last executing test programs:

13m1.425665865s ago: executing program 32 (id=199):
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a3281)
gettid()
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f0000000040)={0x9, {{0xa, 0x4e24, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}}}, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r3=>0x0})
r4 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b6a, &(0x7f0000000000)={0xfeff, 0x0, 0x3, 0x1d, 0x100, 0x0})
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
socket$rds(0x15, 0x5, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00!\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000000000800000000000000500000e00"/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000400000018000000090000000000000003b38fcbcf450000fdffffff00000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x36, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$video4linux(&(0x7f00000003c0), 0x7, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r2, 0x3b71, &(0x7f0000000280)={0x20, 0x0, 0x0, 0x1c, 0x1c})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, r3})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000280)={0x18, 0x0, 0x2, 0x0, &(0x7f00000002c0)=[{0x0, 0x2}, {0x800, 0xfffffffffffffffd}]})

11m16.017422719s ago: executing program 33 (id=521):
r0 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
r1 = socket(0x1d, 0x2, 0x6)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000003147df80000000000ea000009000900"], 0x38}}, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r7 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
writev(r7, &(0x7f0000002680)=[{&(0x7f00000025c0)='8', 0x1}], 0x1)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000040)=@sg0, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000220a09"], 0x98}}, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', <r9=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x24}}}]}, 0x40}}, 0x0)
getpeername$packet(r1, 0x0, 0x0)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xf)
r10 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r10, 0x10d, 0xa8, &(0x7f0000000000), &(0x7f0000000080)=0x4)
ftruncate(r0, 0x1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0)
lseek(r0, 0x0, 0x4)

11m8.450295405s ago: executing program 34 (id=562):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40e000000000000611400000000000098f746881897b7b55d9adb8de6c5bb9c91142925bc1cdc51cd440011974e6d4062b48571a792473e"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x894a, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000004000)={0x2020}, 0x2020)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='lp\x00', 0x3)
sendmsg$inet(r1, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001600)=[{0x0}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000001740)=ANY=[@ANYBLOB="0407ff05000000000000b6154af283428881ecb48963df6ddfa48e9c9d58b7f972fb9467f1a27fced12f352f15e6e6ecd890433c5bc35fd0670eae170bbd7e4fe048548baef690f58b656b393a5fe1d5f3df1e9e28755e6550390aac598c5a5c878c8e2c65b19a9f699c222085d86b98e6f13bae1d2e6004e77b2be490ed8900ba085137b00191e33ecac2dd1bc1081f33ec7062778271e91114d24d3e1a23bc6ab7ce3f9a066381185d6c396fb9b676b838eede5fdace684d29bd199a8d3ac14368cefb60c61898d51289bd2501bdaf5a0314b903dd20fdc52da43fbba069d959c84e15e3c736ea1deaa1e1bb4c94fdcd86878734bdd0a0bff77d33ea376d8dc5d9f707c540fe19a6"], 0x102)
recvmsg(r1, 0x0, 0x700)
ioperm(0x0, 0x3ff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="02002bbd7000fbdbdf250f0000000a00090007ffffffffff000005002900010000001700380000000000"], 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
chmod(0x0, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x5412, &(0x7f00000006c0)=0xd)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000340)=""/50, 0x36, 0x32, 0x0, 0x29200001, 0x0, @void, @value}, 0x28)
socket$nl_generic(0x10, 0x3, 0x10)

4m40.601997748s ago: executing program 6 (id=1796):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000000140)=0x2, 0x4)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000700000008000000020000000700000002fc00f396eb6ef36eeeaa6e"])
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000280)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x5, {0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40a, 0x0, "af33ff30427ca7d876f59fbec25b88ca6c0a9b32cf13babada39e64196a7399e"}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="c8080000", @ANYRES16=r8, @ANYBLOB="010000000000000000000100000014000200776730000000000000000000000000000600060000000000980808806c"], 0x8c8}}, 0x0)

4m38.576051849s ago: executing program 6 (id=1805):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000007000000450c"], 0x20}, 0x4000008)
r1 = syz_open_procfs(0x0, &(0x7f0000001080)='net/protocols\x00')
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000540)=0x9)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r4 = syz_io_uring_setup(0xd3, &(0x7f0000000580)={0x0, 0x73fb, 0x100, 0x0, 0x25b, 0x0, r1}, &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180), 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x31, 0x4007, @fd=r2, 0xfffffffffffffff9, &(0x7f00000008c0)=[{&(0x7f0000000440)=""/67, 0x43}, {&(0x7f0000000600)=""/193, 0xc1}, {&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f0000000700)=""/243, 0xf3}, {&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f0000000240)=""/58, 0xfffffffffffffecb}], 0x6, 0x15, 0x2})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r7 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000020c0), 0x68842, 0x0)
read$FUSE(r7, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000005180)={0x2020}, 0x2020)
preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/20, 0x14}], 0x1, 0x0, 0x0)

4m36.947073293s ago: executing program 6 (id=1809):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$setperm(0x5, 0x0, 0x21081c22)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bca)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)="3989c9a1ca1c22fee6fbb0dc", 0xc}, 0x1, 0x0, 0x0, 0xa000041}, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = open(&(0x7f0000000000)='.\x00', 0x68800, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000000c0)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file5\x00', 0xc011, 0x1)
renameat2(r4, &(0x7f0000000000)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC(r5, 0x4068aea3, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x4}, 0x6)
bind$bt_hci(r6, &(0x7f00000002c0)={0x1f, 0x3, 0x2}, 0x6)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)

4m36.070895109s ago: executing program 6 (id=1813):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
umount2(&(0x7f00000004c0)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c80)={{r2}, &(0x7f0000000c00), &(0x7f0000000c40)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000725e850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r3}, 0xc)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff}, 0x4000)
r5 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(r6, r6, 0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0/file1\x00', &(0x7f0000000080), 0x140000, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@loose}, {@version_9p2000}, {@loose}, {@version_u}, {@cache_loose}, {@access_user}], [{@measure}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@smackfsroot={'smackfsroot', 0x3d, 'GPL\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@appraise_type}, {@flag='dirsync'}, {@euid_lt={'euid<', r6}}]}})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r9, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x5a, &(0x7f0000000340)={@multicast, @remote, @val={@void}, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "ec7ab49f42266b558197758939c3a67064eb2413deb6d588b153902f5348321b2aa24fcea6549a091e651e6c1d3053eef4b8f189054244df8c1353433e834d4c"}}}}, 0x0)

4m35.927929654s ago: executing program 6 (id=1814):
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$PTP_SYS_OFFSET(r0, 0x43403d05, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
timerfd_create(0x2, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(0xffffffffffffffff)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000b80)={0x0, 0x3fd, "b74339fb47ed666024e26e09b761e5ad482b62c9eef40e0f0a67c64065d029fb8a788975c06e78db67e389fa2e42785723e6adbc762c4e7cfd252d8462322cf24fba5ae074894aa81d1db4b61addfc4d8cc4f4fe828348c3c4126589e2b67371c58022998886ac6bd8a32839dcf9a7214d21752a9064e1b6e0cb40b1a79df76a719a3dac55e494329d865a3c3c7079b7743e6db0468ec449d974e5e0a316042636d2f0c1c1fd95a03329a2dad388a45706808485ffbb783b942223d2712e7a64d0f6b2bc3a7e00745fedc5c3fcfeb687eab89e3c73cecf91e462bb9f3c5affe380908515e70458ba3bd3209729fd2d851838a4883652e3b8a0f8d76e801614b81cdaa65877735146c89ab15429a2dcc0cb72f259fb5777cab5c6357e64cf8c7eeab08367472e0b97e6c6b5daaf6155c929b9bcbbbbaa5f3a638f2f6b2339bab41ec9af258bdb75e16f85049de233a7e615015651ab7d2367c611b4113ab96ff153ddb9cc21cd30090637a64a21175431f4a396c8ddc4663b73fbc4c92eec60b9ae66ef41bc5c1e5faf2b5e8b5cd4b1b91899d3e4f0cd155479e9e8648a89ab0343aae9429d5b1635dfcd2dcd84e57d8aeabac15252282f5d74f62f8773a6ce3c2c43b2710b312dd5666f3ef729dc3b176fed7f9764848b38969555ecec4d0e668ea817045d1eee9e60bec1a9a6e91ff47296db84106bb3d737206f2c1b82470ac5c47308e46b705bd26816a952ba44b63b778e45f5f8191fee4c5c4ff013f2bea699a2d5298a6d5f58b6bc56572b4fbddc5861c4c6eb652a0aaf8596d86b3750fb5dab558cbc056eff12104c1ca932f2bf08bc812c894e8778fb5f9dff5da75f294ffd9d3f11dd4849351b6b721f67b81cb5a6a8c130dc3a71cc770c1b4b12dfaa7d195737559fcd1ffdf6f30ca74484a05b22666e0bd91c85ddafc0bd88c700737279476e3b7532722d9f034287d637c837a96cc5e51eda4745561083f856430a0c534ad8ff9307009c300b811bc81c5da16e43d6ede80da0a621e6952146adb1ac9ad47cf8b728bff1d1925d660583a4fc595e922267c812459f65bfaa1055c662589d81a60be700d9fb43b5c0d94e8a4a4973c45ca7057df53a88d7cc1f15acee34c8c4f56d790db310584ea79add7745d615a3f91c52c11355f9b1570fcf4e616d48c91fa6a1fe2b47af9305f050899fe5e1a87074a667d781916330614ecd666033f47ed017222a50893fdb1d73d11ba8f9f4b6db930f7fb37f3bff9e5169a01dedd6cdc7c30026a7276d71153c996639d4029690025d4e68192cc65b624d5080ad41e3ec48a1897b92f4656fdc02c9c424c491a23c44263ed9bdb27829148204cb39f6ee2512ed907828d8294be7a1d5300e3f3a0703c5665ff8e1d476824de32b9ff44d9738fe327dba46da5f4684908aa2924d3011a8555c1b"})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
unshare(0x28000600)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000740)={'sit0\x00', &(0x7f0000000680)={'syztnl0\x00', <r7=>0x0, 0x700, 0x7800, 0x9e24, 0xf, {{0x1f, 0x4, 0x3, 0x1c, 0x7c, 0x66, 0x0, 0xb5, 0x4, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x3c}, {[@ra={0x94, 0x4}, @timestamp={0x44, 0x20, 0xaa, 0x0, 0x7, [0x8, 0x7, 0x5, 0x5d0, 0x7, 0x8ba, 0x4]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0x8c, 0x3, 0x3, [{@broadcast, 0xffffffff}, {@multicast1, 0x5}]}, @end, @lsrr={0x83, 0x27, 0xdd, [@empty, @rand_addr=0x64010100, @remote, @loopback, @private=0xa010101, @multicast1, @loopback, @dev={0xac, 0x14, 0x14, 0x18}, @rand_addr=0x64010101]}, @generic={0x88, 0x2}]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x80, 0x4, 0x2, 0x800, r5, 0x8, '\x00', r7, 0xffffffffffffffff, 0x5, 0x5, 0x0, 0xd, @void, @value, @void, @value}, 0x50)

4m35.618638389s ago: executing program 6 (id=1819):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$setperm(0x5, 0x0, 0x21081c22)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bca)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$rds(0x15, 0x5, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x68800, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f00000000c0)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file5\x00', 0xc011, 0x1)
renameat2(r3, &(0x7f0000000000)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC(r4, 0x4068aea3, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x4}, 0x6)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)

4m35.348000747s ago: executing program 35 (id=1819):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$setperm(0x5, 0x0, 0x21081c22)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bca)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$rds(0x15, 0x5, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x68800, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f00000000c0)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file5\x00', 0xc011, 0x1)
renameat2(r3, &(0x7f0000000000)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC(r4, 0x4068aea3, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x4}, 0x6)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)

3m55.919292796s ago: executing program 2 (id=1945):
r0 = mq_open(&(0x7f0000001100)='*a%\xff\x00\xf1\fNC\x84\xe0\x99\x1e-\x9a\x0f\x1a\x90\xee\x10\xfeARsO\xae\xd6\x05K\xe2D\x8d\xa4H8\xcf:\a;\xd8\xc7\xc8\\C\xcf\xa7\xcb\xb4\xe4\x8dY\xe3\xa5K&\xe5\xc4\x84v\xfa\xe7\x11\xc4\x99\x10,\xe3M\x80\xd3\xc2\x1c\xb0\x84\xb83', 0x41, 0x0, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x12100, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
pipe(&(0x7f0000000080))
r5 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x28}}], 0x2, 0x40c8000)
sendmmsg(r5, &(0x7f0000005dc0)=[{{0x0, 0x0, &(0x7f0000004a80)=[{0x0}, {&(0x7f0000002a80)="3aa7f7425af62ea8e60faeafd5f0735118879c0a673edf432d21c88a742c73ca663b0408046c9a97c376c7d7a74b8394c25d327372821ce7fb319e7e5ba81555cfde134aeb8b021c147f253d025bf0539e2a9d9ddb90bdc784ece41328487259a769d5563dd51000cd9a8169aa42581cab7fe9c2f8e8c84178a6f6b527123de89bf9858b58fac04148347d3e2fb549d7de9e093cd4cd4368a1a808b8199cf59c0c1f41e17f55c88078281429a7d572563c5be00ae0ef4ad10902f78207018070a5ac5e9d35edccd5112a6ec8eca9ed38a0bad869c46458dc36c8bb60c42d09b6a8b5d53d9f738ac6eb29557b95dae927587a9aa8c450466b0723c78eae0a70d686cd94e57083ca98dda1eeb4b023a4b9b4a5cdb213468f48f085e603216e5d28ff2adeca3d992eef22328f38103f811cb8e834097795626fcfbbeb69ba41b59bd96d7c698ec147313b3eda8391b8804fd2ca54d3cc15514948d05f0e9ef582eaddb53427a620b7566f5309fd1dc8e9d079151dfca303813dd1fa718389f168e1d2363415edb15840bee55da0fb18e70c851e2d091eff0118db1e905ab6675ea03eee53478a732cb87cb923ade2169a131ab8c247d137a662fd3c9f4d029579fc927e3282f1e81cd71ed1692c83419f9c227d565151b25e700e9c080e7a12ac9d465babfee14cc21d85d0edb7d25d3b68cec197e96ffa046fcd12873d940407fd3c7acb01a928926eb7213b3bc90a8e470cc1e9a6a8c7ca4342223fd2f4ea6d05c41caa55951be9129f3dfd070a1234fdffcd786f4e5378288a961ead3d296214c72be737217342258f195f069a9d4b7738e30117294980a13b83b5586d5971bbf7c90caec9fbbe3859f77f34ff12479a7279bf9b658664e47738de7e2a90934f0c7e1d22683e9a44b399d119ce0c862a3e04aaa7980a9854715d63b948116eb7eb99681895201b1698005c92b5a7bbfccadb8c2ed8483bb1a561cd4bf6546f417cf00e001de23773fc7ea549905bb2257c7c412a6bba2a957e1587903ec12a3b95a809ae4c11f4a6a58cda37c4c4ea8b3c50977fcc25b563c68e890653c8f9488710a2163f377a7d97e13b2f13075b44591c84abf1f4fa9c70afa3433c4a7b33f46a5e1f93759ddb6eb1ea2c7be2220dbf9c866fbaeef81fdb5b9ec23513c8dcb3d50a18e2d91a6452e012b4872650ba8e61d4ac8768de494856a70d100b73d245ccc9719bf4e15d432a37667b11132561c57b20f55943afbd3ffba0a35c3b46c55144fd34947587170770eebeacad4b37408795b8cbad6aff9e028c5a84a76098ba6d3868e03bd3924ce0f571c96140813f6c352ee76a64e6f70efb88389299b1fe03324f8f9eab04ae5eea14df25e9579aecb2039e1f096e6e022f3bf83c845bb0922fdcc4fae97bdbb583a926ceb059c2b127ad4e2acfc536e6919f22642879909821f3f8dd311ce93c6b1ceedc14004a57744ee69a78ba362f3ec48d04eec38b9f76940dcc186ddadb2785dce69eb04abcafd1f1e6ac7876bf653e277f68686b9b67bc7d0c7ef0c813711f707c979d4abf7a12e748e777d91da6b98f238d3459627ed41ad6966b849170189e537f932e7371396537248082fc2c50e917d7420c1b103cde6ce3ecbb4705b3d75a3b143ec09251adbcff1e35b5ae1820c074761f78a909faf03d835fa59d2aa6fce0439ad29782e882775747a44e4ee38558098dee3631ed1fc35b652c0d0dd0d30412719969b8b37416e3e22c897ba72f316775bd55f09ee3d3a24087d13cc1237b8905572a3974186c46df94fd9417ddb949c2db4748c964c2cf21c89c385a1e2f0405be706a2fa98292ea3532c08c2f58040f4a7457865a97f76080bf9a77b2806a04b50b30bfa34a2df46a1ae8af177c46b9f909c1c5988b3852ae832a29b2bcb800eb678c71e0d20d79ce673918b903a74061feb28d65e0c9b30831ae14d37ca9b9055472cfb647450ec7cebb94d247eaf24e06e7d741a5d56aae770e73f6d673c87bd5ff34fd473f8b7d7c197bb30d101f56a36b6c110edf30ea3cd468db4fd64acb0011e84439932a6db6a89d7841ad0c0b6d8b6446c5a18fae205f6108e71e85ade48f749cdd025706cf6a49169856576fcdfd2e3a8b1e54d1ea3529f36772ef0b75209d08e272a5cce256e421", 0x5ff}, {0x0}], 0x3}}], 0x1, 0x40080)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
lseek(r0, 0xf, 0x0)

3m52.106093668s ago: executing program 2 (id=1953):
clock_gettime(0x0, &(0x7f0000000740)={<r0=>0x0, <r1=>0x0})
epoll_pwait2(0xffffffffffffffff, &(0x7f00000006c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, &(0x7f0000000780)={r0, r1+10000000}, &(0x7f00000007c0)={[0x9]}, 0x8)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
epoll_create1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xfe, 0x20000008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x20)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000007240)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='\v', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r6, 0x84, 0x77, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB="fe0f09"], 0x1a)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
getsockopt$nfc_llcp(0xffffffffffffffff, 0x3a, 0x1, 0x0, 0x374aa66c95590140)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r8, 0x5607, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x608, 0x358, 0x1d8, 0x1d8, 0x1d8, 0x440, 0x560, 0x560, 0x560, 0x560, 0x560, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x28}}]}, @HL={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {0xffffffffffffffff}, {0x0, 0xff}}}}, {{@ipv6={@mcast1, @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x138, 0x180, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@broadcast, @ipv6=@dev}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x668)

3m51.055465011s ago: executing program 2 (id=1957):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c00090502020002020000090582020002000000c0627b2157adb62b155bb5900d8f534c8758ffc6b79209be8b0cfbb33b1f7883e3456d815ed8623b2995d1ddb65243fe9a60da7343a404d7dbcd8bbb34028851594b5917b003bba6d197acbad6bc62b773366134df90735d3a449696c3ffc517bcff0fa60ad92882dcc8983005781ad73592f737d6ff2559985d463b2bcf004445105825b07da7a0b24611126699ed94f52fa7e8d86e37fbd6251ece77f7c51fc1b8391337f02c8b92932bd1d35c0994c56328f7d8ef512155134158267e5c59438a2e81f864afc5e6c16523aa77145ad6c6c80d152cdaeda3196d33c6f5f283d9d392e8dc6188ad71fd035bb18d44ac4ef0bca2717b2130438bf14f13daf5446ca0bd0988fa1815fd0bd15e6cd39fcf8c30ca620abe4b9b19329209b59e196f2fceac11ccc0883fef5e0db025d421d2dcd1162043caab67f083efc4735a90432d0486b56a0d9a07b531c355bc21bb931b203fcbfa8a3a31ac229b34cceee693e45aa7d9e9119a8a15339700b1226737a7dc54f80860cd3f066a19287bbbd94d96a4"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000980)=ANY=[@ANYBLOB="001501080000e4"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000b80)={0x34, &(0x7f0000000100)={0x40, 0xf, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

3m45.800049684s ago: executing program 2 (id=1968):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={0x30, r0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0x14}]}]}, 0x30}}, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0xe, 0x1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)

3m45.711888575s ago: executing program 2 (id=1969):
mkdir(&(0x7f0000000400)='./file1\x00', 0xa2)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r0, {0x25}}, './file1\x00'})
r3 = epoll_create1(0x0)
lstat(&(0x7f0000000340)='./file1\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000140)='./file2\x00', &(0x7f0000000180), 0x2008022, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_none}, {@cache_readahead}], [{@uid_eq={'uid', 0x3d, r4}}, {@dont_appraise}]}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='mem_connect\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
mount$binder(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x10000, &(0x7f0000000440)={[{@stats}, {@max={'max', 0x3d, 0x4}}, {@max={'max', 0x3d, 0x3}}, {}, {@stats}, {@stats}, {@stats}], [{@subj_role={'subj_role', 0x3d, '&(]%\'&'}}, {@hash}, {@euid_gt}, {@smackfshat={'smackfshat', 0x3d, '@'}}, {@flag='nolazytime'}]})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x2, 0x0, &(0x7f0000000000))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r6, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x2}}, './file0\x00'})

3m44.983213343s ago: executing program 2 (id=1972):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
creat(0x0, 0xd931d3864d39dcca)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)

3m29.348737576s ago: executing program 36 (id=1972):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
creat(0x0, 0xd931d3864d39dcca)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)

3m6.3382469s ago: executing program 7 (id=2081):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x6, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000003900)={0x0, 0xffffffffffffffc3, &(0x7f00000038c0)={&(0x7f0000000240)={0x14, r2, 0x1, 0x0, 0x25dfdbfd, {{}, {@void, @void, @void}}}, 0x14}}, 0x0)
close(r3)

3m5.840056872s ago: executing program 7 (id=2083):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000100)={0x0, 0x0, 0x10100, 0x0, 0x1eb}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="30000000b7823ad1ad2d6b6dca3cf63b00073579ea0a0000047c0000040000000c000180060006000000000000000000ff2ecbeb58fde248ac753188de4f5f75c417babc7dacfbd2f2de"], 0x30}}, 0xc000) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) (async)
msgsnd(0x0, 0x0, 0x175, 0x800) (async)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0) (async)
r5 = syz_open_dev$evdev(&(0x7f0000005e80), 0x4, 0x42)
ioctl$EVIOCSKEYCODE_V2(r5, 0x40284504, &(0x7f0000000000)={0x8, 0x10, 0x2, 0x8, "0019c39018ced390085372620300c6b388e3cdf73cc88bfd1b0400"}) (async)
setregid(0xffffffffffffffff, 0x0) (async)
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)

3m5.598188179s ago: executing program 7 (id=2085):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x14, 0x16, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@map_idx={0x18, 0x5, 0x5, 0x0, 0xd}, @map_fd={0x18, 0x3}, @alu={0x4, 0x0, 0x6, 0x5, 0x0, 0x40, 0x1}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$F2FS_IOC_FLUSH_DEVICE(r3, 0x4008f50a, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000100001000000000000000000000a44000000060a0b0400000000000000000200000010f204800c000180080001006f7366000900010073797a30000000000900020073797a320000000005000740c5000000140000001110010000000000000000000000000a0000"], 0x6c}}, 0x0)
io_setup(0x400, &(0x7f0000001080)=<r6=>0x0)
unshare(0x400)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
fadvise64(r7, 0x101f, 0x0, 0x4)
prctl$PR_SET_PDEATHSIG(0x1, 0x2)
r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
io_submit(r6, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x1802, 0x0, 0x0, 0x0, 0x1, r4, 0x0}])
socket$alg(0x26, 0x5, 0x0)
r9 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xfffffffffffffd85, &(0x7f0000000080)=[{&(0x7f0000000100)="e03f03003b000b05d25a806c8c6394f90224fc6010a605001b000200053582c137153e37000c0180fc0b10000c00", 0x2e}], 0x1, 0x0, 0x0, 0xffffffff}, 0x8840)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c0073fc00000000fddbdf2507000003", @ANYRES32=r1, @ANYBLOB="030046000c0002"], 0x28}, 0x1, 0x0, 0x0, 0x40884}, 0x0)

3m4.511221468s ago: executing program 7 (id=2088):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x20000008b}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r2=>0x0})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x18, 0x4f, 0x1, 0x0, 0x0, {0x0, 0x3}, [@generic="ee"]}, 0x18}}, 0x0)
r4 = socket$igmp6(0xa, 0x3, 0x2)
r5 = socket$inet6_dccp(0xa, 0x6, 0x0)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)
setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f00000003c0), 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x36, &(0x7f0000000ec0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x2b0, 0x150, 0x150, 0x8, 0xf8010000, 0x380, 0x238, 0x238, 0x2b0, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000104000000000000000000000b00", @ANYRES32=r2, @ANYBLOB="0000000000000000240012800b00010067656e657665000014000280080001000000000005000c"], 0x44}, 0x1, 0x2}, 0x0)

3m3.480000038s ago: executing program 7 (id=2094):
r0 = syz_io_uring_setup(0xfa, &(0x7f00000003c0)={0x0, 0x0, 0x10100, 0x2, 0x3e7}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0, 0x40000103})
io_uring_enter(r0, 0x46f6, 0xffffffea, 0x0, 0x0, 0x0)

3m2.535893228s ago: executing program 7 (id=2096):
syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090480000003"], 0x0) (async)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090480000003"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000400)=ANY=[@ANYBLOB="001240"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) (async)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
io_setup(0x7, &(0x7f0000000200)) (async)
io_setup(0x7, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000003440)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x1, 0xfffc, r1, 0xffffffffffffffff, 0x0, 0x100000, 0x0, 0x2}])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r4, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}}}, 0x24}}, 0x0) (async)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}}}, 0x24}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r3], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc9, &(0x7f0000000080)=""/201, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000180)=""/35) (async)
ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000180)=""/35)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x19)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8000003d) (async)
fcntl$notify(r7, 0x402, 0x8000003d)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r8, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
r9 = open$dir(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x280200, 0x64)
mkdirat(r9, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa8) (async)
mkdirat(r9, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa8)
renameat2(r8, &(0x7f00000001c0)='./file0\x00', r8, &(0x7f00000002c0)='./file0/file0\x00', 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) (async)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)

2m46.629693651s ago: executing program 37 (id=2096):
syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090480000003"], 0x0) (async)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090480000003"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000400)=ANY=[@ANYBLOB="001240"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) (async)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
io_setup(0x7, &(0x7f0000000200)) (async)
io_setup(0x7, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000003440)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x1, 0xfffc, r1, 0xffffffffffffffff, 0x0, 0x100000, 0x0, 0x2}])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r4, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}}}, 0x24}}, 0x0) (async)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}}}, 0x24}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r3], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc9, &(0x7f0000000080)=""/201, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000180)=""/35) (async)
ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000180)=""/35)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x19)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8000003d) (async)
fcntl$notify(r7, 0x402, 0x8000003d)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r8, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
r9 = open$dir(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x280200, 0x64)
mkdirat(r9, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa8) (async)
mkdirat(r9, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa8)
renameat2(r8, &(0x7f00000001c0)='./file0\x00', r8, &(0x7f00000002c0)='./file0/file0\x00', 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) (async)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)

2m41.687510282s ago: executing program 4 (id=2148):
socket$inet6_sctp(0xa, 0x801, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380), 0x0, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000440), 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000002000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0)

2m40.43197484s ago: executing program 4 (id=2151):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r0}, 0x8)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x1)
ioctl$TCFLSH(r4, 0x8926, 0x20001100)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r5=>r4, {0x2}}, './file0\x00'})
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000000), 0x10)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000280)=0x11, 0x4)
syz_emit_ethernet(0x11, &(0x7f0000000040)=ANY=[@ANYBLOB="a1aaaaaaaaaa00380000f41eae5686c7537700000805000100"], 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)}, &(0x7f0000000400)=0x10)
sendmsg$can_bcm(r7, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000070000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3200000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)
dup(r6)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10)

2m39.155770032s ago: executing program 4 (id=2154):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
close(r0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000540)={{{@in, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in=@local}}, 0xe8)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2, 0x4}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r2, 0x80487436, &(0x7f0000005280))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r6, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x1}], 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1802000000940000000000000000000085000000360000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r8, r7, 0x25, 0x0, @val=@tracing}, 0x40)

2m38.223592912s ago: executing program 4 (id=2156):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(0xffffffffffffffff, 0x80047437, &(0x7f0000001f00))
sendmmsg(0xffffffffffffffff, &(0x7f0000001cc0), 0x400000000000026, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macsec0\x00'})
socket$alg(0x26, 0x5, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
accept4(r5, 0x0, 0x0, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0/../file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x64, 0x2, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_TABLE_USERDATA={0x7, 0x6, "7bbc93"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x17, 0x6, "8ff13f7290853452faecea7c48b7b638a68915"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSET={0x1c, 0xb, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFTA_SET_FLAGS={0x8}]}, @NFT_MSG_DELTABLE={0x3c, 0x2, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x5}}], {0x14}}, 0xf8}, 0x1, 0x0, 0x0, 0x4040010}, 0x20004044)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2m37.042767417s ago: executing program 4 (id=2157):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_change_rule(r4, &(0x7f0000000040)={'*', 0x20, '(', 0x20, 'wt', 0x20, 'wat'}, 0xb)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@loopback, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@multicast1}, 0x0, @in6}}, &(0x7f00000004c0)=0xe8)
getgroups(0x6, &(0x7f0000000500)=[<r8=>0x0, <r9=>0xee01, 0xee01, <r10=>0xee00, 0xee01, <r11=>0xee00])
r12 = getpid()
sched_setscheduler(r12, 0x2, &(0x7f0000000200)=0x5)
statx(0xffffffffffffffff, &(0x7f0000000540)='./file0\x00', 0x6000, 0x40, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, <r13=>0x0, <r14=>0x0})
r15 = getpid()
sched_setscheduler(r15, 0x2, &(0x7f0000000200)=0x6)
r16 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r16}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r16, &(0x7f0000006840)={0x2020, 0x0, 0x0, <r17=>0x0, <r18=>0x0, <r19=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, r18, 0x10c}}}, 0x0, 0x0, 0x0, 0x0})
r20 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r20, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e22, @loopback}], 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r20, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e22, @rand_addr=0x64010101}], 0x10)
r21 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r22 = accept4$ax25(r2, &(0x7f00000021c0)={{0x3, @bcast}, [@netrom, @netrom, @bcast, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000002240)=0x48, 0x0)
r23 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r24 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
sendmmsg$unix(r1, &(0x7f0000002840)=[{{&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f00000000c0)="65b64c927630bc26bea62459bacd046eb81a51c5b94e027f1f13a4878f39e7614ca94fde48552130ea07ce6009a7400077e168d5218c21", 0x37}, {&(0x7f0000000100)="e2e8cfe9da7f2c5982facdd5923fbae8429e30d2fdf34ec4160ae9b4359efb4de90e8dcba3c0da948433b4a06048b57d5cd8e1a44d9569d9233968b8a7d4961be85e12ff3aa2c9405c5ddea73c19637de6a715dd92005f71335406f6d3e4d329970ec6cc4e83b0a64e55f51eb2803945326a78f609170e17e31f26e2b8c042ff1be64e0a30015705f500c1e3d7749f", 0x8f}, {&(0x7f0000000240)="0edcc974e8311238c023ce1cc3c2353e3a1b2bd4d71dacc3ce1ae1a947160920e501b8c55c14fdc71c697228dbb260b04b70ae9c9b38d4419533a0c91f62f2f306a97feb6f6ed9cc708dac66d21891c8b51c8645b6dfdb25048f297e17074cba08962b3d2ae3ccd3c1d1990215ee17153898a053693e91fc5e6bc8e7dccab41b2e109993889bf9b7c5999db9", 0x8c}], 0x3, &(0x7f0000000680)=[@rights={{0x28, 0x1, 0x1, [r2, r1, r0, r1, r3, r0]}}, @rights={{0x30, 0x1, 0x1, [r0, r1, r1, r4, r0, r1, r1, r1]}}, @rights={{0x18, 0x1, 0x1, [r5, r0]}}, @cred={{0x1c, 0x1, 0x2, {r6, r7, r9}}}, @cred={{0x1c, 0x1, 0x2, {r12, r13, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r15, 0xffffffffffffffff, r18}}}], 0xd0, 0x20000000}}, {{&(0x7f0000000780)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001cc0)=[{&(0x7f0000000800)}, {&(0x7f0000000840)="19458b4b56e6a10b9eab8888833a09952308ab79a6591c41a6e05a630e69f07c6b7f32499478767c563341a4c44f1bdf08f31e65f38c0095f03b2b520197770c9822e66702011f5d62a86ed0ba2dce8244c180a8a5c69b1686871112e87e6a4597f8d0bc95829616487fa5eae40cf4b1fa7de700290cbba85ce9a7fc772d843917ee461c5a06715e92446dc0a8ae194875a80305aaaa4b1499d7efd597c43baac54f983022f413508dbd50ab07f93c0b0d564c33aad0d60693364192586f42b550ceb0f93a1d62d6e601ab785a4a3dda817cb79c14a8500a022692e00024ad3ca55e691792e6ade122b8d459ffda0142da43d1", 0xf3}, {&(0x7f0000002940)="e746579f925419fa416cafd337d9b8f6b82430b9488671cd4ce3eae8ff5c8c0d6bb93b3d92bddb2a176906dd90539f264053c67e89522ca0285e93f72e4b36ee828bc340264afbc67d165f8c0488b830250a5eafb52aada551b356b470a3fd25baa8e063652f8e5db901a6283540c5765d49fe2ee9a8979292c62bf7f9f0597c0ec031a85011e5e5bf01e62d2a02413519a7b9d1ead8a5ee9cb3d5567a8a9411959cef188c5702abffae6ea6bf59a7c7fc9b822182c43010544523fc7d11508f71", 0xc1}, {&(0x7f0000000a40)="cb114b8e354bd413f831bb756c4ee3e89d53e38666c8d0777acfbfbe6c4be3240c9969139f3208bb5b215e3285d2d1622a30d85fbccc02b74470514ee624f00b9dc53693743c9555c0b2dfe447d65675a715d90abec61b8ec4eac1e1dc12648c76e9e8751b16346f275e0acf465202864f35337e", 0x74}, {&(0x7f0000000ac0)="e849a6f8e429e2d4664096cbed7e2b0ccd94b3816402c3f1e14c7652973f14cd97d87f9b03ae671f55a4111cb1986af9e200c6899e31595468ece86a97f2dd0952a1db99e1b8042a5992f812870ffe465d408e68d0f964f3724d156001c4c7f504921d8f42cb0ae2e524ec701cfa34d6bbbe7d8cb46ef7455ee84785d02d436fef4e641f42dd822294336a429b55ec3df4b91393e6a6baa36c5eaf1d403f30c8bb13223e761ec9378be4158067bf7eb61694d5d5311dfe9050e5b548825b14da0bc106cba9461ea9c037c2f41409811c9be86765659e73e240b6a4be729f8292e1886a83b6ea", 0xe6}, {&(0x7f0000000bc0)="0700841cbf0f94cc88ff0724b7c2141004d03426509c93ec0c3b065bd9497994664f5ae0bb6afc4f00db8ca6c54b9ba9bf4071cd2f586fdd11597568aa5963843566719304efe8047090765427de2167dc16de69958352f93e8cd4f4586d97e726c8128201f9ba9aa54101d9357e82b3abbe983be6a2f574a9777cea5bbda51abc48dcdd172454f98d4b4db54c29b99810d191c1d051e9465fbba3465d4f5baa8e76a53ed2d46ca42f14da7c8cdbb10c3ccafdd56280e337e51290a2a7d762f47d4394dc41265df3bd5558571ed89b226389031c1a94d531a029e66bce0d161da8e8604731cabb996568cdc845c83f2c8468d249592d7e99ad38f7d78964e8ad510233f3be73958b1244e0f004cec3aaeceb87ebe48f870f9b48be736f9be720a96ee3d4585858ee0e6a6d8c2daaaca3c53faf16adbd2240bf512a72cab557386ef5d4e609c4ad2f90f03dbc3f00cf0a990f70305a207eacef327152678c6a9751c48bf97fc9f37957495c1a475bf3e61d5946d81fe7e204409e252abc0ae4c34a77ab1667f2708a282adb7fae4c9ff2910ee01cf2e5bb2c79294efb1c6c7f5ea92d832a2bca33ea0de85ad4a0b1b84893f80e981cdc260d80c8f69280b63543044f520cd3a8de24c64ee289079a49af09dd4459a4372aef104c97236100bdbf0fd3a6fe51f15094ae2dde5562136bfe642eb88e8ba0b90afe85abab4a675c7396c6042735972137ac401f9d912cd0465d6f427324872ea9ae50bbfeb93c59a8c06d52476a9ba61be47179db7100eccdd5f1f13fe9326319f4da13b4aad76be466ba54b898ca590ba724b6c8e6adf60edd2c6873689ca5369914a627974d99d60b1d2b303fefec06acf65629157b9c6f6886eadb9612b6ffb55ea43563c0f05a36773a01431b36e2e0cd44eb7657b3a403bb44db6fd6d081e39d9385d912d1d55903a2e40bdaea2cbdef7d76da3dd35b74889618ad7ec47276e1ddb3423799de10a57b0f91d776cc4e81a12b110369e0029c8a38aec91d879b42393d47acb506f8e6bb5c7df830b83b5e02e44d1b99cd91a195774f3b37af4f51733ba4bebefa75096d8b62f745e91ed8013886fc74993e939b66a819cf06493de2c674f4204d8af14c8499817aecfe06a7d9d7545fbd31c38a6ddb3fcc4745cadc48e9881d95b53638220aa4ccc982c1a2587cea03ef4d3803aee5166406449efb402dce5b4810102027e7fe27b87b7a04abf65af885c1920910c0c6fe874e6a6ac6c5fd9b46dd4c5a4233ef00c46923ead2e00f64b59ae58ee7bf655bf6340a400fa0cd90229ad7a24e9f1c056171205ad286a81d6ae4c933fc058987d95f2f42e50244d52520008215e2a0f71bbbd3fb240e361eb638567d9af773dbb76a73ac5e36f5c6b458aeb3f12a1f5345b176c2e88ae69f4715d802ae423925aae18a5a1e50cc7943fa15cbc14183254498a92614ed5c0651f383a289678905c5b1146b82eebb3f78e890a06f0f863d95552bc6e961bea42a2bce4af0bbc4718b39952a09da94146f91d8c1db5e2cd37b74231f3e5b558681c36ec4c4c3c4aeca4e2e6cecc0d95e9ab651603945074d1047633b8c6dfe15b8b7538344ae16a7d5093679bde85002b8f214d973ab67e2e3f8c846dcc6b1cb7137cf8b43759708f49e7cd795a94bf4ca6fee9e27b11971031aebd326bc97db6d4f024b0aea45539f761848f1201f7f288810fa72ecf19033d0b55957609fb43dab0bdb1928999fad7a60085fe4fe90552e7258c0b62d56bc84ae5f23b5ea99ca709d8922c7fba037e345fb9cfa5bbbf84ab7bc0d882c66e29a5f00345c2427eecc912e793f05f59c26755c694c863b16f76e933361de55534753407c86589c421472c84f382c0ed9d88e690e9616c49c10e72bc8e9ec7cacea3b7977247362a510264f111796dc23cde85ec4fd1a4ffc8b30f927bb08adcda35066f3e834739c2e52b80853140e964d2a29b0808e4b9fa903d81cc62902a5dcb10f5012480e347b7c81b5b377ae27aed4102f64e34681a770f196e842608bb641d45380ad3b4102739c843d1520b5a2162b00f517dfec7d702a320812fece197ac33f4c18a541bb9120bb39ea78df9d3a7b1e55fce59289064e0f08295e09d06432e96f48b42a3bbc5a182612248bc6c4befff1460c34a212eb293fcc5d12573d17824417c6a0c27db4c2971005c511dc440379314948ee4ea7101a3721b16f229a6b9f6b3c736d74098aa73c96bfc7f4b176724d0df5f0c863f36e8c72c04f9a76f4f4365dda7412956d020e975e364459c9439db75dbadce791953ddb74cdf4fc4c21036b42802eb961b0c0ce5ee10fd355af28ac5b2dcec2c78f90aa63c214148b6e24b8776df4f494e037b53c3a06bae9e426b79f0d3d58e0e287f3224acd136c84eb650aef6c35b45a960cafb9232d952dde47f29262ade28c8a266719dda398fe0ad0974000b5d948b0e807049238ac8f4ed097559405cb221bce70a8e31642cf206d1d611549c3a6111dfc85a7fadc3563122319dae30c3197153e7699eb7a97cdb35c36ee1cd66e926bd32ba02f38a1c43f4fb0bdf0a1b32843d57b6a34a5a22d6ef553ca67cfaabae49c1278827e692fc16ae6c635bfb8fef81b6e261867610c177d9279ea2aef0fc356054b367050b02fa89231201e9968f031be3778b6ed6b8c83eee85627978ada01ea2a5d49d35d1a63b014611b3f061415b1218c59ae4c6ac1cef51dfbf49d6982f12c23aaa132c1c95e99bddd815ce49f77b47dde5d47ccc8c65c4f6f76beaac00ba9921087d3e7f13ae994f1bd0863b0ff201716c9a07b75454b6b00f79a217491438d23264aa97a9a181d7b034b55c4b914e34af49d834c14d74ab843d0427c45b8137a2516a1158d52ab3105079cd43d5afb7a8970a51597b65f2122514db754a29ae19276b930cc612125e86d61854defdf7b504605fae0d078298b2b07e010f68889a188bff8fba1d970f808c3b4014462f1c71e5afc2740de5bd1dd89bfe02c2609ad6e40ba8f7da22af74c211b931dcd7b871650f12646f3b82e9f2e020d023af2e737b37bd296f9715eb83c4a238495fcb40fd088d7b99f0957d5c6dc0a6398fea6bb415a8932e98b87665db91c672017e1ff0c35dcf306bfeb18bb1be3d17dc17c15a487a4adeee4ad523378b407f5b314f316681ff44a44b18b6745bfd275c63f76fca8440713fa91a1fee389a5cefc48dfc2176e8eadfdb3b88790ca73fdc871ac3d908a6cb72c4036f38c49582597658b209082c30706c812b656f76bef2859d06337774499ebab49b86695f73b99eb620ef931813a6ad6d0756618869b6fca20de5b8fe69b9a44599cafc4263858a90fa5210d456580811605495cfb219755da4274d70b4c0ff3e71bff59cba7bdd760ca77a8ac5311bc631f4cbcc3556f3fc76501ae17e8a6e07175a96c42a8dd1f552c06453a65a32b43554ec2a503ff2c757ab74e0d79580750f0340222cafa0bbe38d3d4745dd89a4bbc630553d871c810a89e66fd11a028dc4a79525c876b2d08989370fad5856f87531da21251c9102e56c77c810f8a4ac6a118674b2b2413aa37ca9d61020797fb23f00fac50702f09a920b02c6c2e5a9757ff4448525a0f3d7403edd9dc2eebeaf7fe36dc69ac6b4d7c5b7a16b4c40e2cc2b6770f82b9c9d446a883e2459086ccbe4aa9231b62e395dca8124efc3db52b942e7afbd0900d4e6cf233d99fdf6b87d5e168d7a15e6f4b243374b9776a881eeb43a45775aa08faefd92a362c6e60409f70a2f3ac3a34919196d8c9d13c7e1ee96d3b9c3ea5b645c146d1264073d2e852859ff5cb4965df4e28a81faa5eaceff856932597ca1d8672a2f72c694a359010d061292c78684b78c751769e5424bc675080d3ce5f871902cee559b53f3f56de587c8d4e6ea2e0846b29696b333eabd177a1370e05d8e1b72d811b8a675f10a2ab7c004ad2df5405c1fd86ed896ef5b4405830c4316f3c3f8514b7ec584615b23bd0c20ace6fb3c418b1dcbd89801e62ac062c907d9f82b59c4fc45a655075728188edd5c130c57c8bb096ddd63284b047ef771f6441a6ac4b37bf4caff53dbc5fa277c3413c4adef65eeb05df155e131f3a8d6f07e98fdca6f67bbf407d3f75e3ae9480cf7b6b32661ec421d8b719a63468dd8c989c428ac3171333a80cf48401f3d70b09c594a1512d6dc185cd6e9716acd84d75580a005b6e0da02c75b1395451b4bceda45ffb49ad443b5c325090699c09e603d932c32173a5885bb844092314d5420e26ed1ab0e5ceff96b1b5ff4a9a246a6ec4cfe7c9a68e0d977693f9941da5373a7b5398053bfa7392b85045a5ce47fa55901728d9365a5f88d52b58b99430a18d4218dba58226581434918f0598582d37d70846341386612d11d43b05be57f5a1acf549321d5f4ea52cf18ed9cdb411e96c68901aecb29d74d15674c0f440e74e6eeac65d77a4eda6474d3d01a8f5d2d37fb04dccd03b19f1ca0d5c4afca33ada5566eb56bdaa40ce6c3ff5ecf2314d49a3c214b5496454a8a476635057843f702d79eb9d111450e9d3a122fefdc46718573287d42acc4c2c0ca350ffee4e37bcc17d3e7414e578284a60f4ddacc75fc4e893392680dab39c9dd1c1335d49431b946ac99bea45e20779a1b145bf537bf954e834ecd72641d17e033a9f40666ed04d12f790e850edba876ee98cb9b56f55c1eef59031a445a823c821a7cefbc063a009df7a50d4af83453c7cd98c638f29a644e6c1ff3866986a13e90b93e7c7d0185b746f9e7fb9a0d8e24bdd3dcc5dce826323ca4da8c6aeb6ce9d0bd91786f03e71298da1da3c0b6a8696ccf0b972578aae70db1564fc34bcfa890ec3b2c3428643c8fea88ec49a0f2db963768c21d95c0b023b1a18109044dec17ddac8f37d0e204dc44b263a862c54bd53c777e98117d9c5235d5ec446279001c576c106a3633629e6bf30ab628a20c38b8d5d55214c9d2434f0d325f567c043a3712c96db301afa58eaa2b26bb643052a10e9e1e05e1f2de1af1eedeffbfda3a51ccb5c418df539615a98ac0f401619e6788ddbc6da4e6e659d887d626bc0c33b4176a214b5bd38a2d46d0077f9b431beb0b5fe9996642a5320d83067c84e5f90afcf72b617c1f5cc8fffcf174d6a5e8330fe558c9f00251afeac173033d17769827407d9211b685ec4c13b7efffc746b52d46c1708674a60e700631136c3402bfd9246b46f6553f2016d7831c54b002266f1ea9b4bcd77dc850abbd66e4b3277ba6b2dcecfa63d209a69bd3c82d2b88e32ebb15fe69e3a3a77e99b0cdca114b293afc6586cdd373dc74a040b946491a9ba48948554b002f921d921766fe76ac02fc837ab8737f3e1df31a292355cac35d4bf75399d45d044bc3e4a56e11a945dae505a0e594abd3ff6ff07c1901dfca16a84e3b37315ca642da7c5b8b391160734af4a9c4319c3824b16b1c7c35f9e6f02a03a8ba8eee3b87d87099d48bae78e07f4d093045f00149902dfaa097a931fe32ac8c69f4baeccf2d1d14d1a87099ee99ecea39e97910e6bec669e9f1d5e311ef2cac9c716ac9a0209695e4720a3426612370d20e8e19a359684a84db29dcd8e8dbcedf95626522b6806e344af5793092dc103f7c03c155b3eaa93b8ba286f43183ab032f3708bc86117740b1fdd92a5b8dcefd0102bdb14b3f50693736e056b05075006dcb94ca1c37fc1061e72545c7e8b1bc91cafab88e57430a3284ae14c50a294b689730ef9efc1e670f7da86fec83d845aeb091c", 0x1000}, {&(0x7f0000001bc0)="77ab9e6d5bd598d271e81e6d1a9dba462e5192e37262702847ea9dfb8994d9094fd9771ca4658ad0963a674db456700c198707030f9c997b6ba5a346cd5a2ff2c0e14ee5f878e9d42fb33240af3387f1daa7ac1fb0ea406b56bbd9ad08659ee01164346e822bc564a9f20dfd2e97e94fd15f62589fa7c1067f86ffb980070380631379df54f765accd714a3c027365fe4df6ad434c9c0043d3aeee22b551fa7f544da23387915fba60031ddb3bc2726fde653024abe44bf15bcc9b51344c03e017717f8b30", 0xc5}], 0x7, &(0x7f0000001d40)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r17, r14}}}, @rights={{0x1c, 0x1, 0x1, [r16, r0, r16]}}, @rights={{0x1c, 0x1, 0x1, [r20, r2, r4]}}], 0x60, 0x48000}}, {{&(0x7f0000001dc0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002040)=[{&(0x7f0000001e40)="7f9bbd3444527e217f414e0c328c6a858d8cd9ba6bb4befa741db243eed5c264223f0ac19cf8586e0c7a0e446c48dbb959c8330ce290b02edc7d31b2e80679d7", 0x40}, {&(0x7f0000001e80)="71fb7ca42e05ccdd78d143aede1a181fb22bb5856a5060d6ae8a8e9f1bc149a316c371792362b50669e120f9b1e0cb7af1eef72936c3f4b48465c63dd7b32315f82a6fcc323a790dc1e4155482f015db4f86bffaa86de726c9a46e7bef74c79c16cca3a04cb5b18bee8a1f7b4df870a7973894b30b2bb622427b156569a9aecb4170e1c8080050a90431c814f55bc2a72779dc39ef0d446cc7627e6b677d76bf034e4ac9c1a790d752e6e4431f08cf52d38c7d9daf29b6762819e0c4bd42f9", 0xbf}, {&(0x7f0000001f40)="80eb7e06bd8b9215e83cd667a826a442b43ac9bab5486673451a20bc4da76e002df2ede18607bbf99d56c6790ec2541533ae4d843663377897b0dbd3936b6edae14d2056da0ab06ee93f8403ba36beaf335aef59d61e9d46501625adf739f373a8635b11063e2d8028b4c2e7b7", 0x6d}, {&(0x7f0000001fc0)="020ca021a6c1052ca936f1e96cfdc6047856c230eccd9ad5d1466486113b231e37794910c941c74812a14aec1f54b6f1128e34693c858f5db0cc2033c5d85834aea88d12562ca976e90a7304c35f9b2672e92ccd9f4441845e51ebb94f9cc8b234b6fa9d6205c1d917d57d8a73849784d82cc038c7f60d", 0x77}], 0x4, &(0x7f0000002280)=[@cred={{0x1c, 0x1, 0x2, {r12, r17, r10}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r20, r2]}}, @rights={{0x14, 0x1, 0x1, [r21]}}, @cred={{0x1c, 0x1, 0x2, {r15, r17, r9}}}, @rights={{0x18, 0x1, 0x1, [r16, r0]}}, @rights={{0x28, 0x1, 0x1, [r22, r16, r5, r0, r23, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r17, r11}}}, @rights={{0x2c, 0x1, 0x1, [r20, r1, r5, r0, r16, r4, r2]}}], 0x108, 0x4000000}}, {{&(0x7f00000023c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002680)=[{&(0x7f0000002440)="320a887adea715311900234872908975cb374b42cc6cf105c1baa00707d0516df5006d08ffa4dc826c6c2a474e14991979621bfa19772a0e567c97323ef27b46431d715365bb0fcc961ba84187f59edcc65f89a4c25efd44309c1190", 0x5c}, {&(0x7f00000024c0)="38334d7c42241832d5510888623aef123375ce0c0bf339b8b64096f42a93f8875c42c346875867ce2e87a8954822a7b000b05fdecd81f6caea452aed6082a77af1e20e06d65471a539b8767679f8c3ae84db0834f8cc21a26aa67c952c71392de61503b10ef1d2d8dd2447faa0592bb6007bed71cd12a975f897d2242e9b4663238b9bfcddcd75f74ebaeb", 0x8b}, {&(0x7f0000002580)="f39ab8062d4fe7aeb1031f9033bef42cc46a91fab0", 0x15}, {&(0x7f00000025c0)="603d66b0bbe1efee1766c178b313962dcb0abfb1acd5493f79e9b1ebbafe03f6beeea4977beda96cb5a34f5225338e4cbda8bd48d10a67bf52fd8338897c64650d1714d070f77a25ad82145a9848c933924331b5891a379d6f6c4d2dcd4dcb6014038d0c32091d639d6ae0da535a605263e851476dd1d44d95f0561e3c32ed527e292b7296221558b0", 0x89}], 0x4, &(0x7f0000002740)=[@rights={{0x28, 0x1, 0x1, [r1, 0xffffffffffffffff, r22, r0, r16, r24]}}, @cred={{0x1c, 0x1, 0x2, {r19, r13, r9}}}, @rights={{0x18, 0x1, 0x1, [r3, r1]}}, @rights={{0x20, 0x1, 0x1, [r24, r22, r22, r21]}}, @rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r19, r17, r14}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r7, r8}}}, @rights={{0x20, 0x1, 0x1, [r2, 0xffffffffffffffff, 0xffffffffffffffff, r3]}}], 0xf0, 0x4004811}}], 0x4, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x8905, &(0x7f0000000200)=0x200)

2m35.666434494s ago: executing program 4 (id=2159):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000007000000450c"], 0x20}, 0x4000008)
r1 = syz_open_procfs(0x0, &(0x7f0000001080)='net/protocols\x00')
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000540)=0x9)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_io_uring_setup(0xd3, &(0x7f0000000580)={0x0, 0x73fb, 0x100, 0x0, 0x25b, 0x0, r1}, &(0x7f0000000280), &(0x7f0000000340))
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000020c0), 0x68842, 0x0)
read$FUSE(r1, &(0x7f0000005180)={0x2020}, 0x2020)
preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/20, 0x14}], 0x1, 0x0, 0x0)

2m21.02548904s ago: executing program 8 (id=2179):
unshare(0x20030a00)
r0 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc1105511, &(0x7f00000000c0)={0x9, 0x0, 0x0, 0x0, 'syz1\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x10, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f00000007c0)=ANY=[@ANYBLOB="0100"])
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x13, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="44000000020605000000000000000000000000000500010006000000050005000014000300686173683a69702c706f72742c697000bdb624a1152b7269"], 0x40}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x1c}}, 0x0)
r6 = socket(0xa, 0x2, 0x0)
close(r6)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x15)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e23, @local}]}, &(0x7f0000002100)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x21, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000003c00)=0x90)

2m19.920379272s ago: executing program 38 (id=2159):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000007000000450c"], 0x20}, 0x4000008)
r1 = syz_open_procfs(0x0, &(0x7f0000001080)='net/protocols\x00')
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000540)=0x9)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_io_uring_setup(0xd3, &(0x7f0000000580)={0x0, 0x73fb, 0x100, 0x0, 0x25b, 0x0, r1}, &(0x7f0000000280), &(0x7f0000000340))
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000020c0), 0x68842, 0x0)
read$FUSE(r1, &(0x7f0000005180)={0x2020}, 0x2020)
preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/20, 0x14}], 0x1, 0x0, 0x0)

2m19.834842691s ago: executing program 8 (id=2182):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000480)=0x8)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581", @ANYRES8], 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$pfkey(0xffffffffffffff9c, 0x0, 0x210080, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000003c0)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r3, 0x0, r2})
r4 = eventfd2(0x8, 0x1)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa9, 0x62, 0xda, 0x20, 0x2040, 0x4901, 0x4777, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x30, 0x8e, 0x72, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "db224370bf"}]}}, {{0x9, 0x5, 0xb, 0x2}}]}}]}}]}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000007c0)={0x3, 0x0, &(0x7f0000000440)=""/43, &(0x7f0000000680)=""/178, &(0x7f0000000740)=""/100, 0x4})
r5 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$binfmt_register(r5, &(0x7f00000000c0)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0xfffffffffffffff3, 0x3a, '\xa3', 0x3a, '\xf3\xfe\x97@\x96\xd1\xb2A}\xf6(&\xfb\x00\x00Q\xff\xa8\x84\xc8Q\x86<\v\x11w\xe0\x1c\xeb\x96\xacM77\x88\x8b>f\xbagT \x9fPw\xb2I\xc7+\xdc\x94\xf2\x910\xbd\xfb\xe5\xd7k\x82\xea\xdc&D', 0x3a, './file0'}, 0x68)
syz_usb_connect$cdc_ecm(0x6, 0x8b, &(0x7f0000000040)=ANY=[@ANYBLOB="12015002020000ff2505a1a44000010203010902790001018da00809040004020206004b0a240600003eaecd04a605240002000d240f01000800005f1902000008241c0700e94e67062407092b00052401000e1524120400a317a88b045e4f01a607c0ffcb7e392a05241508000c241b2a008e000f6a230009090582021000020107090503024000025d0d"], &(0x7f00000004c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x6, 0x4, 0xa, 0x8, 0x4}, 0x1a, &(0x7f0000000140)={0x5, 0xf, 0x1a, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x4, 0xf9, 0x7, 0xfffc, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x2, 0x0, 0x6028}]}, 0x5, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x40b}}, {0xcd, &(0x7f00000001c0)=@string={0xcd, 0x3, "0ccbe96f6542e2af0dcd8421c68d06478250f9ad194cb7f3747d76e9524bf0980b038d61e0b25d402f94108ee1d781f3c7f8a22ba9ebeb019afb67de520ba75c1b327fb8d8bdb7e295a9c895ab64415b981c414704c9067fd13feb0b01a4b3569d7d01ca26b51e0ef972134814ae290c05d57b90f39409e2167e92314ce18be0bbbe4ed524831a9b29640f692a8b0f106a9b7c0c9b10363d1db0e83c21421ca92467b0d9de9800cae5d9564d573f44da17fbd5a13d5ccff8a0d4a2356c658f03a13ef1e2c26bee6c6010fe"}}, {0xfa, &(0x7f00000002c0)=@string={0xfa, 0x3, "1356e436471f3076e8f35ee07e4877dff214fa48203694de951ea260ccbce6d396f0da0c2af1a9d1977bad0c5b3cedc58f01b464a323ed0db2c0fa8b3b36061fb644a1f6cd7ade0854ab613fad571dc034e89f5f14c0ffe5d27df06550dd14ee9345e594f581081344e1e9851353ed73392835396e039f4d4ae4646dcf91ba7461c1cee457350de6548d8732c94fb51850cd0657d4c9a580d7b67da0a1f11685a98f354de6966110d048a2555fe18dbbf9d4b6b57ff76b49dded9c772ff544c1ad4b869ddb846204c5b01afa8851ac2e0699431790ba955c6f26a04a2bb059a3db0df2526d7ce82b2c091a7398d42bb1d110a9f398bfda28"}}, {0x8a, &(0x7f0000000540)=ANY=[@ANYBLOB="8a03c1bc48c0f40dcb532c7f208004f8ecbbe69da8530eeb9c1e192bb7279fe759d80c170bc561c7759a0c0b84c968c9af776fbc3fe332429c8cb6c0eb18ff1cc72a420e262562fe1f004dae7de130b6ee6c23d1202f10e9e8b9b9d480f9be6c16a549f32d164c2d4eb820d02e9b32db95b32caf314f23dabb2641af2035405cbfb3150723ec15905fcd504661fe43d690a4e1d7842ce1d555b39cff5fa16bf8054544cbef82d75160f42c045e5a9267f8ae8e45c55fcaad454b47e147e1963a679b5a32a1efdf06f620ddd719088b8ae29d40522e22c1e130874da09d87a1a2f0a7d1123ec232a178070fda314e6dc8a9858f6e2377cbf70743cf1a87ac5456496710dc099cf5b63b73753ba50d9ad7f15d1fb520ee"]}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x458}}]})

2m16.403867929s ago: executing program 8 (id=2186):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(0xffffffffffffffff, 0x80047437, &(0x7f0000001f00))
sendmmsg(0xffffffffffffffff, &(0x7f0000001cc0), 0x400000000000026, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macsec0\x00'})
socket$alg(0x26, 0x5, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
accept4(r5, 0x0, 0x0, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0/../file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x64, 0x2, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_TABLE_USERDATA={0x7, 0x6, "7bbc93"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x17, 0x6, "8ff13f7290853452faecea7c48b7b638a68915"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSET={0x1c, 0xb, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFTA_SET_FLAGS={0x8}]}, @NFT_MSG_DELTABLE={0x3c, 0x2, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x5}}], {0x14}}, 0xf8}, 0x1, 0x0, 0x0, 0x4040010}, 0x20004044)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2m14.797253053s ago: executing program 8 (id=2188):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0xc, 0x100000001, 0x7f, 0x3, 0x0, 0x4, 0x91c, 0x9}, &(0x7f0000000280)={0xe, 0x401, 0x6, 0x9, 0x0, 0x4}, &(0x7f00000002c0)={0x1d, 0xffffffff, 0x600, 0x0, 0x1ff, 0xfff, 0x10001, 0x23e2}, &(0x7f0000000300)={0x77359400}, &(0x7f0000000380)={&(0x7f0000000340)={[0x1]}, 0x8})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x8, 0x0, &(0x7f00000000c0)=[@decrefs], 0xef, 0x0, &(0x7f0000000100)="5fdb095ddc8021d5917e9fcd63d7cf4677e7375fc308bded099a5649e1d156b3f8fb41766a21fb0fdee60401fc378a313a58d4a7bd5b366c51fc95f0884c8c482527959946dc776e1a61fed5b57a2bc260887c64d8c67049cc23a652680611d80c855190c23c8dff3d51c4fa0f686bd662759a8092592249068ab99d69d93668cf67aac8bc62c873b20f4f4d8b37325043e6b7e9b170bcbb446ed27536590879cae67210f5fa7db7540f9671b464d06c67a6679a78111fd6809ebb90d63886418c7523d0a7d4d156eb2b1a5d533ed1802f3748cb9e8c98fb469c7a9af29ace83b330ccdf8d97dfcebcbcb310ddab6a"})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="50000000120005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000040012"], 0x50}}, 0x0)

2m13.187959815s ago: executing program 8 (id=2191):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000480)={0x1f, 0x2, 0x4}, 0x6)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0xb, &(0x7f0000000180)=ANY=[@ANYRES8=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_int(r4, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4)
recvmmsg(r4, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0x1, 0x58, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="440200001900010000000000fcdbdf25fe8000000000000000000000000000270000000000000000000000000000000000000000000000030a0000003b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000700000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000008001f000300000008001f000300000028001a000a010101000000000000000000000000ff01000000000000000000000000000102000302080018007f0000000c001c00", @ANYRES32=r6, @ANYBLOB="01000000e40006007f000001000000000000000000000000fe8000000000000000000000000000bb4e24", @ANYRES32=r6, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000004d43c000000ac1e010100000000000000000000000000000000000000007cffffffffffffff000000000000000004000000000000000d000000000000002a00000000000000030000000000000000f8ffffffffffff0900000000000011ff000000000000000200000000000000000000000000000005000000070000000000000026bd7000063500000f000000480000000000000014000e006411010100000000000000000000000048000100736861330500000000000000000000000000000000000000000000000000000000e2ffffff0000000000000000000000000000000000000000000000d6860000000000000000"], 0x244}}, 0x4004)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000300)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x46, 0x1000, 0x1, 0x8, 0x3, 0x40, "4bfe4424c2862766d380e92faa645c04d0fccd4d4c7fe051fcfb0531467a0e90b6ad77ced48e237f5a118d3a033750fcf9691d70519cd3c68b309fb40cce63041cdbcfa60e92"}}, 0x15e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@private2, 0x0, 0x2000, 0x0, 0x0, 0xa, 0x0, 0xa0}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x400000, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0xb8}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0)
ioctl$FBIOGET_CON2FBMAP(r7, 0x460f, &(0x7f0000002580)={0xa, 0x2})

2m11.427514906s ago: executing program 8 (id=2193):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x220}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000180)=0x7fff, 0x0, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="c21504239e1dc595f0766418b856f059", 0xfffffe99}], 0x2, &(0x7f0000001a00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL={0x8, 0x7, @rand_addr=0x64010101}, @IFLA_GTP_CREATE_SOCKETS={0x5}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xa0}, 0x0)
fadvise64(r2, 0x18, 0x0, 0x4)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f0000000000))
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r8}, 0x10)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
r10 = dup(r9)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x4, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)

1m55.9285088s ago: executing program 39 (id=2193):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x220}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x0, &(0x7f0000000180)=0x7fff, 0x0, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="c21504239e1dc595f0766418b856f059", 0xfffffe99}], 0x2, &(0x7f0000001a00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL={0x8, 0x7, @rand_addr=0x64010101}, @IFLA_GTP_CREATE_SOCKETS={0x5}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xa0}, 0x0)
fadvise64(r2, 0x18, 0x0, 0x4)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f0000000000))
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r8}, 0x10)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
r10 = dup(r9)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x4, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)

14.473109603s ago: executing program 1 (id=2465):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
iopl(0x3)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x3)
syz_emit_ethernet(0x3ac, &(0x7f0000000300)=ANY=[@ANYRESHEX=r1, @ANYRESDEC=r1, @ANYRESHEX=r0], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xc9, &(0x7f0000000480)=0x4000009, 0x4)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0xf00, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf240900020073797a3100000000080041007369770014003300626f6e643000000000000000000000003d84bec40a9a13a74f396cdd90bbbd3fd6bc81e7e78e48eb8ddbe2409ed3546937f468ae68285d019e9af8"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

10.719380395s ago: executing program 3 (id=2474):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x700, 0xa, 0x0, &(0x7f0000000380)="e460cdfbef2408000008", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = msgget$private(0x0, 0xd0)
msgctl$IPC_STAT(r1, 0x2, &(0x7f0000002680)=""/219)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000280)={0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x5, {0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40a, 0x0, "af33ff30427ca7d876f59fbec25b88ca6c0a9b32cf13babada39e64196a7399e"}})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
accept4(r5, 0x0, 0x0, 0x800)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)

10.571931414s ago: executing program 1 (id=2476):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x80, 0x3c, 0x3d, 0x8, 0xe96, 0xc001, 0x623f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x55, 0x0, 0x0, 0x35, 0xbb, 0xe2}}, {{0x9, 0x4, 0x59, 0x0, 0x0, 0xd5, 0x6e, 0xb7}}]}}]}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x5e24, 0x4, @local, 0x1}]}, &(0x7f0000000440)=0x10)
r1 = syz_clone(0x2000, &(0x7f0000000380)="00ab6296895932fa2afbe4233beb535c95202b669857cd27ff8b0e6739715732bbcb0c89878bc94012d0c388cdb5fcdc1377f7c9f93f5c71c4e82cae9f8d1ecab515c1afdb3428142152617ee91112c6a13326b9bb0376a447191812933778b3af65c76c04b3afd557194fd2b5cf1580615ba036b7dbc66feafe4093a82b52260d041210e413e9003e15e7858422090037cc6b54e6a72a2c0de800ae498764e190253675c4232c23", 0xa8, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)="cced524e61121e09ca3f09a10082838e6232c75ead925e6bf7e49d8261cc6c3168bb46fcd6f3952a905ffbccc97d1e52db11452dd4a9e1df6462f9fde0b2d501c62869e8ce650093081ff2eb53784b9a23318a40ce020db7086b276d4f69ab7483e8cb76408d95c9503c6a326347c4a961065bbb58a053e18e1d35f077f6ea91564e70cb38fd279b6cc0ed7978d2d41632b70e9af015ae70e4e19c694ecad38994cde2fd266e0894a11e5528ac4e07ec2b2fa392f69dbaa30992a4eb5fac")
prlimit64(r1, 0xf, &(0x7f0000000200)={0x3, 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007"], 0x38}}, 0x4048850)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x24, 0x4, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x24}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r6, 0x4068aea3, &(0x7f0000000500))
ptrace(0x10, r5)
ptrace$poke(0x5, r5, &(0x7f0000000080), 0x0)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = dup(r8)
ioctl$KVM_GET_DEVICE_ATTR_vm(r9, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x38000, 0x7}})
setsockopt$inet_sctp6_SCTP_EVENTS(r9, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x4, 0x7, 0x5, 0x4, 0xf4, 0x2, 0x4, 0x95, 0x6, 0x9, 0x8, 0xa, 0x7}, 0xe)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x25, &(0x7f0000000240)=ANY=[], 0x9c)

9.830718293s ago: executing program 3 (id=2479):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
pipe2$watch_queue(0x0, 0x80)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
nanosleep(0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=ANY=[@ANYBLOB="ac0000001800dd8d0000000000d200000200000000000006000000000600150001000000880016"], 0xac}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004002800018007000100637400001c00028008000240000000150500030000000000080001400000000d0900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r4, 0x400)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x3a, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000140)=ANY=[], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)=""/213, &(0x7f0000000180)=0xd5)

9.416719697s ago: executing program 0 (id=2482):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001e40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0040d07, &(0x7f0000000040)=0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000580)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001e40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0040d07, &(0x7f0000000040)=0x21) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000580)='percpu_alloc_percpu\x00', r0}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)

8.692499475s ago: executing program 0 (id=2483):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xdef0, 0x8000000000000000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f0000000040)={0xa}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r4, &(0x7f0000000500)="a4", 0xffe0, 0x4c, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x612d6cbdae96bb0a, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PTP_PIN_GETFUNC(0xffffffffffffffff, 0xc0603d06, &(0x7f0000000300)={'\x00', 0x38e237e3, 0x2, 0x3})
socket$inet6(0x10, 0x2, 0x0)

8.226472715s ago: executing program 9 (id=2484):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000200)={0x0, 0x0, 0x80000}, 0x20)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000d80)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000800)='P', 0x1}], 0x1}}], 0x1, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r2, 0x8947, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_tables_targets\x00')
ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0)
r4 = syz_open_dev$vivid(&(0x7f0000000200), 0x2, 0x2)
ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000780)={0xa, @sdr={0x39565559}})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x2a, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7e9, 0x2)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
io_uring_setup(0x50c7, &(0x7f00000002c0)={0x0, 0xff07, 0x80, 0x0, 0x40000000})
ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000180)=0xfffffff9)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@delneigh={0x44, 0x1a, 0x1, 0x400000, 0x0, {0xa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4}, [@NDA_CACHEINFO={0x14, 0x3, {0x7}}, @NDA_DST_IPV6={0x14, 0x1, @mcast2}]}, 0x44}}, 0x0)

7.701211123s ago: executing program 9 (id=2486):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
iopl(0x3)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x3)
syz_emit_ethernet(0x3ac, &(0x7f0000000300)=ANY=[@ANYRESHEX=r1, @ANYRESDEC=r1, @ANYRESHEX=r0], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xc9, &(0x7f0000000480)=0x4000009, 0x4)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0xf00, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf240900020073797a3100000000080041007369770014003300626f6e643000000000000000000000003d84bec40a9a13a74f396cdd90bbbd3fd6bc81e7e78e48eb8ddbe2409ed3546937f468ae68285d019e9af8"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

7.502641911s ago: executing program 0 (id=2488):
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{0x3, 0x0, 0x400000}, 0x0, [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x7fffffffffffffff, 0x7, 0x100000000000000, 0x8, 0x8, 0x0, 0x0, 0x0, 0x400000000, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x800000000001, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x751, 0x40000000000, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x370, 0x100000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4]})
mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000feffffff850000007100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
memfd_create(&(0x7f0000000dc0)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe5\xb9\xaf\xe21\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xb1\x9e\xc9P\xd5\xda\xf4r\xd5\x95\x13\x1c\xe4\x90\x9a\xc4\a\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x11\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaaj\xb7\xe7u\a\x802\xd7\x1f$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\v\x00\x00\x00#t>r\xae\xe8\xc9):K\x9c\x81Xb&dd\xa2f$s\"\xa7\x1f\xc9\x03\x86\xa9\x95\xf4\x92?A\x80\xe5\x8a\x1e\x8b\x97\x04y\xd7\x15\x97\x83Z\xa5\x1d\xafF\xc9\x94S\xf7\xad\xa9\x91\xa7\xe0\xe7 \xd2\x99\x19\xb0\x8fg\xf5\xec{1\xf0i\xac\x9a{\x12\x88A\xc1\xe9~\\\xad\xbcI\xb3?\x7f&u\xfc\xad\x96\xf7\x99\x8f\xcb\x95\xa8\x13\xe9?d\x18e/\x17\xde\x131(\xfe@\xbcu\xa9\xd4^)e[\xce\xb3r\a\xc7%Ai+a\xb4\x98\x03\xf0\x85\xd1\xa6\x19)\xe1L.\x97\x92i\xacTS\xc22\x8da\xd1\f\xdfY\x85Q\xda\xb6`\xcfz\xea \xaf\xdb\xa7\xe2|\f\xca\vY\x9cr\xdc\x9b\x84\xfb\xcc\v\x0f\xa7\x0et;\xbaq\x85\a5\x84\x12\xce,\x88|\xee8\xcdmn\xd7K\x0f\xc2-r\xf8HM8X\xdd\xc4\xb6\xb6\xcb\x8d\xd3D\x11#\x8f5\xf6\xf8\x05r82', 0x2)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003ac0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x20044840)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000a80)=[{{0x0, 0x0, &(0x7f0000000240)}}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)='\\', 0x1}], 0x1}}], 0x2, 0x0)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r5, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4)
write$binfmt_misc(r5, &(0x7f0000000300), 0x6)
recvmmsg(r5, &(0x7f0000009b40)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x80, 0x0)
ioctl$EVIOCGKEYCODE(r4, 0x40044581, 0x0)

6.115828792s ago: executing program 0 (id=2490):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x3}]}, 0x10)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x2, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r2, &(0x7f0000000300)={0xa, 0x4, 0xfa00, {r3}}, 0xc)
socket$kcm(0x2, 0xa, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x14)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_emit_ethernet(0xfdef, &(0x7f00000003c0)={@broadcast, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x500, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$autofs(0xffffff9c, &(0x7f0000000000), 0x200142, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)

5.960493083s ago: executing program 3 (id=2491):
r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080))
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}})

5.384437474s ago: executing program 1 (id=2492):
r0 = mq_open(&(0x7f0000001100)='*a%\xff\x00\xf1\fNC\x84\xe0\x99\x1e-\x9a\x0f\x1a\x90\xee\x10\xfeARsO\xae\xd6\x05K\xe2D\x8d\xa4H8\xcf:\a;\xd8\xc7\xc8\\C\xcf\xa7\xcb\xb4\xe4\x8dY\xe3\xa5K&\xe5\xc4\x84v\xfa\xe7\x11\xc4\x99\x10,\xe3M\x80\xd3\xc2\x1c\xb0\x84\xb83', 0x41, 0x0, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x12100, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
pipe(&(0x7f0000000080))
r5 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="280000000000000029000000043212ceb1a8fa64000009000000000000000000010000010000010001040000000000"], 0x28}}], 0x2, 0x40c8000)
sendmmsg(r5, &(0x7f0000005dc0)=[{{0x0, 0x0, &(0x7f0000004a80)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x40080)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
lseek(r0, 0xf, 0x0)

5.282251432s ago: executing program 3 (id=2493):
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x1ba, &(0x7f00000007c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb8100700086dd6012000801803afffe8000000000000000000000000000bbff02000000000000000000000000000102020000000000000700200100000000000000000000000000020502020000006c08000000000000c910fc02000000000000000000000000000009305f8c265cfffceeb6eb3e8cf4b1bc969b00bfcfc3ec73c4bcbbc850e8a6def127d0f18a153957a13222899023b70f5655000000002c0a010500000000fe8000000000000000000000000000aafc0100000000000000000000000000000000000000000000000000000000000100000000000000000000ffffe0000001fc0200000000000000000000000000ff3308020a00000000ff020000000000000000000000000001fe8000000000000000000000000000aafc010000000000000000000000000000fe8000000000000000000000000000bb86009078080002000000000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af18020001ffffffffff60000000000000"], 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0081000004000000000000000000000000000000bbff020000000000000000e8001202009078000005006050835900000000fc010000000000000000000000000000fc02000000800000000000000000070800"/130], 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r1 = syz_io_uring_setup(0xe42, &(0x7f0000000140)={0x0, 0x2119, 0x400, 0x1, 0x4}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(r3, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/147, 0x93}], 0x1, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x0)
setreuid(0x0, 0xee01)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r11, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)

5.182513074s ago: executing program 5 (id=2494):
r0 = syz_open_dev$video(0x0, 0x0, 0x0)
ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000040)={0x8})
timer_create(0x2, 0x0, &(0x7f0000000240))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$binder(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000380), 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r4, &(0x7f0000000180)=[{0x10, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @control}], 0x1c)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r5, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x100c})
syz_open_dev$usbmon(0x0, 0x100000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)

4.859814574s ago: executing program 9 (id=2495):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x680000, 0x0)
fchdir(r0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x80000000, 0x6, {}, {<r1=>0xffffffffffffffff}, 0xfffffffffffffff9, 0xfa22})
statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(r1, r2, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f00000001c0)=@generic={0x1, 0x6, 0xcf7})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r4=>r3, {0x63}}, './file0\x00'})
ioctl$EXT4_IOC_GROUP_ADD(r4, 0x40286608, &(0x7f0000000240)={0x4, 0x0, 0x5, 0x8, 0x3, 0x6})
ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0)
ioctl$EVIOCGPROP(r4, 0x80404509, &(0x7f00000002c0)=""/4096)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000012c0), 0x400000, 0x0)
mkdir(&(0x7f0000001300)='./file0\x00', 0x0)
r5 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000001340), 0x402802, 0x0)
pidfd_send_signal(r5, 0x1f, &(0x7f0000001380)={0x13, 0x7, 0x100}, 0x0)
getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000001400), &(0x7f0000001440)=0x4)
r6 = syz_open_dev$vcsu(&(0x7f0000001480), 0xbc73, 0x8040)
r7 = socket$alg(0x26, 0x5, 0x0)
sendmmsg$inet(r7, &(0x7f0000001c80)=[{{&(0x7f00000014c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001680)=[{&(0x7f0000001500)="ae1e14c3b56130769c399ec9481e8af032277bfcf403cbcff86d2f5e9bafe2add65d00f460ee0ac4eaaffe0870ca5c9dfa3ee122bb88625e3353b3439a550ad3b6ecb1d465f1cb5ef9488c1f03a44bf01b1f2db1429edca683e685213678792a7e0e988fb7e417ddb3581f360b74c9751f5bbf7b4125c689c70a61f7a57d6631bd5dc51050e7ae49022fedf807656cb5fa9f172e280fefd65d425e672e74cd5efd1c19e5973aa9e11247da23ca894aa521f9b83873102c3f3af235d315228f7afbe62618a808505a9b0882366f629a828d694f04f5d092a06d", 0xd9}, {&(0x7f0000001600)="b6cd21abd16d91ceaa021497a64c508074669c19e2d409fd121a9e89b4c4af1a4147301a4cae88bee270d65f7cacbc271be10193735b7e6be13363b8e91b82469c7a6fef3a31bdcbf1d181045a92a744d1721cf12414fb36c65df0e73d0b", 0x5e}], 0x2}}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f00000016c0)="abb8cca076d7e76cb4d53b23b901a69f87008d7664b2752e54cc2aae4c9467ed6aaee0d0466fddc94d2bcf09bad7b0addf04029789151e40cf4c028eed95a1f9df21349380ccc05402f9432a61570f15ca8b323b897451a0ec089b0c44053cc25f6bbf09e9266850af7d6f", 0x6b}, {&(0x7f0000001740)="f4575091c1b2be04a6542822247b7ac609b9013f968ea89dea464e6b39f38fb8ae86950ced91303a5d50981b3beac24845e9e79e2b1fd40cf589b45d", 0x3c}, {&(0x7f0000001780)="87fa395d18bab595c36069abbe2648a3a5149d00f21981ddaed9bc0bf91349b48f018b83151238935c8d9bb6e3a1ff9c6f913254d8977baa4100cf1d0a803c5ad9594bc9690ce03026829dbb2fa4cde1cb5277874ac795189ce89b4a5e5541692e3745b93631ccce3a6001a6f61187e193b0c5b34ab5eea6db4fafcc1e1548383dc68f6967a2e49b15684bf9abc77eeb68ad0daed364f0a24e00ce3ed8bcccea8a8fdfda02ddbcf5df00130846939934340dfcc79ff02407e86d9a2c0b0c405834215bf010ad5ee68fa94e", 0xcb}, {&(0x7f0000001880)="e783f1ba02efe048a6ca9cb8ff745f2d9944f0e565797d81bc553165f4a84611b65ac1760c4ca65dd4407a3d8c3e9122a0577743e50015c73b0fab6a38e81c8ce41c2a84165243b0f55f76d6a744cf89af9248c70d55386629ae1de9ccf2de0f36d82e8be8b19cbd1b89eef8961ded5204991efcfa8258cd680d4bafad1e7bc14e5e05abc6dd98130ff4c8cdceed3ca40b6afbae2780855de233a151ac4a64a09d71837ae5ce7719a1a22db70cbecd11f2887406", 0xb4}, {&(0x7f0000001940)="2be9515fc56a3113ba8fb82877f84c34587465a070fbf23d7c399bdd8cc2", 0x1e}, {&(0x7f0000001980)="c2e18a8c0c4012892a80a9f63a98a7a35394dd4cb4e944694d9adbd395fd541655d67c16c26757b958d4bf228c09d0e1f4cdc358f77aa5da6fbe339f9907f278d2bce8dc874b76ed1a2ee5e9c587ad100289158668edeb70720d6ad641977ee2e748911a2995d99d67a6933aa250c01fb06177fb19b5572653201081d4a714f66ef906cbffc9694a03759c02c84decc60ec7986437372bd19e", 0x99}, {&(0x7f0000001a40)}, {&(0x7f0000001a80)="2eee55e63f91b159d8144ddf08e399ae78a27502d4630b8eca8cd5583e09df974ea8d35431798d148447b07e98ae1a9a063b900d5e5ca65eae542c730efefae1b0adfe30c86df060cdad621aa75be4db9ad62a522ee275b24f1569117441615914899ae83d2c2b970b5e05ed54130cd179b15ec925d66b9654f258b7efaf71ca73718df4dff2abfacb4ae04aa087dfb243bd31262ce3e17ca0f2969b4e8b", 0x9e}], 0x8, &(0x7f0000001bc0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xc8}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x81}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2}}], 0xa8}}], 0x2, 0x40)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000001d00)='./file0\x00', 0x42400, 0xdf)
open_tree(r8, &(0x7f0000001d40)='./file0\x00', 0x88901)
r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000001d80), 0x30080, 0x0)
quotactl_fd$Q_GETQUOTA(r9, 0xffffffff80000702, r2, &(0x7f0000001dc0))
gettid()
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000001e40)={<r10=>0x0})
ioctl$DRM_IOCTL_DMA(r6, 0xc0406429, &(0x7f0000001f80)={r10, 0x1, &(0x7f0000001e80)=[0x8], &(0x7f0000001ec0), 0x21, 0x2, 0xff, &(0x7f0000001f00)=[0x1, 0x5], &(0x7f0000001f40)=[0x80000000, 0x1000, 0x3, 0x9, 0x9, 0x7, 0x6]})
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000001fc0)={0xc})

4.177527963s ago: executing program 5 (id=2496):
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$PTP_SYS_OFFSET(r0, 0x43403d05, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
timerfd_create(0x2, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
unshare(0x28000600)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000740)={'sit0\x00', &(0x7f0000000680)={'syztnl0\x00', <r5=>0x0, 0x700, 0x7800, 0x9e24, 0xf, {{0x1f, 0x4, 0x3, 0x1c, 0x7c, 0x66, 0x0, 0xb5, 0x4, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x3c}, {[@ra={0x94, 0x4}, @timestamp={0x44, 0x20, 0xaa, 0x0, 0x7, [0x8, 0x7, 0x5, 0x5d0, 0x7, 0x8ba, 0x4]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0x8c, 0x3, 0x3, [{@broadcast, 0xffffffff}, {@multicast1, 0x5}]}, @end, @lsrr={0x83, 0x27, 0xdd, [@empty, @rand_addr=0x64010100, @remote, @loopback, @private=0xa010101, @multicast1, @loopback, @dev={0xac, 0x14, 0x14, 0x18}, @rand_addr=0x64010101]}, @generic={0x88, 0x2}]}}}}})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x80, 0x4, 0x2, 0x800, r3, 0x8, '\x00', r5, 0xffffffffffffffff, 0x5, 0x5, 0x0, 0xd, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r6, 0x0, 0x0}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
sendmmsg$inet_sctp(r3, &(0x7f0000000480)=[{&(0x7f00000000c0)=@in6={0xa, 0x4e23, 0xffffffff, @rand_addr=' \x01\x00', 0x3}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000100)="0da8d210269090a5c2536e3ccba429f37a5539398c39c35f429c7c838f56b385ff2a44ef9d4c09dc9cc70eaf408d4aa603ae6eef5bdeaa41f898a729cbaf3a", 0x3f}, {&(0x7f00000001c0)="30b61f56e1dca444b68d9c39047f146537624816cbee1931f34515549afb8d806ccdf4253484efdd7d685dbae59ed5c837947bfe60f784909893549a6e841f74d54bfe5dd15fc80fbe69acb9e41d421ca83a19249b9fec4af28626b221fc687a8417c81c92faf53743326fe989820bb0602c1b23b552c8d0a66f187bec0b5716069cdd641eca2317a3c51f44e8f33d4b7cc9ae2414e30346e2646d80a867ccf4accf4841049d8b18d6ee260a479a7d3dbadefc7c4404fcce0f1c168c2c7ef04b234690cc87d8bf5c0f654396a239713e20", 0xd1}, {&(0x7f0000000540)="cc507d25efdfc2201b0433f4f76cea0a7b3a72120dee75f4b2e2f3a1adf2a0291eb46dab52ae9c906a213269259436303b6267ae29864740d47a76e378bcb163d998a5ea38842ea92f45e04ceb8f79bae3fee3c6e1796f91aaca3798f882c964e70bcb05df6394ebc342d196b8b1628da8687b556d3e3b7345297e7507fc83dfb6df28eeb2dda6340014de29481749a7234fae693b43885e332a61cfcfe98cea6cf6", 0xa2}, {&(0x7f00000002c0)="6c8e96ba91a61a1ed56faeb7376364927835269415", 0x15}], 0x4, &(0x7f0000000600)=[@dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x3e}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x1}}, @sndinfo={0x20, 0x84, 0x2, {0x0, 0x8004, 0x7, 0xe}}], 0x50, 0x800}], 0x1, 0x8000)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r8, &(0x7f0000000300), 0x20000000}, 0x20)

4.071542862s ago: executing program 9 (id=2497):
r0 = syz_open_dev$video(0x0, 0x0, 0x0)
ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000040)={0x8})
timer_create(0x2, 0x0, &(0x7f0000000240))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$binder(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000380), 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r4, &(0x7f0000000180)=[{0x10, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @control}], 0x1c)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r5, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x100c}) (fail_nth: 1)
syz_open_dev$usbmon(0x0, 0x100000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)

3.682160826s ago: executing program 0 (id=2498):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xdef0, 0x8000000000000000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f0000000040)={0xa}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r4, &(0x7f0000000500)="a4", 0xffe0, 0x4c, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x612d6cbdae96bb0a, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PTP_PIN_GETFUNC(0xffffffffffffffff, 0xc0603d06, &(0x7f0000000300)={'\x00', 0x38e237e3, 0x2, 0x3})
socket$inet6(0x10, 0x2, 0x0)

2.817726582s ago: executing program 9 (id=2499):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$setperm(0x5, 0x0, 0x21081c22)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bca)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$rds(0x15, 0x5, 0x0)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)="3989c9a1ca1c22fee6fbb0dc", 0xc}, 0x1, 0x0, 0x0, 0xa000041}, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = open(&(0x7f0000000000)='.\x00', 0x68800, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000000c0)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file5\x00', 0xc011, 0x1)
renameat2(r4, &(0x7f0000000000)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC(r5, 0x4068aea3, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x4}, 0x6)
bind$bt_hci(r6, &(0x7f00000002c0)={0x1f, 0x3, 0x2}, 0x6)

2.817260733s ago: executing program 5 (id=2500):
mmap(&(0x7f0000f5a000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

2.580146829s ago: executing program 3 (id=2501):
ioperm(0x0, 0x9, 0x5)
getdents(0xffffffffffffffff, 0x0, 0x0)

2.5798103s ago: executing program 5 (id=2502):
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a3281)
gettid()
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r3=>0x0})
r4 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b6a, &(0x7f0000000000)={0xfeff, 0x0, 0x3, 0x1d, 0x100, 0x0})
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f00000009c0)={&(0x7f0000000540)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10, 0x0, 0x0, &(0x7f0000001300)=[@fadd={0x58, 0x114, 0x6, {{0x0, 0x7}, &(0x7f0000001200)=0x7, 0x0, 0x1, 0x81, 0x9, 0x7, 0x24, 0x7ff}}], 0x58}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00!\x00', @ANYRES32=0x0, @ANYBLOB="05000000000000800000000000000500000e00000000000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000400000018000000090000000000000003b38fcbcf450000fdffffff00000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x36, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$video4linux(0x0, 0x7, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r2, 0x3b71, &(0x7f0000000280)={0x20, 0x0, 0x0, 0x1c, 0x1c})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, r3})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000280)={0x18, r6, 0x2, 0x0, &(0x7f00000002c0)=[{0x0, 0x2}, {0x800, 0xfffffffffffffffd}]})
ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000240)={0x28, 0x1, 0x0, r6, 0x7, 0x3, 0x40})
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, 0x0)

2.443692478s ago: executing program 3 (id=2503):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x80, 0x3c, 0x3d, 0x8, 0xe96, 0xc001, 0x623f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x55, 0x0, 0x0, 0x35, 0xbb, 0xe2}}, {{0x9, 0x4, 0x59, 0x0, 0x0, 0xd5, 0x6e, 0xb7}}]}}]}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x5e24, 0x4, @local, 0x1}]}, &(0x7f0000000440)=0x10)
r1 = syz_clone(0x2000, &(0x7f0000000380)="00ab6296895932fa2afbe4233beb535c95202b669857cd27ff8b0e6739715732bbcb0c89878bc94012d0c388cdb5fcdc1377f7c9f93f5c71c4e82cae9f8d1ecab515c1afdb3428142152617ee91112c6a13326b9bb0376a447191812933778b3af65c76c04b3afd557194fd2b5cf1580615ba036b7dbc66feafe4093a82b52260d041210e413e9003e15e7858422090037cc6b54e6a72a2c0de800ae498764e190253675c4232c23", 0xa8, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)="cced524e61121e09ca3f09a10082838e6232c75ead925e6bf7e49d8261cc6c3168bb46fcd6f3952a905ffbccc97d1e52db11452dd4a9e1df6462f9fde0b2d501c62869e8ce650093081ff2eb53784b9a23318a40ce020db7086b276d4f69ab7483e8cb76408d95c9503c6a326347c4a961065bbb58a053e18e1d35f077f6ea91564e70cb38fd279b6cc0ed7978d2d41632b70e9af015ae70e4e19c694ecad38994cde2fd266e0894a11e5528ac4e07ec2b2fa392f69dbaa30992a4eb5fac")
prlimit64(r1, 0xf, &(0x7f0000000200)={0x3, 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007"], 0x38}}, 0x4048850)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x24, 0x4, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x24}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r6, 0x4068aea3, &(0x7f0000000500))
ptrace(0x10, r5)
ptrace$poke(0x5, r5, &(0x7f0000000080), 0x0)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = dup(r8)
ioctl$KVM_GET_DEVICE_ATTR_vm(r9, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x38000, 0x7}})
setsockopt$inet_sctp6_SCTP_EVENTS(r9, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x4, 0x7, 0x5, 0x4, 0xf4, 0x2, 0x4, 0x95, 0x6, 0x9, 0x8, 0xa, 0x7}, 0xe)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x25, &(0x7f0000000240)=ANY=[], 0x9c)

1.895564046s ago: executing program 1 (id=2504):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = msgget$private(0x0, 0xd0)
msgctl$IPC_STAT(r1, 0x2, &(0x7f0000002680)=""/219)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000280)={0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x5, {0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40a, 0x0, "af33ff30427ca7d876f59fbec25b88ca6c0a9b32cf13babada39e64196a7399e"}})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
accept4(r5, 0x0, 0x0, 0x800)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)

1.811966261s ago: executing program 0 (id=2505):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed0000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
iopl(0x3)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x3)
syz_emit_ethernet(0x3ac, &(0x7f0000000300)=ANY=[@ANYRESHEX=r1, @ANYRESDEC=r1, @ANYRESHEX=r0], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xc9, &(0x7f0000000480)=0x4000009, 0x4)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0xf00, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf240900020073797a3100000000080041007369770014003300626f6e643000000000000000000000003d84bec40a9a13a74f396cdd90bbbd3fd6bc81e7e78e48eb8ddbe2409ed3546937f468ae68285d019e9af8"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

1.261782373s ago: executing program 5 (id=2506):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='iso9660\x00', 0x0, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@rr={0x7, 0xf, 0x5, [@remote, @rand_addr, @rand_addr]}, @timestamp={0x44, 0x10, 0x5, 0x3, 0x0, [0x0, 0x0, 0x0]}, @timestamp={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
pipe(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}]}}}]}]}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000040)
vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r5)
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/wireless\x00')
preadv2(r7, &(0x7f00000007c0)=[{&(0x7f0000000340)=""/199, 0xc7}, {&(0x7f00000001c0)=""/157, 0x9d}, {&(0x7f0000000440)=""/14, 0xe}, {&(0x7f0000000480)=""/16, 0x10}], 0x4, 0x8, 0xffffff7f, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', <r8=>0x0})
r9 = syz_io_uring_setup(0xa2e, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x4000, 0x10000}, &(0x7f0000000100)=<r10=>0x0, &(0x7f0000000000)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x57, 0x0, 0x27}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
io_uring_enter(r9, 0x5b3f, 0x0, 0x6, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r8, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}}, 0x0)
splice(r4, 0x0, r5, 0x0, 0x10500, 0x0)

1.200738583s ago: executing program 1 (id=2507):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0xff88)
syz_emit_ethernet(0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaa7bfed458c200000008004500002f0000fffd00119078000000000000000000004e20001b9078040000000e0000000900000000000000b5ba5c371ff05d6696565edfb92d61989b73fc31f6ad7d6ff64cc11691b6ff278a6465232cc5360dd726523bb209aa2e23d4dde49bfe6ec59e3f30a071ff49"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000019c0)=0x40, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0xe20, 0x0, @local}, 0x1c)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x1, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50)

266.055128ms ago: executing program 5 (id=2508):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000580)='debugfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(r2, 0x0, 0x0)
lseek(r2, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setrlimit(0x6, &(0x7f0000000680)={0xba, 0x8})
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read(r1, &(0x7f0000000580)=""/138, 0x8a)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
io_uring_setup(0x1d7f, &(0x7f00000004c0))
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x900, 0x12)

265.170557ms ago: executing program 9 (id=2509):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x700, 0xa, 0x0, &(0x7f0000000380)="e460cdfbef2408000008", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = msgget$private(0x0, 0xd0)
msgctl$IPC_STAT(r2, 0x2, &(0x7f0000002680)=""/219)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000280)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x5, {0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40a, 0x0, "af33ff30427ca7d876f59fbec25b88ca6c0a9b32cf13babada39e64196a7399e"}})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
accept4(r6, 0x0, 0x0, 0x800)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)

0s ago: executing program 1 (id=2510):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x3}]}, 0x10)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x2, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r2, &(0x7f0000000300)={0xa, 0x4, 0xfa00, {r3}}, 0xc)
socket$kcm(0x2, 0xa, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x14)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_emit_ethernet(0xfdef, &(0x7f00000003c0)={@broadcast, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x500, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

 veth1_vlan: left promiscuous mode
[  716.614311][ T8478] veth0_vlan: left promiscuous mode
[  716.800292][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  717.772452][T13051] Bluetooth: hci0: command tx timeout
[  718.700258][T14336] ieee802154 phy1 wpan1: encryption failed: -22
[  719.802485][T14348] netlink: 165 bytes leftover after parsing attributes in process `syz.7.2050'.
[  719.830717][T14348] syz.7.2050 (14348): drop_caches: 2
[  719.855485][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.915329][ T8478] team0 (unregistering): Port device team_slave_1 removed
[  719.917819][T14352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2051'.
[  719.974743][ T8478] team0 (unregistering): Port device team_slave_0 removed
[  720.631998][ T1201] lo speed is unknown, defaulting to 1000
[  720.680477][T14332] FAULT_INJECTION: forcing a failure.
[  720.680477][T14332] name failslab, interval 1, probability 0, space 0, times 0
[  720.695093][T14332] CPU: 0 UID: 0 PID: 14332 Comm: syz.8.2046 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  720.705654][T14332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  720.715739][T14332] Call Trace:
[  720.719039][T14332]  <TASK>
[  720.721988][T14332]  dump_stack_lvl+0x241/0x360
[  720.726698][T14332]  ? __pfx_dump_stack_lvl+0x10/0x10
[  720.731925][T14332]  ? __pfx__printk+0x10/0x10
[  720.736559][T14332]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  720.742139][T14332]  ? __pfx___might_resched+0x10/0x10
[  720.747454][T14332]  should_fail_ex+0x3b0/0x4e0
[  720.752161][T14332]  ? skb_clone+0x20c/0x390
[  720.756599][T14332]  should_failslab+0xac/0x100
[  720.761305][T14332]  ? skb_clone+0x20c/0x390
[  720.765741][T14332]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  720.771150][T14332]  skb_clone+0x20c/0x390
[  720.775431][T14332]  netlink_trim+0x14a/0x220
[  720.779946][T14332]  netlink_broadcast_filtered+0x76/0x12a0
[  720.785666][T14332]  ? __pfx___alloc_skb+0x10/0x10
[  720.790601][T14332]  ? __local_bh_enable_ip+0x168/0x200
[  720.796007][T14332]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  720.801763][T14332]  ? qdisc_notify+0x2ec/0x4b0
[  720.806464][T14332]  nlmsg_notify+0xfb/0x1c0
[  720.810890][T14332]  qdisc_graft+0x12d3/0x1660
[  720.815474][T14332]  ? __pfx_qdisc_graft+0x10/0x10
[  720.820412][T14332]  ? __pfx_qdisc_create+0x10/0x10
[  720.825451][T14332]  ? lockdep_rtnl_is_held+0x26/0x40
[  720.830666][T14332]  tc_modify_qdisc+0xf47/0x1e40
[  720.835545][T14332]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  720.840841][T14332]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  720.846128][T14332]  rtnetlink_rcv_msg+0x73f/0xcf0
[  720.851069][T14332]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  720.856211][T14332]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  720.861701][T14332]  ? ref_tracker_free+0x643/0x7e0
[  720.866718][T14332]  netlink_rcv_skb+0x1e3/0x430
[  720.871493][T14332]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  720.876944][T14332]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  720.882235][T14332]  ? netlink_deliver_tap+0x2e/0x1b0
[  720.887423][T14332]  netlink_unicast+0x7f6/0x990
[  720.892196][T14332]  ? __pfx_netlink_unicast+0x10/0x10
[  720.897472][T14332]  ? __virt_addr_valid+0x183/0x530
[  720.902589][T14332]  ? __check_object_size+0x48e/0x900
[  720.907916][T14332]  netlink_sendmsg+0x8e4/0xcb0
[  720.912712][T14332]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.918013][T14332]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.923308][T14332]  __sock_sendmsg+0x221/0x270
[  720.928146][T14332]  ____sys_sendmsg+0x52a/0x7e0
[  720.932914][T14332]  ? __pfx_____sys_sendmsg+0x10/0x10
[  720.938207][T14332]  ? __fget_files+0x2a/0x410
[  720.942817][T14332]  ? __fget_files+0x2a/0x410
[  720.947416][T14332]  __sys_sendmsg+0x269/0x350
[  720.952023][T14332]  ? __pfx___sys_sendmsg+0x10/0x10
[  720.957190][T14332]  ? bpf_trace_run2+0x1fc/0x540
[  720.962055][T14332]  ? bpf_trace_run2+0x36e/0x540
[  720.966904][T14332]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  720.973228][T14332]  ? rcu_is_watching+0x15/0xb0
[  720.977990][T14332]  ? trace_sys_enter+0x1f/0xd0
[  720.982748][T14332]  do_syscall_64+0xf3/0x230
[  720.987245][T14332]  ? clear_bhb_loop+0x35/0x90
[  720.991920][T14332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.998268][T14332] RIP: 0033:0x7fed9697e819
[  721.002686][T14332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  721.022325][T14332] RSP: 002b:00007fed947f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  721.030734][T14332] RAX: ffffffffffffffda RBX: 00007fed96b35fa0 RCX: 00007fed9697e819
[  721.038700][T14332] RDX: 0000000000044080 RSI: 0000000020000040 RDI: 0000000000000003
[  721.046663][T14332] RBP: 00007fed947f6090 R08: 0000000000000000 R09: 0000000000000000
[  721.054644][T14332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  721.062630][T14332] R13: 0000000000000000 R14: 00007fed96b35fa0 R15: 00007ffe13633d88
[  721.070604][T14332]  </TASK>
[  721.384237][T14239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  722.101046][T14239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.217054][T14365] FAULT_INJECTION: forcing a failure.
[  722.217054][T14365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  722.247113][T14365] CPU: 1 UID: 0 PID: 14365 Comm: syz.0.2056 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  722.257569][T14365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  722.267620][T14365] Call Trace:
[  722.270895][T14365]  <TASK>
[  722.273815][T14365]  dump_stack_lvl+0x241/0x360
[  722.278483][T14365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  722.283666][T14365]  ? __pfx__printk+0x10/0x10
[  722.288250][T14365]  should_fail_ex+0x3b0/0x4e0
[  722.292924][T14365]  _copy_to_user+0x31/0xb0
[  722.297347][T14365]  bpf_verifier_vlog+0x5dc/0x860
[  722.302277][T14365]  __btf_verifier_log+0xd5/0x120
[  722.307200][T14365]  ? bpf_verifier_vlog+0x32b/0x860
[  722.312297][T14365]  ? __pfx___btf_verifier_log+0x10/0x10
[  722.317831][T14365]  ? btf_parse_hdr+0x1e3/0x710
[  722.322586][T14365]  btf_parse_hdr+0x323/0x710
[  722.327190][T14365]  btf_new_fd+0x391/0xd30
[  722.331543][T14365]  ? __pfx_btf_new_fd+0x10/0x10
[  722.336410][T14365]  ? bpf_btf_load+0xcf/0x1a0
[  722.341005][T14365]  __sys_bpf+0x6ef/0x810
[  722.345253][T14365]  ? __pfx___sys_bpf+0x10/0x10
[  722.350048][T14365]  __x64_sys_bpf+0x7c/0x90
[  722.354461][T14365]  do_syscall_64+0xf3/0x230
[  722.358956][T14365]  ? clear_bhb_loop+0x35/0x90
[  722.363638][T14365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.369523][T14365] RIP: 0033:0x7f0c8b57e819
[  722.373940][T14365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.393545][T14365] RSP: 002b:00007f0c8c3ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  722.401978][T14365] RAX: ffffffffffffffda RBX: 00007f0c8b735fa0 RCX: 00007f0c8b57e819
[  722.409938][T14365] RDX: 0000000000000028 RSI: 0000000020000200 RDI: 0000000000000012
[  722.417895][T14365] RBP: 00007f0c8c3ba090 R08: 0000000000000000 R09: 0000000000000000
[  722.425850][T14365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  722.433811][T14365] R13: 0000000000000001 R14: 00007f0c8b735fa0 R15: 00007ffc6c00ce48
[  722.441795][T14365]  </TASK>
[  722.879728][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.990371][T14371] netlink: 165 bytes leftover after parsing attributes in process `syz.8.2057'.
[  723.012406][T14371] syz.8.2057 (14371): drop_caches: 2
[  723.018957][T14371] netlink: 'syz.8.2057': attribute type 3 has an invalid length.
[  723.417263][T14239] team0: Port device team_slave_0 added
[  723.693866][T14239] team0: Port device team_slave_1 added
[  724.151219][T14239] batman_adv: batadv0: Adding interface: batadv_slave_0
[  724.158299][T14239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  724.420234][T14388] ieee802154 phy1 wpan1: encryption failed: -22
[  724.471152][T14391] siw: device registration error -23
[  724.477648][T14239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  724.660881][T14239] batman_adv: batadv0: Adding interface: batadv_slave_1
[  724.668578][T14239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  724.843305][T14395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2063'.
[  725.003194][T14239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  725.868336][T14239] hsr_slave_0: entered promiscuous mode
[  725.926265][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  725.948045][T14239] hsr_slave_1: entered promiscuous mode
[  726.750234][T14422] binder: BINDER_SET_CONTEXT_MGR already set
[  726.756936][T14422] binder: 14418:14422 ioctl 4018620d 200001c0 returned -16
[  727.660790][T14239] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  727.806179][T13051] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  727.816650][T13051] CPU: 1 UID: 0 PID: 13051 Comm: kworker/u9:1 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  727.827274][T13051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  727.837368][T13051] Workqueue: hci3 hci_rx_work
[  727.842083][T13051] Call Trace:
[  727.845377][T13051]  <TASK>
[  727.848333][T13051]  dump_stack_lvl+0x241/0x360
[  727.853038][T13051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  727.858256][T13051]  ? __pfx__printk+0x10/0x10
[  727.862875][T13051]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  727.868183][T13051]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  727.873764][T13051]  sysfs_create_dir_ns+0x2ce/0x3a0
[  727.878905][T13051]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  727.884565][T13051]  kobject_add_internal+0x435/0x8d0
[  727.889791][T13051]  kobject_add+0x152/0x220
[  727.894223][T13051]  ? preempt_schedule_thunk+0x1a/0x30
[  727.899614][T13051]  ? device_add+0x3e7/0xbf0
[  727.904131][T13051]  ? __pfx_kobject_add+0x10/0x10
[  727.909085][T13051]  ? _raw_spin_unlock+0x3e/0x50
[  727.913960][T13051]  ? get_device_parent+0x165/0x410
[  727.919091][T13051]  device_add+0x4e5/0xbf0
[  727.923444][T13051]  hci_conn_add_sysfs+0xe8/0x200
[  727.928419][T13051]  le_conn_complete_evt+0xc9f/0x12e0
[  727.933736][T13051]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  727.939496][T13051]  hci_le_conn_complete_evt+0x18c/0x420
[  727.945064][T13051]  hci_event_packet+0xa55/0x1540
[  727.950031][T13051]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  727.955348][T13051]  ? __pfx_hci_event_packet+0x10/0x10
[  727.960746][T13051]  ? mark_lock+0x9a/0x360
[  727.965094][T13051]  ? hci_send_to_monitor+0xd8/0x7f0
[  727.970331][T13051]  ? kcov_remote_start+0x97/0x7d0
[  727.975386][T13051]  hci_rx_work+0x3f3/0xdb0
[  727.979841][T13051]  ? process_scheduled_works+0x976/0x1850
[  727.985584][T13051]  process_scheduled_works+0xa63/0x1850
[  727.991183][T13051]  ? __pfx_process_scheduled_works+0x10/0x10
[  727.997200][T13051]  ? assign_work+0x364/0x3d0
[  728.001820][T13051]  worker_thread+0x870/0xd30
[  728.006449][T13051]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  728.012374][T13051]  ? __kthread_parkme+0x169/0x1d0
[  728.017429][T13051]  ? __pfx_worker_thread+0x10/0x10
[  728.022566][T13051]  kthread+0x2f0/0x390
[  728.026660][T13051]  ? __pfx_worker_thread+0x10/0x10
[  728.031792][T13051]  ? __pfx_kthread+0x10/0x10
[  728.036399][T13051]  ret_from_fork+0x4b/0x80
[  728.040832][T13051]  ? __pfx_kthread+0x10/0x10
[  728.045438][T13051]  ret_from_fork_asm+0x1a/0x30
[  728.050241][T13051]  </TASK>
[  728.101201][T14239] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  728.119518][T13051] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  728.133764][T13051] Bluetooth: hci3: failed to register connection device
[  728.248487][T14239] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  728.558317][T14437] ieee802154 phy1 wpan1: encryption failed: -22
[  728.773040][T14239] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  729.037907][T14439] siw: device registration error -23
[  729.044565][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.481456][T14239] 8021q: adding VLAN 0 to HW filter on device bond0
[  729.494341][T14239] 8021q: adding VLAN 0 to HW filter on device team0
[  729.501586][ T5890] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  729.526649][T14256] bridge0: port 1(bridge_slave_0) entered blocking state
[  729.533820][T14256] bridge0: port 1(bridge_slave_0) entered forwarding state
[  729.590476][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  729.597591][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  729.666889][ T5890] usb 8-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  729.696576][ T5890] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.711414][ T5952] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  729.716193][ T5890] usb 8-1: Product: syz
[  729.725198][ T5890] usb 8-1: Manufacturer: syz
[  729.730173][ T5890] usb 8-1: SerialNumber: syz
[  729.747218][ T5890] r8152-cfgselector 8-1: Unknown version 0x0000
[  729.757122][ T5890] r8152-cfgselector 8-1: config 0 descriptor??
[  729.879587][ T5952] usb 9-1: Using ep0 maxpacket: 16
[  729.898626][ T5952] usb 9-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  729.929603][ T5952] usb 9-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  729.949788][ T5952] usb 9-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  729.993922][ T5952] usb 9-1: config 0 interface 0 has no altsetting 0
[  730.012882][ T5952] usb 9-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  730.037715][T14459] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2080'.
[  730.058103][ T5952] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.072250][T14239] 8021q: adding VLAN 0 to HW filter on device batadv0
[  730.079969][T14459] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2080'.
[  730.092167][ T5952] usb 9-1: config 0 descriptor??
[  730.100435][T14459] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2080'.
[  730.191593][ T5890] r8152-cfgselector 8-1: Unknown version 0x0000
[  730.198023][ T5890] r8152-cfgselector 8-1: bad CDC descriptors
[  730.227047][ T5890] r8152-cfgselector 8-1: USB disconnect, device number 32
[  730.349618][  T969] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  730.457557][T14239] veth0_vlan: entered promiscuous mode
[  730.472814][T14239] veth1_vlan: entered promiscuous mode
[  730.499743][  T969] usb 1-1: Using ep0 maxpacket: 8
[  730.508691][ T5952] hid (null): unknown global tag 0xe
[  730.509204][T14239] veth0_macvtap: entered promiscuous mode
[  730.516045][  T969] usb 1-1: config 0 has an invalid interface number: 100 but max is 0
[  730.528772][ T5952] hid (null): report_id 0 is invalid
[  730.530679][T14239] veth1_macvtap: entered promiscuous mode
[  730.544496][  T969] usb 1-1: config 0 has no interface number 0
[  730.562468][  T969] usb 1-1: config 0 interface 100 altsetting 5 bulk endpoint 0x2 has invalid maxpacket 16
[  730.572723][ T5952] input: HID 0458:5010 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0458:5010.001E/input/input38
[  730.585427][  T969] usb 1-1: config 0 interface 100 has no altsetting 0
[  730.593437][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  730.597111][  T969] usb 1-1: New USB device found, idVendor=0f11, idProduct=1001, bcdDevice=7d.4b
[  730.612510][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  730.613472][  T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.631952][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  730.644354][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  730.654667][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  730.666954][  T969] usb 1-1: Product: syz
[  730.666976][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  730.680874][ T5952] kye 0003:0458:5010.001E: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.8-1/input0
[  730.682537][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  730.705491][  T969] usb 1-1: Manufacturer: syz
[  730.724321][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  730.729418][  T969] usb 1-1: SerialNumber: syz
[  730.761214][  T969] usb 1-1: config 0 descriptor??
[  730.784206][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  730.827949][T14461] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  730.846866][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  730.894998][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  730.969255][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.036483][T14239] batman_adv: batadv0: Interface activated: batadv_slave_0
[  731.094848][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  731.120013][  T969] ldusb 1-1:0.100: Interrupt in endpoint not found
[  731.139906][  T969] usb 1-1: USB disconnect, device number 55
[  731.150920][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.171340][T13139] udevd[13139]: setting owner of /dev/bus/usb/001/055 to uid=0, gid=0 failed: No such file or directory
[  731.176838][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  731.239322][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.249834][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  731.269587][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.284912][T14474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  731.294092][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  731.305715][T14474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  731.319902][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.343777][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  731.356396][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.367603][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  731.383634][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  731.408566][T14239] batman_adv: batadv0: Interface activated: batadv_slave_1
[  731.438929][T14239] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  731.471818][T14239] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  731.492505][T14239] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  731.528342][T14239] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  731.710479][    C1] kye 0003:0458:5010.001E: usb_submit_urb(ctrl) failed: -1
[  731.726346][T14482] vivid-000: =================  START STATUS  =================
[  731.734447][T14482] vivid-000: Generate PTS: true
[  731.739677][T14482] vivid-000: Generate SCR: true
[  731.744532][T14482] tpg source WxH: 1920x1080 (R'G'B)
[  731.749790][T14482] tpg field: 1
[  731.753151][T14482] tpg crop: 1920x1080@0x0
[  731.757463][T14482] tpg compose: 1920x1080@0x0
[  731.762151][T14482] tpg colorspace: 8
[  731.766508][T14482] tpg transfer function: 0/2
[  731.771168][T14482] tpg quantization: 0/1
[  731.775309][T14482] tpg RGB range: 0/2
[  731.779188][T14482] vivid-000: ==================  END STATUS  ==================
[  731.813795][ T1201] usb 9-1: USB disconnect, device number 4
[  732.272347][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.499092][T14256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  732.507677][T14256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  732.552736][T14486] sp0: Synchronizing with TNC
[  732.592898][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  732.601653][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  732.746641][T14492] ieee802154 phy1 wpan1: encryption failed: -22
[  732.803383][T14494] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2088'.
[  733.379559][ T1201] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  733.562858][ T1201] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  733.638910][ T1201] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  734.340835][ T1201] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  734.357454][ T1201] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  734.366035][ T1201] usb 9-1: SerialNumber: syz
[  734.610145][T14516] ieee802154 phy1 wpan1: encryption failed: -22
[  734.845896][T14523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  734.905116][T14523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.131415][T14527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.143865][ T1201] usb 9-1: 0:2 : does not exist
[  735.148844][ T1201] usb 9-1: unit 5: unexpected type 0x09
[  735.174477][T14527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.206675][ T1201] usb 9-1: USB disconnect, device number 5
[  735.295265][T14487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  735.449612][  T969] usb 8-1: new high-speed USB device number 34 using dummy_hcd
[  735.490890][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  736.403511][T14536] delete_channel: no stack
[  738.179398][T14563] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2106'.
[  738.578970][T14568] fuse: Bad value for 'fd'
[  739.036944][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  739.370961][T14574] netlink: 165 bytes leftover after parsing attributes in process `syz.8.2110'.
[  739.484860][T14574] syz.8.2110 (14574): drop_caches: 2
[  739.522163][T14574] netlink: 'syz.8.2110': attribute type 3 has an invalid length.
[  740.121304][ T1201] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  740.232887][T14583] No source specified
[  740.279544][ T1201] usb 10-1: Using ep0 maxpacket: 16
[  740.297130][ T1201] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  740.332284][ T1201] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.391933][ T1201] usb 10-1: Product: syz
[  740.421891][ T1201] usb 10-1: Manufacturer: syz
[  740.468348][ T1201] usb 10-1: SerialNumber: syz
[  740.535323][ T1201] usb 10-1: config 0 descriptor??
[  740.555117][ T1201] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[  740.595015][ T1201] usb 10-1: Detected FT232H
[  740.767152][ T1201] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  740.809664][ T1201] ftdi_sio 10-1:0.0: GPIO initialisation failed: -32
[  740.852976][ T1201] usb 10-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  740.865152][  T969] usb 8-1: device descriptor read/64, error -110
[  741.170259][  T969] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[  741.340534][  T969] usb 8-1: device descriptor read/64, error -32
[  741.383635][T14603] FAULT_INJECTION: forcing a failure.
[  741.383635][T14603] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  741.474370][T14603] CPU: 1 UID: 0 PID: 14603 Comm: syz.4.2116 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  741.484884][T14603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  741.494983][T14603] Call Trace:
[  741.498285][T14603]  <TASK>
[  741.501234][T14603]  dump_stack_lvl+0x241/0x360
[  741.505953][T14603]  ? __pfx_dump_stack_lvl+0x10/0x10
[  741.511170][T14603]  ? __pfx__printk+0x10/0x10
[  741.515793][T14603]  ? snprintf+0xda/0x120
[  741.520057][T14603]  should_fail_ex+0x3b0/0x4e0
[  741.524766][T14603]  _copy_to_user+0x31/0xb0
[  741.529209][T14603]  simple_read_from_buffer+0xca/0x150
[  741.534613][T14603]  proc_fail_nth_read+0x1e9/0x250
[  741.539668][T14603]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  741.545239][T14603]  ? rw_verify_area+0x568/0x6f0
[  741.550110][T14603]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  741.555683][T14603]  vfs_read+0x1fc/0xb70
[  741.559879][T14603]  ? __pfx___mutex_lock+0x10/0x10
[  741.564934][T14603]  ? __pfx_vfs_read+0x10/0x10
[  741.569633][T14603]  ? __fget_files+0x2a/0x410
[  741.574252][T14603]  ? __fget_files+0x395/0x410
[  741.578954][T14603]  ? __fget_files+0x2a/0x410
[  741.583580][T14603]  ksys_read+0x18f/0x2b0
[  741.587853][T14603]  ? __pfx_ksys_read+0x10/0x10
[  741.592652][T14603]  ? rcu_is_watching+0x15/0xb0
[  741.597444][T14603]  ? trace_sys_enter+0x1f/0xd0
[  741.602234][T14603]  do_syscall_64+0xf3/0x230
[  741.606759][T14603]  ? clear_bhb_loop+0x35/0x90
[  741.611468][T14603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.617397][T14603] RIP: 0033:0x7f5878d7d25c
[  741.621832][T14603] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  741.641466][T14603] RSP: 002b:00007f5879b75030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  741.649911][T14603] RAX: ffffffffffffffda RBX: 00007f5878f35fa0 RCX: 00007f5878d7d25c
[  741.657905][T14603] RDX: 000000000000000f RSI: 00007f5879b750a0 RDI: 0000000000000004
[  741.665904][T14603] RBP: 00007f5879b75090 R08: 0000000000000000 R09: 0000000000000000
[  741.673899][T14603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  741.681897][T14603] R13: 0000000000000000 R14: 00007f5878f35fa0 R15: 00007ffc9bcc58e8
[  741.689912][T14603]  </TASK>
[  741.999679][  T969] usb usb8-port1: attempt power cycle
[  742.079736][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  742.369971][  T969] usb 8-1: new high-speed USB device number 36 using dummy_hcd
[  742.459853][  T969] usb 8-1: device descriptor read/8, error -32
[  742.749655][  T969] usb 8-1: new high-speed USB device number 37 using dummy_hcd
[  742.781510][  T969] usb 8-1: device descriptor read/8, error -32
[  742.900726][T14620] ieee802154 phy1 wpan1: encryption failed: -22
[  742.929564][  T969] raw-gadget.0 gadget.7: failed to queue suspend event
[  742.949488][ T1201] usb 10-1: USB disconnect, device number 2
[  742.958794][ T1201] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  743.008878][ T1201] ftdi_sio 10-1:0.0: device disconnected
[  743.025865][  T969] usb usb8-port1: unable to enumerate USB device
[  743.471834][T14626] delete_channel: no stack
[  743.569966][T14630] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2124'.
[  743.801670][T14634] gretap0: entered promiscuous mode
[  743.842849][T14634] macsec1: entered promiscuous mode
[  743.869602][T14634] macsec1: entered allmulticast mode
[  743.900559][T14634] gretap0: entered allmulticast mode
[  743.950411][T14634] gretap0: left allmulticast mode
[  743.976095][T14634] gretap0: left promiscuous mode
[  745.457686][ T1201] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  745.627014][T14652] trusted_key: syz.0.2128 sent an empty control message without MSG_MORE.
[  747.531223][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  747.550608][T14669] FAULT_INJECTION: forcing a failure.
[  747.550608][T14669] name failslab, interval 1, probability 0, space 0, times 0
[  747.620790][T14669] CPU: 0 UID: 0 PID: 14669 Comm: syz.0.2133 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  747.631250][T14669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  747.641344][T14669] Call Trace:
[  747.644615][T14669]  <TASK>
[  747.647533][T14669]  dump_stack_lvl+0x241/0x360
[  747.652219][T14669]  ? __pfx_dump_stack_lvl+0x10/0x10
[  747.657417][T14669]  ? __pfx__printk+0x10/0x10
[  747.662012][T14669]  ? __kmalloc_noprof+0xb0/0x400
[  747.666942][T14669]  ? __pfx___might_resched+0x10/0x10
[  747.672218][T14669]  should_fail_ex+0x3b0/0x4e0
[  747.676888][T14669]  ? mpi_alloc+0x7a/0x140
[  747.681200][T14669]  should_failslab+0xac/0x100
[  747.685870][T14669]  ? mpi_alloc+0x7a/0x140
[  747.690187][T14669]  __kmalloc_noprof+0xd8/0x400
[  747.694946][T14669]  mpi_alloc+0x7a/0x140
[  747.699083][T14669]  mpi_read_raw_data+0x169/0x970
[  747.704014][T14669]  dh_set_secret+0x26a/0x460
[  747.708587][T14669]  ? __kmalloc_node_noprof+0x247/0x440
[  747.714030][T14669]  ? crypto_create_tfm_node+0x88/0x3d0
[  747.719479][T14669]  ? __pfx_dh_set_secret+0x10/0x10
[  747.724576][T14669]  ? crypto_create_tfm_node+0x1fb/0x3d0
[  747.730107][T14669]  ? crypto_alloc_tfm_node+0x332/0x360
[  747.735553][T14669]  __keyctl_dh_compute+0x64c/0xf50
[  747.740665][T14669]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  747.746294][T14669]  ? __pfx___might_resched+0x10/0x10
[  747.751575][T14669]  ? __might_fault+0xc6/0x120
[  747.756237][T14669]  keyctl_dh_compute+0x107/0x160
[  747.761184][T14669]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  747.766637][T14669]  __se_sys_keyctl+0x3f3/0x910
[  747.771387][T14669]  ? __pfx___se_sys_keyctl+0x10/0x10
[  747.776657][T14669]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  747.782618][T14669]  ? __fget_files+0x2a/0x410
[  747.787196][T14669]  ? bpf_trace_run2+0x1fc/0x540
[  747.792034][T14669]  ? bpf_trace_run2+0x36e/0x540
[  747.796869][T14669]  ? __pfx_bpf_trace_run2+0x10/0x10
[  747.802051][T14669]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  747.808014][T14669]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  747.814325][T14669]  ? rcu_is_watching+0x15/0xb0
[  747.819074][T14669]  ? __x64_sys_keyctl+0x20/0xc0
[  747.823911][T14669]  do_syscall_64+0xf3/0x230
[  747.828397][T14669]  ? clear_bhb_loop+0x35/0x90
[  747.833059][T14669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.838954][T14669] RIP: 0033:0x7f0c8b57e819
[  747.843364][T14669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.862959][T14669] RSP: 002b:00007f0c8c3ba038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  747.871363][T14669] RAX: ffffffffffffffda RBX: 00007f0c8b735fa0 RCX: 00007f0c8b57e819
[  747.879319][T14669] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000017
[  747.887283][T14669] RBP: 00007f0c8c3ba090 R08: 0000000020000000 R09: 0000000000000000
[  747.895240][T14669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  747.903198][T14669] R13: 0000000000000000 R14: 00007f0c8b735fa0 R15: 00007ffc6c00ce48
[  747.911166][T14669]  </TASK>
[  748.229644][  T969] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  748.618209][  T969] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  748.626739][  T969] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  748.668364][  T969] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  748.683852][ T1201] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  748.734379][  T969] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  748.859664][  T969] usb 1-1: Manufacturer: syz
[  748.970366][  T969] usb 1-1: config 0 descriptor??
[  748.977324][  T969] igorplugusb 1-1:0.0: incorrect number of endpoints
[  749.269808][T14683] fuse: Unknown parameter 'fd´ÿÚÖÏ;¹‘& (6nl^+;à¹%‰…ø½/éYÔ<ò7ðíž‘þ�öá÷íd®¸áÜ´>å’™žÉü�Ñš6I�í	Ö6Ë
œ+ˆ&.$Ç’d�7n'
[  749.793372][T14691] atomic_op ffff88805dba5998 conn xmit_atomic 0000000000000000
[  749.824443][T14691] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  751.285005][T14704] netlink: 165 bytes leftover after parsing attributes in process `syz.8.2142'.
[  751.302497][T14704] syz.8.2142 (14704): drop_caches: 2
[  751.315051][T14704] netlink: 'syz.8.2142': attribute type 3 has an invalid length.
[  751.329871][T13051] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  751.420439][T13051] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  751.429045][T13051] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  751.436850][T13051] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  751.448488][T13051] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  751.456005][T13051] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  753.920604][   T54] Bluetooth: hci5: command tx timeout
[  753.949780][T14487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  754.338525][T14705] chnl_net:caif_netlink_parms(): no params data found
[  754.504226][T14545] usb 1-1: USB disconnect, device number 56
[  754.664173][T14712] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2143'.
[  754.893157][T14712] syz.0.2143 (14712): drop_caches: 2
[  754.910971][T14712] netlink: 'syz.0.2143': attribute type 3 has an invalid length.
[  755.464553][T14727] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2147'.
[  755.473962][T14727] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2147'.
[  756.480033][T13051] Bluetooth: hci5: command tx timeout
[  756.505008][T14733] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2149'.
[  756.530899][T14733] syz.0.2149 (14733): drop_caches: 2
[  756.541277][T14733] netlink: 'syz.0.2149': attribute type 3 has an invalid length.
[  756.596841][T14524] bridge0: port 3(syz_tun) entered disabled state
[  756.662723][T14524] syz_tun (unregistering): left allmulticast mode
[  756.669196][T14524] syz_tun (unregistering): left promiscuous mode
[  756.676017][T14524] bridge0: port 3(syz_tun) entered disabled state
[  756.850816][T14732] bridge0: port 2(bridge_slave_1) entered disabled state
[  756.858138][T14732] bridge0: port 1(bridge_slave_0) entered disabled state
[  757.557299][  T969] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  757.590525][ T1201] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  757.781799][  T969] usb 10-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  757.886469][  T969] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  757.909939][  T969] usb 10-1: config 0 descriptor??
[  757.920596][  T969] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  757.965001][ T8478] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.206870][T14705] bridge0: port 1(bridge_slave_0) entered blocking state
[  758.227126][T14705] bridge0: port 1(bridge_slave_0) entered disabled state
[  758.282317][T14705] bridge_slave_0: entered allmulticast mode
[  758.326724][T14705] bridge_slave_0: entered promiscuous mode
[  758.430609][ T8478] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.507216][T14705] bridge0: port 2(bridge_slave_1) entered blocking state
[  758.534101][T14705] bridge0: port 2(bridge_slave_1) entered disabled state
[  758.559632][T13051] Bluetooth: hci5: command tx timeout
[  758.578596][T14705] bridge_slave_1: entered allmulticast mode
[  758.660907][T14705] bridge_slave_1: entered promiscuous mode
[  758.955633][ T8478] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  759.192915][T14705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  760.107119][T14255] Bluetooth: hci4: Frame reassembly failed (-84)
[  760.194319][T14767] ieee802154 phy1 wpan1: encryption failed: -22
[  760.301054][ T8478] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  760.361864][T14705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  760.518483][T14738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  760.588584][T14738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  760.611922][T14705] team0: Port device team_slave_0 added
[  760.639883][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.649327][   T54] Bluetooth: hci5: command tx timeout
[  760.686676][T14705] team0: Port device team_slave_1 added
[  760.714782][T14738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  760.769782][T14738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  760.878215][T14705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  760.894503][T14705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  761.035997][T14705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  761.100284][ T8478] bridge_slave_1: left allmulticast mode
[  761.179572][ T8478] bridge_slave_1: left promiscuous mode
[  761.185578][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.213193][ T8478] bridge_slave_0: left allmulticast mode
[  761.224472][ T8478] bridge_slave_0: left promiscuous mode
[  761.419042][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.388647][T13051] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  762.500423][  T969] gspca_stv06xx: I2C: Read error writing address: -71
[  762.508960][  T969] usb 10-1: USB disconnect, device number 3
[  762.959479][T14780] Bluetooth: MGMT ver 1.23
[  763.701172][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  764.092135][T14786] 9pnet_fd: p9_fd_create_unix (14786): problem connecting socket: ./file1: -2
[  764.972228][T14781] Bluetooth: hci3: command 0x0406 tx timeout
[  765.039560][   T54] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  765.199830][   T54] Bluetooth: hci0: command 0x1407 tx timeout
[  765.522071][T14524] raw-gadget.0 gadget.7: failed to queue disconnect event
[  766.585579][T14800] FAULT_INJECTION: forcing a failure.
[  766.585579][T14800] name failslab, interval 1, probability 0, space 0, times 0
[  766.598469][T14800] CPU: 0 UID: 0 PID: 14800 Comm: syz.8.2167 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  766.608920][T14800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  766.619007][T14800] Call Trace:
[  766.622308][T14800]  <TASK>
[  766.625271][T14800]  dump_stack_lvl+0x241/0x360
[  766.629990][T14800]  ? __pfx_dump_stack_lvl+0x10/0x10
[  766.635212][T14800]  ? __pfx__printk+0x10/0x10
[  766.639832][T14800]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  766.645583][T14800]  ? __pfx___might_resched+0x10/0x10
[  766.650905][T14800]  should_fail_ex+0x3b0/0x4e0
[  766.655622][T14800]  ? vm_area_dup+0x61/0x290
[  766.660152][T14800]  should_failslab+0xac/0x100
[  766.664858][T14800]  ? vm_area_dup+0x61/0x290
[  766.669472][T14800]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  766.674875][T14800]  vm_area_dup+0x61/0x290
[  766.679234][T14800]  __split_vma+0x1cb/0xc50
[  766.683694][T14800]  ? __pfx___split_vma+0x10/0x10
[  766.688664][T14800]  ? validate_chain+0x11e/0x5920
[  766.693634][T14800]  vms_gather_munmap_vmas+0x2ee/0x15d0
[  766.699122][T14800]  ? validate_chain+0x11e/0x5920
[  766.704090][T14800]  ? __pfx_lock_acquire+0x10/0x10
[  766.709138][T14800]  ? __pfx_validate_chain+0x10/0x10
[  766.714375][T14800]  ? __pfx_validate_chain+0x10/0x10
[  766.719600][T14800]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  766.725527][T14800]  ? mark_lock+0x9a/0x360
[  766.729872][T14800]  ? __pfx_validate_chain+0x10/0x10
[  766.735095][T14800]  ? __lock_acquire+0x1397/0x2100
[  766.740150][T14800]  do_vmi_align_munmap+0x3ff/0x6f0
[  766.745288][T14800]  ? __lock_acquire+0x1397/0x2100
[  766.750375][T14800]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  766.756064][T14800]  ? mas_find+0x8c0/0xbb0
[  766.760422][T14800]  do_vmi_munmap+0x24e/0x2d0
[  766.765045][T14800]  do_munmap+0x18a/0x240
[  766.769319][T14800]  ? __pfx_do_munmap+0x10/0x10
[  766.774116][T14800]  ? __pfx_down_write_killable+0x10/0x10
[  766.779790][T14800]  __se_sys_mremap+0x1005/0x1a00
[  766.784761][T14800]  ? bpf_trace_run2+0x1fc/0x540
[  766.789657][T14800]  ? __pfx___se_sys_mremap+0x10/0x10
[  766.794987][T14800]  ? bpf_trace_run2+0x1fc/0x540
[  766.799864][T14800]  ? bpf_trace_run2+0x36e/0x540
[  766.804742][T14800]  ? __pfx_bpf_trace_run2+0x10/0x10
[  766.809946][T14800]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  766.815948][T14800]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  766.822274][T14800]  ? rcu_is_watching+0x15/0xb0
[  766.827044][T14800]  ? __x64_sys_mremap+0x20/0xc0
[  766.831897][T14800]  do_syscall_64+0xf3/0x230
[  766.836396][T14800]  ? clear_bhb_loop+0x35/0x90
[  766.841073][T14800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.846967][T14800] RIP: 0033:0x7fed9697e819
[  766.851381][T14800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  766.870984][T14800] RSP: 002b:00007fed947f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  766.879401][T14800] RAX: ffffffffffffffda RBX: 00007fed96b35fa0 RCX: 00007fed9697e819
[  766.887373][T14800] RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000000020ffc000
[  766.895346][T14800] RBP: 00007fed947f6090 R08: 0000000020002000 R09: 0000000000000000
[  766.903319][T14800] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  766.911294][T14800] R13: 0000000000000000 R14: 00007fed96b35fa0 R15: 00007ffe13633d88
[  766.919273][T14800]  </TASK>
[  766.931143][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.159327][ T8478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  767.171953][ T8478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  767.187567][ T8478] bond0 (unregistering): Released all slaves
[  767.220236][T14705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  767.227989][T14705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.271270][T14705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  767.568394][T14776] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  767.807071][T14793] bridge0: port 3(syz_tun) entered blocking state
[  767.822395][T14793] bridge0: port 3(syz_tun) entered disabled state
[  767.856111][T14793] syz_tun: entered allmulticast mode
[  768.256877][T14793] syz_tun: entered promiscuous mode
[  768.262732][T14793] bridge0: port 3(syz_tun) entered blocking state
[  768.269257][T14793] bridge0: port 3(syz_tun) entered forwarding state
[  768.452340][T14705] hsr_slave_0: entered promiscuous mode
[  768.458876][T14705] hsr_slave_1: entered promiscuous mode
[  768.469638][T14705] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  768.477230][T14705] Cannot create hsr debugfs directory
[  770.197156][T14818] fuse: Bad value for 'fd'
[  770.619493][T13051] Bluetooth: hci2: command 0x0406 tx timeout
[  770.827204][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.846509][T14831] ieee802154 phy1 wpan1: encryption failed: -22
[  773.197499][ T1201] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  774.940554][ T1201] IPVS: starting estimator thread 0...
[  775.029628][T14844] IPVS: using max 21 ests per chain, 50400 per kthread
[  776.178542][T14848] kernel read not supported for file /${$ (pid: 14848 comm: syz.8.2179)
[  776.199811][   T29] audit: type=1800 audit(1732245650.823:208): pid=14848 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.2179" name="${$" dev="mqueue" ino=54104 res=0 errno=0
[  776.242831][T14487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  777.347289][T11295] syz_tun (unregistering): left allmulticast mode
[  777.353801][T11295] syz_tun (unregistering): left promiscuous mode
[  777.362029][T11295] bridge0: port 3(syz_tun) entered disabled state
[  777.374427][ T8478] hsr_slave_0: left promiscuous mode
[  777.380485][ T8478] hsr_slave_1: left promiscuous mode
[  777.390932][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  777.398378][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_0
[  777.475225][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  777.530509][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_1
[  777.667418][T14856] netlink: 165 bytes leftover after parsing attributes in process `syz.9.2181'.
[  777.698820][T14856] syz.9.2181 (14856): drop_caches: 2
[  777.707976][T14856] netlink: 'syz.9.2181': attribute type 3 has an invalid length.
[  777.747435][ T8478] veth1_macvtap: left promiscuous mode
[  777.750595][T14781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  777.753125][ T8478] veth0_macvtap: left promiscuous mode
[  777.765835][ T8478] veth1_vlan: left promiscuous mode
[  777.771519][T14781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  777.771530][ T8478] veth0_vlan: left promiscuous mode
[  777.796995][T14781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  777.806360][T14781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  777.813530][T14487] usb 9-1: new low-speed USB device number 6 using dummy_hcd
[  777.834969][T14781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  777.842476][T14781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  777.986020][T14487] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  777.997205][T14487] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  778.018911][T14487] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  778.030348][T14487] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  778.050604][T14487] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  778.062498][T14487] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.102361][T14487] hub 9-1:1.0: bad descriptor, ignoring hub
[  778.114503][T14487] hub 9-1:1.0: probe with driver hub failed with error -5
[  778.122398][T14487] cdc_wdm 9-1:1.0: skipping garbage
[  778.128844][T14487] cdc_wdm 9-1:1.0: skipping garbage
[  778.149793][T14487] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  778.179526][T14487] cdc_wdm 9-1:1.0: Unknown control protocol
[  778.443729][T14860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.460786][T14860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.684413][ T8478] team0 (unregistering): Port device team_slave_1 removed
[  778.736114][ T8478] team0 (unregistering): Port device team_slave_0 removed
[  779.282076][ T1201] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.292360][   T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.313259][ T1201] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.322109][ T7106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.919686][T14781] Bluetooth: hci1: command tx timeout
[  779.933179][T14705] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  779.955486][T14705] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  779.979263][T14705] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  780.106772][T14705] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  780.226758][T14857] chnl_net:caif_netlink_parms(): no params data found
[  780.343948][T14869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2184'.
[  780.404335][ T8478] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  780.415741][ T8478] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  780.493306][   T29] audit: type=1326 audit(1732245655.123:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14854 comm="syz.8.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9697e819 code=0x7fc00000
[  780.712603][ T7106] usb 9-1: USB disconnect, device number 6
[  781.051272][ T8478] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.390336][ T8478] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  782.260991][T14781] Bluetooth: hci1: command tx timeout
[  782.440300][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  782.753647][ T8478] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.787101][ T8478] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  783.025818][T14892] fuse: Bad value for 'fd'
[  783.742755][T14887] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2188'.
[  784.011364][ T8478] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  784.236227][ T8478] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  784.674771][T14903] netlink: 92 bytes leftover after parsing attributes in process `syz.8.2191'.
[  784.961594][T14781] Bluetooth: hci1: command tx timeout
[  786.068468][T14910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2192'.
[  786.138887][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  786.218366][T14857] bridge0: port 1(bridge_slave_0) entered blocking state
[  786.226035][T14857] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.258161][T14857] bridge_slave_0: entered allmulticast mode
[  786.272266][T14857] bridge_slave_0: entered promiscuous mode
[  786.489747][T14857] bridge0: port 2(bridge_slave_1) entered blocking state
[  786.496962][T14857] bridge0: port 2(bridge_slave_1) entered disabled state
[  786.623140][T14857] bridge_slave_1: entered allmulticast mode
[  786.731113][T14857] bridge_slave_1: entered promiscuous mode
[  787.036034][T14919] Falling back ldisc for ptm0.
[  787.166251][T14781] Bluetooth: hci1: command tx timeout
[  787.243131][T14705] 8021q: adding VLAN 0 to HW filter on device bond0
[  787.303749][T14857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  787.324092][T14857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  787.407999][T14705] 8021q: adding VLAN 0 to HW filter on device team0
[  787.428447][T14927] use of bytesused == 0 is deprecated and will be removed in the future,
[  787.536241][T14925] netlink: 'syz.9.2196': attribute type 29 has an invalid length.
[  787.549013][T14927] use the actual size instead.
[  787.570728][T14857] team0: Port device team_slave_0 added
[  787.582385][T14857] team0: Port device team_slave_1 added
[  787.761950][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state
[  787.769117][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  787.791716][ T8478] bridge_slave_1: left allmulticast mode
[  787.797415][ T8478] bridge_slave_1: left promiscuous mode
[  787.819679][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state
[  787.852052][ T8478] bridge_slave_0: left allmulticast mode
[  787.857744][ T8478] bridge_slave_0: left promiscuous mode
[  787.877359][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state
[  787.982321][ T1201] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  788.140109][ T1201] usb 10-1: Using ep0 maxpacket: 16
[  788.152480][ T1201] usb 10-1: config 0 has an invalid interface number: 41 but max is 0
[  788.161902][ T1201] usb 10-1: config 0 has no interface number 0
[  788.168131][ T1201] usb 10-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  788.191514][ T1201] usb 10-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  788.205612][ T1201] usb 10-1: config 0 interface 41 has no altsetting 0
[  788.228460][ T1201] usb 10-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  788.246160][ T1201] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  788.257471][ T1201] usb 10-1: Product: syz
[  788.271041][ T1201] usb 10-1: Manufacturer: syz
[  788.275855][ T1201] usb 10-1: SerialNumber: syz
[  788.304101][ T1201] usb 10-1: config 0 descriptor??
[  788.315220][T14931] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  788.334292][T14931] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  788.554574][T14931] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  788.568491][T14931] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  789.200700][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  789.215251][ T1201] CoreChips 10-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  789.272786][ T8478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  789.285343][ T8478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  789.298584][ T8478] bond0 (unregistering): Released all slaves
[  789.435732][T14939] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2200'.
[  789.694482][T14940] netlink: 'syz.0.2200': attribute type 3 has an invalid length.
[  789.697842][T14939] syz.0.2200 (14939): drop_caches: 2
[  789.900102][T14857] batman_adv: batadv0: Adding interface: batadv_slave_0
[  789.916262][T14857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  789.975917][T14857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  789.993883][T14857] batman_adv: batadv0: Adding interface: batadv_slave_1
[  790.002227][T14857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  790.028462][    C1] vkms_vblank_simulate: vblank timer overrun
[  790.039120][T14857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  790.058839][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.065959][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  790.093796][ T8478] tipc: Disabling bearer <udp:s>
[  790.120127][ T8478] tipc: Left network mode
[  790.240388][T14857] hsr_slave_0: entered promiscuous mode
[  790.255570][T14857] hsr_slave_1: entered promiscuous mode
[  790.263326][T14857] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  790.274391][T14857] Cannot create hsr debugfs directory
[  790.332154][T14944] nvme_fabrics: unknown parameter or missing value 'ó' in ctrl creation request
[  791.879562][ T8478] hsr_slave_0: left promiscuous mode
[  792.227432][ T8478] hsr_slave_1: left promiscuous mode
[  792.254022][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  792.261722][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_0
[  792.360485][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  792.388975][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_1
[  792.428172][ T1201] CoreChips 10-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  792.506455][ T8478] veth1_macvtap: left promiscuous mode
[  792.514001][ T1201] CoreChips 10-1:0.41: probe with driver CoreChips failed with error -71
[  792.541145][ T8478] veth0_macvtap: left promiscuous mode
[  792.546748][ T8478] veth1_vlan: left promiscuous mode
[  792.580225][ T1201] usb 10-1: USB disconnect, device number 4
[  792.601243][ T8478] veth0_vlan: left promiscuous mode
[  792.681354][T14487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  792.741739][T14955] ieee802154 phy1 wpan1: encryption failed: -22
[  793.130114][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  793.529612][T14487] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[  793.711262][T14487] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  793.731898][T14487] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.769549][T14487] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  793.799588][T14487] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  793.822660][T14487] usb 10-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  793.858450][T14487] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  793.868285][T14487] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  793.891268][T14487] usb 10-1: SerialNumber: syz
[  793.912052][T14487] cdc_acm 10-1:1.0: Control and data interfaces are not separated!
[  793.935381][T14487] cdc_acm 10-1:1.0: probe with driver cdc_acm failed with error -12
[  794.137759][ T7106] usb 10-1: USB disconnect, device number 5
[  794.284472][ T8478] team0 (unregistering): Port device team_slave_1 removed
[  794.362370][ T8478] team0 (unregistering): Port device team_slave_0 removed
[  794.656411][T14961] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2205'.
[  795.109999][T14964] ieee802154 phy1 wpan1: encryption failed: -22
[  795.360252][ T7106] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  795.564701][ T7106] usb 10-1: Using ep0 maxpacket: 16
[  795.578928][ T7106] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  795.648167][ T7106] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  795.673105][ T7106] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  795.709179][ T7106] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.724196][ T7106] usb 10-1: Product: syz
[  795.728489][ T7106] usb 10-1: Manufacturer: syz
[  795.742865][ T7106] usb 10-1: SerialNumber: syz
[  795.894360][ T7106] usb 10-1: config 0 descriptor??
[  795.912087][ T7106] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  795.930344][ T7106] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class)
[  796.236338][ T8478] vcan0 (unregistering): left allmulticast mode
[  796.603163][ T7106] em28xx 10-1:0.0: chip ID is em2750
[  796.812548][ T7106] em28xx 10-1:0.0: Config register raw data: 0x99
[  797.020970][ T7106] em28xx 10-1:0.0: AC97 chip type couldn't be determined
[  797.028073][ T7106] em28xx 10-1:0.0: No AC97 audio processor
[  797.093763][ T7106] usb 10-1: USB disconnect, device number 6
[  797.132242][T14487] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  797.143244][ T7106] em28xx 10-1:0.0: Disconnecting em28xx
[  797.170685][ T7106] em28xx 10-1:0.0: Freeing device
[  797.676499][T14705] 8021q: adding VLAN 0 to HW filter on device batadv0
[  797.817522][T14705] veth0_vlan: entered promiscuous mode
[  797.878996][T14705] veth1_vlan: entered promiscuous mode
[  798.114488][T14705] veth0_macvtap: entered promiscuous mode
[  798.235593][T14705] veth1_macvtap: entered promiscuous mode
[  798.258643][ T8478] IPVS: stop unused estimator thread 0...
[  798.834295][T14857] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  798.910978][T14857] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  798.934861][T14857] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  798.957124][T14857] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  799.041273][T14987] atomic_op ffff88803a440998 conn xmit_atomic 0000000000000000
[  799.059942][T14987] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  799.393182][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  799.519408][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  799.563632][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  799.609548][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  799.638993][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  799.662335][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  799.729911][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  799.746674][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  799.756811][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  799.800039][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  799.828561][T14705] batman_adv: batadv0: Interface activated: batadv_slave_0
[  799.868851][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  799.905107][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  799.931503][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  799.979497][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  800.019638][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  800.058423][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  800.069191][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  800.088378][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  800.098715][T14705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  800.118357][T14705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  800.770074][ T5892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  800.780124][T14705] batman_adv: batadv0: Interface activated: batadv_slave_1
[  800.813178][T14705] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  800.822078][T14705] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  800.839999][T14705] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  800.848725][T14705] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  801.530807][ T8478] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.293660][T15003] ieee802154 phy1 wpan1: encryption failed: -22
[  802.578378][ T8478] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.770037][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  802.781937][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  802.791040][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  802.837232][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  802.847078][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  802.854476][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  802.996693][ T8478] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.089003][ T8478] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.150354][ T8488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  803.178322][ T8488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  803.288908][T14857] 8021q: adding VLAN 0 to HW filter on device bond0
[  803.369491][ T5889] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  803.380306][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  803.388484][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  803.819794][   T25] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  803.985848][   T25] usb 10-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  804.018156][T14857] 8021q: adding VLAN 0 to HW filter on device team0
[  804.039720][   T25] usb 10-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  804.101146][   T25] usb 10-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29
[  804.124861][   T25] usb 10-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  804.151094][   T25] usb 10-1: Manufacturer: syz
[  804.155865][   T25] usb 10-1: SerialNumber: syz
[  804.160820][ T5889] usb 1-1: Using ep0 maxpacket: 8
[  804.173059][ T5889] usb 1-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18
[  804.182289][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.190511][ T5889] usb 1-1: Product: syz
[  804.194697][ T5889] usb 1-1: Manufacturer: syz
[  804.199318][ T5889] usb 1-1: SerialNumber: syz
[  804.208219][ T5889] usb 1-1: config 0 descriptor??
[  804.215280][ T5889] esd_usb 1-1:0.0: sending version message failed
[  804.230109][ T5889] esd_usb 1-1:0.0: probe with driver esd_usb failed with error -22
[  804.246423][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.253636][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  804.278853][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.286049][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  804.357279][ T8478] bridge_slave_1: left allmulticast mode
[  804.418420][ T8478] bridge_slave_1: left promiscuous mode
[  804.436533][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state
[  804.458152][ T8478] bridge_slave_0: left allmulticast mode
[  804.463980][ T8478] bridge_slave_0: left promiscuous mode
[  804.471565][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.961728][T14781] Bluetooth: hci2: command tx timeout
[  805.628121][ T8478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  805.643263][ T8478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  805.657446][ T8478] bond0 (unregistering): Released all slaves
[  805.681002][T15007] vlan2: entered allmulticast mode
[  805.686972][T15007] bond0: entered allmulticast mode
[  805.692784][T15007] bond_slave_0: entered allmulticast mode
[  805.700550][T15007] bond_slave_1: entered allmulticast mode
[  805.708132][T15007] bond0: left allmulticast mode
[  805.713420][T15007] bond_slave_0: left allmulticast mode
[  805.718959][T15007] bond_slave_1: left allmulticast mode
[  805.785852][T15020] netlink: 'syz.3.2220': attribute type 29 has an invalid length.
[  805.806684][T15004] chnl_net:caif_netlink_parms(): no params data found
[  805.838877][T14545] usb 1-1: USB disconnect, device number 57
[  805.884248][ T8478] tipc: Disabling bearer <udp:s>
[  805.897160][ T8478] tipc: Left network mode
[  806.199066][   T25] usbhid 10-1:36.0: couldn't find an input interrupt endpoint
[  806.226420][   T25] usb 10-1: USB disconnect, device number 7
[  806.688107][T14857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.940100][T15004] bridge0: port 1(bridge_slave_0) entered blocking state
[  807.195570][T15052] afs: Unknown parameter 'Ð74‰$\éøžm5'
[  807.222491][T14781] Bluetooth: hci2: command tx timeout
[  807.288469][T15004] bridge0: port 1(bridge_slave_0) entered disabled state
[  807.394846][T15004] bridge_slave_0: entered allmulticast mode
[  807.813100][T15004] bridge_slave_0: entered promiscuous mode
[  807.831368][T15004] bridge0: port 2(bridge_slave_1) entered blocking state
[  807.862751][T15004] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.884069][T15004] bridge_slave_1: entered allmulticast mode
[  807.893101][T15004] bridge_slave_1: entered promiscuous mode
[  808.056337][T15004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  808.296013][T15064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2227'.
[  808.352068][T15063] netlink: 165 bytes leftover after parsing attributes in process `syz.9.2226'.
[  808.391718][T15063] syz.9.2226 (15063): drop_caches: 2
[  808.402339][T15063] netlink: 'syz.9.2226': attribute type 3 has an invalid length.
[  808.416267][ T8478] hsr_slave_0: left promiscuous mode
[  808.633478][ T8478] hsr_slave_1: left promiscuous mode
[  808.758492][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  808.942424][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_0
[  808.953582][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  808.963533][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  808.972708][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_1
[  809.186369][ T8478] veth1_macvtap: left promiscuous mode
[  809.199633][ T8478] veth0_macvtap: left promiscuous mode
[  809.205536][ T8478] veth1_vlan: left promiscuous mode
[  809.214615][ T8478] veth0_vlan: left promiscuous mode
[  809.282027][   T54] Bluetooth: hci2: command tx timeout
[  809.307498][T15075] fuse: Bad value for 'fd'
[  810.749855][T14545] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  810.923751][T14545] usb 4-1: Using ep0 maxpacket: 8
[  810.946882][T14545] usb 4-1: config 0 has an invalid interface number: 85 but max is 1
[  810.959773][T14545] usb 4-1: config 0 has an invalid interface number: 89 but max is 1
[  810.997837][T14545] usb 4-1: config 0 has no interface number 0
[  811.014724][T14545] usb 4-1: config 0 has no interface number 1
[  811.031463][T14545] usb 4-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  811.062736][T14545] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.077063][T14545] usb 4-1: Product: syz
[  811.085029][T14545] usb 4-1: Manufacturer: syz
[  811.094147][T14545] usb 4-1: SerialNumber: syz
[  811.106011][T14545] usb 4-1: config 0 descriptor??
[  811.369508][   T54] Bluetooth: hci2: command tx timeout
[  812.039056][T15098] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2234'.
[  812.417619][ T8478] team0 (unregistering): Port device team_slave_1 removed
[  812.480800][ T8478] team0 (unregistering): Port device team_slave_0 removed
[  813.337660][T15004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  813.418390][T15092] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2231'.
[  813.494282][T15004] team0: Port device team_slave_0 added
[  813.522905][T15004] team0: Port device team_slave_1 added
[  813.854005][T15004] batman_adv: batadv0: Adding interface: batadv_slave_0
[  813.885709][T15004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  814.862794][T15004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  814.885487][T14857] veth0_vlan: entered promiscuous mode
[  814.895268][T15004] batman_adv: batadv0: Adding interface: batadv_slave_1
[  815.092911][T15112] siw: device registration error -23
[  815.790288][ T1201] usb 4-1: USB disconnect, device number 7
[  815.821964][T15004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  815.899570][T15004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  816.132528][T15004] hsr_slave_0: entered promiscuous mode
[  816.170567][T15004] hsr_slave_1: entered promiscuous mode
[  816.206025][T15004] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  816.232287][T15004] Cannot create hsr debugfs directory
[  816.246670][T15114] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2239'.
[  816.258118][T14857] veth1_vlan: entered promiscuous mode
[  816.503311][ T8478] IPVS: stop unused estimator thread 0...
[  817.455593][T14857] veth0_macvtap: entered promiscuous mode
[  817.464454][T14857] veth1_macvtap: entered promiscuous mode
[  817.480508][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  817.491063][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.500956][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  817.511681][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.521608][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  817.532204][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.542088][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  817.552634][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.562626][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  817.573149][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.585093][T14857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  817.603296][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.614671][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.624998][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.642832][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.652743][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.663306][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.673510][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.684980][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.694965][T14857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.705671][T14857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.720348][T14857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  817.730872][T14857] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  817.739685][T14857] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  817.748406][T14857] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  817.757208][T14857] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  817.905554][T15127] netlink: 165 bytes leftover after parsing attributes in process `syz.3.2238'.
[  818.077084][T15120] netlink: 'syz.3.2238': attribute type 3 has an invalid length.
[  818.164758][T15127] syz.3.2238 (15127): drop_caches: 2
[  818.230261][ T8478] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.522937][ T8478] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.786744][T15134] ieee802154 phy1 wpan1: encryption failed: -22
[  819.791188][T15147] siw: device registration error -23
[  820.603547][T15145] ieee802154 phy1 wpan1: encryption failed: -22
[  820.983425][T15148] netlink: 165 bytes leftover after parsing attributes in process `syz.3.2246'.
[  821.005096][T15148] syz.3.2246 (15148): drop_caches: 2
[  821.014897][T15148] netlink: 'syz.3.2246': attribute type 3 has an invalid length.
[  821.114048][ T8478] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.263724][ T8478] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.769472][T15166] fuse: Bad value for 'fd'
[  823.649782][ T8488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  823.649807][ T8488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  823.817448][ T8488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  823.817474][ T8488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  823.831758][ T8478] bridge_slave_1: left allmulticast mode
[  823.831786][ T8478] bridge_slave_1: left promiscuous mode
[  823.831938][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state
[  823.833957][ T8478] bridge_slave_0: left allmulticast mode
[  823.833979][ T8478] bridge_slave_0: left promiscuous mode
[  823.834123][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.329125][T15199] ptrace attach of "./syz-executor exec"[15200] was attempted by "./syz-executor exec"[15199]
[  828.779766][T15210] fuse: Unknown parameter ''
[  828.847878][T15210] loop2: detected capacity change from 0 to 7
[  829.022695][T15210] Dev loop2: unable to read RDB block 7
[  829.049508][T15210]  loop2: unable to read partition table
[  829.092014][T15210] loop2: partition table beyond EOD, truncated
[  829.119022][T15210] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  829.170914][ T8478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  829.240753][ T8478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  829.436229][ T8478] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  829.632860][T15216] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2261'.
[  829.916416][ T8478] bond0 (unregistering): Released all slaves
[  830.793674][T15228] atomic_op ffff888078e54998 conn xmit_atomic 0000000000000000
[  831.193122][T15231] FAULT_INJECTION: forcing a failure.
[  831.193122][T15231] name failslab, interval 1, probability 0, space 0, times 0
[  831.248923][T15231] CPU: 0 UID: 0 PID: 15231 Comm: syz.5.2180 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  831.259392][T15231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  831.269555][T15231] Call Trace:
[  831.272849][T15231]  <TASK>
[  831.275795][T15231]  dump_stack_lvl+0x241/0x360
[  831.280494][T15231]  ? __pfx_dump_stack_lvl+0x10/0x10
[  831.285710][T15231]  ? __pfx__printk+0x10/0x10
[  831.290325][T15231]  ? snd_seq_pool_poll_wait+0xd4/0x130
[  831.295823][T15231]  ? loop_rw_iter+0xda/0x5a0
[  831.300446][T15231]  ? snd_seq_kernel_client_write_poll+0xe5/0x160
[  831.302908][T15224] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  831.306786][T15231]  ? bpf_lsm_file_permission+0x9/0x10
[  831.318936][T15231]  should_fail_ex+0x3b0/0x4e0
[  831.323652][T15231]  should_failslab+0xac/0x100
[  831.328357][T15231]  ? io_arm_poll_handler+0x4d5/0xb80
[  831.333656][T15231]  __kmalloc_cache_noprof+0x6c/0x2c0
[  831.338962][T15231]  io_arm_poll_handler+0x4d5/0xb80
[  831.344085][T15231]  ? __pfx_io_arm_poll_handler+0x10/0x10
[  831.349718][T15231]  ? io_issue_sqe+0x7ab/0x13d0
[  831.354485][T15231]  ? __pfx_io_issue_sqe+0x10/0x10
[  831.359527][T15231]  io_queue_async+0xa4/0x4e0
[  831.364118][T15231]  io_submit_sqes+0xe2b/0x1d90
[  831.368898][T15231]  __se_sys_io_uring_enter+0x2c8/0x3200
[  831.374449][T15231]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  831.380354][T15231]  ? ksys_write+0x22a/0x2b0
[  831.384878][T15231]  ? __pfx_lock_release+0x10/0x10
[  831.389917][T15231]  ? vfs_write+0x730/0xd30
[  831.394348][T15231]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  831.400345][T15231]  ? __mutex_unlock_slowpath+0x21e/0x790
[  831.406000][T15231]  ? __pfx_vfs_write+0x10/0x10
[  831.410774][T15231]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  831.416753][T15231]  ? __fget_files+0x2a/0x410
[  831.421350][T15231]  ? __fget_files+0x2a/0x410
[  831.425950][T15231]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  831.431928][T15231]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  831.438253][T15231]  ? do_syscall_64+0x100/0x230
[  831.443021][T15231]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  831.448573][T15231]  do_syscall_64+0xf3/0x230
[  831.453079][T15231]  ? clear_bhb_loop+0x35/0x90
[  831.457757][T15231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  831.463660][T15231] RIP: 0033:0x7fe74157e819
[  831.468076][T15231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  831.487679][T15231] RSP: 002b:00007fe74243d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  831.496099][T15231] RAX: ffffffffffffffda RBX: 00007fe741735fa0 RCX: 00007fe74157e819
[  831.504075][T15231] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000005
[  831.512049][T15231] RBP: 00007fe74243d090 R08: 0000000000000000 R09: 0000000000000000
[  831.520018][T15231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  831.527986][T15231] R13: 0000000000000000 R14: 00007fe741735fa0 R15: 00007ffd646be318
[  831.535968][T15231]  </TASK>
[  832.530882][T15241] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  832.569059][T15241] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  832.634819][T15241] bond0: (slave ipvlan2): Error -95 calling set_mac_address
[  832.682041][T15004] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  832.698443][T15244] bridge0: port 3(syz_tun) entered blocking state
[  832.705650][T15244] bridge0: port 3(syz_tun) entered disabled state
[  832.713224][T15244] syz_tun: entered allmulticast mode
[  832.728592][T15244] syz_tun: entered promiscuous mode
[  832.745430][T15244] bridge0: port 3(syz_tun) entered blocking state
[  832.752006][T15244] bridge0: port 3(syz_tun) entered forwarding state
[  832.791149][ T8478] hsr_slave_0: left promiscuous mode
[  832.797984][ T8478] hsr_slave_1: left promiscuous mode
[  832.816015][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  832.843444][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_0
[  832.870275][ T8478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  832.877796][ T8478] batman_adv: batadv0: Removing interface: batadv_slave_1
[  832.918898][ T8478] veth1_macvtap: left promiscuous mode
[  832.928736][ T8478] veth0_macvtap: left promiscuous mode
[  832.946544][ T8478] veth1_vlan: left promiscuous mode
[  832.959923][ T8478] veth0_vlan: left promiscuous mode
[  833.282507][ T5889] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  833.455005][ T5889] usb 10-1: Using ep0 maxpacket: 32
[  833.490864][ T5889] usb 10-1: unable to get BOS descriptor or descriptor too short
[  833.500006][ T5889] usb 10-1: config 128 has an invalid interface number: 127 but max is 3
[  833.508924][ T5889] usb 10-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  833.519580][ T5889] usb 10-1: config 128 has 1 interface, different from the descriptor's value: 4
[  833.528723][ T5889] usb 10-1: config 128 has no interface number 0
[  833.552577][ T5889] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024
[  833.564349][ T5889] usb 10-1: config 128 interface 127 has no altsetting 0
[  833.604988][ T5889] usb 10-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  833.614425][ T5889] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.622651][ T5889] usb 10-1: Product: syz
[  833.626919][ T5889] usb 10-1: Manufacturer: syz
[  833.657981][ T5889] usb 10-1: SerialNumber: syz
[  833.665989][T15254] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  833.766104][ T8478] team0 (unregistering): Port device team_slave_1 removed
[  833.819341][ T8478] team0 (unregistering): Port device team_slave_0 removed
[  833.895546][T15254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  833.904186][T15254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  833.980828][T15255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  834.002295][T15255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.123559][T15255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  834.145974][T15255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.491141][ T5889] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[  834.526740][ T5889] usb 10-1: USB disconnect, device number 8
[  834.786297][T13138] udevd[13138]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  835.365753][T15259] netlink: 165 bytes leftover after parsing attributes in process `syz.9.2274'.
[  835.498997][T15004] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  835.596428][T15004] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  835.608309][T15004] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  835.623860][T15259] syz.9.2274 (15259): drop_caches: 2
[  835.739829][T15260] netlink: 'syz.9.2274': attribute type 3 has an invalid length.
[  835.793417][T15262] netlink: 'syz.0.2275': attribute type 29 has an invalid length.
[  836.348216][T15004] 8021q: adding VLAN 0 to HW filter on device bond0
[  836.363226][T15004] 8021q: adding VLAN 0 to HW filter on device team0
[  836.393340][T15004] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  836.403800][T15004] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  836.536703][T14256] bridge0: port 1(bridge_slave_0) entered blocking state
[  836.543913][T14256] bridge0: port 1(bridge_slave_0) entered forwarding state
[  836.554562][T14256] bridge0: port 2(bridge_slave_1) entered blocking state
[  836.561738][T14256] bridge0: port 2(bridge_slave_1) entered forwarding state
[  837.730091][T15291] program syz.5.2283 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  837.749282][T15004] 8021q: adding VLAN 0 to HW filter on device batadv0
[  837.810095][ T5892] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  838.202073][ T8478] IPVS: stop unused estimator thread 0...
[  838.218631][ T5889] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  838.219811][T15004] veth0_vlan: entered promiscuous mode
[  838.318383][T15004] veth1_vlan: entered promiscuous mode
[  838.375509][T15004] veth0_macvtap: entered promiscuous mode
[  838.384631][T15004] veth1_macvtap: entered promiscuous mode
[  838.402880][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.413735][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.423911][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.434661][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.445121][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.456201][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.466883][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.478141][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.488612][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.499116][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.510486][T15004] batman_adv: batadv0: Interface activated: batadv_slave_0
[  838.612659][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.628855][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.647286][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.648146][ T5889] usb 6-1: config 240 has an invalid interface number: 202 but max is 0
[  838.660409][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.674757][ T5892] usb 4-1: Using ep0 maxpacket: 8
[  838.684174][ T5889] usb 6-1: config 240 has no interface number 0
[  838.690330][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  839.071835][ T5892] usb 4-1: config 0 has an invalid interface number: 85 but max is 1
[  839.075509][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  839.081396][ T5892] usb 4-1: config 0 has an invalid interface number: 89 but max is 1
[  839.101780][ T5889] usb 6-1: config 240 interface 202 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  839.112252][ T5889] usb 6-1: config 240 interface 202 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  839.126961][ T5892] usb 4-1: config 0 has no interface number 0
[  839.134020][ T5892] usb 4-1: config 0 has no interface number 1
[  839.147471][ T5889] usb 6-1: New USB device found, idVendor=294b, idProduct=31fa, bcdDevice=83.37
[  839.148998][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  839.157130][ T5892] usb 4-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  839.177354][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  839.177542][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.195587][T15004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  839.197221][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.219331][ T5889] usb 6-1: Product: syz
[  839.224154][ T5889] usb 6-1: Manufacturer: syz
[  839.228846][ T5889] usb 6-1: SerialNumber: syz
[  839.233871][T15004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  839.239847][ T5892] usb 4-1: Product: syz
[  839.250343][T15004] batman_adv: batadv0: Interface activated: batadv_slave_1
[  839.286247][ T5892] usb 4-1: Manufacturer: syz
[  839.289339][T15004] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  839.299855][T15291] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  839.307270][ T5892] usb 4-1: SerialNumber: syz
[  839.315166][T15004] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  839.323706][ T5892] usb 4-1: config 0 descriptor??
[  839.355979][T15004] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  839.369499][T15004] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  839.521392][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.630893][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.714061][T14255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.750558][T14487] usb 6-1: USB disconnect, device number 5
[  839.796211][T14255] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.937425][T15310] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2285'.
[  840.489617][T15306] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2281'.
[  840.760481][T15323] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2287'.
[  841.227676][T15323] syz.0.2287 (15323): drop_caches: 2
[  841.227901][T15328] netlink: 'syz.0.2287': attribute type 3 has an invalid length.
[  843.203673][T15351] ieee802154 phy1 wpan1: encryption failed: -22
[  843.531145][T14487] usb 4-1: USB disconnect, device number 8
[  844.417933][T15365] xt_hashlimit: max too large, truncated to 1048576
[  844.431736][T15365] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  844.441140][   T29] audit: type=1326 audit(1732245719.063:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15357 comm="syz.9.2296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3572d7e819 code=0x0
[  846.626839][T15393] FAULT_INJECTION: forcing a failure.
[  846.626839][T15393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  846.657821][T15393] CPU: 1 UID: 0 PID: 15393 Comm: syz.3.2307 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  846.668284][T15393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  846.678370][T15393] Call Trace:
[  846.681666][T15393]  <TASK>
[  846.684617][T15393]  dump_stack_lvl+0x241/0x360
[  846.689318][T15393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  846.694541][T15393]  ? __pfx__printk+0x10/0x10
[  846.699170][T15393]  ? __pfx_lock_release+0x10/0x10
[  846.704217][T15393]  should_fail_ex+0x3b0/0x4e0
[  846.708906][T15393]  _copy_from_user+0x2f/0xc0
[  846.713502][T15393]  generic_map_update_batch+0x5ba/0x900
[  846.719061][T15393]  ? __pfx_generic_map_update_batch+0x10/0x10
[  846.725131][T15393]  ? __fget_files+0x395/0x410
[  846.729813][T15393]  ? __fget_files+0x2a/0x410
[  846.734409][T15393]  ? __pfx_generic_map_update_batch+0x10/0x10
[  846.740473][T15393]  bpf_map_do_batch+0x39a/0x660
[  846.745331][T15393]  __sys_bpf+0x377/0x810
[  846.749578][T15393]  ? __pfx___sys_bpf+0x10/0x10
[  846.754350][T15393]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  846.760335][T15393]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  846.766664][T15393]  ? do_syscall_64+0x100/0x230
[  846.771428][T15393]  __x64_sys_bpf+0x7c/0x90
[  846.775848][T15393]  do_syscall_64+0xf3/0x230
[  846.780350][T15393]  ? clear_bhb_loop+0x35/0x90
[  846.785023][T15393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.790918][T15393] RIP: 0033:0x7f2c5957e819
[  846.795335][T15393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  846.814939][T15393] RSP: 002b:00007f2c5a2fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  846.823353][T15393] RAX: ffffffffffffffda RBX: 00007f2c59735fa0 RCX: 00007f2c5957e819
[  846.831319][T15393] RDX: 0000000000000038 RSI: 0000000020000300 RDI: 000000000000001a
[  846.839282][T15393] RBP: 00007f2c5a2fc090 R08: 0000000000000000 R09: 0000000000000000
[  846.847245][T15393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  846.855209][T15393] R13: 0000000000000000 R14: 00007f2c59735fa0 R15: 00007fffd62d5638
[  846.863190][T15393]  </TASK>
[  846.945416][T15398] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2309'.
[  847.336347][ T5892] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  847.403893][T15411] siw: device registration error -23
[  848.349466][ T5892] usb 10-1: Using ep0 maxpacket: 8
[  848.357797][ T5892] usb 10-1: config 0 has an invalid interface number: 85 but max is 1
[  848.366657][ T5892] usb 10-1: config 0 has an invalid interface number: 89 but max is 1
[  848.375174][T15419] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2315'.
[  848.386671][ T5892] usb 10-1: config 0 has no interface number 0
[  848.394098][ T5892] usb 10-1: config 0 has no interface number 1
[  848.420894][ T5892] usb 10-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  848.449456][ T5892] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.473706][ T5892] usb 10-1: Product: syz
[  848.477994][ T5892] usb 10-1: Manufacturer: syz
[  848.489247][ T5892] usb 10-1: SerialNumber: syz
[  848.538191][ T5892] usb 10-1: config 0 descriptor??
[  850.068502][T15430] netlink: 32 bytes leftover after parsing attributes in process `syz.9.2308'.
[  852.123642][T14781] Bluetooth: hci0: command 0x1407 tx timeout
[  852.744263][T15464] siw: device registration error -23
[  853.162722][T15467] snd_dummy snd_dummy.0: control 0:-2:-5:syz1:0 is already present
[  854.176358][T15471] ieee802154 phy1 wpan1: encryption failed: -22
[  854.656285][T15479] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2327'.
[  854.764100][ T5892] usb 10-1: USB disconnect, device number 9
[  855.021898][T15485] bridge0: port 3(syz_tun) entered blocking state
[  855.044806][T15485] bridge0: port 3(syz_tun) entered disabled state
[  855.054611][T15485] syz_tun: entered allmulticast mode
[  855.065660][T15485] syz_tun: entered promiscuous mode
[  855.073901][T15485] bridge0: port 3(syz_tun) entered blocking state
[  855.080495][T15485] bridge0: port 3(syz_tun) entered forwarding state
[  856.259839][   T25] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  856.459744][   T25] usb 1-1: device descriptor read/64, error -71
[  856.539826][ T5892] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  856.719665][   T25] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  856.993072][ T5892] usb 6-1: Using ep0 maxpacket: 32
[  857.001425][ T5892] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  857.015114][ T5892] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13
[  857.024668][ T5892] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.103975][ T5892] usb 6-1: Product: syz
[  857.128565][ T5892] usb 6-1: Manufacturer: syz
[  857.278298][T15519] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2337'.
[  857.485572][T15519] syz.0.2337 (15519): drop_caches: 2
[  857.593795][T15519] netlink: 'syz.0.2337': attribute type 3 has an invalid length.
[  857.655737][ T5892] usb 6-1: SerialNumber: syz
[  857.664366][ T5892] usb 6-1: config 0 descriptor??
[  857.682809][ T5892] pvrusb2: Hardware description: Terratec Grabster AV400
[  857.699702][ T5892] pvrusb2: **********
[  857.703694][ T5892] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  857.714112][ T5892] pvrusb2: Important functionality might not be entirely working.
[  857.789445][ T5892] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  857.801336][ T5892] pvrusb2: **********
[  857.948565][ T2333] pvrusb2: Invalid write control endpoint
[  857.953223][ T5892] usb 6-1: USB disconnect, device number 6
[  858.362099][ T2333] pvrusb2: Invalid write control endpoint
[  858.368287][ T2333] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  858.509474][T15531] netlink: 165 bytes leftover after parsing attributes in process `syz.9.2340'.
[  858.638255][T15532] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2341'.
[  859.029490][ T2333] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  859.038547][ T2333] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  859.042719][T15532] syz.0.2341 (15532): drop_caches: 2
[  859.243009][T15528] syz.9.2340 (15528): drop_caches: 2
[  859.253208][T15528] netlink: 'syz.9.2340': attribute type 3 has an invalid length.
[  859.263535][ T2333] pvrusb2: Device being rendered inoperable
[  859.271983][ T2333] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  859.279240][ T2333] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  859.290253][ T2333] pvrusb2: Attached sub-driver cx25840
[  859.295887][ T2333] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  859.305982][ T2333] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  860.061147][T15530] netlink: 'syz.0.2341': attribute type 3 has an invalid length.
[  860.092943][T15542] bridge0: port 3(syz_tun) entered blocking state
[  860.154082][T15542] bridge0: port 3(syz_tun) entered disabled state
[  860.392935][T15542] syz_tun: entered allmulticast mode
[  861.257029][T15542] syz_tun: entered promiscuous mode
[  861.362125][T15542] bridge0: port 3(syz_tun) entered blocking state
[  861.368704][T15542] bridge0: port 3(syz_tun) entered forwarding state
[  863.933544][T15584] netlink: 165 bytes leftover after parsing attributes in process `syz.9.2355'.
[  863.955427][T15584] syz.9.2355 (15584): drop_caches: 2
[  863.967661][T15584] netlink: 'syz.9.2355': attribute type 3 has an invalid length.
[  864.089575][ T5952] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  864.271872][ T5952] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  864.299613][ T5952] usb 4-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00
[  864.339522][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  864.375346][ T5952] usb 4-1: config 0 descriptor??
[  864.417916][ T5952] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  864.481051][   T25] usb 10-1: new low-speed USB device number 10 using dummy_hcd
[  865.048134][   T25] usb 10-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[  865.085372][   T25] usb 10-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  865.119648][   T25] usb 10-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  865.143685][   T25] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  865.699894][ T7106] usb 4-1: USB disconnect, device number 9
[  867.217990][   T25] usb 10-1: string descriptor 0 read error: -71
[  867.248498][   T25] hub 10-1:32.0: USB hub found
[  867.274410][   T25] hub 10-1:32.0: config failed, can't read hub descriptor (err -22)
[  867.548671][T15619] netlink: 173 bytes leftover after parsing attributes in process `syz.3.2363'.
[  867.566175][   T25] usb 10-1: USB disconnect, device number 10
[  867.849873][T15618] bridge0: port 3(syz_tun) entered blocking state
[  867.857472][T15618] bridge0: port 3(syz_tun) entered disabled state
[  867.870158][T15618] syz_tun: entered allmulticast mode
[  868.084164][T15618] syz_tun: entered promiscuous mode
[  868.100067][T15618] bridge0: port 3(syz_tun) entered blocking state
[  868.106599][T15618] bridge0: port 3(syz_tun) entered forwarding state
[  868.312999][T15615] ieee802154 phy1 wpan1: encryption failed: -22
[  868.340931][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  870.783927][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  871.140910][ T5952] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  871.303918][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  871.314713][ T5952] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  871.329815][ T5952] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  871.365903][ T5952] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  871.407265][ T5952] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  871.422901][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.475580][ T5952] usb 2-1: Product: syz
[  871.482091][ T5952] usb 2-1: Manufacturer: syz
[  871.486722][ T5952] usb 2-1: SerialNumber: syz
[  871.504599][T15663] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  871.534593][ T5952] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  871.560377][ T5952] usbtest 2-1:1.0: Linux user mode ISO test driver
[  871.566927][ T5952] usbtest 2-1:1.0: high-speed {control bulk-in iso-out} tests (+alt)
[  871.720141][T15663] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2379'.
[  873.750627][T15690] netlink: 396 bytes leftover after parsing attributes in process `syz.0.2387'.
[  874.432022][ T5892] usb 2-1: USB disconnect, device number 12
[  875.688269][T15703] ieee802154 phy1 wpan1: encryption failed: -22
[  876.157228][T15729] atomic_op ffff88802f009998 conn xmit_atomic 0000000000000000
[  876.239572][T15729] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  876.594115][T15731] siw: device registration error -23
[  877.033341][T15732] ieee802154 phy1 wpan1: encryption failed: -22
[  877.603921][   T54] Bluetooth: hci5: command 0x0406 tx timeout
[  877.843643][T15741] netlink: 396 bytes leftover after parsing attributes in process `syz.3.2399'.
[  879.141905][T15747] FAULT_INJECTION: forcing a failure.
[  879.141905][T15747] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  879.193050][T15747] CPU: 0 UID: 0 PID: 15747 Comm: syz.5.2401 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  879.203486][T15747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  879.213549][T15747] Call Trace:
[  879.216837][T15747]  <TASK>
[  879.219775][T15747]  dump_stack_lvl+0x241/0x360
[  879.224487][T15747]  ? __pfx_dump_stack_lvl+0x10/0x10
[  879.229674][T15747]  ? __pfx__printk+0x10/0x10
[  879.234260][T15747]  should_fail_ex+0x3b0/0x4e0
[  879.238926][T15747]  strncpy_from_user+0x36/0x260
[  879.243775][T15747]  getname_flags+0xf1/0x540
[  879.248273][T15747]  path_setxattrat+0x400/0x510
[  879.253028][T15747]  ? __pfx_path_setxattrat+0x10/0x10
[  879.258296][T15747]  ? vfs_write+0x730/0xd30
[  879.262716][T15747]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  879.268694][T15747]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  879.275012][T15747]  __x64_sys_setxattr+0xbc/0xe0
[  879.279856][T15747]  do_syscall_64+0xf3/0x230
[  879.284345][T15747]  ? clear_bhb_loop+0x35/0x90
[  879.289007][T15747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  879.294892][T15747] RIP: 0033:0x7fe74157e819
[  879.299294][T15747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  879.318889][T15747] RSP: 002b:00007fe74243d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  879.327297][T15747] RAX: ffffffffffffffda RBX: 00007fe741735fa0 RCX: 00007fe74157e819
[  879.335262][T15747] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000020000080
[  879.343243][T15747] RBP: 00007fe74243d090 R08: 0000000000000000 R09: 0000000000000000
[  879.351216][T15747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  879.359185][T15747] R13: 0000000000000000 R14: 00007fe741735fa0 R15: 00007ffd646be318
[  879.367160][T15747]  </TASK>
[  879.370243][    C0] vkms_vblank_simulate: vblank timer overrun
[  881.919639][T14487] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  881.974394][T15767] netlink: 260 bytes leftover after parsing attributes in process `syz.9.2405'.
[  882.358740][T14487] usb 2-1: Using ep0 maxpacket: 8
[  882.376407][T14487] usb 2-1: config 0 has an invalid interface number: 85 but max is 1
[  882.401731][T14487] usb 2-1: config 0 has an invalid interface number: 89 but max is 1
[  882.433541][T14487] usb 2-1: config 0 has no interface number 0
[  882.452516][T14487] usb 2-1: config 0 has no interface number 1
[  882.459635][ T7106] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  882.483036][T14487] usb 2-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  882.509428][T14487] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.525928][T14487] usb 2-1: Product: syz
[  882.538687][T14487] usb 2-1: Manufacturer: syz
[  882.550856][T14487] usb 2-1: SerialNumber: syz
[  882.573749][T14487] usb 2-1: config 0 descriptor??
[  882.670139][ T7106] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  882.699701][ T7106] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  882.826310][ T7106] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  882.876545][T15778] atomic_op ffff8880464d5998 conn xmit_atomic 0000000000000000
[  882.901786][ T7106] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  882.961574][ T7106] usb 10-1: SerialNumber: syz
[  882.987405][T15778] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  883.413140][ T7106] usb 10-1: 0:2 : does not exist
[  883.436587][ T7106] usb 10-1: unit 5 not found!
[  883.485044][ T7106] usb 10-1: USB disconnect, device number 11
[  883.586647][T15780] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2404'.
[  884.203185][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  886.151447][T15795] ieee802154 phy1 wpan1: encryption failed: -22
[  886.248997][T15808] ieee802154 phy1 wpan1: encryption failed: -22
[  886.626309][T15811] netlink: 'syz.5.2417': attribute type 29 has an invalid length.
[  887.396975][T15812] netlink: 'syz.3.2415': attribute type 4 has an invalid length.
[  887.547620][T14487] usb 2-1: USB disconnect, device number 13
[  887.870256][T15823] netlink: 'syz.9.2419': attribute type 29 has an invalid length.
[  888.323837][T15828] vlan2: entered promiscuous mode
[  888.342895][T15828] vlan2: entered allmulticast mode
[  888.358719][T15828] xfrm0: entered promiscuous mode
[  888.418406][T15828] xfrm0: entered allmulticast mode
[  888.450953][T15830] netlink: zone id is out of range
[  888.461078][T15828] bond0: (slave vlan2): Enslaving as an active interface with an up link
[  888.463775][T15830] netlink: set zone limit has 4 unknown bytes
[  888.470581][T15825] ptrace attach of "./syz-executor exec"[15831] was attempted by "./syz-executor exec"[15825]
[  888.643303][T15836] netlink: 165 bytes leftover after parsing attributes in process `syz.3.2423'.
[  889.287863][T15845] netlink: 'syz.3.2423': attribute type 3 has an invalid length.
[  889.806691][T15836] syz.3.2423 (15836): drop_caches: 2
[  890.180698][T15849] ieee802154 phy1 wpan1: encryption failed: -22
[  890.331970][T15854] siw: device registration error -23
[  891.755174][T15872] ieee802154 phy1 wpan1: encryption failed: -22
[  893.109617][ T7106] usb 6-1: new low-speed USB device number 7 using dummy_hcd
[  893.335268][ T7106] usb 6-1: config index 0 descriptor too short (expected 1307, got 27)
[  893.416441][ T7106] usb 6-1: config 0 has an invalid interface number: 0 but max is -1
[  893.483058][ T7106] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0
[  893.604314][ T7106] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  893.648109][ T7106] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  893.668101][ T7106] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  893.678860][ T7106] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  893.702099][ T7106] usb 6-1: string descriptor 0 read error: -22
[  893.708367][ T7106] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  893.725359][ T7106] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.737654][ T7106] usb 6-1: config 0 descriptor??
[  893.752361][ T7106] hub 6-1:0.0: bad descriptor, ignoring hub
[  893.758310][ T7106] hub 6-1:0.0: probe with driver hub failed with error -5
[  893.789537][  T969] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  893.809515][ T7106] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input39
[  893.975449][T15897] FAULT_INJECTION: forcing a failure.
[  893.975449][T15897] name failslab, interval 1, probability 0, space 0, times 0
[  893.989583][  T969] usb 4-1: Using ep0 maxpacket: 8
[  894.011068][  T969] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  894.028541][T15897] CPU: 0 UID: 0 PID: 15897 Comm: syz.9.2441 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  894.038988][T15897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  894.042201][  T969] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x67, changing to 0x7
[  894.049032][T15897] Call Trace:
[  894.049066][T15897]  <TASK>
[  894.066645][T15897]  dump_stack_lvl+0x241/0x360
[  894.071354][T15897]  ? __pfx_dump_stack_lvl+0x10/0x10
[  894.076573][T15897]  ? __pfx__printk+0x10/0x10
[  894.080207][  T969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 26288, setting to 1024
[  894.081173][T15897]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  894.081206][T15897]  ? lockdep_hardirqs_on+0x99/0x150
[  894.103310][T15897]  should_fail_ex+0x3b0/0x4e0
[  894.104349][  T969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  894.107999][T15897]  should_failslab+0xac/0x100
[  894.123427][T15897]  ? __alloc_skb+0x1c3/0x440
[  894.128051][T15897]  kmem_cache_alloc_node_noprof+0x71/0x320
[  894.129036][  T969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  894.133886][T15897]  __alloc_skb+0x1c3/0x440
[  894.133917][T15897]  ? __pfx___alloc_skb+0x10/0x10
[  894.133946][T15897]  xfrm_send_state_notify+0x723/0x1f70
[  894.133966][T15897]  ? __pfx_lock_acquire+0x10/0x10
[  894.133983][T15897]  ? __local_bh_enable_ip+0x168/0x200
[  894.134008][T15897]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  894.134032][T15897]  ? __pfx_xfrm_send_state_notify+0x10/0x10
[  894.134064][T15897]  ? __pfx_xfrm_send_state_notify+0x10/0x10
[  894.134085][T15897]  km_state_notify+0x116/0x1f0
[  894.134103][T15897]  ? km_state_notify+0x26/0x1f0
[  894.134122][T15897]  xfrm_add_sa+0x32f1/0x3d70
[  894.134151][T15897]  ? __pfx_xfrm_add_sa+0x10/0x10
[  894.134173][T15897]  ? __nla_parse+0x40/0x60
[  894.134193][T15897]  xfrm_user_rcv_msg+0x890/0xb90
[  894.134213][T15897]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  894.134252][T15897]  ? __mutex_trylock_common+0x183/0x2e0
[  894.134270][T15897]  ? __pfx___might_resched+0x10/0x10
[  894.134293][T15897]  ? __pfx___mutex_trylock_common+0x10/0x10
[  894.134320][T15897]  netlink_rcv_skb+0x1e3/0x430
[  894.134337][T15897]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  894.134355][T15897]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  894.134392][T15897]  xfrm_netlink_rcv+0x79/0x90
[  894.134409][T15897]  netlink_unicast+0x7f6/0x990
[  894.134430][T15897]  ? __pfx_netlink_unicast+0x10/0x10
[  894.134444][T15897]  ? __virt_addr_valid+0x183/0x530
[  894.134462][T15897]  ? __check_object_size+0x48e/0x900
[  894.134493][T15897]  netlink_sendmsg+0x8e4/0xcb0
[  894.134518][T15897]  ? __pfx_netlink_sendmsg+0x10/0x10
[  894.134544][T15897]  ? __pfx_netlink_sendmsg+0x10/0x10
[  894.134559][T15897]  __sock_sendmsg+0x221/0x270
[  894.134583][T15897]  ____sys_sendmsg+0x52a/0x7e0
[  894.134608][T15897]  ? __pfx_____sys_sendmsg+0x10/0x10
[  894.134624][T15897]  ? __fget_files+0x2a/0x410
[  894.134646][T15897]  ? __fget_files+0x2a/0x410
[  894.134673][T15897]  __sys_sendmsg+0x269/0x350
[  894.134690][T15897]  ? __pfx_lock_release+0x10/0x10
[  894.134708][T15897]  ? __pfx___sys_sendmsg+0x10/0x10
[  894.134734][T15897]  ? __pfx_vfs_write+0x10/0x10
[  894.134773][T15897]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  894.134790][T15897]  ? do_syscall_64+0x100/0x230
[  894.134807][T15897]  ? do_syscall_64+0xb6/0x230
[  894.134824][T15897]  do_syscall_64+0xf3/0x230
[  894.134839][T15897]  ? clear_bhb_loop+0x35/0x90
[  894.134857][T15897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.134879][T15897] RIP: 0033:0x7f3572d7e819
[  894.134896][T15897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  894.134909][T15897] RSP: 002b:00007f3573c5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  894.134928][T15897] RAX: ffffffffffffffda RBX: 00007f3572f35fa0 RCX: 00007f3572d7e819
[  894.134941][T15897] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[  894.134952][T15897] RBP: 00007f3573c5a090 R08: 0000000000000000 R09: 0000000000000000
[  894.134962][T15897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  894.134972][T15897] R13: 0000000000000000 R14: 00007f3572f35fa0 R15: 00007ffec8c582d8
[  894.134996][T15897]  </TASK>
[  894.601200][  T969] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  894.637660][ T7106] usb 6-1: USB disconnect, device number 7
[  894.657029][  T969] usb 4-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  894.709480][  T969] usb 4-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=70.57
[  894.739574][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.777388][  T969] usb 4-1: config 0 descriptor??
[  894.792210][T15893] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  894.838824][  T969] kobil_sct 4-1:0.0: KOBIL USB smart card terminal converter detected
[  894.869264][  T969] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  895.591903][T15915] siw: device registration error -23
[  896.172434][T15924] netlink: 340 bytes leftover after parsing attributes in process `syz.5.2448'.
[  896.815380][T14487] usb 4-1: USB disconnect, device number 10
[  896.826633][T14487] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  896.968373][T14487] kobil_sct 4-1:0.0: device disconnected
[  897.666952][T15936] ieee802154 phy1 wpan1: encryption failed: -22
[  897.961700][T14487] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  898.149657][T14487] usb 4-1: Using ep0 maxpacket: 8
[  898.156154][T14487] usb 4-1: config 0 has an invalid interface number: 85 but max is 1
[  898.165324][T14487] usb 4-1: config 0 has an invalid interface number: 89 but max is 1
[  898.173849][T14487] usb 4-1: config 0 has no interface number 0
[  898.198988][T14487] usb 4-1: config 0 has no interface number 1
[  898.227946][T15943] ieee802154 phy1 wpan1: encryption failed: -22
[  898.237642][T14487] usb 4-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  898.247560][T14487] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  898.384032][T14487] usb 4-1: Product: syz
[  898.415155][T14487] usb 4-1: Manufacturer: syz
[  898.431676][T14487] usb 4-1: SerialNumber: syz
[  898.454611][T14487] usb 4-1: config 0 descriptor??
[  898.910494][T15953] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2450'.
[  900.137226][T15968] netlink: 'syz.1.2458': attribute type 29 has an invalid length.
[  901.573650][T15979] sd 0:0:1:0: device reset
[  902.221937][T14487] usb 4-1: USB disconnect, device number 11
[  902.330614][T15982] netlink: 'syz.1.2462': attribute type 29 has an invalid length.
[  903.217057][T14781] Bluetooth: hci1: command 0x0406 tx timeout
[  903.696779][T15993] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  903.723196][T15993] CIFS mount error: No usable UNC path provided in device string!
[  903.723196][T15993] 
[  903.733534][T15993] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  903.933522][T15997] ieee802154 phy1 wpan1: encryption failed: -22
[  905.439059][T16015] siw: device registration error -23
[  905.704040][T16018] atomic_op ffff88805b03c198 conn xmit_atomic 0000000000000000
[  905.785553][T16018] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  906.191924][T16017] bridge0: port 3(syz_tun) entered disabled state
[  906.326410][T16017] syz_tun (unregistering): left allmulticast mode
[  906.363139][T16017] syz_tun (unregistering): left promiscuous mode
[  906.384249][T16017] bridge0: port 3(syz_tun) entered disabled state
[  906.431401][T16021] netlink: 'syz.3.2474': attribute type 29 has an invalid length.
[  907.209498][T15505] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  907.399688][T15505] usb 2-1: Using ep0 maxpacket: 8
[  907.401032][T16042] ieee802154 phy1 wpan1: encryption failed: -22
[  907.406803][T15505] usb 2-1: config 0 has an invalid interface number: 85 but max is 1
[  907.442225][T16043] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2479'.
[  907.466334][T15505] usb 2-1: config 0 has an invalid interface number: 89 but max is 1
[  907.512550][T15505] usb 2-1: config 0 has no interface number 0
[  907.580575][T15505] usb 2-1: config 0 has no interface number 1
[  907.599155][T15505] usb 2-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  907.610197][T15505] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.623823][T15505] usb 2-1: Product: syz
[  907.628142][T15505] usb 2-1: Manufacturer: syz
[  907.636335][T15505] usb 2-1: SerialNumber: syz
[  907.793540][T15505] usb 2-1: config 0 descriptor??
[  908.641720][T16054] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2476'.
[  908.994900][T16067] netlink: 165 bytes leftover after parsing attributes in process `syz.9.2484'.
[  909.270760][T16064] syz.9.2484 (16064): drop_caches: 2
[  909.282600][T16064] netlink: 'syz.9.2484': attribute type 3 has an invalid length.
[  910.491141][T16083] siw: device registration error -23
[  910.943826][T16086] netlink: 'syz.5.2489': attribute type 29 has an invalid length.
[  910.950737][ T1201] usb 2-1: USB disconnect, device number 14
[  913.740185][T16112] FAULT_INJECTION: forcing a failure.
[  913.740185][T16112] name failslab, interval 1, probability 0, space 0, times 0
[  913.753145][T16112] CPU: 1 UID: 0 PID: 16112 Comm: syz.9.2497 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  913.763580][T16112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  913.773645][T16112] Call Trace:
[  913.776931][T16112]  <TASK>
[  913.779871][T16112]  dump_stack_lvl+0x241/0x360
[  913.784568][T16112]  ? __pfx_dump_stack_lvl+0x10/0x10
[  913.789778][T16112]  ? __pfx__printk+0x10/0x10
[  913.794397][T16112]  should_fail_ex+0x3b0/0x4e0
[  913.799094][T16112]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  913.804826][T16112]  should_failslab+0xac/0x100
[  913.809524][T16112]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  913.815256][T16112]  __kmalloc_noprof+0xd8/0x400
[  913.820042][T16112]  tomoyo_realpath_from_path+0xcf/0x5e0
[  913.825610][T16112]  tomoyo_path_number_perm+0x236/0x860
[  913.831093][T16112]  ? tomoyo_path_number_perm+0x206/0x860
[  913.836749][T16112]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  913.842841][T16112]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  913.849811][T16112]  ? rcu_read_unlock_special+0x497/0x570
[  913.855474][T16112]  ? __rcu_read_unlock+0xa1/0x110
[  913.860506][T16112]  ? __fget_files+0x2a/0x410
[  913.865117][T16112]  ? __fget_files+0x2a/0x410
[  913.869729][T16112]  security_file_ioctl+0xc6/0x2a0
[  913.874766][T16112]  __se_sys_ioctl+0x46/0x170
[  913.879367][T16112]  do_syscall_64+0xf3/0x230
[  913.883881][T16112]  ? clear_bhb_loop+0x35/0x90
[  913.888573][T16112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.894483][T16112] RIP: 0033:0x7f3572d7e819
[  913.898909][T16112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  913.918527][T16112] RSP: 002b:00007f3573c18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  913.926964][T16112] RAX: ffffffffffffffda RBX: 00007f3572f36160 RCX: 00007f3572d7e819
[  913.934954][T16112] RDX: 0000000020000140 RSI: 00000000c040564a RDI: 0000000000000007
[  913.942938][T16112] RBP: 00007f3573c18090 R08: 0000000000000000 R09: 0000000000000000
[  913.950920][T16112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  913.958899][T16112] R13: 0000000000000000 R14: 00007f3572f36160 R15: 00007ffec8c582d8
[  913.966899][T16112]  </TASK>
[  913.970145][    C1] vkms_vblank_simulate: vblank timer overrun
[  913.980157][T16112] ERROR: Out of memory at tomoyo_realpath_from_path.
[  914.575139][T16118] ieee802154 phy1 wpan1: encryption failed: -22
[  914.684077][T16129] atomic_op ffff88805cb06998 conn xmit_atomic 0000000000000000
[  914.716585][T16129] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  915.178217][T16131] netlink: 'syz.1.2504': attribute type 29 has an invalid length.
[  915.680181][T15505] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  915.909478][T15505] usb 4-1: Using ep0 maxpacket: 8
[  915.924288][T15505] usb 4-1: config 0 has an invalid interface number: 85 but max is 1
[  915.933403][T15505] usb 4-1: config 0 has an invalid interface number: 89 but max is 1
[  915.941779][T15505] usb 4-1: config 0 has no interface number 0
[  915.957246][T15505] usb 4-1: config 0 has no interface number 1
[  916.020779][T16142] ISOFS: Unable to identify CD-ROM format.
[  916.688246][T16143] netlink: 'syz.5.2506': attribute type 5 has an invalid length.
[  916.735221][T15505] usb 4-1: New USB device found, idVendor=0e96, idProduct=c001, bcdDevice=62.3f
[  916.744425][T15505] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.752674][T15505] usb 4-1: Product: syz
[  916.756839][T15505] usb 4-1: Manufacturer: syz
[  916.761687][T15505] usb 4-1: SerialNumber: syz
[  916.829141][T15505] usb 4-1: config 0 descriptor??
[  916.896947][T16146] netlink: 'syz.9.2509': attribute type 29 has an invalid length.
[  917.360296][T16153] siw: device registration error -23
[  917.512964][T16156] 
[  917.515328][T16156] ======================================================
[  917.522332][T16156] WARNING: possible circular locking dependency detected
[  917.529348][T16156] 6.12.0-syzkaller-05480-gfcc79e1714e8 #0 Not tainted
[  917.536104][T16156] ------------------------------------------------------
[  917.543104][T16156] syz.5.2508/16156 is trying to acquire lock:
[  917.549169][T16156] ffff888027a72cf8 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_register_queue+0x145/0x460
[  917.558549][T16156] 
[  917.558549][T16156] but task is already holding lock:
[  917.565895][T16156] ffff888027a72d88 (&q->sysfs_dir_lock){+.+.}-{4:4}, at: blk_register_queue+0x67/0x460
[  917.575540][T16156] 
[  917.575540][T16156] which lock already depends on the new lock.
[  917.575540][T16156] 
[  917.585938][T16156] 
[  917.585938][T16156] the existing dependency chain (in reverse order) is:
[  917.594935][T16156] 
[  917.594935][T16156] -> #6 (&q->sysfs_dir_lock){+.+.}-{4:4}:
[  917.602840][T16156]        lock_acquire+0x1ed/0x550
[  917.607867][T16156]        __mutex_lock+0x1ac/0xee0
[  917.612888][T16156]        blk_mq_sysfs_unregister_hctxs+0xaa/0x300
[  917.619296][T16156]        blk_mq_update_nr_hw_queues+0x6cc/0x1ae0
[  917.625624][T16156]        nbd_start_device+0x16c/0xaa0
[  917.631010][T16156]        nbd_ioctl+0x5dc/0xf40
[  917.635758][T16156]        blkdev_ioctl+0x57d/0x6a0
[  917.640769][T16156]        __se_sys_ioctl+0xf5/0x170
[  917.645880][T16156]        do_syscall_64+0xf3/0x230
[  917.650897][T16156]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.657299][T16156] 
[  917.657299][T16156] -> #5 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  917.665891][T16156]        lock_acquire+0x1ed/0x550
[  917.670901][T16156]        blk_mq_submit_bio+0x1536/0x23a0
[  917.676520][T16156]        __submit_bio+0x2c6/0x560
[  917.681527][T16156]        submit_bio_noacct_nocheck+0x4d3/0xe30
[  917.687678][T16156]        block_read_full_folio+0x93b/0xcd0
[  917.693483][T16156]        filemap_read_folio+0x14b/0x630
[  917.699015][T16156]        filemap_get_pages+0x17af/0x2540
[  917.704635][T16156]        filemap_read+0x45c/0xf50
[  917.709645][T16156]        blkdev_read_iter+0x2d8/0x430
[  917.715001][T16156]        vfs_read+0x991/0xb70
[  917.719659][T16156]        ksys_read+0x18f/0x2b0
[  917.724407][T16156]        do_syscall_64+0xf3/0x230
[  917.729422][T16156]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.735839][T16156] 
[  917.735839][T16156] -> #4 (mapping.invalidate_lock#2){.+.+}-{4:4}:
[  917.744343][T16156]        lock_acquire+0x1ed/0x550
[  917.749360][T16156]        down_read+0xb1/0xa40
[  917.754036][T16156]        filemap_fault+0x6e8/0x1950
[  917.759220][T16156]        __do_fault+0x135/0x460
[  917.764057][T16156]        handle_pte_fault+0x2d1c/0x6820
[  917.769609][T16156]        handle_mm_fault+0x1053/0x1ad0
[  917.775080][T16156]        exc_page_fault+0x459/0x8c0
[  917.780293][T16156]        asm_exc_page_fault+0x26/0x30
[  917.785682][T16156] 
[  917.785682][T16156] -> #3 (&vma->vm_lock->lock){++++}-{4:4}:
[  917.793695][T16156]        lock_acquire+0x1ed/0x550
[  917.798713][T16156]        down_write+0x99/0x220
[  917.803487][T16156]        vma_link+0x28c/0x500
[  917.808158][T16156]        insert_vm_struct+0x2f7/0x410
[  917.813527][T16156]        alloc_bprm+0x8f5/0xe20
[  917.818370][T16156]        kernel_execve+0x99/0xa50
[  917.823386][T16156]        kernel_init+0xed/0x2b0
[  917.828231][T16156]        ret_from_fork+0x4b/0x80
[  917.833162][T16156]        ret_from_fork_asm+0x1a/0x30
[  917.838441][T16156] 
[  917.838441][T16156] -> #2 (&mm->mmap_lock){++++}-{4:4}:
[  917.845996][T16156]        lock_acquire+0x1ed/0x550
[  917.851013][T16156]        __might_fault+0xc6/0x120
[  917.856029][T16156]        _copy_from_user+0x2a/0xc0
[  917.861132][T16156]        blk_trace_ioctl+0x1ad/0x9a0
[  917.866412][T16156]        blkdev_ioctl+0x40c/0x6a0
[  917.871434][T16156]        __se_sys_ioctl+0xf5/0x170
[  917.876534][T16156]        do_syscall_64+0xf3/0x230
[  917.881549][T16156]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.887960][T16156] 
[  917.887960][T16156] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}:
[  917.895777][T16156]        lock_acquire+0x1ed/0x550
[  917.900790][T16156]        __mutex_lock+0x1ac/0xee0
[  917.905803][T16156]        blk_register_queue+0x156/0x460
[  917.911337][T16156]        add_disk_fwnode+0x648/0xf80
[  917.916605][T16156]        brd_alloc+0x547/0x790
[  917.921376][T16156]        brd_init+0x126/0x1b0
[  917.926041][T16156]        do_one_initcall+0x248/0x880
[  917.931321][T16156]        do_initcall_level+0x157/0x210
[  917.936773][T16156]        do_initcalls+0x3f/0x80
[  917.941616][T16156]        kernel_init_freeable+0x435/0x5d0
[  917.947329][T16156]        kernel_init+0x1d/0x2b0
[  917.952171][T16156]        ret_from_fork+0x4b/0x80
[  917.957113][T16156]        ret_from_fork_asm+0x1a/0x30
[  917.962390][T16156] 
[  917.962390][T16156] -> #0 (&q->sysfs_lock){+.+.}-{4:4}:
[  917.969944][T16156]        validate_chain+0x18ef/0x5920
[  917.975306][T16156]        __lock_acquire+0x1397/0x2100
[  917.980662][T16156]        lock_acquire+0x1ed/0x550
[  917.985670][T16156]        __mutex_lock+0x1ac/0xee0
[  917.990683][T16156]        blk_register_queue+0x145/0x460
[  917.996214][T16156]        add_disk_fwnode+0x648/0xf80
[  918.001490][T16156]        md_alloc+0x78c/0xde0
[  918.006158][T16156]        md_alloc_and_put+0x18/0x1c0
[  918.011435][T16156]        blk_request_module+0x18d/0x1b0
[  918.016965][T16156]        blkdev_get_no_open+0x36/0xc0
[  918.022330][T16156]        bdev_file_open_by_dev+0x99/0x220
[  918.028034][T16156]        swsusp_check+0x5b/0x3f0
[  918.032964][T16156]        software_resume+0x4f/0x3d0
[  918.038159][T16156]        resume_store+0x3fe/0x710
[  918.043175][T16156]        kernfs_fop_write_iter+0x3a0/0x500
[  918.048973][T16156]        vfs_write+0xaeb/0xd30
[  918.053725][T16156]        ksys_write+0x18f/0x2b0
[  918.058563][T16156]        do_syscall_64+0xf3/0x230
[  918.063574][T16156]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.069982][T16156] 
[  918.069982][T16156] other info that might help us debug this:
[  918.069982][T16156] 
[  918.080194][T16156] Chain exists of:
[  918.080194][T16156]   &q->sysfs_lock --> &q->q_usage_counter(io)#49 --> &q->sysfs_dir_lock
[  918.080194][T16156] 
[  918.094378][T16156]  Possible unsafe locking scenario:
[  918.094378][T16156] 
[  918.101845][T16156]        CPU0                    CPU1
[  918.107203][T16156]        ----                    ----
[  918.112557][T16156]   lock(&q->sysfs_dir_lock);
[  918.117235][T16156]                                lock(&q->q_usage_counter(io)#49);
[  918.125128][T16156]                                lock(&q->sysfs_dir_lock);
[  918.132328][T16156]   lock(&q->sysfs_lock);
[  918.136660][T16156] 
[  918.136660][T16156]  *** DEADLOCK ***
[  918.136660][T16156] 
[  918.144807][T16156] 8 locks held by syz.5.2508/16156:
[  918.150000][T16156]  #0: ffff88806cc8e478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x254/0x320
[  918.159067][T16156]  #1: ffff8880353fc420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x225/0xd30
[  918.168044][T16156]  #2: ffff88807af3b088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1ea/0x500
[  918.177794][T16156]  #3: ffff88801d6ad3c8 (kn->active#75){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  918.187805][T16156]  #4: ffffffff8e7ef648 (system_transition_mutex){+.+.}-{4:4}, at: software_resume+0x45/0x3d0
[  918.198071][T16156]  #5: ffffffff8f064aa8 (major_names_lock){+.+.}-{4:4}, at: blk_request_module+0x33/0x1b0
[  918.207986][T16156]  #6: ffffffff8f995228 (disks_mutex){+.+.}-{4:4}, at: md_alloc+0x36/0xde0
[  918.216601][T16156]  #7: ffff888027a72d88 (&q->sysfs_dir_lock){+.+.}-{4:4}, at: blk_register_queue+0x67/0x460
[  918.226696][T16156] 
[  918.226696][T16156] stack backtrace:
[  918.232572][T16156] CPU: 1 UID: 0 PID: 16156 Comm: syz.5.2508 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  918.242979][T16156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  918.253028][T16156] Call Trace:
[  918.256299][T16156]  <TASK>
[  918.259221][T16156]  dump_stack_lvl+0x241/0x360
[  918.263894][T16156]  ? __pfx_dump_stack_lvl+0x10/0x10
[  918.269094][T16156]  ? __pfx__printk+0x10/0x10
[  918.273686][T16156]  print_circular_bug+0x13a/0x1b0
[  918.278704][T16156]  check_noncircular+0x36a/0x4a0
[  918.283637][T16156]  ? mark_lock+0x9a/0x360
[  918.287962][T16156]  ? __pfx_check_noncircular+0x10/0x10
[  918.293414][T16156]  ? lockdep_lock+0x123/0x2b0
[  918.298097][T16156]  ? mark_lock+0x9a/0x360
[  918.302419][T16156]  validate_chain+0x18ef/0x5920
[  918.307271][T16156]  ? __pfx_validate_chain+0x10/0x10
[  918.312461][T16156]  ? kernfs_add_one+0x156/0x8b0
[  918.317303][T16156]  ? __pfx_lock_release+0x10/0x10
[  918.322320][T16156]  ? up_write+0x1a9/0x590
[  918.326642][T16156]  ? look_up_lock_class+0x77/0x170
[  918.331754][T16156]  ? register_lock_class+0x102/0x980
[  918.337036][T16156]  ? up_write+0x1a9/0x590
[  918.341365][T16156]  ? __pfx_register_lock_class+0x10/0x10
[  918.346988][T16156]  ? __pfx_up_write+0x10/0x10
[  918.351661][T16156]  ? mark_lock+0x9a/0x360
[  918.355983][T16156]  __lock_acquire+0x1397/0x2100
[  918.360829][T16156]  lock_acquire+0x1ed/0x550
[  918.365319][T16156]  ? blk_register_queue+0x145/0x460
[  918.370511][T16156]  ? __pfx_lock_acquire+0x10/0x10
[  918.375523][T16156]  ? __pfx___might_resched+0x10/0x10
[  918.380802][T16156]  ? __pfx_internal_create_group+0x10/0x10
[  918.386598][T16156]  ? sysfs_create_dir_ns+0x1cf/0x3a0
[  918.391878][T16156]  __mutex_lock+0x1ac/0xee0
[  918.396373][T16156]  ? blk_register_queue+0x145/0x460
[  918.401562][T16156]  ? kernfs_get+0x5a/0x90
[  918.405885][T16156]  ? kobject_add_internal+0x5fb/0x8d0
[  918.411268][T16156]  ? blk_register_queue+0x145/0x460
[  918.416477][T16156]  ? __pfx___mutex_lock+0x10/0x10
[  918.421515][T16156]  ? kobject_add+0x152/0x220
[  918.426114][T16156]  ? kobject_init+0x83/0x1f0
[  918.430717][T16156]  blk_register_queue+0x145/0x460
[  918.435753][T16156]  add_disk_fwnode+0x648/0xf80
[  918.440523][T16156]  md_alloc+0x78c/0xde0
[  918.444683][T16156]  md_alloc_and_put+0x18/0x1c0
[  918.449453][T16156]  ? __pfx_md_probe+0x10/0x10
[  918.454128][T16156]  blk_request_module+0x18d/0x1b0
[  918.459148][T16156]  blkdev_get_no_open+0x36/0xc0
[  918.463994][T16156]  bdev_file_open_by_dev+0x99/0x220
[  918.469193][T16156]  swsusp_check+0x5b/0x3f0
[  918.473609][T16156]  software_resume+0x4f/0x3d0
[  918.478284][T16156]  resume_store+0x3fe/0x710
[  918.482786][T16156]  ? __pfx_resume_store+0x10/0x10
[  918.487812][T16156]  ? sysfs_kf_write+0x182/0x2a0
[  918.492656][T16156]  ? __pfx_sysfs_kf_write+0x10/0x10
[  918.497848][T16156]  kernfs_fop_write_iter+0x3a0/0x500
[  918.503135][T16156]  vfs_write+0xaeb/0xd30
[  918.507384][T16156]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  918.513187][T16156]  ? __pfx_vfs_write+0x10/0x10
[  918.517942][T16156]  ? __fget_files+0x2a/0x410
[  918.522530][T16156]  ? __fget_files+0x2a/0x410
[  918.527117][T16156]  ksys_write+0x18f/0x2b0
[  918.531445][T16156]  ? __pfx_ksys_write+0x10/0x10
[  918.536287][T16156]  ? do_syscall_64+0x100/0x230
[  918.541047][T16156]  ? do_syscall_64+0xb6/0x230
[  918.545728][T16156]  do_syscall_64+0xf3/0x230
[  918.550230][T16156]  ? clear_bhb_loop+0x35/0x90
[  918.554903][T16156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.560796][T16156] RIP: 0033:0x7fe74157e819
[  918.565205][T16156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.584802][T16156] RSP: 002b:00007fe7423fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  918.593210][T16156] RAX: ffffffffffffffda RBX: 00007fe741736160 RCX: 00007fe74157e819
[  918.601176][T16156] RDX: 0000000000000012 RSI: 0000000020000040 RDI: 0000000000000009
[  918.609140][T16156] RBP: 00007fe7415f175e R08: 0000000000000000 R09: 0000000000000000
[  918.617103][T16156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  918.625063][T16156] R13: 0000000000000000 R14: 00007fe741736160 R15: 00007ffd646be318
[  918.633034][T16156]  </TASK>
[  918.636129][    C1] vkms_vblank_simulate: vblank timer overrun
[  918.702966][T16156] block device autoloading is deprecated and will be removed.
[  918.710731][T16156] syz.5.2508: attempt to access beyond end of device
[  918.710731][T16156] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  918.723819][T16156] PM: Image not found (code -5)
[  918.809567][ T5892] usb 4-1: USB disconnect, device number 12