef8990abb6f0ef8fa381b19abaffa58b2bc114546242df06905a6d83fece98e1a39b27380dc07d2fb8540c49296e551de05580dddbfbc20e41a2fe2b525d8d301e3464b325506e4f391a787155df330cb6b6ae5adb9588a64abbdd5d2cc86e470c9c373351561ca6e60518c9f1b00cc23d49d8b6e9dc3908ed174751304a48a2241b73fdb136366126218c264c29a33134f6d6a5fc18f7a52462ffaf882d32abd280b424b26cfd60580f9fd4131e0c23c58aed2327b0f14b725c059241787b47c84ffdd59b9d66542b1d33e0805027a46ac42dd8abb158fd0cb892969b54fbe502a207f576e9569eea2d03ab385e27cfbb98a462d14049453d5276907b37d94c9d1ff6786863e9275f0be47af14851088532815650fa3c37c529f1581039b0df0c345ef8fcee4b3fb9d1867eec5cb82aa74e5eab2db5083c58b2c32e5f76e49166ca377a73b1e8b0162965282913082932b52c98a25a5d9fbe9f85391e378c50f78af4346ffc85b873b0a127fa520910b107c0093fd4f00334e78876b642ad93dbad8c001d1e41ca944abe2c6f5b759129bdd79207a0131e90bab24157b04ff78b4db0012931b201b680316edbfd6274ca19ebd4f48128516d6c9e6c5fc04a37df0b355fdfd77be425c2fe687af0f666e319260c294a51c872352dd8d6eaa17468cf9ccb54285fadb2b0f31f02df24d4879360263b8de92b667206378d8230c08c3880056359962d0263d1e732eee90968fe31fe32d38d5cf6bdd093aa2d33b2b24a0bd908e5d2584e6438090a3d4bb02b8c5ff6c722cfe124f3a0e7d25733dc1850002c1538f5996abf57d9119bbf46fc6fc52aa99e96ff62886c50501a89e7b2d360d39991e9f121702a3028b3b2a8121bef66774ef32612d144aff69333bcabe83fddc9bd04b8574120a1e51b608de96c7b67fbdf1c936d82661089fc8b93d58e60fcf275ef4c39093c08109abd06be29a88ba6b1d80cbd83dd6e274a346f00f14d4d3b01281e567636801c6c928781b7c22f3c18e068fb7d143eb2c3a31a825716d7326fab87f9fe6b69f28a2bd67b3f6598e45bcd7410a2508b4c458b07653bb8229338ee313b0646195589b6064b796ba7c664a5088917f6235fbe26b14966c3cd9b9937b87a2aae50e3c1c19e76d012b78a51e2ef00e0fad35e06124e622371d6d02db1aa1e289ed935fa26ff74ccb2e16c6e7e22fbd15fd300ead84c66e2e83d8e92c5f60b46f36d98b1131f2a3429b1ddc5d9af2b12c84a69d992ceec7104dc54c27ebcf79950310caecddb0b0a835d92d1f96d6b1a6f8028d9acc74820d6ef19e49f32bcc2ba9f238225ce58f22713574015addbbe424a4faceba481b25e18882c7a4bbd6ebbd7b0305ae576d10a8d223b146d05defcecd2ca006e250dc7df3d7dd374a3a9a9838a2854ccd859e92e87558e3c42ac3fb31a4281a7142b409eca965d740452113c78aeba55215110aca3cb8a4badc962a5e99fc1851170c94b7f3248cadb77707124561509ca6f62fd07fd61b9fda803854b85463a5e13ab76efea0f95aff3f00db282daa9d1c259bd54c949282c14601c6b76baa327f4d2263b029b7086cdb892b1f9e4414a98e11b111bffccb3dbdaad9adc63d559360d22a7b01e1803632bd277a599ce4b4c67dbff14a393a0a8713288408ae63b1b36a896886b641cc2f3811bd82099370d5b808db0e3f1bb19231aa9bd79d891b9d5b0a53141371e05fe6b0e02450db07118d5577b528d1d021ea27af3ecf6cda6bec44a26e37bae3680e1f83347f9da9075c3ae5a0130f719ba238015cc2a5b3946db947691b7457eb4505dd7493fd0ccb6f750a2931b07d1c04876ad1dbb567e9e5bbddbe9e0c1d4598f128c17434cd3a005545fab4447ffb63334c7609760e146a56cb3755ba85901f60f676bb179c3bc9fc2bd5e1047f07f4c434d9a4fe589e4ecf6330a842e723db5a6117d061c83ac989ad00b14888cf11840e8ab2da81e668ca448c469f7623cbe7f6c6aeaa57bed97848a9f2ef90e4679d899e40be1cd1347f9b0beb1cc3f71a72caf300fa2edfca30704ab57356c95f47bf424978c1f3aea2353a6ef38be86cbcbcccc941cbb7ba3767ed06c59e6505844a0c1317ec55d6d97d6384a267d332b5138cef8015104419643844e861db6a9cba50a901aa17f8fb84d8cce03b1a8eda5a5d4151c725cae2bba147d7597c8f3fd398bdae23ed53f13caee5089b3b98078d192849c510bc096c248efbfcec12c4912fa3c5114a2dd8327d45eede183405b899448e14a0fddfaeaffb807e81c2c48811e7fecba52873620315272593cf7fb0d92bb91062698a8808ea85d9118275567a69e86e5df2bdad3aae69c08fe156e55f2759d1b0b6e7a15f2c201fae78843b596c8fe50f2dd8184203f12f90bf8fcb343b5de3b8a781132d8dad62c5bed2de7526804751427a592853224fe0f57fe50356f307d2a4bf613106acb036c11982f9225ca29ee13539496e3df75b8d80dee6f1c7dd6915c724b79e8e297afcb6bdc1efa0337f9aac9f1a7a10189aec281ec3e41ad6631fd409c3f47d726cc429b2f8e65cee22301df6ce132736402c6f642374c4bfb043cba76580b629866247465d8603b4b1545e77a3df71630a0c96f810cc4ccc6d851278468db68a805035627a3ef823825a4449ca23526cc3869f381b0ff3c93a1a329c93b39343291b39508b8f93a2f61d4748261408ca7102aa36caae36226eb237b7617f2d6423c32dcdeed5356e3c07821ef71ab1b13e0e6ffaf77008cbaf0c58adfa4783f92455f3686f3294fc32870bb1bc7074d03e1f1fe9afd7eeba10daf07a0b71dcf16164030998ded7d96f9de94ca8d07cd07c1db7df31a4791b7c162adf2b39fe215ef8161f1ea50e9912e8b0d30fd3628644edc7aabebc1e7ffdb00bf7558ed1da78e1ac6a673ca60e8405540e78b68066de2980f57c39b213a95a980bfd94b18c3cc4777c773a6019968ac02f2b07e78a5b3b76d335dd9b14f8cbb997bc8c404ccea6c6e7a2117764c56809eb4526c8d0185bab92a3cc061ded6515e690a27dcefb025a38f6ca32e11d2c57e1829b4ecfdb31a85379d554a35eff8a6bd72210f5dd3593d9da90bf814f46e5b5fc505d4598297bc6117de9d56b1bb6311977983374039781e2f53caef4226f5bc3226d16c8a305cd942843f665bc0f139c414a8652b3759a5297464baccd882b2974316cd2b74a6230f2b08890563f4978c9ef2a480058104cc1898948542f6de31d698fe0eec34a5b7b89c64193fcde61bc36274516cb3dd03e036fc2770a334b77ddb1cff7c7b0c15b4378b3446686152467b627f7ac7917d9dc51f5de93e1793a8b0c1abda35d6e3f18ca2e5eae77cdba30628712f938c3d5101baea56bd312cca5da39f6c58acbbce8da849972cddfc3993595410ea37900ba294d0b5be4f9b8d9bdfb6b667dacba8ae324e8d3bc6239c5d432227805d97d8906f8bd762e4a48851b01742ea3a5275d2d0662bf2b42b3dbde96cd8bf60509a16c2faf6480556ce35bba133bb290d6be77c827bf020e5765973202f4915c27cb3914ad053628a40cbb89fcea404989bab5fee485eaaa56d8552f008538376560ec8f127536642a7a2e39b8fb5081558c3896a0022ab566178de4d457337def77bb4e4c44b94ed58d744664ff7b14bff8144ab2f215a427693e16d200608e9834b2169d910e5691f5e3d3dfd7dd1d91f4", 0x1000}, {&(0x7f0000005780)="bebf1a775cea0530dcc2037cd92ab3df31be4b2f41754f4ebcb7f4e1550eccb9", 0x20}], 0x6, &(0x7f00000158c0)=[@cred={{0x1c}}], 0x20, 0x4090}}], 0x40000000000026c, 0x20000801)
recvmmsg(r8, &(0x7f0000000980)=[{{&(0x7f00000002c0)=@caif=@dgm, 0xfffffffffffffe53, &(0x7f00000008c0)=[{&(0x7f00000011c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/216, 0xd8}, {&(0x7f0000000240)=""/21, 0x15}, {&(0x7f0000000440)=""/48, 0x30}, {&(0x7f0000000600)=""/113, 0x71}, {&(0x7f0000000680)=""/202, 0xca}, {&(0x7f0000000780)=""/113, 0x71}, {&(0x7f0000000800)=""/142, 0x8e}, {&(0x7f00000021c0)=""/4096, 0x1000}], 0x9, &(0x7f0000000480)=""/7, 0x7}, 0xd}], 0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r9, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r10 = openat$vnet(0xffffffffffffff9c, &(0x7f00000009c0), 0x2, 0x0)
ioctl$int_in(r10, 0x40000000af01, 0x0)

2m40.583702108s ago: executing program 1 (id=5491):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x8d, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x4}}}}}}}, 0x0)

2m40.532564223s ago: executing program 1 (id=5492):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x44, 0x0}, 0x4000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x15555555, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r4, 0x1276, 0x20000000)
r5 = socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xffff)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x2663}, 0x0)

2m25.380452181s ago: executing program 33 (id=5492):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x44, 0x0}, 0x4000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x15555555, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r4, 0x1276, 0x20000000)
r5 = socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xffff)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x2663}, 0x0)

2m23.179001149s ago: executing program 2 (id=5540):
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000900010073797a300000000038000000160a01010000000000000000010000000900020073797a30000000000900010073797a30000000000c0003800800014000000000140000001000010000000000000000000000000a"], 0x80}, 0x1, 0x0, 0x0, 0x4000890}, 0x0)
bind$inet6(r0, 0x0, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@random="91b882b09a5b", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0xa, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @rand_addr=0x64010101}, "08000071ae9b1c43"}}}}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
memfd_secret(0x80000)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020062018010000000000010902240001000000000904001e010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="002205000000ab"], 0x0}, 0x0)
io_setup(0x8, &(0x7f0000004200))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, &(0x7f0000000180)={0x6, "6ae6d126ea8a3e8a3fd9869ada8a12ef4daa0abd366e38babebdb7d914164f61832ef99185a608f6da6cda0cb1273cddc3eadfca22dd971ab687dab507de27eea29fb5e3b31b9d5d3030c4c674585ff8eca4985ba2035937dcf02be976fc50a19269b0c571e87bb030652a9646f2224bbd2fb42f36d02a53a6a3b0459be3f55e9444b8719eab7bcd9ac502b9c5fb462577236acd61bb906cb618df8dd276f06bc6c07ad91c7474eb25d6ae2e65fc472d2380c905066bf43a414791ca0a947bcec6288bc327c945723776f78823844878c865d7ad46ba997bf2ad13c51609faf5129611873a47587a1d85ce5e49a717e604be63cf6c36530f7f75aba5aa8f61601bdf148d8262997a0da389d669893be494fe36d4f541dea55b5a485f44f13ce24d498c68c0ea6ce4e81696c6a08adef4a8bf96916645029267037151561b1cc9a7c6d2be724c6a75e0be6e811cb29b5ba6170dbb6c098a94cd6725979b48fa646553ea26f5434576644c8796cad902ed0598cd149faf3645253cee357a0ce8dfc7c943227d4fdffbdd6adf935657d4ce97baf6bff63665dd200c09e7771a73a47aa03de9bd1809dc95db0bdb173cf6d1ef519daeeac30eec093bd4ca25268cbbcd635f716a2c77ced5fc031419edfbd43d13bcd37ef37814520d6d7c567f72e9c17ec3769e59dc0a99090e6b21f1d1cae3bbf49ff67b40d5c140f3008fb0ca7f"})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0xd, 0x0, 0x10, 0xfd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xff, 0xff})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000d40)=@setlink={0x30, 0x13, 0x501, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x10002, 0x30}, [@IFLA_NET_NS_PID={0x8}, @IFLA_NET_NS_FD={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000018}, 0xc000)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x2c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)

2m19.995526554s ago: executing program 2 (id=5549):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sw_sync(0xffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f00000001c0)={0xbf48ce7, "1803c80300000000000000ffff94d4ff000000000000d63175a60600", <r3=>0xffffffffffffffff})
r4 = syz_open_dev$video4linux(&(0x7f00000000c0), 0xf, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r4, 0xc0305602, &(0x7f0000000240)={0x0, 0x5, 0x3010})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000010000000500080001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r6}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f7ff0000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x10)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", <r11=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r11, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r3, <r12=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0x6, "34e6498c25f58dad9987ffe93bbabd18cf504a2700", <r13=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r12, 0xc0303e03, &(0x7f0000000240)={"0e337b42cc00d331ff0007000000000000001a00", r13})
r14 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r1)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r15, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)={0x98, r16, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x4c, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @local}}, @WGPEER_A_ALLOWEDIPS={0x4}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x24000855}, 0x0)
sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x38, r14, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffff19, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x0, 0x2, 0x140}]}]}, 0x38}}, 0x0)
sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2100}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="58010000", @ANYRES16=r14, @ANYBLOB="00022bbd7000ffdbdf2514000000780004801300010062726f6164636173742d6c696e6b020054000780080001000c00000008000400feffffff0800040015080000080003000200000008000400060000000800030004000000080003000200000008000300030000000800020042ffffff080001001b0000000900010073797a3000000000200007800c00040008000000000000000800020005000000080001002d0f0000580002805400038008000100000000000800020080000000080002003e0b00000800010005000000080002001b00000008000100360a0000080001001e090000080001000600000008000200ffffffff080002000500000054000680040005004400040067636d28616573290000000000000000000000000000000000000000000000001c0000008c87806bb7120d050b46019b1c0a6ff39ba1363972768a3d8493cd7d0800060003000000"], 0x158}, 0x1, 0x0, 0x0, 0x4008000}, 0x10)
syz_usb_connect(0x2, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12011001c7a67d40b1134200ec000102030109022400013600000009049a00027ed725920905030840000901000905020340000800076a9d92761447e1b6ad53bf19c817307466432576c24fc713e75acf18c0003eb756da5a"], 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000001e40)=ANY=[@ANYBLOB="aaaaaaaaaaaa05804200000186dd6000000000180600fe8000000000000000000000000000aafe8000000000100000000000000000aa00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600201009078000603030800"], 0x0)

2m17.114453979s ago: executing program 2 (id=5552):
migrate_pages(0x0, 0x7, &(0x7f0000000000)=0x6, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x1, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000900)})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000240)={0x6})
r3 = io_uring_setup(0x1f5f, &(0x7f00000000c0)={0x0, 0x0, 0x80})
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r3, 0xc, 0x2000000, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)

2m14.374627966s ago: executing program 2 (id=5563):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004085}, 0x4000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x14, 0x3a, 0xb, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6012000800503a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0802907800000000600008100000000000000000000000000000fdff"], 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m12.851668615s ago: executing program 2 (id=5565):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
ioctl$VIDIOC_QUERYMENU(r2, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x1c}]}}}]}, 0x44}}, 0x20048010)

2m12.076281223s ago: executing program 2 (id=5569):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_dev$sg(&(0x7f0000000000), 0x3, 0x1a1301)
syz_open_dev$video4linux(&(0x7f00000001c0), 0xe3, 0x400)
socket$alg(0x26, 0x5, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_clone(0x202000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc044560f, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe2(0x0, 0x800)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x922, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
msgctl$IPC_INFO(0x0, 0x3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4)
socket$nl_route(0x10, 0x3, 0x0)

2m4.170846521s ago: executing program 5 (id=5599):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$binfmt_script(r1, 0x0, 0x0)
ioctl$VIDIOC_S_STD(r1, 0x40085618, &(0x7f0000000000)=0xe0)

2m3.66827511s ago: executing program 5 (id=5601):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x200000000000011, 0x2, 0x0)
socket$inet6(0xa, 0x802, 0x20)
syz_io_uring_setup(0x237, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$kcm(0xa, 0x2, 0x3a)
add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)="00000000f5ff", 0x6, 0xfffffffffffffffd)
flistxattr(r4, &(0x7f00000002c0)=""/132, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r3, 0x0, 0x2000)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0xc040ff0b, 0x110c230003)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)=ANY=[@ANYBLOB="14000000250001002cbd7015ffdbdf250500"], 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x4)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000001780)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYRESDEC=r5, @ANYRESOCT, @ANYBLOB="9cf010fa2d71c60521c9e737897110074cb975f78fa5fd872919ecdf70ebc6515979922007f97611fb5d20264db11770baa88b19d2ec19e0d0bad854c53fc8a1f78a84d142f8f8b6f73c665ddb0d2b039574feb8b7bcad1007866a20963c75a85d02069d2b5a6cbbba17900aa581c2a58790665a2d1afa8d57f4ed3fac4ea32cb5a7499e5e65ed791e0cf382e451d34ba49255afc3fba34b8d4eecc119de0b6d3833e7f299661b443f73b88fe3e8683b344779c83e15641edfc243f5569fdf7f7f85b2e2175e61eb2e6533abd5d7ea8e73dea312e36d85067f3ded25ede476938c03c8c67105eff3a3ee21f7d3a9da13fc46a021dc1cf200c3d6b83f22227988b7ed4cc649d52b84029d3124a3d9641744dad09a2d020baa4a5f0e6c76fa01dbc30a555dd81db9ee880d84d853bc5445f1b9c6000e1ea5ee571b5ffd2a13e314c0fd30e0b32e7368ed3f7ea662656931eb5dedce0eb6fdeed03a7ccd331eda662aa9d6bc01facbe12b45cdb412e1c8b803076f909dce4be2bf568d7c4bc2af5de6dace5ae43bfa77c390018a02fda0bf97097dd4009cff36a94703fd0caafaf493fddf4331fd2e259a85a0e761dab63af6e80f2a29fc844d8cf0e75dcad194bb2ee29ace8b8edd8e572819cabf958cb7f853a5dd635fc70bdb8b3eeb3381172321bfc1d1a22e3cd21c36421f400fc2ac7b7c0991039d606ec2d1409b18dda9279d962353122300456406a572cf91f54a011aa51b5b40dc828b49847454496a4b90506ac330a2a4d952db78a3a71e417b19d12c29f4d54fe98daebb39b21d22a984ff891f5dd0872dc743de4a616b9a06d3aff81d6ca1e655ef0dd38916cea40521fb581a3fd4bc1fb7b772053f4325271f9fa16561ff81f4fb18243e9fd93221329527768914e0473fdf7cdb2e63326a0672f4a047fd1ccb319ce5c7c9ca9f98491bdabfcdf953f77310a5de0a38ae8f6992b597ffde0e36ab04a63623d782133dfd863b8596b73f651dfb8dde8d761b4b953cc8e8851b35834468c61963c1415e41f2034250d8e617ce0d233d06ccbbb5766f84cc457ac92008f85cfd4b7cfbe0636fa2f71ee29fe17a6023838019de6f175f61697742df08a8fcfc11af1075d0b3fdbd79bc2c0be7bff4594c3ed7dd2a33624e31b5a92316400066881db1cd7fe1989e2fe3c9f2d7afa58fe38c311eef2520653c4fd04b038082006ddbf351f4207642f29725e9f3213176637be6e9dff195861c4b7e067ec524e800411fe93175fd7a821bed09027ff078faf31e23dbf99636952f0338639fdca7ef1177f3673652a7cfba660a0ab042472c32fb8af637eae976cae72332efded8fde59ed9393f4eb791cac03a7c79b9b918ec8f861aac8d230ad0787695f39a47508dea5df51aef2104e3fddfc585cf6ac4b922584bdc15f2a04287812d1acc1ace38fb60b995b9a082fb6b144ec1f05a36b38572e3ef8d989e7c6c6f90c9d72bf5173b48c009e5eaf046069a082173bb919e6608c97590601c41c7079626aa27da6362f99deb05057d6d88c55a595f40754bca2d4a89729b3b8f528bc4184abd6d8cb4cfb4127833893c953551a9f251926326f46b993bd182ce1ab132779586bfcec776394ab5c628c024d1e1f768cc0741bd38bb5e9ef14fd2047bb7bdb8a3961d9ca2236419f4061c5cca7b41e93e1289184ba26054bf48b6105617dd395915d0371d854e512abd32e99edaa4f51d1c220dbd79dba4b0b613bfbb52a1b758924b0dc21c42231737ea18b85612cfc8aa82f7f1d0e9ba361f20ae2e7baa4c983463516c74259be2ebf33afb92d2f9d7527cc865f26f2db97f90311719f5f71331b9c7c36f692a132e55bcd18c8c57b5b86c3287ddfdd1ce6f0b7c89df70e88c1f52dfc54abb79d3b1f427ded6a349e72ea71f17700c6fd14bf737a9ce52b55d8cf146aa90b92b6aba1e2e3405253cce3e866a23e61373e2aacc1c9ddd4da50401a2d8f6a76856b58daed9017026d1e2c597abf1aa9c99e67bd2e43b11e25df1e9b80f3c1a53fccdd518c5dc2a5d4c9b2fc73b8bc743ca5543d768604bfd42571a05db0c6c18a247576e9f037749549cd5fcba170e1bd56d763c396863ff8df55e3c0c3e32765527cba41dc13b4319b24cb06fe9bbb279b8463a227b5733b9beda22765f2822918af1852ab9debef178cb30ee48a35e0e12add2166dea70abf6bdf05501a44026bf833fcaae90d2ae0f00c13fe270fd8d34e4a7cc51c526d3a743a3ca28a1cc1ed5b16deb410eaedaac4542ab2ba160ad1916397655f9a2be17202a08d8ad29acf2cdb60c866abeacec10116429991e52cae6268dbffddd5031e57ace2b2dccfd6329b06625bf500936a268aba26c37c972f754b670281a4eac45279149dcafa1165403983f957123d33cb4e659c58cee385c27a489f4751bb928e497ef9e40775492d90cb9093e4fd5ba40fa46a5a7ea2516711fd27b0dd0146b9c73f362c3e1fe2e9a0d1a60cccb94371c74c79cd068a4f9d01fd47ff4e6afcfe853924dd4a77fd5a3059dbd4172cb48f36d19c07ce1d94002dc429618170749034d7396f588cc449771f111e08ec819caaecfdd49f1dcd243fb1d4f472b405b0d835b259314c41efc5f226494ef7d2a3a959a125c033df6609b66ec5b470f1097ae1f513d43990c50340828f27a1094e88ffa47dae32c82ffcd267b62d2dea5d8d5d493c3318120a3f81a4b5593099e1801ac29fe9a6d6fa5394696a7dc2889822df65de50b7b661e338c1371027c54643f01554c81ed0e8bad66914aceafc5835e7613f1f7a8568b5ba9ae3143594093077d0312222120af76ea07af4250779337a1affc5d77d3ef738ff84def95ab178d1d8ffba95dd013d61efdbdbeb54d46588e1a989e3dbdbfac4932cc9016770a741bd6172aea563d03519b00998cd123ffd93262c43848e005548cebb5ec04031b5c8f6c63ff087e00d4f09fd6ed042508e0453270bc80ef04366068f977f1caf73f0e9e4c5bff4178b7561d52c9a0a09abdbca3e7f5c321197a25ded41240fedf527d6050f16c23bd1f78d3e93701eaea343b6d99666b4dad5df82972d29fe4ba45d120f81528ecf5bd411ffdd6ad6840a37947d44cda5ae648f47154226b34adcf560bff21b4dd732c2fd28822a65c3dec2b023e4fa31a1117253e37dfc129adf89565bbdecfe44b5987ff6228d30fbe344a01764bd287d4363b11e6e5b82335a4d9786e54cb895f9baa47f935bd3c606acd3112fe6168526b8f2091fb6933a01e1b09d0fb656149a1bf4d86b8fa0efa125b4d6bbdc363f70d8fead553cdcb6aa5811c87daa967b281625cff208977f77d1f716a9199159860a1bc330d0979eca5b1add76a8d9fc4842a4618c860455c4413b51d21fe05df36f8c8e89bbc0db95a3a9d7d27f7a063b0933de61e168e727647062c9488dd14cfff069c0301afb9c77d2c4a6ca9666afda5246acde02240e0d9e5e51612880f5952309d2711420253ff7c85cbac76c1d3a43c8164ba1953fe0d99a40c71e8e59b1faae21c0b365685c70e2ec14f71408c79f71ddcb796fe40bbc7e6db81c7fe96af1a090041d5bbe733e46fe5f10ccd6bdd18396f67e6199389e4f3d572ff16730dacc44d99fc3eb5b74f1e20890ecfe4b65dd0567ec8aab30f13b12787c10bf7d202a7c64b028cfd247e6f8c6c3a4dfebdd23b4de7056c19a2de935bca1df7abce52f1aa3716958779c9ce3ba47034961e5f7280536108073e50eb942a3ae9f750ba5d8fd3d460325c3ea0745f01567a369154babebce7ebbdfed6c507fdf4ef9b4829ea2231ea01e3aa05351288b2056ed6f3a0290a90fef9eee9ca5bae9dca659e9b5b97d7614f7e2541e4588a406576a5fa3dc8ab00bef6e67249ecc6f1e7b1784fc1629a6cd15e5d8a112f2f085d6f09e1e306f56a92f26074990efccf39b6eccabcc172dccf60b4dd0fc876853fb6acf0b6698278342f08314a40d755c2dc313aa5a415b66f9e8905a8b2e62b464596cf6ba9d7e969b7f59ec23b9a26f423ed3c91802bc03f19caf1810bd21a92f7352b7bd60a37d6ff9aca41134170880fa3b7f4701da9469110335fe42ab8a1f2c887aee7978162b88cc72fa3f6dcc4b7af5adcb4f47f24100f4b50f673dba844d673579ecde7bc80c7fb64d7560fe6650ce522852862690744d9802db97e574b9a69b26119af0a724d3c9f4aabe954c1a2e3fc1916b041acd059766a2032c7117d67fba1f31c75049b473fe937c1382d5f40b64b81063a5c740e69e9507684249896654fd411b4d88bf213ef44ff08640b0ce293c0bce8be3dcd1e0079f9745d20b9aadf0152b5b545caef98d8cfd77053d302f96bd577b1b5d4dec002abf9fe5d95f5bff814c4094395779097824bf028b3daa1005cb077e5b6ee347c279feb40caf4287e6b7c07ffa672480a69caad00366c5091f26bba6e80bb4de1ac4ea049131fda89b0332a85e6a65efb9dc54eb61621ab254d38b2d7ac513e72db92228705d9a45ea78f37c236d211016baeabec9dbf5a2acb0c3bef54679f2455ccb8a059cd27f24104489ba0a39d25644da93d45a0c9f7a029d34188e1107f4207b43423375e211dee91976583b0541783816e0d3ad0012678b3a510a6413fb2f8ca8219fe73326dc339323a1566dd4012cd4d82b8963ad6f45fdec0059ca2496ede58ac35ed23beb5d7a70729cd9d435f13f97c50824050d0dbf62a237ad83d467c6a909badf929cc5e23fec1a4b2e95d714d1ff88f2bc973219454c5a798f5f154d10cbacf0c924f11ec7fc5ea03b6dd8cb6fc8b66044ecc30e40f6fe9ce4a1f769db79feec8c62274ecb8c193a2a48980dbeeb73591f94fbc302d988c8a41e35b1e22c0f8948f042d519ae8ec6467fe805e198604659ec05a284341a52c9462e3d66773c99200caa7053068a90fad65707094caebd038d3157bfa85cd55c6571630ec2d384a5a59b59b712cd8ec43f9b60f10d72bde452dfddde85bf68cfd5c5af4c6ab08b8bea63faf0ae7fd50251804b0a49e27d59b750812b268cfe5348cad3700e4d2464449419c7e0bb185f60b10c255c54b9d656b86311e7249006455dd7af51d449eb6556c2235135b3b116ba5bd21db1db43486406c8ce7111b370ef508b36ecca0e0a2fe13a74409a6a05afd60b4a07a8cf5518cde0b803ee47814fe4561db8db9ba0312fbd3a747b8a5ba73499fb00ac44077d748ca79c43e9ba3e615d1adaf4955029251a7be300fd5320c0ef8c3c0554406eae43fce641304533e4a53410470e1a5c0009b8c4b0ef641631a42b705bcfdbb3928c17e49565d4eaf83906f549b036259fb2159806b1b150e2c52975385820c3162ecaf9fb37e6581bce8b436d36d7def33b0f95c623aa848f7b320d5d3c4f9959417a90c531ddeb85e7ecb9168d9e311a8b6508d3433decaf3d7cadb726f178aca7d8e8bf38cab3f34fab3e7698bf703ebb4cec76083e6c4ebb5c51f6a176afb7cc976530e33dceebfbb940e8b776db97b82f3c5522e045b77c04aa9a3943f80bf1944e652147fb2a996a2c33842ccf99407d81d82448b0d7b96e31cde8995fa3c1e4d8085fe222403e54da934909f9bd5096f2bae9c0df0050e60d979bc7697e6174f572601290318c9c8d053a456f36aaa2ad11af190093ad6ba46523c1289d070845a962e6cdf1ab93180ccdf71a7f2e95421eedfde2a9e3bc5004deabf938694aee3c24f773330ec4b2ce28ab05ecb4ad81306b1ffc49a42ed19d494c7a633755526f1c41e7fb06b7db2d69e6c", @ANYRESOCT=r3])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$inet6(0xa, 0x3, 0xff)

1m59.360358844s ago: executing program 5 (id=5610):
migrate_pages(0x0, 0x7, &(0x7f0000000000)=0x6, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x1, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000900)})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000240)={0x6})
r3 = io_uring_setup(0x1f5f, &(0x7f00000000c0)={0x0, 0x0, 0x80})
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r3, 0xc, 0x2000000, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)

1m56.824476723s ago: executing program 34 (id=5569):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_dev$sg(&(0x7f0000000000), 0x3, 0x1a1301)
syz_open_dev$video4linux(&(0x7f00000001c0), 0xe3, 0x400)
socket$alg(0x26, 0x5, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_clone(0x202000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc044560f, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe2(0x0, 0x800)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x922, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
msgctl$IPC_INFO(0x0, 0x3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4)
socket$nl_route(0x10, 0x3, 0x0)

1m55.648754857s ago: executing program 5 (id=5621):
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000600))
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socket$kcm(0xa, 0x5, 0x0)
socket(0x40000000015, 0x5, 0x0)
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800390008000000060002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)

1m55.300892021s ago: executing program 5 (id=5622):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000080), &(0x7f00000000c0), 0x0)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000100), &(0x7f0000000140), 0x0)
r2 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usb_connect(0x0, 0x46, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000b1d69e40cd0c3500970a01020301090234800100"], 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
write(r2, &(0x7f0000000180)="01010101", 0x4)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000580)={[&(0x7f00000001c0)='\x00', &(0x7f0000000400)='@\x00', &(0x7f0000000440)=')&.{\xf3', &(0x7f0000000480)='/dev/kvm\x00', &(0x7f00000004c0)=']\'\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='!\x00']}, &(0x7f0000000200), 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x42, 0x0)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000280), &(0x7f00000002c0), 0x1000)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000340), &(0x7f0000000380), 0x0)

1m50.975489458s ago: executing program 5 (id=5632):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f00000036c0)=ANY=[@ANYBLOB="1400"/13], 0x14}, 0x1, 0x0, 0x0, 0x4000880}, 0x40000)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0xfffffffffffffdc0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0)
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0}, 0x2020)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r6, 0x0, 0x8001)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_BLKTRACETEARDOWN(r7, 0x1276, 0x20000000)
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
write$tcp_congestion(r8, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r8, 0x7b1, &(0x7f00000002c0)={0x0, 0x4, 0x0, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x80, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a000000000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0)

1m35.67287993s ago: executing program 35 (id=5632):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f00000036c0)=ANY=[@ANYBLOB="1400"/13], 0x14}, 0x1, 0x0, 0x0, 0x4000880}, 0x40000)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0xfffffffffffffdc0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0)
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0}, 0x2020)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r6, 0x0, 0x8001)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_BLKTRACETEARDOWN(r7, 0x1276, 0x20000000)
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
write$tcp_congestion(r8, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r8, 0x7b1, &(0x7f00000002c0)={0x0, 0x4, 0x0, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x80, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a000000000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0)

1m27.160895961s ago: executing program 6 (id=5696):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f0000000000)='g', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001800ffff00000000000000000a000000ff000029"], 0x1c}}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5)
shutdown(r0, 0x1)

1m26.775621932s ago: executing program 6 (id=5699):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r2], 0x448}}, 0x0)
sendmmsg$inet(r2, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100)}}], 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x2d4}, 0x1, 0x0, 0x0, 0x40800}, 0x4048010)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x0)
socket(0x840000000002, 0x3, 0x100)
sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000000340)=ANY=[], 0x2b08}}, 0x4004006)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x304}, "2697312e4e898ca7", "35e23ca3a988def7dfbd438c536346cd", "11398f4a", "50cc97386065eda9"}, 0x28)
recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2004}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/106, 0x6a}], 0x1}, 0x4}], 0x2, 0x40000002, 0x0)

1m25.801453887s ago: executing program 6 (id=5701):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000580)={{0x84, @loopback, 0x4e24, 0x3, 'rr\x00', 0x2, 0x4, 0x7e}, {@private=0xa010102, 0x4e23, 0x10000, 0x1000, 0x80012d5a, 0x12d5c}}, 0x44)
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f0000000200))
bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
getpid()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a9fda5}}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r2, &(0x7f00000008c0), 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001d80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020000010031000000000900010073797a300000000008000540000000063c0000001e0a050100000000000000000700000009"], 0xc0}}, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0xc0045543, &(0x7f0000000d40)=0xb)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0x3f9, 0x4)
recvmmsg(r0, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x6a, 0x4, 0x20000000, 0xff78)

1m25.278343296s ago: executing program 6 (id=5703):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e1406020000000a0e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
socket(0x1e, 0x2, 0x6)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r2 = socket(0xa, 0x3, 0x3a)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)

1m24.23654759s ago: executing program 6 (id=5704):
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/config', 0x0, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$read(0xb, r2, &(0x7f0000000340)=""/94, 0x5e)
getdents64(r1, 0xfffffffffffffffe, 0x18)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r6=>0xffffffffffffffff})
close_range(r5, r6, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r7 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x3fe}})
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
syz_usb_connect$uac1(0x3, 0x0, 0x0, &(0x7f0000000e40)={0xa, &(0x7f00000005c0)={0xa, 0x6, 0x201, 0xf, 0x9, 0x0, 0x40, 0x2d}, 0x125, &(0x7f0000000ec0)=ANY=[], 0x4, [{0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0xc01}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0xc09}}, {0x0, 0x0}, {0xb4, &(0x7f0000000d80)=ANY=[]}]})
bind$inet(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
r8 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r8, 0xc0045516, &(0x7f00000000c0)=0x81)
gettid()

1m19.497587339s ago: executing program 6 (id=5716):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x44, 0x0}, 0x4000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r4, 0x1276, 0x20000000)
r5 = socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xffff)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2663}, 0x0)

1m4.340254434s ago: executing program 36 (id=5716):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x44, 0x0}, 0x4000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r4, 0x1276, 0x20000000)
r5 = socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xffff)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2663}, 0x0)

25.128070769s ago: executing program 8 (id=5890):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000340)=@updpolicy={0xfc, 0x19, 0x8f82cdc586d2fef3, 0x70bd2a, 0x1, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2, 0x0, 0x0, 0xa, 0x0, 0x0, 0x84}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x1}, {0x1, 0xfffffffffffffffd}, 0x3, 0x6e6bb8, 0x0, 0x0, 0x0, 0x3}, [@sec_ctx={0x44, 0x8, {0xffffffffffffff87, 0x8, 0x0, 0x0, 0x38, "4f85cc0ca0edba5cd6246d17eaa031d9cd9a0db9d8b01d4710a6e991b475b8490d757edf286f38935a50abbd26c5001acc662a7360bca5eb"}}]}, 0xfc}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r2 = socket(0x10, 0x3, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xbc44)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r1], 0x50}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001880)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYRES32=r5], 0x50}}, 0x2)

24.71256633s ago: executing program 8 (id=5892):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$usbfs(&(0x7f0000000200), 0xe, 0x109080)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000240)={0x28, r0, 0x100, 0x0, 0x2003, {{}, {@void, @val={0xc, 0x99, {0x5, 0x54}}}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0x28}}, 0x47)
timer_create(0x3, 0x0, &(0x7f0000000300))
setrlimit(0x0, &(0x7f0000000180)={0x2, 0x4})
timer_settime(0x0, 0x0, &(0x7f0000000080), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd, 0x10000000007, 0x3, 0x8}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r4, 0x0, 0x48a, &(0x7f0000000040)={0x2, 0x0, 0x1}, 0xc)
syz_emit_ethernet(0x7e, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05640, &(0x7f00000000c0)={0x8, @pix={0x0, 0x0, 0x31363553, 0x0, 0x0, 0x0, 0x25}})
pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x2010, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x52, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b3c2851011072009d238010203010902400001000010000904"], 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002180)=ANY=[@ANYBLOB="140000001000010000417807590000000000000a30000000000a01030000000000007a0200000000000000000100000025c1b3afaf260900f60073797a320000000014000480080002400000000408000140000000000900010073797a300000000008000a400037c70228000001060a010400000000000000000100000008000b40000000000900010073797a30000000001400000011000100000079ebba5c"], 0xb8}}, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

20.598320072s ago: executing program 8 (id=5900):
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

19.989970432s ago: executing program 8 (id=5902):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x503, 0x200000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x15a11}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r1}, @IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_SLAVE2={0x8, 0x2, r3}]}}}]}, 0x48}}, 0x44)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x88fb, @gre={{0x5, 0x4, 0x2, 0x1, 0x58, 0x68, 0x0, 0x8, 0x2f, 0x0, @private=0xa110102, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}, {0x1}, {0x8, 0x88be, 0x3, {{0x5, 0x1, 0x6, 0x2, 0x1, 0x1, 0x6, 0x4}, 0x1, {0x5009}}}, {0x8, 0x22eb, 0x4, {{0xe, 0x2, 0xf8, 0x3, 0x1, 0x2, 0x4, 0xf9}, 0x2, {0x1, 0x10, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x6}}}}}}, 0x0)

19.668291569s ago: executing program 8 (id=5903):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_connect$printer(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x210, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xd5, 0xa0, 0x9, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x7, 0x1, 0x8, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0xd, 0x5, 0x6}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x4, 0x2, 0x1}}]}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x4, 0x7, 0xd, 0x20, 0x8}, 0x29, &(0x7f00000000c0)={0x5, 0xf, 0x29, 0x3, [@ssp_cap={0x10, 0x10, 0xa, 0x8, 0x1, 0x1, 0x0, 0x10, [0xc030]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x7, 0xf9, 0xf947}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x7, 0x2, 0x6, 0x2}]}, 0x5, [{0x7f, &(0x7f0000000140)=@string={0x7f, 0x3, "a1b703ecd9565964bfdad14d7140c8f9e42d02fd8940cd83e74850569da268981da9e40bbd7f8d68804777b45f45ea8f69ba11626d62eeda4b3500f6e8b78c7710161cd3325ab7b589b194933d1bd7139fe8e65df18b0a7b3033dee2b66fc1e59fd693b584f1f61bc7fa1d6a120c6b60e2014d059ed4267a00f0663be7"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x425}}, {0x37, &(0x7f0000000200)=@string={0x37, 0x3, "31f9e0a0aeb804696e4976888958350046e37d7d40f62ab51fa9c2e9c2627922ac80a339302afed6e54e605f3256bc7d4ea151d315"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1c01}}, {0x1a, &(0x7f0000000280)=ANY=[@ANYBLOB="1a03c87e23a3f90fc612a8a70e08"]}]})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000100)={0x40, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000008c0)={0x34, &(0x7f0000000780)={0x0, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0})

15.862542746s ago: executing program 8 (id=5913):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x44, 0x0}, 0x4000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r4, 0x1276, 0x20000000)
r5 = socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xffff)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3", 0xa2}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

9.433579344s ago: executing program 9 (id=5929):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

8.3105016s ago: executing program 9 (id=5933):
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x1, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)

7.357739127s ago: executing program 3 (id=5934):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)

7.139358572s ago: executing program 3 (id=5936):
r0 = socket$kcm(0x2, 0x5, 0x84)
r1 = userfaultfd(0x80801)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000400)="d8000000180081054e81f782db4cb9040a1d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a8000900080008400400027c9c000461c1d67f6f94001600cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775010016a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920726f9a941", 0xd8}], 0x1}, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x54})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000180)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
syz_io_uring_submit(r2, 0x0, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x9, &(0x7f0000000000), 0x98)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200a8140900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x1, 0x42000)
ioctl$VIDIOC_SUBDEV_S_CROP(r5, 0xc038563c, &(0x7f00000003c0)={0x0, 0x0, {0xfffffff9, 0xfffffffd, 0xfffff1b4}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, 0xa, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000c801}, 0x20000080)

7.022937975s ago: executing program 0 (id=5937):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000022c0)=@delchain={0x100, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x1d}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xc4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_CLASSID={0x8, 0x3, {0x0, 0xfff1}}, @TCA_BPF_ACT={0x9c, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x68, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x39, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec7b2a9ceab9c40c5f9bd00cef"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_FD={0x8}]}}]}, 0x100}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0x500}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

6.960829063s ago: executing program 7 (id=5938):
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000140)={0x2, 'vlan1\x00', {0x100}, 0x3})

6.769370547s ago: executing program 7 (id=5939):
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x3ac7ffa, 0x8040)
open_tree(r0, &(0x7f0000000100)='./file0\x00', 0x88000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xd, 0x400009, 0x8, 0xa}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000040)=0x10000)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, 0x0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed00ffbf030000000000001d440000000000007a0a00fe00ffffffc303000010010000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=@gettaction={0x34, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}]}, 0x34}}, 0x0)

6.704072028s ago: executing program 0 (id=5940):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r1, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000022c0)=@delchain={0x100, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x1d}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xc4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_CLASSID={0x8, 0x3, {0x0, 0xfff1}}, @TCA_BPF_ACT={0x9c, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x68, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x39, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec7b2a9ceab9c40c5f9bd00cef"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_FD={0x8}]}}]}, 0x100}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000000)=""/84, 0x54}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})

6.445477618s ago: executing program 0 (id=5941):
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}}, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$inet6(0xa, 0x1, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffbffaf, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x5128ef2c52fe809}, 0x800)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r5=>0xffffffffffffffff})
r6 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r5, 0xc04064aa, &(0x7f0000000180)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[{}], 0x0, 0x0, '\x00', 0x9, 0x1})
r7 = syz_io_uring_setup(0x4ed, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0x20024c}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
clock_gettime(0x0, &(0x7f0000000480)={<r10=>0x0, <r11=>0x0})
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x9, &(0x7f00000004c0)={r10, r11+10000000}, 0x1, 0x40, 0x1})
io_uring_enter(r7, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x21, {0x4, 0x1}, 0x6}, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)

6.137817602s ago: executing program 3 (id=5942):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x201, 0xa00, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffa}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x8800)

5.996207442s ago: executing program 0 (id=5943):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000003c0007010000000000400000017c00000400fc800c00018006000600800a00000800028004007280140007000001"], 0x40}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000000)={0x10000, 0xa, 0x3, "848c4584f0c1b0e6f97360b6de12a59a9b711e20b57e506a729f967f61b44e1a", 0x3136564e})

5.696123816s ago: executing program 3 (id=5944):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
fgetxattr(r2, 0x0, &(0x7f0000000040)=""/111, 0x6f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = io_uring_setup(0x5bde, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f00000001c0))
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000340), 0x14)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0xffffff1f}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000240)={0x0, 0xfffffd02, 0x0, 0x0, &(0x7f0000000140)=""/55, 0x37}, 0x202)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = syz_open_dev$loop(&(0x7f0000000280), 0x8001, 0x58880)
ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r3)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x2081, 0x0)
write$uinput_user_dev(r7, &(0x7f0000000540)={'syz0\x00', {0x6, 0x3, 0xb, 0x5}, 0x50, [0xfa0, 0xc, 0x401, 0x8e8, 0x7, 0x3, 0x5, 0x5, 0x5, 0x10001, 0x2, 0x0, 0x1, 0x3, 0x707, 0x2, 0x7, 0xffffffff, 0x100000, 0xe82, 0x5, 0x4, 0xc959, 0x9, 0x9, 0x100, 0x0, 0x7, 0x9, 0x66, 0xa, 0x1ff, 0x1, 0x5b, 0x7, 0x2, 0x2, 0x7fff, 0x6, 0x1000, 0x5, 0x1, 0x1, 0xfffdff81, 0x3, 0x6, 0x3, 0x6, 0x9, 0x4, 0xe5, 0x3, 0x7, 0xfffffe00, 0xffffffff, 0x3bf, 0x5, 0x1, 0xa, 0x1, 0xa, 0x1, 0x7f, 0x8], [0x0, 0x80000000, 0x0, 0x5, 0xc31, 0x516, 0x0, 0x4, 0x8000, 0x3, 0x5, 0x7, 0x227, 0xfffffff0, 0x1, 0x92f, 0xccc4, 0xdf, 0x5, 0x4, 0x6, 0x3, 0x3, 0x3, 0xff, 0x5, 0xfffffff9, 0x3, 0x5, 0x6, 0x80, 0xb0d, 0x101, 0x1, 0x6, 0x6, 0x2f, 0x6c7, 0x0, 0x1, 0xf, 0x4, 0xffffff92, 0xa4, 0x3, 0x0, 0x5, 0x6, 0x0, 0x5, 0x935, 0x0, 0x2, 0x800000, 0x3, 0x8, 0x8, 0x2, 0x8001, 0x6, 0x3, 0x6, 0x5, 0xd50], [0x6, 0x3, 0x3, 0xe, 0x9, 0x7, 0x1, 0xfffffffc, 0x0, 0x4, 0x1000, 0x1, 0x7, 0x4, 0x2, 0x62, 0x5, 0x8, 0x0, 0x0, 0x1ff, 0x3, 0x8, 0x5, 0x3, 0xcd3, 0x7, 0x9, 0x5, 0x8, 0x2, 0x42, 0x13, 0x727, 0x7, 0x6, 0x6, 0x8e27, 0x1, 0x52, 0xc, 0x1, 0x1, 0x4180, 0x1ff, 0x7f, 0x7fffffff, 0x9, 0x8, 0xfffffffe, 0x1, 0x4, 0x4, 0x0, 0xd, 0x11, 0x8, 0x2, 0x7, 0x101, 0x3658f834, 0x2, 0x400, 0x1], [0x2, 0x101, 0x96, 0x8, 0x8, 0x1, 0x7, 0x7, 0xdd, 0x3, 0x5, 0x5, 0x10000, 0x7, 0x8, 0x7f, 0x4, 0x1, 0xa07, 0xd, 0x6, 0x4a88, 0x6, 0x8, 0x6, 0x2, 0x0, 0x372e, 0x0, 0x200, 0x7, 0x7fff, 0x400, 0x9, 0x80, 0x95, 0x0, 0x7, 0x3, 0x3ff, 0x6, 0xfffffffb, 0x7f, 0xe98, 0x6, 0xc, 0x10, 0x48, 0x10000, 0x5, 0x7, 0x1, 0x800, 0x0, 0x1, 0x7f, 0xc, 0x8, 0x3, 0x7, 0x401, 0x1, 0x8, 0x2deedef9]}, 0x45c)

5.466427544s ago: executing program 0 (id=5945):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in6={0xa, 0x4e22, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, @ib={0x1b, 0x7, 0x3362, {"7d9320f272c3aeccdc311de8b4961a1b"}, 0xaa10, 0xbf, 0xffffeffffffffff8}}}, 0x118)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001ac0)={0x7, 0x0, [{0x80a0000, 0xd1, &(0x7f0000000540)=""/209}, {0x2000, 0xffc, &(0x7f00000009c0)=""/4092}, {0x3000, 0x1, &(0x7f0000000640)=""/1}, {0xd000, 0xa7, &(0x7f0000000680)=""/167}, {0xf000, 0x32, &(0x7f0000000940)=""/50}, {0x80a0000, 0xd7, &(0x7f0000001bc0)=""/215}, {0x10000, 0x4a, &(0x7f0000000800)=""/74}]})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x100, 0xe2, 0xfffffffffffffffe, 0x0, 0x104}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
fsetxattr$security_capability(r4, &(0x7f00000000c0), &(0x7f0000000140)=@v2={0x2000000, [{0x3475, 0x7}, {0x81, 0x5}]}, 0x14, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_tcp_buf(r5, 0x6, 0x1, &(0x7f0000000240)=""/201, &(0x7f0000000000)=0xc9)
syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000001c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x6, 0x0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7ff, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xa, 0x2a, 0xf, {0x7, 0x25, 0x1, 0x0, 0x9, 0x100}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xb3, 0x3, 0x0, {0x7, 0x25, 0x1, 0x2, 0x4, 0x401}}}}}}}]}}, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = fsopen(&(0x7f0000000080)='ext4\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f00000001c0)='acl\x00JN\xa0\xc3\xcd,\xebl>J\"f\xe7\xe0A\x04%\xb4\xd0\x7fb)\x9f\xd3\xeb\xfe\x8fi\xee\x02\x03\a\xb0p\xe9\xfe_\a0\xee\x82{\xa5\xbc\xb6\x8d\xe8\xe3K{H\xbc\xa0y+\xabL,\x8b^|#x\x85\xacc\xa5\xf3\xa7\x05Y~\xc3\xbag\x1d\x95\xcd\xaf\xd2\xd6\xc7v3\xe1r\xdbL\xcdPu\x91\xce\xa5\x86@vG\xb1t\x0f\xf2gg\xcb\xbc\xe9\x90\x00\xd5\xb2V0yZD/\xa1\x7f\xee{\xd3\xecN\xb1\xee\xb1\xb5\x1bu0=:\x84\xd5N2\xc5\x91\x8d\x12\xf7\xdd\xea\xad\xf8<$b\x8b\x89\x18\xe6\xaa\xf3\xa9\x01_\x9b\x89\x05\xc7\xb9\xac\xf5\xb8\x9d2\x8bt\x16\xe8\x9e\x02*\x8a\x83:\a\xef\xee\xeb\xf9\x96\xe9\b\v7`SN\xd1}s\xa7\x8c\x9bB\x13P\x11\x1fl\xc87\x96\xa2\x8f9\xfe\xb0Y~{=SU\xc8D\xe8(\x1c\xffQ\xa9\xdfY06\x19\xa7\x91&\x03Q\x95\xda\xde\x17\xd4\x954\xf8\xa6\xfad:c\xf4\xaa\x99\xcb\xd2GtO', 0x0, r7)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, r4, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0xd, &(0x7f0000000400)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000ba2b241434b23b73f6e7b803c1d024de09b9b416653c0574e0d778fa96b9d0c7030000000000000076f1fad6d2e2f713cdebb1025bed25133390753b7eb9f0aa2444d410c9f246bcf5b7f3edee1d57219874674f415bd7d44fd7f36fc62f70fe94bfab439cbfa14ce01192f5d06fe60e8e5d89eff2ee4a8595be67344bf87898a88327f3e1c2bfbe19cd54774ae71a585b26f75417227444211d7b2bf0360b7ccfd7d28e9f77bf8ab7f32419dec94d21da", @ANYRES32=r6, @ANYBLOB="0000000000000000b70300000a000000850000000c000000b70700000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7030000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet(0x2, 0x4000000000000001, 0x0)
r9 = socket(0x2a, 0x2, 0x0)
r10 = semget$private(0x0, 0x4, 0x20)
semctl$GETPID(r10, 0x4, 0xb, &(0x7f0000000340)=""/189)
getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)

4.960122612s ago: executing program 9 (id=5946):
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$xdp(0x2c, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), r0)
sendmsg$L2TP_CMD_NOOP(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r2, 0x800, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x882}, 0x1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
r7 = syz_open_pts(r3, 0x0)
ioctl$TCFLSH(r7, 0x540b, 0x2)
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

4.404461694s ago: executing program 7 (id=5947):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)=@generic={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x18) (async)
bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) (async)
unshare(0x4c000000)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="3c75c2015e8724b5a4c586f2ae924b277f0443ec773eab27570e28988217c9b0", 0x20) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2) (async)
ptrace$getsig(0x4202, r2, 0xcc, 0x0)
fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x2, 0x3, 0x100000000, 0x8, r2}) (async)
socket$nl_audit(0x10, 0x3, 0x9) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="13010000bd460e10490d1070900c010203010902120001000000000904000000d2", @ANYRES16=r3], 0x0) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@my=0x0}, @my=0x0, 0x1, 0x3, 0x4, 0x6, 0x1, 0x0, 0x20000})

4.292330627s ago: executing program 9 (id=5948):
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000001140)=0x10000000)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000))
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x494b9e00d8d91bb5, 0x74, 0xc, 0x4000, <r4=>0xffffffffffffffff})
close_range(r3, r4, 0x2)

3.300090027s ago: executing program 3 (id=5949):
syz_emit_ethernet(0x76, &(0x7f0000000280)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @dev}, [], "17c11d58674e624c1a14ff3aaab57fff"}}}}}}}, 0x0)
r0 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f8848", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

2.927125218s ago: executing program 3 (id=5950):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x42, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000240)={'\x00', 0x10})
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x2, 0xd59f86, 0x19f2, 0x3f, 0x19e7, 0x3, 0x4, 0x2800, 0x2804, 0x2, 0xba2, 0xa, 0x38, {0x8, 0xfffefffd}, 0xd1, 0x80}})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x80)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @rand_addr=' \x01\x00', 0x8001}, 0x1c)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r7, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$IOMMU_HWPT_ALLOC$NONE(r6, 0x3b89, &(0x7f0000000000)={0x28, 0x1, r8, r7, 0x0, 0x0, 0x0, 0x0, 0x0})
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)

2.640173857s ago: executing program 7 (id=5951):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0x84, &(0x7f0000000100)={0x0, 0x3f7, 0x3, 0x0, 0x2, 0x7fff, 0x9, 0x7, {0x0, @in={{0x2, 0x4e23, @local}}, 0x4, 0x7, 0x4, 0x1, 0x5}}, &(0x7f0000000040)=0xb0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, 0x0, 0x0) (async)
setsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f0000000340)=0xc6, 0x4) (async)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x5, @empty}, 0x1c) (async)
syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff20000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0)

2.335425904s ago: executing program 7 (id=5952):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"])

1.650518992s ago: executing program 9 (id=5953):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socket$kcm(0x2, 0x5, 0x84)
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$lock(r1, 0x25, &(0x7f00000002c0))
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1a, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[], 0x2a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
request_key(0x0, &(0x7f00000001c0)={'syz', 0x0}, &(0x7f00000003c0)='\x11', 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r4)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000000000000c0000"], 0x3c}}, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000100)=0x3)
r7 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0)
ioctl$VIDIOC_QUERYMENU(r7, 0xc02c5625, &(0x7f00000002c0)={0x9, 0x4, @name="8e1f0a6b2d3d8ecda22e32cbfb115b9ac2f7acae2f500d62c085de4d3309881a"})
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa02, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x8, 0x2800, 0x6, 0x2, 0xba2, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})
r8 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00')
preadv(r8, &(0x7f0000001600)=[{&(0x7f0000000040)=""/35, 0x2b}], 0x1, 0x0, 0x0)
r9 = fsopen(&(0x7f0000000080)='nfs4\x00', 0x0)
r10 = syz_open_dev$vbi(&(0x7f0000000780), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$VIDIOC_QUERYBUF(r10, 0xc0585609, &(0x7f0000000880)=@mmap={0xffff, 0x7, 0x4, 0x0, 0x3, {}, {0x3, 0x2, 0x2, 0x81, 0x3, 0x5, "91b4082e"}, 0x5c90e20, 0x1, {}, 0x200})
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)

1.357082868s ago: executing program 7 (id=5954):
socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000000, 0x4, 0x9, 0x20000, 0xfffffffffffffffd, 0xfffffffffffffffc, 0xfffffffc, 0x4}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
dup(r2)
ftruncate(0xffffffffffffffff, 0x200004)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f0000000000))
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0xf8, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd8, 0xf8, 0x60030000, {0x0, 0xff000000}, [@common=@frag={{0x30}, {[0xb, 0x8], 0xcdc, 0x4, 0x2}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x3, 0x1, 0x0, 'syz0\x00'}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144e4ceb18b32b5b819d56f4aa3fe1aaf904aa07b7b748ab54c9b47531624c0ca3cc3e9246587e7cea8af062e15c1c27d8e9d9328114f2bda697decbedc50cc278f543faa13098717d9f379121225b179faeebe79be6a82dea4403a3bc7990b1cfee9e5a1aaf11b32facecc76bc0ad86f4fa184dd6e451992a564475498a4e85e9484c9a357c08060637ee267f307d605e87225cb4175be29", 0xc1}, {&(0x7f0000000340)="5fdbd61342a1560054f74cee82024cacdf79b6be94f99a7aea5b7678644cc1ef33880d4a59cad1fd0852b05064b02335eb6064c24f1ad325e032", 0x3a}], 0x2}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
readv(r5, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xfa}, {&(0x7f0000003300)=""/4095, 0xfff}], 0x2)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$sock_timeval(r6, 0x1, 0x42, &(0x7f0000000000)={0x0, 0xea60}, 0x10)

700.869225ms ago: executing program 37 (id=5913):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x44, 0x0}, 0x4000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r4, 0x1276, 0x20000000)
r5 = socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0xffff)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3", 0xa2}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

664.28873ms ago: executing program 0 (id=5956):
r0 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0), 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x51857000)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r3, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0x7f, 0x0, <r5=>0x0})
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r7=>0x0})
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x140a, 0x603, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x6}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x28}}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r7, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r5, 0x0, <r9=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f00000002c0)={0x48, 0x7, r9, 0x0, 0x10000, 0x0, 0x4, 0x36f273, 0x22272d})
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015)
sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000011)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo\x00')
syz_80211_inject_frame(&(0x7f00000000c0)=@broadcast, &(0x7f0000000340)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xe, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x4a62}, @device_a, @random="b1c0553d1e08", @device_b, {0x3, 0x10}, "", @value={0x0, 0x0, 0x0, 0x0, 0x28}, @value=@ver_80211n={0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@broadcast, @broadcast, 0xb3, "6044ce6a449b6d9fd3bcd0a260df704b3b655907ebec6c78fb649f5ab7772d21cd1272b9c6f97ef62d34dad7f06e8f97ad4ed4dad94f768a7561181ad27608108bb7470a016245f447790d36df58a85e10966f234195f1f1d8c8cf349651fdb128463d2c7cb2a4bb7a1ee2bbfb265c9d0428f91254af694a4117c06c48def6402da837cb9ed6d72b00f19650a21605a20df5db2a3f951d6143b23652214595c53d85950d53bdb137bb1e7d352beb4b80881eba"}, {@device_a, @device_b, 0xc2, "2e74187f33e3dc43288437731dcc94f8b6b430021f548e5b42ce6c1de324509090ac7f63911f5041f14138c6914e6c122ae909327b0c7cd286f61d55545dca01b31c321cd46c7b755e29e733795c876e8fa729992abcaaf4e09813a5b1941169f6736a6db79a0d48c64345a58f2f5290905b913982fa1fc03fd399647adf1a65e846675778470a4089763dbb2de08546d72047e294a18f920ecb30e32e2df02fcb42ac91fe0e653bdf575a1d89418e190c9ee23d68f180c5b09d5c8aff150a7dc26c"}]}, 0x1b2)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg(r10, &(0x7f0000000280)=[{{&(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}, 0x1}}, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="b000000000000000030100000800000003d57dd64b5a8166065a02760943f069b39ddb989097348e7ab5b0ae76b377770e0a01558e379c56be6818562bfd3526d23205d05a879bed2f7c82517d38426b8f8429f4659f8a4abdc8a0599fb95cd01be16c5cc4b49dae0da71eb938f12b747eede376cc0993c5e5b9cf74c25159af1111daf4095cd37296088102eb13e4221aad195be07f276ed81ed1395a69aa9234f4fcaefa03ef0a336f6b977324980000000000000029000000000000003a056d939623c59d3bb231546ec9392d1b6d06db940358d5ce73a24a4f4bcd18405edf131308059350a49b26b7a97221676794228a726a87a737e5b361e229ccce89d497b0e6f7ac6955f7093f352867a324e396d5e3a0674912b1cc510826536c6a4f39239e6f19d1f9de8f6d5906abf66095d2807b87bc1c06baa52ce622efcd0000000000000030000000000000000a01000009d800004d831bac0a7598bcea73b2eb3344c1e98eca1eb037ed9812c162f35274d300004000000000000000010100000100000078fa1f1346d5d3ca3e96cb968267e099540f40e0eba43e3389c072a437602a2a7f2375e3a4e1c4753ef7cc64820000000000"], 0x1b8}}], 0x1, 0x4008040)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

0s ago: executing program 9 (id=5957):
migrate_pages(0x0, 0x7, &(0x7f0000000000)=0x6, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x1, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000900), 0x0, 0x0, 0x0, 0x0, r3})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000240)={0x6, 0x0, r3})
r4 = io_uring_setup(0x1f5f, 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r4, 0xc, 0x2000000, 0x0)
syz_open_procfs(0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)

kernel console output (not intermixed with test programs):

 1386.196013][T24230]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1386.196027][T24230]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1386.196043][T24230]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1386.196059][T24230]  ? sb_end_write+0xe9/0x1c0
[ 1386.196079][T24230]  ? vfs_write+0x8d8/0xa90
[ 1386.196147][T24230]  ? ksys_write+0x1e1/0x250
[ 1386.196174][T24230]  security_file_ioctl+0xcb/0x2d0
[ 1386.196199][T24230]  __se_sys_ioctl+0x47/0x170
[ 1386.196232][T24230]  do_syscall_64+0xfa/0x3b0
[ 1386.196251][T24230]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1386.196280][T24230]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1386.196300][T24230]  ? clear_bhb_loop+0x60/0xb0
[ 1386.196326][T24230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1386.196346][T24230] RIP: 0033:0x7f0dc5d8e929
[ 1386.196366][T24230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1386.196384][T24230] RSP: 002b:00007f0dc6c70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1386.196407][T24230] RAX: ffffffffffffffda RBX: 00007f0dc5fb5fa0 RCX: 00007f0dc5d8e929
[ 1386.196422][T24230] RDX: 0000000000000000 RSI: 000000004040ae79 RDI: 0000000000000004
[ 1386.196436][T24230] RBP: 00007f0dc6c70090 R08: 0000000000000000 R09: 0000000000000000
[ 1386.196450][T24230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1386.196462][T24230] R13: 0000000000000000 R14: 00007f0dc5fb5fa0 R15: 00007f0dc60dfa28
[ 1386.196497][T24230]  </TASK>
[ 1386.432677][T24230] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1386.595274][T24234] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5532'.
[ 1387.107155][ T5928] usb 6-1: new high-speed USB device number 114 using dummy_hcd
[ 1387.131658][   T24] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1387.173339][   T24] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1387.204803][   T24] usb 4-1: can't read configurations, error -71
[ 1387.211582][ T5908] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1387.319245][ T5928] usb 6-1: Using ep0 maxpacket: 16
[ 1387.405854][ T5908] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[ 1387.446682][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1387.504781][ T5908] usb 1-1: Product: syz
[ 1387.524057][ T5908] usb 1-1: Manufacturer: syz
[ 1387.543747][ T5908] usb 1-1: SerialNumber: syz
[ 1387.576813][ T5908] r8152-cfgselector 1-1: Unknown version 0x0000
[ 1387.597200][  T918] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1387.608044][ T5908] r8152-cfgselector 1-1: config 0 descriptor??
[ 1387.817339][  T918] usb 3-1: Using ep0 maxpacket: 16
[ 1387.873498][  T918] usb 3-1: config 3 has an invalid interface number: 156 but max is 0
[ 1387.915739][  T918] usb 3-1: config 3 has no interface number 0
[ 1387.947883][  T918] usb 3-1: config 3 interface 156 has no altsetting 0
[ 1387.988283][  T918] usb 3-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=f1.d8
[ 1388.032330][  T918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1388.183713][  T918] usb 3-1: Product: syz
[ 1388.201443][  T918] usb 3-1: Manufacturer: syz
[ 1388.215482][  T918] usb 3-1: SerialNumber: syz
[ 1388.424287][T24255] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1388.438890][T24255] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1388.449356][T24255] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1388.479070][T24255] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1388.526040][T24255] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1388.563092][T24247] loop2: detected capacity change from 0 to 7
[ 1388.596371][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1388.611594][T24247] Dev loop2: unable to read RDB block 7
[ 1388.649553][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1388.658695][T24247]  loop2: unable to read partition table
[ 1388.677233][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1388.698762][T24247] loop2: partition table beyond EOD, truncated
[ 1388.755341][T24247] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1388.827232][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1388.942638][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1388.998745][  T918] gl620a 3-1:3.156: probe with driver gl620a failed with error -22
[ 1389.098384][  T918] usb 3-1: USB disconnect, device number 54
[ 1390.041150][T20078] r8152-cfgselector 1-1: USB disconnect, device number 62
[ 1390.135777][T24261] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5540'.
[ 1390.310786][ T5928] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1390.340547][ T5928] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1390.346802][T24257] chnl_net:caif_netlink_parms(): no params data found
[ 1390.427068][ T5928] usb 6-1: can't read configurations, error -71
[ 1390.487383][  T918] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1390.707184][  T918] usb 3-1: Using ep0 maxpacket: 32
[ 1390.714649][  T918] usb 3-1: config 0 interface 0 altsetting 30 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1390.736475][  T918] usb 3-1: config 0 interface 0 altsetting 30 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1390.777115][  T918] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1390.784004][  T918] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 1390.793223][  T918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1390.812944][  T918] usb 3-1: config 0 descriptor??
[ 1391.107168][T24257] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1391.122632][T24255] Bluetooth: hci3: command tx timeout
[ 1391.137248][T24257] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1391.147579][T24257] bridge_slave_0: entered allmulticast mode
[ 1391.156320][T24257] bridge_slave_0: entered promiscuous mode
[ 1391.156444][T24279] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5544'.
[ 1391.166425][T24257] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1391.186116][T24257] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1391.195943][T24257] bridge_slave_1: entered allmulticast mode
[ 1391.204995][T24257] bridge_slave_1: entered promiscuous mode
[ 1391.325571][  T918] hkems 0003:2006:0118.002D: bogus close delimiter
[ 1391.353056][T24257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1391.366161][  T918] hkems 0003:2006:0118.002D: item 0 4 2 10 parsing failed
[ 1391.380702][T24257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1391.394698][  T918] hkems 0003:2006:0118.002D: parse failed
[ 1391.617600][  T918] hkems 0003:2006:0118.002D: probe with driver hkems failed with error -22
[ 1391.724010][T23708] usb 3-1: USB disconnect, device number 55
[ 1391.823906][T24267] netlink: 'syz.0.5541': attribute type 21 has an invalid length.
[ 1391.957125][T20078] usb 6-1: new low-speed USB device number 116 using dummy_hcd
[ 1392.045187][T24257] team0: Port device team_slave_0 added
[ 1392.074345][T24257] team0: Port device team_slave_1 added
[ 1392.103344][T24282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1392.118878][T20078] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[ 1392.147303][T20078] usb 6-1: config 0 has no interface number 0
[ 1392.153720][T24257] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1392.171936][T20078] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1392.203186][T20078] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[ 1392.246100][T20078] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1392.270606][T24257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1392.322374][T24257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1392.335627][T24257] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1392.343157][T24257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1392.391625][T20078] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1392.407231][T20078] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 1392.430218][T20078] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1392.437107][T24257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1392.563462][T20078] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1392.589102][T20078] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1392.624903][T20078] usb 6-1: config 0 descriptor??
[ 1392.640694][T24283] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1392.677262][T24283] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1392.838950][T20078] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1393.070730][T24283] syzkaller1: entered promiscuous mode
[ 1393.087079][T24283] syzkaller1: entered allmulticast mode
[ 1393.197308][T24255] Bluetooth: hci3: command tx timeout
[ 1393.252048][T24257] hsr_slave_0: entered promiscuous mode
[ 1393.281425][T24257] hsr_slave_1: entered promiscuous mode
[ 1393.360825][T24257] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1393.468112][T24257] Cannot create hsr debugfs directory
[ 1393.597207][ T5908] usb 3-1: new full-speed USB device number 56 using dummy_hcd
[ 1393.749211][ T5908] usb 3-1: config 54 has an invalid interface number: 154 but max is 0
[ 1393.758507][ T5908] usb 3-1: config 54 has no interface number 0
[ 1393.825908][ T5908] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec
[ 1393.851778][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1394.428286][ T5908] usb 3-1: Product: syz
[ 1394.505544][T24298] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5549'.
[ 1394.519615][T20078] usb 6-1: USB disconnect, device number 116
[ 1394.590441][T20078] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[ 1394.647119][ T5908] usb 3-1: Manufacturer: syz
[ 1394.705986][ T5908] usb 3-1: SerialNumber: syz
[ 1395.080034][ T5908] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1395.115026][T17621] usb 3-1: Failed to submit usb control message: -71
[ 1395.171358][T17621] usb 3-1: unable to send the bmi data to the device: -71
[ 1395.179114][T17621] usb 3-1: unable to get target info from device
[ 1395.185513][T17621] usb 3-1: could not get target info (-71)
[ 1395.192902][T17621] usb 3-1: could not probe fw (-71)
[ 1395.201858][T24311] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5551'.
[ 1395.231959][ T5908] usb 3-1: USB disconnect, device number 56
[ 1395.277238][T24255] Bluetooth: hci3: command tx timeout
[ 1395.883450][T24257] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1395.933194][T24257] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1396.101923][T24316] netlink: 'syz.5.5553': attribute type 10 has an invalid length.
[ 1396.137128][T24316] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5553'.
[ 1396.188102][T24257] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1396.330827][T24316] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1396.391938][T24257] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1396.627122][T24326] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5555'.
[ 1396.793035][T24331] netlink: 312 bytes leftover after parsing attributes in process `syz.5.5556'.
[ 1397.124878][T24257] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1397.228100][T24334] netlink: 'syz.5.5558': attribute type 10 has an invalid length.
[ 1397.312301][T24257] 8021q: adding VLAN 0 to HW filter on device team0
[ 1397.361748][T24255] Bluetooth: hci3: command tx timeout
[ 1397.398056][T24334] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5558'.
[ 1397.561057][T17615] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1397.568352][T17615] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1397.703238][T17615] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1397.710504][T17615] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1398.334804][T24257] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1398.376845][   T30] kauditd_printk_skb: 57 callbacks suppressed
[ 1398.376866][   T30] audit: type=1326 audit(1749783785.752:2793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb16bd8e929 code=0x7ffc0000
[ 1398.572915][   T30] audit: type=1326 audit(1749783785.812:2794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fb16bd8e929 code=0x7ffc0000
[ 1398.728593][   T30] audit: type=1326 audit(1749783785.912:2795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb16bd8e929 code=0x7ffc0000
[ 1398.756960][T24257] veth0_vlan: entered promiscuous mode
[ 1398.919608][   T30] audit: type=1326 audit(1749783785.912:2796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24354 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb16bdc11e5 code=0x7ffc0000
[ 1398.953479][T24257] veth1_vlan: entered promiscuous mode
[ 1399.077155][   T30] audit: type=1326 audit(1749783785.932:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb16bd8e929 code=0x7ffc0000
[ 1399.238315][   T30] audit: type=1326 audit(1749783786.002:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb16bd907bc code=0x7ffc0000
[ 1399.287566][   T30] audit: type=1326 audit(1749783786.002:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fb16bd906f4 code=0x7ffc0000
[ 1399.301806][T24357] kvm_intel: kvm [24356]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xfe00004456
[ 1399.460173][   T30] audit: type=1326 audit(1749783786.002:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fb16bd906f4 code=0x7ffc0000
[ 1399.633045][T24257] veth0_macvtap: entered promiscuous mode
[ 1399.689372][T24257] veth1_macvtap: entered promiscuous mode
[ 1399.713469][   T30] audit: type=1326 audit(1749783786.002:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb16bd8e929 code=0x7ffc0000
[ 1399.836733][   T30] audit: type=1326 audit(1749783786.002:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24349 comm="syz.5.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb16bd8e929 code=0x7ffc0000
[ 1400.064441][T24257] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1400.115657][T24257] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1400.213707][T24257] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1400.277158][T24257] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1400.285939][T24257] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1400.350686][T24372] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5566'.
[ 1400.374217][T24257] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1400.498562][T24370] bridge4: entered promiscuous mode
[ 1400.537613][T24370] bridge4: entered allmulticast mode
[ 1401.222214][ T7168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1401.251880][ T7168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1401.419523][T17615] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1401.446420][T17615] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1401.483520][T24388] batadv_slave_1: entered promiscuous mode
[ 1401.520057][T24388] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5571'.
[ 1402.352760][T24402] batadv_slave_1: left promiscuous mode
[ 1403.006897][T24417] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5576'.
[ 1403.617760][T14173] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1404.137194][T14173] usb 7-1: Using ep0 maxpacket: 32
[ 1404.330789][T14173] usb 7-1: config 0 has no interfaces?
[ 1404.360503][T14173] usb 7-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[ 1404.409687][T14173] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1404.427444][T14173] usb 7-1: Product: syz
[ 1404.439032][T14173] usb 7-1: Manufacturer: syz
[ 1404.468237][T14173] usb 7-1: SerialNumber: syz
[ 1404.482465][T24435] netlink: 4300 bytes leftover after parsing attributes in process `syz.0.5581'.
[ 1404.576477][T14173] usb 7-1: config 0 descriptor??
[ 1404.841652][T23708] usb 7-1: USB disconnect, device number 2
[ 1405.047946][T24444] netlink: 76 bytes leftover after parsing attributes in process `syz.3.5585'.
[ 1405.278863][T23708] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1405.567214][T23708] usb 7-1: Using ep0 maxpacket: 16
[ 1405.580411][T24420] netdevsim netdevsim6: Firmware load for '..' refused, path contains '..' component
[ 1406.674998][T24460] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5588'.
[ 1406.843178][T23708] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1406.907063][T23708] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1406.914692][T23708] usb 7-1: can't read configurations, error -71
[ 1407.888130][T24482] FAULT_INJECTION: forcing a failure.
[ 1407.888130][T24482] name failslab, interval 1, probability 0, space 0, times 0
[ 1407.936664][T24482] CPU: 0 UID: 0 PID: 24482 Comm: syz.6.5596 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1407.936696][T24482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1407.936709][T24482] Call Trace:
[ 1407.936718][T24482]  <TASK>
[ 1407.936727][T24482]  dump_stack_lvl+0x189/0x250
[ 1407.936764][T24482]  ? __pfx____ratelimit+0x10/0x10
[ 1407.936795][T24482]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1407.936826][T24482]  ? __pfx__printk+0x10/0x10
[ 1407.936854][T24482]  ? __pfx___might_resched+0x10/0x10
[ 1407.936881][T24482]  ? fs_reclaim_acquire+0x7d/0x100
[ 1407.936911][T24482]  should_fail_ex+0x414/0x560
[ 1407.936941][T24482]  should_failslab+0xa8/0x100
[ 1407.936970][T24482]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1407.937000][T24482]  ? __kernfs_new_node+0xd7/0x7e0
[ 1407.937029][T24482]  __kernfs_new_node+0xd7/0x7e0
[ 1407.937053][T24482]  ? __lock_acquire+0xab9/0xd20
[ 1407.937087][T24482]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1407.937113][T24482]  ? kernfs_root+0x1c/0x230
[ 1407.937150][T24482]  ? kernfs_root+0x1c/0x230
[ 1407.937171][T24482]  ? kernfs_root+0x1c/0x230
[ 1407.937191][T24482]  ? kernfs_root+0x1c/0x230
[ 1407.937216][T24482]  kernfs_new_node+0x102/0x210
[ 1407.937246][T24482]  kernfs_create_dir_ns+0x44/0x130
[ 1407.937275][T24482]  sysfs_create_dir_ns+0x123/0x280
[ 1407.937303][T24482]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1407.937328][T24482]  ? do_raw_spin_unlock+0x122/0x240
[ 1407.937357][T24482]  kobject_add_internal+0x59f/0xb40
[ 1407.937388][T24482]  kobject_add+0x155/0x220
[ 1407.937416][T24482]  ? __pfx_kobject_add+0x10/0x10
[ 1407.937444][T24482]  ? get_device_parent+0x366/0x3a0
[ 1407.937483][T24482]  device_add+0x408/0xb50
[ 1407.937510][T24482]  input_register_device+0x9ca/0x10b0
[ 1407.937545][T24482]  uinput_create_device+0x422/0x670
[ 1407.937574][T24482]  ? __lock_acquire+0xab9/0xd20
[ 1407.937609][T24482]  uinput_ioctl_handler+0x3f0/0x1570
[ 1407.937639][T24482]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[ 1407.937679][T24482]  ? __fget_files+0x2a/0x420
[ 1407.937701][T24482]  ? __fget_files+0x3a0/0x420
[ 1407.937729][T24482]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1407.937758][T24482]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1407.937785][T24482]  __se_sys_ioctl+0xf9/0x170
[ 1407.937818][T24482]  do_syscall_64+0xfa/0x3b0
[ 1407.937836][T24482]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1407.937864][T24482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1407.937885][T24482]  ? clear_bhb_loop+0x60/0xb0
[ 1407.937910][T24482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1407.937930][T24482] RIP: 0033:0x7fbb8618e929
[ 1407.937949][T24482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1407.937966][T24482] RSP: 002b:00007fbb8702c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1407.937990][T24482] RAX: ffffffffffffffda RBX: 00007fbb863b5fa0 RCX: 00007fbb8618e929
[ 1407.938005][T24482] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[ 1407.938018][T24482] RBP: 00007fbb8702c090 R08: 0000000000000000 R09: 0000000000000000
[ 1407.938030][T24482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1407.938043][T24482] R13: 0000000000000000 R14: 00007fbb863b5fa0 R15: 00007fbb864dfa28
[ 1407.938077][T24482]  </TASK>
[ 1408.327323][T24482] kobject: kobject_add_internal failed for input62 (error: -12 parent: input)
[ 1409.313034][T24495] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5600'.
[ 1410.087125][T14173] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1410.277499][T14173] usb 1-1: Using ep0 maxpacket: 32
[ 1410.317404][T14173] usb 1-1: config 0 has an invalid interface number: 136 but max is 0
[ 1410.325690][T14173] usb 1-1: config 0 has no interface number 0
[ 1410.383251][T14173] usb 1-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[ 1410.401154][T24506] dns_resolver: Unsupported server list version (0)
[ 1410.514412][T14173] usb 1-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1410.628078][T14173] usb 1-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[ 1410.659797][T14173] usb 1-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1410.682402][T14173] usb 1-1: config 0 interface 136 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1410.771734][T14173] usb 1-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0
[ 1410.797465][T14173] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1410.888904][T14173] usb 1-1: config 0 descriptor??
[ 1411.073152][T14173] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1411.405319][T12527] udevd[12527]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.136/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1412.044196][T24526] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1412.050814][T24526] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1412.106772][T24526] vhci_hcd vhci_hcd.0: Device attached
[ 1412.287200][T14173] vhci_hcd: vhci_device speed not set
[ 1412.347936][T14173] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[ 1412.357887][T24533] netlink: 'syz.6.5608': attribute type 12 has an invalid length.
[ 1413.092395][ T5908] usb 4-1: new low-speed USB device number 46 using dummy_hcd
[ 1413.245543][T23708] usb 1-1: USB disconnect, device number 63
[ 1413.337206][ T5908] usb 4-1: Invalid ep0 maxpacket: 64
[ 1413.477422][ T5908] usb 4-1: new low-speed USB device number 47 using dummy_hcd
[ 1413.647200][ T5908] usb 4-1: Invalid ep0 maxpacket: 64
[ 1413.647546][ T5908] usb usb4-port1: attempt power cycle
[ 1414.046740][T24547] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5612'.
[ 1414.355924][T24551] vlan3: entered promiscuous mode
[ 1414.417225][ T5908] usb 4-1: new low-speed USB device number 48 using dummy_hcd
[ 1414.429217][T24551] vlan3: entered allmulticast mode
[ 1414.463666][ T5908] usb 4-1: Invalid ep0 maxpacket: 64
[ 1414.617368][ T5908] usb 4-1: new low-speed USB device number 49 using dummy_hcd
[ 1414.732310][ T5908] usb 4-1: Invalid ep0 maxpacket: 64
[ 1414.857692][ T5908] usb usb4-port1: unable to enumerate USB device
[ 1415.074103][T24527] vhci_hcd: connection reset by peer
[ 1415.138920][T17618] vhci_hcd: stop threads
[ 1415.143252][T17618] vhci_hcd: release socket
[ 1415.173050][T17618] vhci_hcd: disconnect device
[ 1416.447356][T24573] netlink: 68 bytes leftover after parsing attributes in process `syz.6.5618'.
[ 1417.373117][T24578] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5620'.
[ 1417.427275][T14173] vhci_hcd: vhci_device speed not set
[ 1417.817523][T24585] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5624'.
[ 1418.012307][ T5834] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1418.022245][ T5834] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1418.078637][ T5834] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1418.111659][ T5834] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1418.127131][T20078] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[ 1418.137390][ T5834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1418.351086][T20078] usb 6-1: config index 0 descriptor too short (expected 32820, got 52)
[ 1418.368986][T24599] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5626'.
[ 1418.526223][T20078] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1418.877196][T20078] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1418.989824][T20078] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97
[ 1419.014142][T20078] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1419.038847][T20078] usb 6-1: Product: syz
[ 1419.043080][T20078] usb 6-1: Manufacturer: syz
[ 1419.067093][T20078] usb 6-1: SerialNumber: syz
[ 1419.079707][T20078] usb 6-1: config 0 descriptor??
[ 1420.052729][T24597] chnl_net:caif_netlink_parms(): no params data found
[ 1420.237984][T24255] Bluetooth: hci6: command tx timeout
[ 1420.420918][T24597] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1420.432390][T24597] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1420.439850][T24597] bridge_slave_0: entered allmulticast mode
[ 1420.448739][T24597] bridge_slave_0: entered promiscuous mode
[ 1420.460657][T24597] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1420.470793][T24597] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1420.499723][T24597] bridge_slave_1: entered allmulticast mode
[ 1420.542713][T24597] bridge_slave_1: entered promiscuous mode
[ 1421.081176][T24597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1421.153904][T24597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1421.840915][T20078] usb 6-1: USB disconnect, device number 117
[ 1421.990106][T24597] team0: Port device team_slave_0 added
[ 1422.030445][T24597] team0: Port device team_slave_1 added
[ 1422.117246][T24627] netlink: 'syz.3.5630': attribute type 21 has an invalid length.
[ 1422.317391][T24255] Bluetooth: hci6: command tx timeout
[ 1422.709248][T24640] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5633'.
[ 1422.863901][T24645] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1422.912259][T24646] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5635'.
[ 1422.923831][T24641] netlink: 300 bytes leftover after parsing attributes in process `syz.5.5632'.
[ 1423.307435][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.313994][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.679041][T24597] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1423.728986][T24597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1423.880021][T24597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1423.987245][T24597] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1424.040011][T24597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1424.183361][T24597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1424.397356][T24255] Bluetooth: hci6: command tx timeout
[ 1424.914059][T24597] hsr_slave_0: entered promiscuous mode
[ 1424.943172][T24597] hsr_slave_1: entered promiscuous mode
[ 1424.965658][T24597] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1424.989039][T24597] Cannot create hsr debugfs directory
[ 1425.112457][T24666] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1426.149466][T24597] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1426.254583][T24597] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1426.368603][T24597] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1426.391448][T24597] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1426.478100][T24255] Bluetooth: hci6: command tx timeout
[ 1426.836590][T24597] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1426.990017][T24597] 8021q: adding VLAN 0 to HW filter on device team0
[ 1427.017213][T14173] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1427.089570][ T7168] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1427.096729][ T7168] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1427.160030][ T7168] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1427.167356][ T7168] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1427.259690][T14173] usb 4-1: config index 0 descriptor too short (expected 32820, got 52)
[ 1427.317088][T14173] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1427.435939][T14173] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1427.443435][T24692] geneve2: entered promiscuous mode
[ 1427.477612][T14173] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97
[ 1427.486694][T14173] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1427.497451][T14173] usb 4-1: Product: syz
[ 1427.501664][T14173] usb 4-1: Manufacturer: syz
[ 1427.507131][T14173] usb 4-1: SerialNumber: syz
[ 1427.507756][T24692] geneve2: entered allmulticast mode
[ 1427.524414][T14173] usb 4-1: config 0 descriptor??
[ 1427.764178][T24597] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1428.056087][T24597] veth0_vlan: entered promiscuous mode
[ 1428.170116][T24597] veth1_vlan: entered promiscuous mode
[ 1428.366011][T24597] veth0_macvtap: entered promiscuous mode
[ 1428.425439][T24597] veth1_macvtap: entered promiscuous mode
[ 1428.546218][T24597] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1428.628602][T24597] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1428.660650][T24597] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1428.686383][T24597] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1428.719806][T24597] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1428.739193][T24597] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1429.091673][T17618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1429.128319][T17618] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1429.312416][T17618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1429.380876][T17618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1429.817293][T14173] usb 4-1: USB disconnect, device number 50
[ 1430.137667][ T5928] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1430.397913][ T5928] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1430.423879][ T5928] usb 8-1: can't read configurations, error -61
[ 1430.947844][ T5928] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1430.998790][T24731] input: syz0 as /devices/virtual/input/input63
[ 1431.005276][T24731] input: failed to attach handler leds to device input63, error: -6
[ 1431.391209][ T5928] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1431.399082][ T5928] usb 8-1: can't read configurations, error -61
[ 1431.417671][ T5928] usb usb8-port1: attempt power cycle
[ 1431.838287][ T5928] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1431.920699][ T5928] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1431.930332][ T5928] usb 8-1: can't read configurations, error -61
[ 1432.144906][ T5928] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[ 1432.261218][ T5928] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1432.269201][ T5928] usb 8-1: can't read configurations, error -61
[ 1432.310006][ T5928] usb usb8-port1: unable to enumerate USB device
[ 1432.667535][ T5928] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1432.877331][ T5928] usb 4-1: Using ep0 maxpacket: 8
[ 1432.921476][ T5928] usb 4-1: config 0 has no interfaces?
[ 1432.937218][ T5928] usb 4-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=4d.89
[ 1432.946329][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1433.009773][ T5928] usb 4-1: config 0 descriptor??
[ 1433.228662][T24741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5661'.
[ 1433.288793][T20078] usb 4-1: USB disconnect, device number 51
[ 1433.982339][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1433.982363][   T30] audit: type=1326 audit(1749783821.342:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1434.174050][   T30] audit: type=1326 audit(1749783821.342:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1434.320360][   T30] audit: type=1326 audit(1749783821.352:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1434.383850][T24761] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5667'.
[ 1434.467888][   T30] audit: type=1326 audit(1749783821.352:2826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1434.707097][   T30] audit: type=1326 audit(1749783821.352:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1435.239671][   T30] audit: type=1326 audit(1749783821.352:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1435.558821][   T30] audit: type=1326 audit(1749783821.352:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1435.637158][   T30] audit: type=1326 audit(1749783821.522:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1435.694911][   T30] audit: type=1326 audit(1749783821.522:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24754 comm="syz.7.5665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6598e929 code=0x7ffc0000
[ 1437.095236][T24785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5671'.
[ 1437.438355][T24788] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5673'.
[ 1437.480599][T24788] FAULT_INJECTION: forcing a failure.
[ 1437.480599][T24788] name failslab, interval 1, probability 0, space 0, times 0
[ 1437.569428][T24788] CPU: 0 UID: 0 PID: 24788 Comm: syz.3.5673 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1437.569450][T24788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1437.569458][T24788] Call Trace:
[ 1437.569464][T24788]  <TASK>
[ 1437.569470][T24788]  dump_stack_lvl+0x189/0x250
[ 1437.569495][T24788]  ? __pfx____ratelimit+0x10/0x10
[ 1437.569514][T24788]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1437.569532][T24788]  ? __pfx__printk+0x10/0x10
[ 1437.569553][T24788]  should_fail_ex+0x414/0x560
[ 1437.569574][T24788]  should_failslab+0xa8/0x100
[ 1437.569588][T24788]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1437.569601][T24788]  ? sctp_add_bind_addr+0x8c/0x370
[ 1437.569617][T24788]  sctp_add_bind_addr+0x8c/0x370
[ 1437.569632][T24788]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1437.569647][T24788]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1437.569659][T24788]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1437.569673][T24788]  ? sctp_v6_is_any+0x64/0x80
[ 1437.569687][T24788]  ? sctp_copy_one_addr+0x93/0x360
[ 1437.569702][T24788]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1437.569715][T24788]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1437.569734][T24788]  sctp_connect_new_asoc+0x2e0/0x690
[ 1437.569752][T24788]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1437.569765][T24788]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1437.569787][T24788]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1437.569803][T24788]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1437.569819][T24788]  sctp_sendmsg+0x155c/0x2810
[ 1437.569842][T24788]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1437.569863][T24788]  ? aa_sk_perm+0x81e/0x950
[ 1437.569880][T24788]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1437.569896][T24788]  ? sock_rps_record_flow+0x19/0x410
[ 1437.569910][T24788]  ? inet_sendmsg+0x2f4/0x370
[ 1437.569924][T24788]  __sock_sendmsg+0x19c/0x270
[ 1437.569946][T24788]  __sys_sendto+0x3bd/0x520
[ 1437.569961][T24788]  ? __pfx___sys_sendto+0x10/0x10
[ 1437.569973][T24788]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1437.569993][T24788]  ? __fget_files+0x3a0/0x420
[ 1437.570013][T24788]  ? ksys_write+0x22a/0x250
[ 1437.570026][T24788]  ? __pfx_ksys_write+0x10/0x10
[ 1437.570036][T24788]  ? rcu_is_watching+0x15/0xb0
[ 1437.570057][T24788]  __x64_sys_sendto+0xde/0x100
[ 1437.570073][T24788]  do_syscall_64+0xfa/0x3b0
[ 1437.570084][T24788]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1437.570101][T24788]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.570112][T24788]  ? clear_bhb_loop+0x60/0xb0
[ 1437.570127][T24788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.570138][T24788] RIP: 0033:0x7f34f198e929
[ 1437.570151][T24788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1437.570162][T24788] RSP: 002b:00007f34f27b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1437.570177][T24788] RAX: ffffffffffffffda RBX: 00007f34f1bb5fa0 RCX: 00007f34f198e929
[ 1437.570186][T24788] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[ 1437.570194][T24788] RBP: 00007f34f27b0090 R08: 0000200000000080 R09: 000000000000001c
[ 1437.570202][T24788] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002
[ 1437.570209][T24788] R13: 0000000000000000 R14: 00007f34f1bb5fa0 R15: 00007f34f1cdfa28
[ 1437.570228][T24788]  </TASK>
[ 1438.881904][T24797] sctp: [Deprecated]: syz.6.5675 (pid 24797) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1438.881904][T24797] Use struct sctp_sack_info instead
[ 1438.900991][ T5834] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1438.911595][ T5834] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1438.920096][ T5834] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1438.929632][ T5834] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1438.939848][ T5834] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1439.096673][   T30] audit: type=1326 audit(1749783826.472:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24795 comm="syz.6.5675" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb8618e929 code=0x0
[ 1439.317058][T14173] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1439.477308][T14173] usb 1-1: Using ep0 maxpacket: 16
[ 1439.486340][T14173] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1439.520194][T14173] usb 1-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0x6E, changing to 0xE
[ 1439.607705][T14173] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0xE has an invalid bInterval 170, changing to 11
[ 1439.675292][T14173] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0xE has invalid maxpacket 34661, setting to 1024
[ 1439.727489][T14173] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1439.781738][T14173] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[ 1439.790211][T24802] chnl_net:caif_netlink_parms(): no params data found
[ 1439.842128][T14173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1439.901478][T20078] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1440.069113][T20078] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1440.084245][T20078] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1440.093173][T14173] usb 1-1: Product: syz
[ 1440.093467][T20078] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1440.131155][T14173] usb 1-1: Manufacturer: syz
[ 1440.154086][T14173] usb 1-1: SerialNumber: syz
[ 1440.179078][T14173] usb 1-1: config 0 descriptor??
[ 1440.185224][T24803] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1440.294024][T20078] usb 8-1: config 0 descriptor??
[ 1440.441688][T20078] pwc: Askey VC010 type 2 USB webcam detected.
[ 1440.446052][T24803] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1440.665959][T14173] usb 1-1: USB disconnect, device number 64
[ 1440.719593][T24814] sctp: [Deprecated]: syz.7.5680 (pid 24814) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1440.719593][T24814] Use struct sctp_sack_info instead
[ 1440.801128][T20078] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1440.811343][T20078] pwc: recv_control_msg error -32 req 02 val 2700
[ 1440.837834][T20078] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1440.859246][T20078] pwc: recv_control_msg error -32 req 04 val 1000
[ 1440.889821][T20078] pwc: recv_control_msg error -32 req 04 val 1300
[ 1440.900540][T20078] pwc: recv_control_msg error -32 req 04 val 1400
[ 1440.926497][T20078] pwc: recv_control_msg error -32 req 02 val 2000
[ 1440.968192][ T5834] Bluetooth: hci7: command tx timeout
[ 1441.175251][T20078] pwc: recv_control_msg error -32 req 04 val 1500
[ 1441.218543][T24802] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1441.227155][T20078] pwc: recv_control_msg error -32 req 02 val 2500
[ 1441.266872][T24802] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1441.308185][T24802] bridge_slave_0: entered allmulticast mode
[ 1441.354393][T24802] bridge_slave_0: entered promiscuous mode
[ 1441.384354][T24802] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1441.398420][T24802] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1441.411254][T24802] bridge_slave_1: entered allmulticast mode
[ 1441.426709][T24802] bridge_slave_1: entered promiscuous mode
[ 1441.780846][T24802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1441.869282][T24802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1442.299212][T24802] team0: Port device team_slave_0 added
[ 1442.370869][T24802] team0: Port device team_slave_1 added
[ 1442.657410][T20078] pwc: recv_control_msg error -71 req 02 val 2400
[ 1442.687624][T24802] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1442.707588][T20078] pwc: recv_control_msg error -71 req 02 val 2600
[ 1442.731039][T20078] pwc: recv_control_msg error -71 req 02 val 2900
[ 1442.733790][T24802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1442.796506][T20078] pwc: recv_control_msg error -71 req 02 val 2800
[ 1442.855590][T20078] pwc: recv_control_msg error -71 req 04 val 1100
[ 1442.878741][T24802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1442.904234][T20078] pwc: recv_control_msg error -71 req 04 val 1200
[ 1442.920592][T24802] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1442.933447][T24802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1442.974101][T20078] pwc: Registered as video103.
[ 1442.974563][T14173] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[ 1443.018431][T20078] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input64
[ 1443.039949][ T5834] Bluetooth: hci7: command tx timeout
[ 1443.074022][T24802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1443.080978][T20078] usb 8-1: USB disconnect, device number 6
[ 1443.177367][T14173] usb 7-1: device descriptor read/64, error -71
[ 1443.343880][T24802] hsr_slave_0: entered promiscuous mode
[ 1443.372806][T24802] hsr_slave_1: entered promiscuous mode
[ 1443.392118][T24802] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1443.428932][T14173] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[ 1443.483585][T24802] Cannot create hsr debugfs directory
[ 1443.597685][T14173] usb 7-1: device descriptor read/64, error -71
[ 1443.787756][T14173] usb usb7-port1: attempt power cycle
[ 1444.127380][T14173] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[ 1444.177423][T14173] usb 7-1: device descriptor read/8, error -71
[ 1444.687394][T14173] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[ 1444.721745][T14173] usb 7-1: device descriptor read/8, error -71
[ 1444.842707][T14173] usb usb7-port1: unable to enumerate USB device
[ 1445.009804][T24867] fuse: Bad value for 'group_id'
[ 1445.075436][T24867] fuse: Bad value for 'group_id'
[ 1445.122758][ T5834] Bluetooth: hci7: command tx timeout
[ 1445.261795][T24869] netlink: 'syz.7.5693': attribute type 1 has an invalid length.
[ 1445.285196][T24802] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1445.359433][T24802] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1445.435176][T24802] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1445.539636][T24859] netlink: 'syz.3.5690': attribute type 21 has an invalid length.
[ 1445.578670][T24869] sit1: entered promiscuous mode
[ 1445.624440][T24802] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1445.828924][T24860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1446.220730][T24802] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1446.394887][T24802] 8021q: adding VLAN 0 to HW filter on device team0
[ 1446.443723][T17617] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1446.451158][T17617] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1446.550165][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1446.557424][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1446.655660][T24802] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1446.780362][T24802] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1446.986780][T24802] veth0_vlan: entered promiscuous mode
[ 1447.106928][T24802] veth1_vlan: entered promiscuous mode
[ 1447.207404][ T5834] Bluetooth: hci7: command tx timeout
[ 1447.346309][T24902] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5701'.
[ 1447.423843][T24802] veth0_macvtap: entered promiscuous mode
[ 1447.484674][T24802] veth1_macvtap: entered promiscuous mode
[ 1447.517811][T20078] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1447.645283][T24802] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1447.703479][T20078] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1447.754533][T24802] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1447.772310][T20078] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1447.807104][T20078] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1447.816383][T20078] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1447.861384][T24907] netlink: 'syz.6.5703': attribute type 10 has an invalid length.
[ 1447.907909][T20078] usb 1-1: config 0 descriptor??
[ 1447.966293][T24802] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1447.990306][T24802] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.043560][T24802] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.157338][T24802] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.205592][T24907] team0: Device dummy0 is up. Set it down before adding it as a team port
[ 1448.794210][T17621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1448.852285][T17621] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1449.032656][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1449.127457][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1449.347258][ T5928] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1449.559387][T24919] fuse: Invalid rootmode
[ 1450.006845][ T5928] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1450.038352][T24923] netlink: 68 bytes leftover after parsing attributes in process `syz.8.5672'.
[ 1450.164615][ T5928] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1450.238153][T19143] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1450.347136][ T5928] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1450.417064][T19143] usb 4-1: Using ep0 maxpacket: 16
[ 1450.429836][T19143] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1450.458340][ T5928] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1450.501537][T19143] usb 4-1: config 0 has no interface number 0
[ 1450.537102][T19143] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1450.542351][ T5928] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.592430][T19143] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1450.660794][ T5928] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1450.677844][ T5928] usb 7-1: invalid MIDI out EP 0
[ 1450.749965][T19143] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1450.832188][T19143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.923909][T19143] usb 4-1: config 0 descriptor??
[ 1451.229160][ T5928] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1451.571805][T19143] uclogic 0003:28BD:0071.002E: pen parameters not found
[ 1451.686922][T19143] uclogic 0003:28BD:0071.002E: interface is invalid, ignoring
[ 1452.211190][T12527] udevd[12527]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1452.530781][  T918] usb 4-1: USB disconnect, device number 52
[ 1453.337354][T12646] usb 7-1: USB disconnect, device number 9
[ 1453.450145][T20078] usb 1-1: string descriptor 0 read error: -32
[ 1453.978417][T24951] netlink: 'syz.7.5718': attribute type 4 has an invalid length.
[ 1453.996355][T24951] netlink: 17 bytes leftover after parsing attributes in process `syz.7.5718'.
[ 1455.297399][T24978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1455.374318][T24978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1455.823690][T24951] netlink: 'syz.7.5718': attribute type 1 has an invalid length.
[ 1455.886026][T24981] netlink: 'syz.8.5724': attribute type 1 has an invalid length.
[ 1456.204714][T24981] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5724'.
[ 1456.921208][T24976] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5722'.
[ 1457.167670][T19143] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1457.339664][T19143] usb 9-1: Using ep0 maxpacket: 8
[ 1457.369285][T19143] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[ 1457.398021][T19143] usb 9-1: config 0 has no interface number 0
[ 1457.431284][T19143] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1457.488074][T19143] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1457.501371][T19143] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1457.525479][T19143] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1457.554663][T19143] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1457.588933][T19143] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1457.762076][T19143] usb 9-1: config 0 descriptor??
[ 1457.802434][T19143] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1458.889948][T24992] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5726'.
[ 1459.791190][T25010] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5732'.
[ 1460.013373][T12646] usb 9-1: USB disconnect, device number 2
[ 1460.083538][T12646] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[ 1460.998907][T25021] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1461.554140][T19143] usb 1-1: USB disconnect, device number 65
[ 1462.056318][T25036] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5739'.
[ 1462.122931][T25036] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5739'.
[ 1462.346293][T25035] syzkaller0: entered promiscuous mode
[ 1462.373585][T25035] syzkaller0: entered allmulticast mode
[ 1462.421243][T25038] FAULT_INJECTION: forcing a failure.
[ 1462.421243][T25038] name failslab, interval 1, probability 0, space 0, times 0
[ 1462.467514][T25038] CPU: 1 UID: 0 PID: 25038 Comm: syz.0.5738 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1462.467548][T25038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1462.467561][T25038] Call Trace:
[ 1462.467570][T25038]  <TASK>
[ 1462.467580][T25038]  dump_stack_lvl+0x189/0x250
[ 1462.467616][T25038]  ? __pfx____ratelimit+0x10/0x10
[ 1462.467647][T25038]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1462.467678][T25038]  ? __pfx__printk+0x10/0x10
[ 1462.467707][T25038]  ? __pfx___might_resched+0x10/0x10
[ 1462.467735][T25038]  ? fs_reclaim_acquire+0x7d/0x100
[ 1462.467763][T25038]  should_fail_ex+0x414/0x560
[ 1462.467796][T25038]  should_failslab+0xa8/0x100
[ 1462.467820][T25038]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1462.467849][T25038]  ? __kernfs_new_node+0xd7/0x7e0
[ 1462.467880][T25038]  __kernfs_new_node+0xd7/0x7e0
[ 1462.467904][T25038]  ? __lock_acquire+0xab9/0xd20
[ 1462.467940][T25038]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1462.467965][T25038]  ? kernfs_root+0x1c/0x230
[ 1462.467996][T25038]  ? kernfs_root+0x1c/0x230
[ 1462.468018][T25038]  ? kernfs_root+0x1c/0x230
[ 1462.468047][T25038]  ? kernfs_root+0x1c/0x230
[ 1462.468076][T25038]  kernfs_new_node+0x102/0x210
[ 1462.468108][T25038]  __kernfs_create_file+0x4b/0x2e0
[ 1462.468142][T25038]  sysfs_add_file_mode_ns+0x238/0x300
[ 1462.468174][T25038]  internal_create_group+0x66d/0x1110
[ 1462.468210][T25038]  ? tun_attach+0x1237/0x1610
[ 1462.468229][T25038]  ? tun_set_iff+0x468/0xef0
[ 1462.468245][T25038]  ? __tun_chr_ioctl+0x788/0x1df0
[ 1462.468263][T25038]  ? __se_sys_ioctl+0xf9/0x170
[ 1462.468291][T25038]  ? __pfx_internal_create_group+0x10/0x10
[ 1462.468319][T25038]  ? register_lock_class+0x51/0x320
[ 1462.468350][T25038]  sysfs_create_groups+0x59/0x120
[ 1462.468379][T25038]  netdev_queue_update_kobjects+0x2a6/0x6c0
[ 1462.468421][T25038]  netif_set_real_num_tx_queues+0x2c6/0xac0
[ 1462.468462][T25038]  tun_attach+0x1237/0x1610
[ 1462.468486][T25038]  ? __lock_acquire+0xab9/0xd20
[ 1462.468536][T25038]  ? tun_not_capable+0x14e/0x1f0
[ 1462.468562][T25038]  tun_set_iff+0x468/0xef0
[ 1462.468591][T25038]  __tun_chr_ioctl+0x788/0x1df0
[ 1462.468619][T25038]  ? __pfx___tun_chr_ioctl+0x10/0x10
[ 1462.468644][T25038]  ? __fget_files+0x2a/0x420
[ 1462.468666][T25038]  ? __fget_files+0x3a0/0x420
[ 1462.468687][T25038]  ? __fget_files+0x2a/0x420
[ 1462.468713][T25038]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1462.468741][T25038]  ? __pfx_tun_chr_ioctl+0x10/0x10
[ 1462.468770][T25038]  __se_sys_ioctl+0xf9/0x170
[ 1462.468801][T25038]  do_syscall_64+0xfa/0x3b0
[ 1462.468820][T25038]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1462.468849][T25038]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1462.468869][T25038]  ? clear_bhb_loop+0x60/0xb0
[ 1462.468894][T25038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1462.468913][T25038] RIP: 0033:0x7f4772b8e929
[ 1462.468932][T25038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1462.468949][T25038] RSP: 002b:00007f47739cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1462.468973][T25038] RAX: ffffffffffffffda RBX: 00007f4772db6160 RCX: 00007f4772b8e929
[ 1462.468988][T25038] RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000006
[ 1462.469002][T25038] RBP: 00007f47739cc090 R08: 0000000000000000 R09: 0000000000000000
[ 1462.469015][T25038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1462.469027][T25038] R13: 0000000000000000 R14: 00007f4772db6160 R15: 00007f4772edfa28
[ 1462.469069][T25038]  </TASK>
[ 1462.637608][T12646] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1462.639631][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1462.829131][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1462.863221][T12646] usb 8-1: config 0 has an invalid interface number: 101 but max is 0
[ 1462.887448][T12646] usb 8-1: config 0 has no interface number 0
[ 1462.934424][T12646] usb 8-1: New USB device found, idVendor=1164, idProduct=1e8c, bcdDevice=ce.43
[ 1462.995961][T12646] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1463.034790][T12646] usb 8-1: Product: syz
[ 1463.077492][T12646] usb 8-1: Manufacturer: syz
[ 1463.082147][T12646] usb 8-1: SerialNumber: syz
[ 1463.120878][T12646] usb 8-1: config 0 descriptor??
[ 1463.365226][T12646] dvb-usb: found a 'YUAN High-Tech DiBcom STK7700D' in cold state, will try to load a firmware
[ 1463.442628][T12646] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1463.498418][T12646] dib0700: firmware download failed at 7 with -22
[ 1463.507812][T12646] usbhid 8-1:0.101: couldn't find an input interrupt endpoint
[ 1463.526677][T12646] usb 8-1: USB disconnect, device number 7
[ 1463.614426][  T918] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1463.770668][  T918] usb 9-1: Using ep0 maxpacket: 32
[ 1463.779462][  T918] usb 9-1: config 0 has an invalid interface number: 106 but max is 0
[ 1463.797138][  T918] usb 9-1: config 0 has no interface number 0
[ 1463.803342][  T918] usb 9-1: config 0 interface 106 has no altsetting 0
[ 1463.820067][  T918] usb 9-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[ 1463.847148][  T918] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1463.855368][  T918] usb 9-1: Product: syz
[ 1463.865566][  T918] usb 9-1: Manufacturer: syz
[ 1463.875701][  T918] usb 9-1: SerialNumber: syz
[ 1463.893470][  T918] usb 9-1: config 0 descriptor??
[ 1463.915983][  T918] cdc_phonet 9-1:0.106: probe with driver cdc_phonet failed with error -22
[ 1464.125201][  T918] usb 9-1: USB disconnect, device number 3
[ 1465.587617][T12646] usb 8-1: new full-speed USB device number 8 using dummy_hcd
[ 1465.764800][T12646] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1465.777096][T12646] usb 8-1: can't read configurations, error -61
[ 1465.928350][T12646] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[ 1466.173539][T12646] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1466.181664][T12646] usb 8-1: can't read configurations, error -61
[ 1466.189354][T12646] usb usb8-port1: attempt power cycle
[ 1466.577449][T12646] usb 8-1: new full-speed USB device number 10 using dummy_hcd
[ 1466.631198][T12646] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1466.641083][T12646] usb 8-1: can't read configurations, error -61
[ 1466.820279][T12646] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[ 1466.870493][T12646] usb 8-1: unable to read config index 0 descriptor/start: -61
[ 1466.927937][T12646] usb 8-1: can't read configurations, error -61
[ 1466.944495][T12646] usb usb8-port1: unable to enumerate USB device
[ 1468.405547][T25060] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5747'.
[ 1469.570264][T25060] geneve2: entered promiscuous mode
[ 1469.575567][T25060] geneve2: entered allmulticast mode
[ 1469.767571][T25068] loop3: detected capacity change from 0 to 1
[ 1469.815843][T24255] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1469.829020][T24255] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1469.838107][T24255] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1469.847961][T24255] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1469.855440][T12435] Dev loop3: unable to read RDB block 1
[ 1469.855673][T24255] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1469.871696][T12435]  loop3: unable to read partition table
[ 1469.880469][T12435] loop3: partition table beyond EOD, truncated
[ 1469.911972][T25068] Dev loop3: unable to read RDB block 1
[ 1469.959745][T25068]  loop3: unable to read partition table
[ 1470.001054][T25068] loop3: partition table beyond EOD, truncated
[ 1470.029528][T25068] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1470.869190][T25074] chnl_net:caif_netlink_parms(): no params data found
[ 1471.385979][T25074] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1471.480832][T25074] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1471.580921][T25091] netlink: 'syz.0.5755': attribute type 21 has an invalid length.
[ 1471.628854][T25074] bridge_slave_0: entered allmulticast mode
[ 1471.662759][T25105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1471.721874][T25074] bridge_slave_0: entered promiscuous mode
[ 1471.758996][T25101] syzkaller1: entered promiscuous mode
[ 1471.765014][T25101] syzkaller1: entered allmulticast mode
[ 1471.923074][T24255] Bluetooth: hci8: command tx timeout
[ 1471.972310][T25074] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1471.992025][T25074] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1472.012380][T25074] bridge_slave_1: entered allmulticast mode
[ 1472.091520][T25074] bridge_slave_1: entered promiscuous mode
[ 1472.197264][T25110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5760'.
[ 1472.506728][T25110] geneve2: entered promiscuous mode
[ 1472.554747][T25110] geneve2: entered allmulticast mode
[ 1472.593631][T25117] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5761'.
[ 1472.948712][T25074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1473.100443][T25074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1473.396485][   T30] audit: type=1326 audit(1749783860.772:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1473.431385][T25074] team0: Port device team_slave_0 added
[ 1473.472133][T25074] team0: Port device team_slave_1 added
[ 1473.522309][   T30] audit: type=1326 audit(1749783860.802:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1473.544937][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1473.664414][   T30] audit: type=1326 audit(1749783860.802:2835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1473.714726][T25074] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1473.749384][T25074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1473.816425][T25074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1473.827329][   T30] audit: type=1326 audit(1749783860.822:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1473.909346][T25074] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1473.983216][   T30] audit: type=1326 audit(1749783860.822:2837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1473.987296][T25074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1474.057179][T24255] Bluetooth: hci8: command tx timeout
[ 1474.068198][T25074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1474.081804][   T30] audit: type=1326 audit(1749783860.822:2838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1474.104594][   T30] audit: type=1326 audit(1749783860.822:2839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1474.128682][   T30] audit: type=1326 audit(1749783860.822:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1474.154226][   T30] audit: type=1326 audit(1749783860.822:2841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1474.249182][   T30] audit: type=1326 audit(1749783860.822:2842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25129 comm="syz.3.5767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f34f198e929 code=0x7ffc0000
[ 1474.349899][T25150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5773'.
[ 1474.423320][T25074] hsr_slave_0: entered promiscuous mode
[ 1474.429186][T12646] usb 1-1: new full-speed USB device number 66 using dummy_hcd
[ 1474.462643][T25074] hsr_slave_1: entered promiscuous mode
[ 1474.521913][T25074] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1474.567065][T25074] Cannot create hsr debugfs directory
[ 1474.609065][T12646] usb 1-1: config 0 has an invalid interface number: 120 but max is 0
[ 1474.617559][T12646] usb 1-1: config 0 has no interface number 0
[ 1474.623745][T12646] usb 1-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1474.699645][T12646] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[ 1474.746732][T12646] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[ 1474.832905][T12646] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1474.856318][T12646] usb 1-1: config 0 descriptor??
[ 1474.898233][T25148] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1474.933049][T12646] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input66
[ 1475.169447][T12646] usb 1-1: USB disconnect, device number 66
[ 1475.827381][T25166] netlink: zone id is out of range
[ 1476.171322][T24255] Bluetooth: hci8: command tx timeout
[ 1477.334257][T25175] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5779'.
[ 1477.427726][T25175] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5779'.
[ 1477.490295][T25074] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1477.591967][T25074] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1477.704107][T25074] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1477.728283][T25179] Cannot find del_set index 0 as target
[ 1477.739166][T25179] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5781'.
[ 1477.766244][T12646] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1477.826681][T25074] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1477.957207][T12646] usb 1-1: Using ep0 maxpacket: 8
[ 1477.964157][T12646] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1477.974896][T12646] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1477.984241][T12646] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.002092][T12646] usb 1-1: config 0 descriptor??
[ 1478.077623][T12646] iowarrior 1-1:0.0: no interrupt-in endpoint found
[ 1478.238569][T24255] Bluetooth: hci8: command tx timeout
[ 1478.267296][T25175] openvswitch: netlink: Tunnel attr 202 out of range max 16
[ 1478.351851][T25074] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1478.400075][T25074] 8021q: adding VLAN 0 to HW filter on device team0
[ 1478.425521][T17617] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1478.432812][T17617] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1478.582087][T19143] usb 1-1: USB disconnect, device number 67
[ 1478.596705][T17617] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1478.603916][T17617] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1478.746403][T25195] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5783'.
[ 1478.923514][T25074] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1478.969660][T25074] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1479.107133][  T918] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1479.230136][T25074] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1479.287327][  T918] usb 8-1: Using ep0 maxpacket: 32
[ 1479.341804][  T918] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[ 1479.392531][  T918] usb 8-1: config 0 has no interface number 0
[ 1479.467514][  T918] usb 8-1: config 0 interface 184 has no altsetting 0
[ 1479.511498][T25074] veth0_vlan: entered promiscuous mode
[ 1479.548636][  T918] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1479.563615][T25074] veth1_vlan: entered promiscuous mode
[ 1479.601918][  T918] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1479.709471][T25074] veth0_macvtap: entered promiscuous mode
[ 1479.725584][  T918] usb 8-1: Product: syz
[ 1479.771312][  T918] usb 8-1: Manufacturer: syz
[ 1479.782790][  T918] usb 8-1: SerialNumber: syz
[ 1479.789830][  T918] usb 8-1: config 0 descriptor??
[ 1479.806257][  T918] smsc75xx v1.0.0
[ 1479.810102][  T918] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1479.838910][  T918] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -22
[ 1479.847711][T20078] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1479.896573][T25074] veth1_macvtap: entered promiscuous mode
[ 1480.020714][T20078] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1480.075960][T25195] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1480.084229][T25195] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1480.093845][T25195] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1480.101611][T25195] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1480.109071][T20078] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1480.130105][T20078] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1480.140279][T20078] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1480.161506][T20078] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1480.170732][T20078] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1480.196413][T20078] usb 9-1: Product: syz
[ 1480.246316][T25074] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1480.337694][T20078] usb 9-1: Manufacturer: syz
[ 1480.368609][T20078] cdc_wdm 9-1:1.0: skipping garbage
[ 1480.470554][T20078] cdc_wdm 9-1:1.0: skipping garbage
[ 1480.477631][T25074] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1480.494585][T20078] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1480.517697][T20078] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1480.525686][T25074] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.551052][T25074] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.563193][T25074] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.577615][T20078] usb 9-1: USB disconnect, device number 4
[ 1480.594557][T25074] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.865981][T17618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1480.896635][T17618] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1480.975880][T17618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1480.995501][T17618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1481.027745][T20078] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1481.259780][T20078] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1481.270998][T20078] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1481.318253][T20078] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1481.363686][T20078] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1481.506237][T20078] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1481.544323][T20078] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1481.655672][ T5928] usb 8-1: USB disconnect, device number 12
[ 1481.712159][T20078] usb 9-1: Product: syz
[ 1481.716391][T20078] usb 9-1: Manufacturer: syz
[ 1481.779031][T20078] cdc_wdm 9-1:1.0: skipping garbage
[ 1481.797271][T20078] cdc_wdm 9-1:1.0: skipping garbage
[ 1481.820255][T20078] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1481.834845][T20078] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1482.754969][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[ 1482.757189][T20078] usb 9-1: USB disconnect, device number 5
[ 1482.761838][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[ 1482.773608][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1482.784209][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1483.078054][T25223] input: syz0 as /devices/virtual/input/input67
[ 1483.084726][T25223] input: failed to attach handler leds to device input67, error: -6
[ 1484.257129][T14173] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1484.269407][T25256] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5801'.
[ 1484.352220][T25256] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5801'.
[ 1484.399653][T24094] warn_alloc: 7 callbacks suppressed
[ 1484.399669][T24094] syz.1.5492: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1484.441062][  T918] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1484.494920][T14173] usb 9-1: config 0 has no interfaces?
[ 1484.500508][T24094] CPU: 0 UID: 0 PID: 24094 Comm: syz.1.5492 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1484.500543][T24094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1484.500557][T24094] Call Trace:
[ 1484.500566][T24094]  <TASK>
[ 1484.500575][T24094]  dump_stack_lvl+0x189/0x250
[ 1484.500615][T24094]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1484.500644][T24094]  ? __pfx__printk+0x10/0x10
[ 1484.500665][T24094]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1484.500687][T24094]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1484.500709][T24094]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1484.500733][T24094]  warn_alloc+0x214/0x310
[ 1484.500762][T24094]  ? __pfx_warn_alloc+0x10/0x10
[ 1484.500794][T24094]  ? __get_vm_area_node+0x28f/0x300
[ 1484.500815][T24094]  ? relay_open_buf+0x217/0xd40
[ 1484.500839][T24094]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1484.500892][T24094]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1484.500917][T24094]  ? rcu_is_watching+0x15/0xb0
[ 1484.500947][T24094]  ? relay_open_buf+0x217/0xd40
[ 1484.500987][T24094]  ? relay_open_buf+0x217/0xd40
[ 1484.501004][T24094]  __kvmalloc_node_noprof+0x3b8/0x5f0
[ 1484.501025][T24094]  ? relay_open_buf+0x217/0xd40
[ 1484.501042][T24094]  ? trace_kmalloc+0x1f/0xd0
[ 1484.501060][T24094]  ? relay_open_buf+0x17c/0xd40
[ 1484.501084][T24094]  relay_open_buf+0x217/0xd40
[ 1484.501116][T24094]  relay_open+0x427/0x920
[ 1484.501144][T24094]  do_blk_trace_setup+0x591/0x9d0
[ 1484.501180][T24094]  blk_trace_setup+0x116/0x1f0
[ 1484.501204][T24094]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1484.501232][T24094]  ? __pfx_blk_trace_setup+0x10/0x10
[ 1484.501272][T24094]  ? __lock_acquire+0xab9/0xd20
[ 1484.501302][T24094]  sg_ioctl+0xaf3/0x2230
[ 1484.501331][T24094]  ? __pfx_sg_ioctl+0x10/0x10
[ 1484.501351][T24094]  ? __fget_files+0x2a/0x420
[ 1484.501376][T24094]  ? __fget_files+0x2a/0x420
[ 1484.501395][T24094]  ? __fget_files+0x3a0/0x420
[ 1484.501415][T24094]  ? __fget_files+0x2a/0x420
[ 1484.501439][T24094]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1484.501466][T24094]  ? __pfx_sg_ioctl+0x10/0x10
[ 1484.501484][T24094]  __se_sys_ioctl+0xf9/0x170
[ 1484.501514][T24094]  do_syscall_64+0xfa/0x3b0
[ 1484.501531][T24094]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1484.501559][T24094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1484.501579][T24094]  ? clear_bhb_loop+0x60/0xb0
[ 1484.501604][T24094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1484.501623][T24094] RIP: 0033:0x7f3cd918e929
[ 1484.501659][T24094] Code: Unable to access opcode bytes at 0x7f3cd918e8ff.
[ 1484.501668][T24094] RSP: 002b:00007f3cda047038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1484.501690][T24094] RAX: ffffffffffffffda RBX: 00007f3cd93b6320 RCX: 00007f3cd918e929
[ 1484.501704][T24094] RDX: 0000200000000b40 RSI: 00000000c0481273 RDI: 0000000000000008
[ 1484.501717][T24094] RBP: 00007f3cd9210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1484.501729][T24094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1484.501740][T24094] R13: 0000000000000000 R14: 00007f3cd93b6320 R15: 00007f3cd94dfa28
[ 1484.501771][T24094]  </TASK>
[ 1484.501779][T24094] Mem-Info:
[ 1484.727964][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.824474][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.836323][T24094] active_anon:9246 inactive_anon:15 isolated_anon:0
[ 1484.836323][T24094]  active_file:13842 inactive_file:1667 isolated_file:0
[ 1484.836323][T24094]  unevictable:768 dirty:157 writeback:0
[ 1484.836323][T24094]  slab_reclaimable:6909 slab_unreclaimable:116279
[ 1484.836323][T24094]  mapped:61825 shmem:4891 pagetables:4272
[ 1484.836323][T24094]  sec_pagetables:0 bounce:0
[ 1484.836323][T24094]  kernel_misc_reclaimable:0
[ 1484.836323][T24094]  free:73647 free_pcp:30221 free_cma:0
[ 1484.881598][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1484.923893][  T918] usb 8-1: Using ep0 maxpacket: 32
[ 1484.956715][  T918] usb 8-1: config 0 has an invalid interface number: 29 but max is 0
[ 1484.990514][  T918] usb 8-1: config 0 has no interface number 0
[ 1485.021902][T24094] Node 0 active_anon:4kB inactive_anon:60kB active_file:16kB inactive_file:224kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:181484kB dirty:20kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12752kB pagetables:6392kB sec_pagetables:0kB all_unreclaimable? yes Balloon:0kB
[ 1485.054476][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1485.073893][T24094] Node 1 active_anon:37148kB inactive_anon:0kB active_file:55352kB inactive_file:6444kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:69916kB dirty:608kB writeback:0kB shmem:18028kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1892kB pagetables:10724kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1485.097063][  T918] usb 8-1: config 0 interface 29 has no altsetting 0
[ 1485.129263][T14173] usb 9-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1485.198075][T14173] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1485.210716][  T918] usb 8-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1485.222854][T24094] Node 0 DMA free:10220kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:68kB local_pcp:60kB free_cma:0kB
[ 1485.255676][T14173] usb 9-1: Product: syz
[ 1485.287284][  T918] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1485.295371][  T918] usb 8-1: Product: syz
[ 1485.300201][T14173] usb 9-1: Manufacturer: syz
[ 1485.304803][T14173] usb 9-1: SerialNumber: syz
[ 1485.360722][T24809] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1485.389348][  T918] usb 8-1: Manufacturer: syz
[ 1485.409853][T14173] usb 9-1: config 0 descriptor??
[ 1485.414991][  T918] usb 8-1: SerialNumber: syz
[ 1485.448119][T24094] lowmem_reserve[]: 0 2501 2502 2502 2502
[ 1485.461514][  T918] usb 8-1: config 0 descriptor??
[ 1485.490868][T24094] Node 0 DMA32 free:43472kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:8192KB free_highatomic:1104KB active_anon:4kB inactive_anon:60kB active_file:16kB inactive_file:224kB unevictable:1536kB writepending:20kB present:3129332kB managed:2561032kB mlocked:0kB bounce:0kB free_pcp:16624kB local_pcp:10792kB free_cma:0kB
[ 1485.629421][T24809] usb 10-1: config 0 has no interfaces?
[ 1485.643972][T24809] usb 10-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1485.655462][T24809] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1485.667582][T24809] usb 10-1: Product: syz
[ 1485.671935][T24809] usb 10-1: Manufacturer: syz
[ 1485.676768][T24809] usb 10-1: SerialNumber: syz
[ 1485.687111][T24094] lowmem_reserve[]: 0 0 1 1 1
[ 1485.703636][T24809] usb 10-1: config 0 descriptor??
[ 1485.743908][  T918] peak_usb 8-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[ 1485.800825][T25253] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5799'.
[ 1485.818188][T24094] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:40kB local_pcp:24kB free_cma:0kB
[ 1485.847033][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1485.979031][  T918] peak_usb 8-1:0.29 can0: sending command failure: -22
[ 1486.009492][T25264] netlink: 44 bytes leftover after parsing attributes in process `syz.9.5803'.
[ 1486.031860][  T918] peak_usb 8-1:0.29 can0: sending command failure: -22
[ 1486.046765][T25253] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5799'.
[ 1486.057492][  T918] peak_usb 8-1:0.29 can0: sending command failure: -22
[ 1486.064485][T24094] lowmem_reserve[]: 0 0 0 0 0
[ 1486.070901][T24094] Node 1 Normal free:256752kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39272kB inactive_anon:0kB active_file:55476kB inactive_file:6444kB unevictable:1536kB writepending:648kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:85868kB local_pcp:60064kB free_cma:0kB
[ 1486.103013][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1486.195283][T24094] lowmem_reserve[]: 0 0 0 0 0
[ 1486.203309][T24094] Node 0 DMA: 5*4kB (U) 3*8kB (U) 0*16kB 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 1*4096kB (M) = 10220kB
[ 1486.222292][  T918] peak_usb 8-1:0.29: probe with driver peak_usb failed with error -22
[ 1486.241429][  T918] usb 8-1: USB disconnect, device number 13
[ 1486.291497][T24094] Node 0 DMA32: 88*4kB (UME) 268*8kB (UMEH) 255*16kB (UMEH) 189*32kB (UMEH) 100*64kB (MEH) 61*128kB (UMEH) 23*256kB (ME) 13*512kB (M) 4*1024kB (UM) 0*2048kB 0*4096kB = 43472kB
[ 1486.337223][T24094] Node 0 Normal: 1*4kB (U) 1*8kB (U) 1*16kB (U) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28kB
[ 1486.356901][T24094] Node 1 Normal: 638*4kB (UME) 484*8kB (UME) 343*16kB (UME) 280*32kB (UM) 203*64kB (UME) 14*128kB (UM) 8*256kB (UME) 0*512kB 2*1024kB (U) 2*2048kB (UE) 52*4096kB (M) = 256840kB
[ 1486.780452][T24094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1486.837163][T24094] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1486.863405][T24094] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1487.023874][T24094] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1487.053448][T24094] 20271 total pagecache pages
[ 1487.091077][T24094] 1208 pages in swap cache
[ 1487.141922][T24094] Free swap  = 85180kB
[ 1487.164388][T24094] Total swap = 124996kB
[ 1487.176627][T24094] 2097051 pages RAM
[ 1487.185199][T24094] 0 pages HighMem/MovableOnly
[ 1487.196807][T24094] 424687 pages reserved
[ 1487.210582][T24094] 0 pages cma reserved
[ 1487.407190][T25282] netlink: 300 bytes leftover after parsing attributes in process `syz.0.5807'.
[ 1487.409580][T25281] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5806'.
[ 1487.531313][T25281] bond_slave_0: entered promiscuous mode
[ 1487.537117][T25281] bond_slave_1: entered promiscuous mode
[ 1487.596629][T25281] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1487.797667][T24809] usb 10-1: USB disconnect, device number 2
[ 1487.812097][T25286] No such timeout policy "syz0"
[ 1487.849599][T25286] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5809'.
[ 1487.858788][T25286] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5809'.
[ 1487.892601][T25286] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5809'.
[ 1488.005339][  T918] usb 9-1: USB disconnect, device number 6
[ 1488.702743][T25300] FAULT_INJECTION: forcing a failure.
[ 1488.702743][T25300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1488.791654][T25300] CPU: 1 UID: 0 PID: 25300 Comm: syz.9.5812 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1488.791688][T25300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1488.791702][T25300] Call Trace:
[ 1488.791711][T25300]  <TASK>
[ 1488.791720][T25300]  dump_stack_lvl+0x189/0x250
[ 1488.791758][T25300]  ? __pfx____ratelimit+0x10/0x10
[ 1488.791790][T25300]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1488.791821][T25300]  ? __pfx__printk+0x10/0x10
[ 1488.791858][T25300]  should_fail_ex+0x414/0x560
[ 1488.791891][T25300]  _copy_from_user+0x2d/0xb0
[ 1488.791915][T25300]  get_user_ifreq+0x6c/0x180
[ 1488.791949][T25300]  sock_ioctl+0x6dd/0x790
[ 1488.791991][T25300]  ? __pfx_sock_ioctl+0x10/0x10
[ 1488.792023][T25300]  ? __fget_files+0x3a0/0x420
[ 1488.792046][T25300]  ? __fget_files+0x2a/0x420
[ 1488.792072][T25300]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1488.792103][T25300]  ? __pfx_sock_ioctl+0x10/0x10
[ 1488.792132][T25300]  __se_sys_ioctl+0xf9/0x170
[ 1488.792164][T25300]  do_syscall_64+0xfa/0x3b0
[ 1488.792183][T25300]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1488.792212][T25300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1488.792232][T25300]  ? clear_bhb_loop+0x60/0xb0
[ 1488.792257][T25300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1488.792278][T25300] RIP: 0033:0x7f42c058e929
[ 1488.792298][T25300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1488.792317][T25300] RSP: 002b:00007f42c13cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1488.792341][T25300] RAX: ffffffffffffffda RBX: 00007f42c07b5fa0 RCX: 00007f42c058e929
[ 1488.792356][T25300] RDX: 00002000000000c0 RSI: 00000000000089f1 RDI: 0000000000000003
[ 1488.792370][T25300] RBP: 00007f42c13cb090 R08: 0000000000000000 R09: 0000000000000000
[ 1488.792383][T25300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1488.792395][T25300] R13: 0000000000000000 R14: 00007f42c07b5fa0 R15: 00007f42c08dfa28
[ 1488.792428][T25300]  </TASK>
[ 1488.994184][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1489.235584][T25314] netlink: 'syz.9.5816': attribute type 10 has an invalid length.
[ 1489.247595][T25314] team0: Device dummy0 is up. Set it down before adding it as a team port
[ 1489.501757][T25321] netlink: 300 bytes leftover after parsing attributes in process `syz.8.5818'.
[ 1489.752871][T25325] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5819'.
[ 1489.847247][T24809] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1489.922952][T25329] geneve2: entered promiscuous mode
[ 1489.952941][T25329] geneve2: entered allmulticast mode
[ 1490.042937][T24809] usb 8-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1490.077587][T24809] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1490.154459][T24809] usb 8-1: config 0 descriptor??
[ 1490.565320][T25341] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5825'.
[ 1491.299832][T24809] udl 8-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1491.378033][T24809] [drm:udl_init] *ERROR* Selecting channel failed
[ 1491.476532][T24809] [drm] Initialized udl 0.0.1 for 8-1:0.0 on minor 2
[ 1491.524920][T24809] [drm] Initialized udl on minor 2
[ 1491.604650][T24809] udl 8-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1491.661331][T25355] netlink: 'syz.0.5830': attribute type 10 has an invalid length.
[ 1491.666055][T24809] udl 8-1:0.0: [drm] Cannot find any crtc or sizes
[ 1491.739588][   T24] udl 8-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1491.770129][T24809] usb 8-1: USB disconnect, device number 14
[ 1491.824528][   T24] udl 8-1:0.0: [drm] Cannot find any crtc or sizes
[ 1492.371059][T25366] geneve2: entered promiscuous mode
[ 1492.507357][T25366] geneve2: entered allmulticast mode
[ 1493.473173][T25386] netlink: 44 bytes leftover after parsing attributes in process `syz.9.5839'.
[ 1493.677307][T23708] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1493.972687][T23708] usb 1-1: config 0 has no interfaces?
[ 1494.117214][T23708] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1494.191179][T23708] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1494.264532][T23708] usb 1-1: Product: syz
[ 1494.323542][T23708] usb 1-1: Manufacturer: syz
[ 1494.357606][T23708] usb 1-1: SerialNumber: syz
[ 1494.401563][T23708] usb 1-1: config 0 descriptor??
[ 1494.435555][T25404] FAULT_INJECTION: forcing a failure.
[ 1494.435555][T25404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1494.498286][T25404] CPU: 1 UID: 0 PID: 25404 Comm: syz.8.5844 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1494.498307][T25404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1494.498315][T25404] Call Trace:
[ 1494.498321][T25404]  <TASK>
[ 1494.498327][T25404]  dump_stack_lvl+0x189/0x250
[ 1494.498350][T25404]  ? __pfx____ratelimit+0x10/0x10
[ 1494.498368][T25404]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1494.498386][T25404]  ? __pfx__printk+0x10/0x10
[ 1494.498399][T25404]  ? __might_fault+0xb0/0x130
[ 1494.498416][T25404]  should_fail_ex+0x414/0x560
[ 1494.498435][T25404]  regset_tls_set+0x349/0x400
[ 1494.498449][T25404]  ? __pfx_regset_tls_set+0x10/0x10
[ 1494.498463][T25404]  ? ptrace_regset+0x369/0x420
[ 1494.498480][T25404]  ptrace_request+0x12f9/0x2260
[ 1494.498494][T25404]  ? do_raw_spin_lock+0x121/0x290
[ 1494.498506][T25404]  ? raw_spin_rq_lock_nested+0xad/0x140
[ 1494.498525][T25404]  ? __pfx_ptrace_request+0x10/0x10
[ 1494.498539][T25404]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1494.498555][T25404]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1494.498572][T25404]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1494.498588][T25404]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1494.498607][T25404]  ? do_raw_spin_unlock+0x122/0x240
[ 1494.498622][T25404]  ? wait_task_inactive+0x42a/0x7d0
[ 1494.498645][T25404]  ? __pfx_wait_task_inactive+0x10/0x10
[ 1494.498666][T25404]  arch_ptrace+0x289/0x410
[ 1494.498684][T25404]  __se_sys_ptrace+0x159/0x400
[ 1494.498697][T25404]  ? __pfx___se_sys_ptrace+0x10/0x10
[ 1494.498707][T25404]  ? rcu_is_watching+0x15/0xb0
[ 1494.498728][T25404]  ? do_syscall_64+0xbe/0x3b0
[ 1494.498741][T25404]  do_syscall_64+0xfa/0x3b0
[ 1494.498752][T25404]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1494.498768][T25404]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1494.498780][T25404]  ? clear_bhb_loop+0x60/0xb0
[ 1494.498794][T25404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1494.498806][T25404] RIP: 0033:0x7f220118e929
[ 1494.498817][T25404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1494.498828][T25404] RSP: 002b:00007f22020d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[ 1494.498843][T25404] RAX: ffffffffffffffda RBX: 00007f22013b5fa0 RCX: 00007f220118e929
[ 1494.498852][T25404] RDX: 0000000000000200 RSI: 0000000000000064 RDI: 0000000000004205
[ 1494.498860][T25404] RBP: 00007f22020d1090 R08: 0000000000000000 R09: 0000000000000000
[ 1494.498868][T25404] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[ 1494.498876][T25404] R13: 0000000000000000 R14: 00007f22013b5fa0 R15: 00007f22014dfa28
[ 1494.498893][T25404]  </TASK>
[ 1494.765188][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1495.137642][T25385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1495.163647][T25385] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1495.510339][T25414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1495.519852][T25414] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1495.810792][T25420] netlink: zone id is out of range
[ 1495.859962][T25420] netlink: zone id is out of range
[ 1495.938150][T25416] dns_resolver: Unsupported server list version (0)
[ 1496.319708][T25420] netlink: set zone limit has 4 unknown bytes
[ 1496.487050][ T5928] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1496.647489][ T5928] usb 10-1: Using ep0 maxpacket: 32
[ 1496.654813][ T5928] usb 10-1: config 3 has an invalid interface number: 227 but max is 0
[ 1496.684088][ T5928] usb 10-1: config 3 has no interface number 0
[ 1496.724842][T25385] xt_CT: No such helper "syz0"
[ 1496.772381][ T5928] usb 10-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=8a.99
[ 1496.818244][ T5928] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1496.920766][ T5928] usb 10-1: Product: syz
[ 1496.945927][ T5928] usb 10-1: Manufacturer: syz
[ 1496.977001][ T5928] usb 10-1: SerialNumber: syz
[ 1497.074202][ T5928] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[ 1497.132041][ T5928] cxusb: set interface failed
[ 1497.215300][T25426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1497.239922][ T5928] dvb-usb: bulk message failed: -22 (1/0)
[ 1497.297417][T25426] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1497.367410][T25433] dns_resolver: Unsupported server list version (0)
[ 1497.518648][ T5928] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1497.562463][ T5928] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[ 1497.611150][ T5928] usb 10-1: media controller created
[ 1497.856238][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1498.132824][T12370] usb 1-1: USB disconnect, device number 68
[ 1498.459003][ T5928] DVB: Unable to find symbol lgdt330x_attach()
[ 1498.465428][ T5928] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[ 1498.487610][T25440] loop8: detected capacity change from 0 to 1
[ 1498.546061][ T5928] dvb-usb: bulk message failed: -22 (1/0)
[ 1498.580804][ T5928] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[ 1498.611456][T24802]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11
[ 1498.640948][T24802] loop8: p1 start 1482909309 is beyond EOD, truncated
[ 1498.708398][T24802] loop8: p2 start 2084109568 is beyond EOD, truncated
[ 1498.792359][T24802] loop8: p3 start 1127756402 is beyond EOD, truncated
[ 1498.829642][T24802] loop8: p4 start 1701603686 is beyond EOD, truncated
[ 1498.854922][T24802] loop8: p5 start 2980365259 is beyond EOD, truncated
[ 1498.864616][T24802] loop8: p6 start 2249299709 is beyond EOD, truncated
[ 1498.874061][T24802] loop8: p7 start 3318553971 is beyond EOD, truncated
[ 1498.885176][T24802] loop8: p8 start 1873058888 is beyond EOD, truncated
[ 1498.900012][T24802] loop8: p9 start 813315871 is beyond EOD, truncated
[ 1498.921641][T24802] loop8: p10 start 1716473578 is beyond EOD, truncated
[ 1498.942058][T24802] loop8: p11 start 1653773230 is beyond EOD, truncated
[ 1498.960563][T25440]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11
[ 1498.974131][T25440] loop8: p1 start 1482909309 is beyond EOD, truncated
[ 1499.011670][T25440] loop8: p2 start 2084109568 is beyond EOD, truncated
[ 1499.208155][T25440] loop8: p3 start 1127756402 is beyond EOD, truncated
[ 1499.224244][T25440] loop8: p4 start 1701603686 is beyond EOD, truncated
[ 1499.231920][T25440] loop8: p5 start 2980365259 is beyond EOD, truncated
[ 1499.241150][T25440] loop8: p6 start 2249299709 is beyond EOD, truncated
[ 1499.250263][T25440] loop8: p7 start 3318553971 is beyond EOD, truncated
[ 1499.261838][T25440] loop8: p8 start 1873058888 is beyond EOD, truncated
[ 1499.271869][T25440] loop8: p9 start 813315871 is beyond EOD, truncated
[ 1499.284620][T25440] loop8: p10 start 1716473578 is beyond EOD, truncated
[ 1499.322901][T25440] loop8: p11 start 1653773230 is beyond EOD, truncated
[ 1499.651750][   T24] usb 10-1: USB disconnect, device number 3
[ 1500.013982][   T24] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[ 1500.071735][T25454] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1500.817399][T25468] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5861'.
[ 1500.979458][T25468] 8021q: adding VLAN 0 to HW filter on device macvlan4
[ 1501.207271][   T30] kauditd_printk_skb: 24 callbacks suppressed
[ 1501.207293][   T30] audit: type=1326 audit(1749783888.572:2867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.3.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f198e929 code=0x7fc00000
[ 1501.412090][   T30] audit: type=1326 audit(1749783888.622:2868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.3.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f34f198e929 code=0x7fc00000
[ 1503.064706][T25506] bond_slave_0: entered promiscuous mode
[ 1503.070626][T25506] bond_slave_1: entered promiscuous mode
[ 1503.224048][T25506] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1503.347512][T25508] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=320745794 (2565966352 ns) > initial count (325012024 ns). Using initial count to start timer.
[ 1503.578380][T25513] dns_resolver: Unsupported server list version (0)
[ 1504.060929][T12370] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[ 1504.398856][T12370] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1504.447006][T12370] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1504.509598][T12370] usb 4-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00
[ 1504.576048][T12370] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1504.662032][T12370] usb 4-1: config 0 descriptor??
[ 1504.698064][T25508] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1504.987139][T24809] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1505.035169][T12370] usbhid 4-1:0.0: can't add hid device: -71
[ 1505.063879][T12370] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1505.087114][   T24] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1505.157066][T24809] usb 10-1: Using ep0 maxpacket: 16
[ 1505.165242][T12370] usb 4-1: USB disconnect, device number 53
[ 1505.191034][T24809] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1505.267336][   T24] usb 8-1: Using ep0 maxpacket: 16
[ 1505.280793][T24809] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1505.319297][   T24] usb 8-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config
[ 1505.349525][T24809] usb 10-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1505.362350][   T24] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3
[ 1505.417373][T24809] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.456099][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1505.485938][T24809] usb 10-1: config 0 descriptor??
[ 1505.515065][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 51807, setting to 1024
[ 1505.567081][   T24] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[ 1505.617227][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1505.686780][   T24] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1505.702890][   T24] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1505.753406][   T24] usb 8-1: Manufacturer: syz
[ 1505.781981][   T24] usb 8-1: config 0 descriptor??
[ 1505.967907][T24809] hid-multitouch 0003:1FD2:6007.002F: unknown main item tag 0x0
[ 1506.008943][T24809] hid-multitouch 0003:1FD2:6007.002F: unknown main item tag 0x0
[ 1506.067751][T24809] hid-multitouch 0003:1FD2:6007.002F: unknown main item tag 0x0
[ 1506.085894][T24809] hid-multitouch 0003:1FD2:6007.002F: unknown main item tag 0x0
[ 1506.161962][T25526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1506.178439][T24809] hid-multitouch 0003:1FD2:6007.002F: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.9-1/input0
[ 1506.214009][T25526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1506.291223][T24809] usb 10-1: USB disconnect, device number 4
[ 1506.358329][T25542] netlink: 368 bytes leftover after parsing attributes in process `syz.7.5878'.
[ 1506.399399][T25542] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5878'.
[ 1506.563905][T24809] usb 8-1: USB disconnect, device number 15
[ 1506.601734][T25539] fido_id[25539]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[ 1506.794335][T25544] pim6reg: entered allmulticast mode
[ 1506.848882][T25544] pim6reg: left allmulticast mode
[ 1506.951846][T25546] syzkaller1: entered promiscuous mode
[ 1506.961919][T25546] syzkaller1: entered allmulticast mode
[ 1507.545663][T25555] netlink: set zone limit has 4 unknown bytes
[ 1507.837396][  T918] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1507.937911][T24809] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[ 1507.997512][   T24] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1508.034741][  T918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1508.055912][  T918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1508.122778][T24809] usb 10-1: Using ep0 maxpacket: 16
[ 1508.131513][  T918] usb 1-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[ 1508.158949][T24809] usb 10-1: config 2 has an invalid interface number: 142 but max is 0
[ 1508.167629][T24809] usb 10-1: config 2 has no interface number 0
[ 1508.177105][   T24] usb 4-1: Using ep0 maxpacket: 8
[ 1508.187159][  T918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1508.211002][   T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1508.230263][T24809] usb 10-1: config 2 interface 142 altsetting 0 has an endpoint descriptor with address 0xEA, changing to 0x8A
[ 1508.249447][   T24] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1508.260358][  T918] usb 1-1: config 0 descriptor??
[ 1508.276772][T24809] usb 10-1: config 2 interface 142 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1508.289297][   T24] usb 4-1: config 1 has no interface number 1
[ 1508.295798][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1508.360141][T24809] usb 10-1: config 2 interface 142 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1508.407669][T24809] usb 10-1: config 2 interface 142 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1508.433306][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1508.442834][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1508.451118][   T24] usb 4-1: Manufacturer: ೵侻ਙȯﺨ╹
[ 1508.484086][T24809] usb 10-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c6.6e
[ 1508.493801][T24809] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1508.552844][T24809] usb 10-1: Product: syz
[ 1508.565604][T24809] usb 10-1: Manufacturer: syz
[ 1508.585314][T24809] usb 10-1: SerialNumber: syz
[ 1508.615176][T24809] usb 10-1: NFC: intf ffff8880246b6000 id ffffffff8eb52e00
[ 1508.765750][T14173] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1508.968639][T14173] usb 9-1: config 0 has no interfaces?
[ 1508.984997][T14173] usb 9-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1509.018029][T14173] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1509.167338][T14173] usb 9-1: Product: syz
[ 1509.171907][T14173] usb 9-1: Manufacturer: syz
[ 1509.184609][T14173] usb 9-1: SerialNumber: syz
[ 1509.224545][T14173] usb 9-1: config 0 descriptor??
[ 1509.708780][T25573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1509.719139][T25573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1509.835701][T25573] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5892'.
[ 1510.321704][T12370] usb 10-1: USB disconnect, device number 5
[ 1510.360140][T25584] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5894'.
[ 1510.958468][T25589] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5896'.
[ 1511.601643][   T24] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1511.812804][   T24] usb 4-1: USB disconnect, device number 54
[ 1511.882422][T19143] usb 9-1: USB disconnect, device number 7
[ 1512.063492][T12435] udevd[12435]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1512.189327][T25595] syzkaller1: entered promiscuous mode
[ 1512.270135][T25595] syzkaller1: entered allmulticast mode
[ 1512.360690][ T5834] Bluetooth: hci3: command 0x0406 tx timeout
[ 1512.511248][  T918] usbhid 1-1:0.0: can't add hid device: -71
[ 1512.517334][  T918] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1512.545861][  T918] usb 1-1: USB disconnect, device number 69
[ 1513.677949][T23708] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1513.867069][T23708] usb 9-1: Using ep0 maxpacket: 16
[ 1513.880999][T23708] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1513.902623][T23708] usb 9-1: config 0 has no interface number 0
[ 1513.940140][T23708] usb 9-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1513.970081][T23708] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1513.998081][T23708] usb 9-1: Product: syz
[ 1514.006889][T23708] usb 9-1: Manufacturer: syz
[ 1514.012297][T23708] usb 9-1: SerialNumber: syz
[ 1514.101705][T23708] usb 9-1: config 0 descriptor??
[ 1514.149282][T23708] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1514.212836][ T5834] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 1514.226518][ T5834] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1514.239517][ T5834] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1514.252004][ T5834] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1514.295416][ T5834] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1514.559753][T25608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1514.578941][T25608] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1514.836805][T25615] xt_CT: No such helper "syz0"
[ 1515.147164][T19143] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1515.370109][T25630] xt_CT: No such helper "snmp"
[ 1515.435447][T19143] usb 8-1: config 0 has no interfaces?
[ 1515.457889][T19143] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1515.497303][T19143] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1515.505393][T19143] usb 8-1: Product: syz
[ 1515.581124][T19143] usb 8-1: Manufacturer: syz
[ 1515.585900][T19143] usb 8-1: SerialNumber: syz
[ 1515.770982][T25618] chnl_net:caif_netlink_parms(): no params data found
[ 1515.882469][T19143] usb 8-1: config 0 descriptor??
[ 1515.917537][  T918] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1516.177864][  T918] usb 10-1: config index 0 descriptor too short (expected 32820, got 52)
[ 1516.186374][  T918] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1516.250352][  T918] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1516.260330][T23708] gspca_spca1528: reg_r err -71
[ 1516.273903][  T918] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97
[ 1516.284225][  T918] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1516.292770][  T918] usb 10-1: Product: syz
[ 1516.317990][T23708] spca1528 9-1:0.1: probe with driver spca1528 failed with error -71
[ 1516.344967][T23708] usb 9-1: USB disconnect, device number 8
[ 1516.372593][  T918] usb 10-1: Manufacturer: syz
[ 1516.400537][ T5834] Bluetooth: hci9: command tx timeout
[ 1516.507286][  T918] usb 10-1: SerialNumber: syz
[ 1516.543343][  T918] usb 10-1: config 0 descriptor??
[ 1516.566114][T25618] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1516.635845][T25618] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1516.700007][T25618] bridge_slave_0: entered allmulticast mode
[ 1516.788790][T25618] bridge_slave_0: entered promiscuous mode
[ 1517.258266][T25618] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1517.269680][T25618] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1517.297854][T25618] bridge_slave_1: entered allmulticast mode
[ 1517.404763][T25618] bridge_slave_1: entered promiscuous mode
[ 1517.477092][T23708] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1518.107163][T23708] usb 4-1: device descriptor read/64, error -71
[ 1518.357111][T23708] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1518.478386][ T5834] Bluetooth: hci9: command tx timeout
[ 1518.519830][  T918] usb 8-1: USB disconnect, device number 16
[ 1518.639381][T25618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1518.690601][T19143] usb 10-1: USB disconnect, device number 6
[ 1518.737999][T25618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1518.747267][T23708] usb 4-1: device descriptor read/64, error -71
[ 1518.858353][T23708] usb usb4-port1: attempt power cycle
[ 1519.086370][T25618] team0: Port device team_slave_0 added
[ 1519.101318][T25618] team0: Port device team_slave_1 added
[ 1519.177416][T19143] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1519.277162][T23708] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1519.330899][T23708] usb 4-1: device descriptor read/8, error -71
[ 1519.537117][T19143] usb 10-1: Using ep0 maxpacket: 8
[ 1519.580964][T19143] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[ 1519.591369][T19143] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1519.597400][T23708] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1519.613891][T19143] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1519.653399][T25618] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1519.668443][T23708] usb 4-1: device descriptor read/8, error -71
[ 1519.687192][T25618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1519.717116][T19143] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1519.748557][T19143] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1519.787485][T19143] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1519.799226][T23708] usb usb4-port1: unable to enumerate USB device
[ 1519.801661][T25618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1519.887165][T19143] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1519.970021][T25618] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1520.024164][T25618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1520.147212][T25618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1520.215638][T19143] usb 10-1: usb_control_msg returned -32
[ 1520.238037][T19143] usbtmc 10-1:16.0: can't read capabilities
[ 1520.453703][T25618] hsr_slave_0: entered promiscuous mode
[ 1520.490944][T25618] hsr_slave_1: entered promiscuous mode
[ 1520.527239][T25618] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1520.551403][T25618] Cannot create hsr debugfs directory
[ 1520.557719][ T5834] Bluetooth: hci9: command tx timeout
[ 1520.928490][T25678] usbtmc 10-1:16.0: usb_clear_halt returned -32
[ 1521.089606][T25681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1521.126792][T25681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1521.326097][T25618] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1521.474004][T25687] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5919'.
[ 1521.545122][T25618] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1521.801173][T25618] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1521.912178][T25618] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1521.947399][T19143] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1522.117087][T19143] usb 8-1: Using ep0 maxpacket: 32
[ 1522.132233][T19143] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1522.162293][T19143] usb 8-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[ 1522.186268][T19143] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1522.203613][T25618] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1522.214000][T19143] usb 8-1: config 0 descriptor??
[ 1522.233383][T25618] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1522.263448][T25618] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1522.282340][  T918] usb 10-1: USB disconnect, device number 7
[ 1522.321819][T25618] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1522.438160][T19143] usbhid 8-1:0.0: can't add hid device: -71
[ 1522.478027][T19143] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[ 1522.488596][T25701] pim6reg: entered allmulticast mode
[ 1522.510020][T19143] usb 8-1: USB disconnect, device number 17
[ 1522.536737][T25701] pim6reg: left allmulticast mode
[ 1522.639051][ T5834] Bluetooth: hci9: command tx timeout
[ 1522.702497][T25618] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1522.745325][T25618] 8021q: adding VLAN 0 to HW filter on device team0
[ 1522.849188][ T7160] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.856403][ T7160] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1522.885925][ T7168] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.893154][ T7168] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1523.335864][T25618] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1523.561446][T25618] veth0_vlan: entered promiscuous mode
[ 1523.567187][  T918] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[ 1523.586787][T25618] veth1_vlan: entered promiscuous mode
[ 1523.716220][T25618] veth0_macvtap: entered promiscuous mode
[ 1523.739847][T25618] veth1_macvtap: entered promiscuous mode
[ 1523.752462][  T918] usb 8-1: Using ep0 maxpacket: 32
[ 1523.772699][  T918] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[ 1523.819952][T25719] FAULT_INJECTION: forcing a failure.
[ 1523.819952][T25719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1523.837460][  T918] usb 8-1: config 0 has no interface number 0
[ 1523.857311][T25719] CPU: 1 UID: 0 PID: 25719 Comm: syz.3.5930 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1523.857342][T25719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1523.857355][T25719] Call Trace:
[ 1523.857364][T25719]  <TASK>
[ 1523.857369][T25719]  dump_stack_lvl+0x189/0x250
[ 1523.857394][T25719]  ? __pfx____ratelimit+0x10/0x10
[ 1523.857413][T25719]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1523.857431][T25719]  ? __pfx__printk+0x10/0x10
[ 1523.857459][T25719]  should_fail_ex+0x414/0x560
[ 1523.857479][T25719]  _copy_to_user+0x31/0xb0
[ 1523.857493][T25719]  __se_sys_move_pages+0x13fe/0x16d0
[ 1523.857519][T25719]  ? __pfx___se_sys_move_pages+0x10/0x10
[ 1523.857567][T25719]  ? fput+0xa0/0xd0
[ 1523.857593][T25719]  ? ksys_write+0x22a/0x250
[ 1523.857613][T25719]  ? __pfx_ksys_write+0x10/0x10
[ 1523.857629][T25719]  ? rcu_is_watching+0x15/0xb0
[ 1523.857662][T25719]  ? __x64_sys_move_pages+0x21/0xf0
[ 1523.857678][T25719]  do_syscall_64+0xfa/0x3b0
[ 1523.857689][T25719]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1523.857706][T25719]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.857718][T25719]  ? clear_bhb_loop+0x60/0xb0
[ 1523.857733][T25719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.857744][T25719] RIP: 0033:0x7f34f198e929
[ 1523.857756][T25719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1523.857767][T25719] RSP: 002b:00007f34f27b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
[ 1523.857782][T25719] RAX: ffffffffffffffda RBX: 00007f34f1bb5fa0 RCX: 00007f34f198e929
[ 1523.857791][T25719] RDX: 0000200000000080 RSI: 0000000000001efe RDI: 0000000000000000
[ 1523.857799][T25719] RBP: 00007f34f27b0090 R08: 0000200000000040 R09: 0000000000000000
[ 1523.857807][T25719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1523.857814][T25719] R13: 0000000000000000 R14: 00007f34f1bb5fa0 R15: 00007f34f1cdfa28
[ 1523.857833][T25719]  </TASK>
[ 1524.060006][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1524.099386][T25618] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1524.110187][T25618] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1524.120041][T25618] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1524.129670][T25618] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1524.138614][T25618] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1524.147630][T25618] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1524.170456][  T918] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1524.179760][  T918] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1524.187893][  T918] usb 8-1: Product: syz
[ 1524.192084][  T918] usb 8-1: Manufacturer: syz
[ 1524.196694][  T918] usb 8-1: SerialNumber: syz
[ 1524.203310][  T918] usb 8-1: config 0 descriptor??
[ 1524.213231][  T918] smsc95xx v2.0.0
[ 1524.339091][T17621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1524.368447][T17621] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1524.574865][T17618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1524.640910][T17618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1524.805876][  T918] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1524.819843][  T918] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1525.011295][T23708] usb 10-1: new low-speed USB device number 8 using dummy_hcd
[ 1525.033577][  T918] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1525.063001][  T918] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -61
[ 1525.101500][T25730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1525.177342][T23708] usb 10-1: Invalid ep0 maxpacket: 64
[ 1525.298384][T12646] usb 8-1: USB disconnect, device number 18
[ 1525.326014][T23708] usb 10-1: new low-speed USB device number 9 using dummy_hcd
[ 1525.547521][T23708] usb 10-1: Invalid ep0 maxpacket: 64
[ 1525.558534][T23708] usb usb10-port1: attempt power cycle
[ 1525.830236][T25737] netlink: 'syz.3.5936': attribute type 21 has an invalid length.
[ 1525.908244][T23708] usb 10-1: new low-speed USB device number 10 using dummy_hcd
[ 1525.971623][T23708] usb 10-1: Invalid ep0 maxpacket: 64
[ 1526.121049][T23708] usb 10-1: new low-speed USB device number 11 using dummy_hcd
[ 1526.168264][T23708] usb 10-1: Invalid ep0 maxpacket: 64
[ 1526.221056][T23708] usb usb10-port1: unable to enumerate USB device
[ 1527.152173][T25758] netlink: 'syz.0.5943': attribute type 7 has an invalid length.
[ 1527.227724][T25758] : entered promiscuous mode
[ 1528.017112][ T5928] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1528.361053][ T5928] usb 1-1: Using ep0 maxpacket: 16
[ 1529.017305][T23708] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 1529.184468][T23708] usb 10-1: config 0 has no interfaces?
[ 1529.201465][T23708] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1529.262728][T23708] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1529.398698][T23708] usb 10-1: Product: syz
[ 1529.570138][T23708] usb 10-1: Manufacturer: syz
[ 1529.623524][T23708] usb 10-1: config 0 descriptor??
[ 1530.419686][T25796] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1531.133717][ T5908] usb 10-1: USB disconnect, device number 12
[ 1531.735891][ T5928] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1531.808327][T25807] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1531.912300][ T5928] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1531.920500][ T5928] usb 1-1: can't read configurations, error -71
[ 1533.279283][   T31] INFO: task syz.1.5492:24095 blocked for more than 143 seconds.
[ 1533.348860][   T31]       Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0
[ 1533.423003][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1533.507030][   T31] task:syz.1.5492      state:D stack:27760 pid:24095 tgid:24089 ppid:15346  task_flags:0x400040 flags:0x00004004
[ 1533.584684][   T31] Call Trace:
[ 1533.628456][   T31]  <TASK>
[ 1533.661946][   T31]  __schedule+0x16f5/0x4d00
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1533.747214][   T31]  ? schedule+0x165/0x360
[ 1533.751747][   T31]  ? __pfx___schedule+0x10/0x10
[ 1533.797168][   T31]  ? schedule+0x91/0x360
[ 1533.801522][   T31]  schedule+0x165/0x360
[ 1533.857056][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1533.907056][   T31]  __mutex_lock+0x724/0xe80
[ 1533.911654][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1533.916379][   T31]  ? blk_trace_remove+0x20/0x40
[ 1533.997510][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1534.002653][   T31]  blk_trace_remove+0x20/0x40
[ 1534.017308][   T31]  sg_ioctl+0x47b/0x2230
[ 1534.021650][   T31]  ? __pfx_sg_ioctl+0x10/0x10
[ 1534.026375][   T31]  ? __rcu_read_unlock+0x84/0xe0
[ 1534.031573][   T31]  ? __fget_files+0x2a/0x420
[ 1534.036298][   T31]  ? __fget_files+0x3a0/0x420
[ 1534.041199][   T31]  ? __fget_files+0x2a/0x420
[ 1534.045840][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1534.050924][   T31]  ? __pfx_sg_ioctl+0x10/0x10
[ 1534.055714][   T31]  __se_sys_ioctl+0xf9/0x170
[ 1534.119965][   T31]  do_syscall_64+0xfa/0x3b0
[ 1534.124590][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1534.181761][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.207806][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1534.297067][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.303035][   T31] RIP: 0033:0x7f3cd918e929
[ 1534.347246][   T31] RSP: 002b:00007f3cda026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1534.355792][   T31] RAX: ffffffffffffffda RBX: 00007f3cd93b6400 RCX: 00007f3cd918e929
[ 1534.457141][   T31] RDX: 0000000020000000 RSI: 0000000000001276 RDI: 0000000000000008
[ 1534.465212][   T31] RBP: 00007f3cd9210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1534.537086][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1534.545142][   T31] R13: 0000000000000001 R14: 00007f3cd93b6400 R15: 00007f3cd94dfa28
[ 1534.627096][   T31]  </TASK>
[ 1534.643245][   T31] 
[ 1534.643245][   T31] Showing all locks held in the system:
[ 1534.717466][   T31] 1 lock held by khungtaskd/31:
[ 1534.792282][   T31]  #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1534.887511][   T31] 2 locks held by getty/5595:
[ 1534.892339][   T31]  #0: ffff888034e120a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1535.008834][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1535.097095][   T31] 3 locks held by kworker/u9:2/5834:
[ 1535.102550][   T31]  #0: ffff888027c9a948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1535.197519][   T31]  #1: ffffc9000438fbc0 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1535.257836][   T31]  #2: ffff888037950d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_power_on+0x1ac/0x680
[ 1535.317060][   T31] 3 locks held by kworker/1:5/5908:
[ 1535.322386][   T31] 3 locks held by kworker/1:3/14173:
[ 1535.367119][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1535.450263][   T31]  #1: ffffc9000468fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1535.487044][   T31]  #2: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1535.524692][   T31] 3 locks held by kworker/u8:15/17621:
[ 1535.547015][   T31] 3 locks held by syz.1.5492/24094:
[ 1535.552373][   T31] 1 lock held by syz.1.5492/24095:
[ 1535.569047][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40
[ 1535.587208][   T31] 1 lock held by syz.2.5569/24393:
[ 1535.592420][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40
[ 1535.602555][ T5834] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1535.610529][   T31] 1 lock held by syz.5.5632/24635:
[ 1535.627130][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40
[ 1535.657675][   T31] 1 lock held by syz.6.5716/24956:
[ 1535.662827][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0
[ 1535.677581][   T31] 1 lock held by syz.6.5716/24961:
[ 1535.695370][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40
[ 1535.705338][   T31] 1 lock held by syz.8.5913/25653:
[ 1535.711139][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0
[ 1535.737454][   T31] 1 lock held by syz.8.5913/25654:
[ 1535.742638][   T31]  #0: ffff888026228920 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40
[ 1535.757581][   T31] 4 locks held by syz.7.5954/25805:
[ 1535.762828][   T31]  #0: ffff888052c48d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x1fe/0x500
[ 1535.787042][   T31]  #1: ffff888052c48078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1535.797220][   T31]  #2: ffffffff8f678168 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1535.815640][   T31]  #3: ffff888026e60b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[ 1535.825115][   T31] 2 locks held by dhcpcd/25819:
[ 1535.841610][   T31]  #0: ffff88807d532258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1535.851513][   T31]  #1: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1535.878726][   T31] 
[ 1535.881130][   T31] =============================================
[ 1535.881130][   T31] 
[ 1536.047067][   T31] NMI backtrace for cpu 0
[ 1536.047084][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1536.047099][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1536.047107][   T31] Call Trace:
[ 1536.047113][   T31]  <TASK>
[ 1536.047119][   T31]  dump_stack_lvl+0x189/0x250
[ 1536.047141][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1536.047156][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1536.047173][   T31]  ? __pfx__printk+0x10/0x10
[ 1536.047197][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1536.047216][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1536.047229][   T31]  ? _printk+0xcf/0x120
[ 1536.047243][   T31]  ? __pfx__printk+0x10/0x10
[ 1536.047256][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1536.047273][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1536.047290][   T31]  watchdog+0xfee/0x1030
[ 1536.047307][   T31]  ? watchdog+0x1de/0x1030
[ 1536.047325][   T31]  kthread+0x70e/0x8a0
[ 1536.047340][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1536.047354][   T31]  ? __pfx_kthread+0x10/0x10
[ 1536.047368][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1536.047384][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1536.047400][   T31]  ? __pfx_kthread+0x10/0x10
[ 1536.047413][   T31]  ret_from_fork+0x3fc/0x770
[ 1536.047431][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1536.047449][   T31]  ? __switch_to_asm+0x39/0x70
[ 1536.047461][   T31]  ? __switch_to_asm+0x33/0x70
[ 1536.047472][   T31]  ? __pfx_kthread+0x10/0x10
[ 1536.047485][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1536.047505][   T31]  </TASK>
[ 1536.047510][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1536.206877][    C1] NMI backtrace for cpu 1
[ 1536.206897][    C1] CPU: 1 UID: 0 PID: 17621 Comm: kworker/u8:15 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1536.206923][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1536.206935][    C1] Workqueue: events_unbound toggle_allocation_gate
[ 1536.206960][    C1] RIP: 0010:load_new_mm_cr3+0x151/0x1e0
[ 1536.206982][    C1] Code: 3d ff 07 00 00 73 4c f7 c3 00 08 00 00 75 50 ff c3 0f b7 c3 48 09 c1 48 b8 00 00 00 00 00 00 00 80 48 09 c8 0f 22 d8 5b 41 5c <41> 5e 41 5f e9 86 80 f4 09 cc 90 0f 0b 90 eb af 90 0f 0b 90 f7 c3
[ 1536.206997][    C1] RSP: 0018:ffffc90004fdf508 EFLAGS: 00000046
[ 1536.207011][    C1] RAX: 000000000df38000 RBX: dffffc0000000000 RCX: ffff888031001e00
[ 1536.207023][    C1] RDX: 0000000000000000 RSI: 000000000df38000 RDI: 000000001fffffff
[ 1536.207034][    C1] RBP: ffffc90004fdf5f0 R08: ffffffff8e24a077 R09: 1ffffffff1c4940e
[ 1536.207046][    C1] R10: dffffc0000000000 R11: fffffbfff1c4940f R12: ffffffff8e2499f8
[ 1536.207058][    C1] R13: ffffffff8e249940 R14: ffffffff8df38000 R15: 0000000000010000
[ 1536.207070][    C1] FS:  0000000000000000(0000) GS:ffff888125d52000(0000) knlGS:0000000000000000
[ 1536.207084][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1536.207096][    C1] CR2: 000055b55f59bfb0 CR3: 000000000df38000 CR4: 00000000003526f0
[ 1536.207123][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1536.207134][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1536.207145][    C1] Call Trace:
[ 1536.207153][    C1]  <TASK>
[ 1536.207161][    C1]  switch_mm_irqs_off+0x52d/0x7a0
[ 1536.207182][    C1]  ? __pfx_switch_mm_irqs_off+0x10/0x10
[ 1536.207199][    C1]  ? __pfx_switch_mm_irqs_off+0x10/0x10
[ 1536.207215][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 1536.207233][    C1]  ? __pte_offset_map_lock+0x13e/0x210
[ 1536.207250][    C1]  unuse_temporary_mm+0x136/0x220
[ 1536.207269][    C1]  ? __pfx_unuse_temporary_mm+0x10/0x10
[ 1536.207286][    C1]  ? __text_poke+0x633/0xa10
[ 1536.207304][    C1]  ? kasan_check_range+0x2b0/0x2c0
[ 1536.207320][    C1]  ? __text_poke+0x633/0xa10
[ 1536.207337][    C1]  ? __kmalloc_cache_noprof+0x84/0x3d0
[ 1536.207352][    C1]  __text_poke+0x6c8/0xa10
[ 1536.207372][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[ 1536.207389][    C1]  ? __kmalloc_cache_noprof+0x84/0x3d0
[ 1536.207404][    C1]  ? __pfx___text_poke+0x10/0x10
[ 1536.207419][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1536.207442][    C1]  ? trace_contention_end+0x39/0x120
[ 1536.207465][    C1]  smp_text_poke_batch_finish+0x8af/0x1100
[ 1536.207486][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[ 1536.207506][    C1]  ? arch_jump_label_transform_queue+0x97/0x110
[ 1536.207531][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[ 1536.207550][    C1]  static_key_enable_cpuslocked+0x128/0x250
[ 1536.207569][    C1]  static_key_enable+0x1a/0x20
[ 1536.207584][    C1]  toggle_allocation_gate+0xad/0x240
[ 1536.207601][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1536.207617][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1536.207643][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1536.207664][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1536.207686][    C1]  process_scheduled_works+0xae1/0x17b0
[ 1536.207721][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1536.207750][    C1]  worker_thread+0x8a0/0xda0
[ 1536.207765][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1536.207791][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1536.207810][    C1]  kthread+0x70e/0x8a0
[ 1536.207828][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1536.207850][    C1]  ? __pfx_kthread+0x10/0x10
[ 1536.207868][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1536.207889][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1536.207910][    C1]  ? __pfx_kthread+0x10/0x10
[ 1536.207927][    C1]  ret_from_fork+0x3fc/0x770
[ 1536.207949][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1536.207973][    C1]  ? __switch_to_asm+0x39/0x70
[ 1536.207989][    C1]  ? __switch_to_asm+0x33/0x70
[ 1536.208004][    C1]  ? __pfx_kthread+0x10/0x10
[ 1536.208022][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1536.208044][    C1]  </TASK>
[ 1536.596747][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1537.273674][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1537.280622][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1537.292470][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1537.302570][   T31] Call Trace:
[ 1537.305880][   T31]  <TASK>
[ 1537.308841][   T31]  dump_stack_lvl+0x99/0x250
[ 1537.313480][   T31]  ? __asan_memcpy+0x40/0x70
[ 1537.318107][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1537.323329][   T31]  ? __pfx__printk+0x10/0x10
[ 1537.327954][   T31]  panic+0x2db/0x790
[ 1537.331961][   T31]  ? __pfx_panic+0x10/0x10
[ 1537.336394][   T31]  ? __pfx_delay_tsc+0x10/0x10
[ 1537.341280][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1537.347135][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1537.352535][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1537.358720][   T31]  watchdog+0x102d/0x1030
[ 1537.363069][   T31]  ? watchdog+0x1de/0x1030
[ 1537.367509][   T31]  kthread+0x70e/0x8a0
[ 1537.371596][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1537.376295][   T31]  ? __pfx_kthread+0x10/0x10
[ 1537.381073][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1537.386306][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1537.391621][   T31]  ? __pfx_kthread+0x10/0x10
[ 1537.396223][   T31]  ret_from_fork+0x3fc/0x770
[ 1537.400865][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1537.406001][   T31]  ? __switch_to_asm+0x39/0x70
[ 1537.410778][   T31]  ? __switch_to_asm+0x33/0x70
[ 1537.415549][   T31]  ? __pfx_kthread+0x10/0x10
[ 1537.420242][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1537.425027][   T31]  </TASK>
[ 1537.428373][   T31] Kernel Offset: disabled
[ 1537.432701][   T31] Rebooting in 86400 seconds..