last executing test programs:

7m48.783506981s ago: executing program 0 (id=1):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000010c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000da78cef08c88fc79d877b9fd530acab7c5f67671f61d11481c1889c6eea08942b66b48be3f3dd1b57bb07459f899c92887a176b4925fe03b6d9ca70f17a359d21f90b2addcf5680918ee50167e6b9a9727b2a91e6c4e1d4dc83f926e44f03baeb55264c7fd2e01ef8de98fcb038fc28fe1a19e8cc64964b99bb9ea31eaf61f8ba8a713790d33fb0b1f9d9383ceda88b46a9e22a24f6d2742fb3c3a303b7eb0d64a884f4ddfdb3463165b82"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, 0x0, 0x8004)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00'}, 0x48)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
setuid(0xee01)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f0000000480)=@raw=[@cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffc}], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/consoles\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000000), 0x0, 0x2b, 0x0)

7m46.811769293s ago: executing program 0 (id=12):
syz_open_dev$loop(&(0x7f00000002c0), 0x2, 0xca680)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5c})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in6={0xa, 0x4622, 0x10001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xba99}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x118)
r5 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000600)={0x2, @pix={0x80000000, 0x5, 0x34424752, 0x0, 0x10000, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x3}})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
setrlimit(0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x800, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@metacopy_on}]})
syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r8}, 0x18)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r9, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)=ANY=[@ANYBLOB="39000000061401002a0fb65c2cc0bd70"], 0x38}, 0x1, 0x0, 0x0, 0x80c0}, 0x40080)

7m45.768766176s ago: executing program 0 (id=17):
r0 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r0, &(0x7f0000000100)={0x11, 0x4, 0x0, 0x1, 0x2}, 0x14)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000006c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
read$FUSE(0xffffffffffffffff, &(0x7f0000000900)={0x2020}, 0x2020)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r3=>r1, {0x1}}, './file0\x00'})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x46, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x5}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r6, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x1, 0x6, 0x2, 0x9, 0x2, 0x1}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r7, r4, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r8 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r9, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
r10 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000540), 0x86000, 0x0)
read(r10, &(0x7f0000002d40)=""/4096, 0x1000)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000080)='./file0/../file0\x00', 0x0)
write$FUSE_IOCTL(r8, &(0x7f0000000100)={0x20}, 0xfdef)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2200080, &(0x7f0000002400)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r8}})
r11 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000280), 0x121100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1d, 0x6, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xf}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @alu={0x0, 0x0, 0x2, 0x7, 0x5, 0x6}, @ldst={0x1, 0x2, 0x3, 0x3, 0x4, 0x100, 0x4}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x56, &(0x7f0000000140)=""/86, 0x41000, 0x50, '\x00', r2, @lsm=0x2b, r3, 0x8, &(0x7f0000000240)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, r7, r1, 0x8, &(0x7f0000000300)=[r8, r11, 0xffffffffffffffff], &(0x7f0000000340)=[{0x4, 0x1, 0xc, 0xb}, {0x5, 0x2, 0x0, 0x1}, {0x1, 0x2, 0x10, 0x2}, {0x3, 0x5, 0x0, 0x6}, {0x3, 0x4, 0x9, 0x8}, {0x4, 0x5, 0x1, 0x1}, {0x2, 0x5, 0x10, 0x3}, {0x1, 0x2, 0xb, 0xc}], 0x10, 0xe}, 0x94)

7m45.261472887s ago: executing program 0 (id=19):
r0 = socket$kcm(0xa, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYRESDEC=0x0, @ANYRES32=r0, @ANYRESHEX=r0, @ANYRES8=r0], 0x48)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
r2 = fsopen(&(0x7f00000000c0)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x8880, 0x0)
lseek(r6, 0x300, 0x2)
getdents(r6, 0x0, 0x58)

7m44.625017474s ago: executing program 0 (id=21):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x24, 0x0, r1, 0xb0b0b0b0}) (fail_nth: 4)

7m43.940636335s ago: executing program 32 (id=21):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x24, 0x0, r1, 0xb0b0b0b0}) (fail_nth: 4)

6m2.78554754s ago: executing program 4 (id=312):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async)
r0 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) (async)
read(r0, &(0x7f00000032c0)=""/4110, 0x100e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c00028008000140000000020800024000000016050003000000000020000180070001006374000014000280080002400000000d080004400000000c0900010073797a30000000000900028912526469effd17cc250073797a3200000000140000001100010000000000000000000500000a"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0) (async)
close(0xffffffffffffffff)

6m2.596952801s ago: executing program 4 (id=315):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000500)={'syztnl1\x00', &(0x7f0000000540)={'syztnl0\x00', 0x0, 0x2f, 0x46, 0x6, 0x81, 0x49, @dev={0xfe, 0x80, '\x00', 0xf}, @empty, 0x7, 0x10, 0x9, 0x5}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='f2fs_writepages\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0xf5ff, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
iopl(0x3)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r7}, 0x10)
syz_clone(0x160480, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b40000c08f81590399e14ee14d8b22aba200688bee4fe5358d9dc9e800", @ANYRES32=r8, @ANYBLOB="000900000000000014001a8009000100766c616e0000000004000480"], 0x34}, 0x1, 0x0, 0x0, 0x8008000}, 0x0)
r10 = socket$pptp(0x18, 0x1, 0x2)
ioctl$PPPIOCGCHAN(r10, 0x80047437, &(0x7f0000000000))

6m0.645737255s ago: executing program 4 (id=318):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b7040000000000008500000033"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r4}, 0x20)
ioctl$NBD_SET_FLAGS(r4, 0xab0a, 0x8)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000300))
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x7e)
close_range(r1, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0xfffffffc, {0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}}, 0x1c}}, 0x0)
syz_emit_ethernet(0x1f, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffff81f793350000000011424203"], 0x0)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r8, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

5m58.990790651s ago: executing program 4 (id=321):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x1, 0x80, 0x6, @remote}, 0x14)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

5m58.333105764s ago: executing program 4 (id=323):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0xac, 0x9b, 0xcc, 0x20, 0x18d1, 0x1eaf, 0x5abb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x7, 0x0, 0x80, 0xb, [{{0x9, 0x4, 0xbb, 0x6, 0x2, 0x3a, 0xe5, 0x4, 0x0, [], [{{0x9, 0x5, 0x7, 0x0, 0x20, 0x5, 0x0, 0xce}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x75, 0x1, 0x2}}]}}]}}]}}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x44, &(0x7f0000000a00)={0x40, 0xd, 0x2, "def0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff", @ANYRESDEC=0x0], 0x0)
syz_open_dev$loop(&(0x7f00000000c0), 0x3, 0x80)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)='f', 0x1}], 0x1)

5m57.768804065s ago: executing program 33 (id=323):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0xac, 0x9b, 0xcc, 0x20, 0x18d1, 0x1eaf, 0x5abb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x7, 0x0, 0x80, 0xb, [{{0x9, 0x4, 0xbb, 0x6, 0x2, 0x3a, 0xe5, 0x4, 0x0, [], [{{0x9, 0x5, 0x7, 0x0, 0x20, 0x5, 0x0, 0xce}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x75, 0x1, 0x2}}]}}]}}]}}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x44, &(0x7f0000000a00)={0x40, 0xd, 0x2, "def0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff", @ANYRESDEC=0x0], 0x0)
syz_open_dev$loop(&(0x7f00000000c0), 0x3, 0x80)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)='f', 0x1}], 0x1)

5m57.397809972s ago: executing program 34 (id=325):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180200000000b90400000000001000008500000036000000850000000500000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5m57.380747232s ago: executing program 35 (id=327):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000f98500000006000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=<r1=>0x1, 0xc, 0x1, 0x72, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r2=>0x0}, 0x40)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r4 = io_uring_setup(0x24cc, &(0x7f0000000140))
r5 = dup3(r3, r4, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x4004550c, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r6=>0x0})
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@ifindex=r6, r0, 0x7, 0x8, 0x0, @void, @value=r0, @void, @void, r2}, 0x20)
unshare(0x480)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000740)="ba37bc6e74cc160f3f46dd21efc8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@newlink={0x54, 0x10, 0x401, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xffffffffffffff0e, 0x1, {0x3, 0x7e}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x7}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x54}, 0x1, 0x0, 0x0, 0x404c8e0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r10 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r10, 0x29, 0x12, 0x0, 0xff06)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x3c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}]}]}], {0x14}}, 0x64}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)=r7}, 0x20)

5m15.848228089s ago: executing program 6 (id=324):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4affeeaf541d002007000000", @ANYRES32=r1], 0x44}}, 0x0)

5m12.552095707s ago: executing program 36 (id=400):
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x80)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="5c00000014006b030231a6080c000af32c00e3f629c7b091ea1638d40df9056873fd7dc72e13bbb44a16d1009dfff1fc0000f800250f02000f00edaa000057d34060bc24cdb556bd05251e6194949a2756f475ce36c2ed1000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

5m12.54776693s ago: executing program 37 (id=334):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB])
chdir(&(0x7f0000002300)='./file0\x00')
stat(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

5m12.533388573s ago: executing program 38 (id=324):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4affeeaf541d002007000000", @ANYRES32=r1], 0x44}}, 0x0)

5m1.953487811s ago: executing program 1 (id=416):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x2})
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})

5m0.690256245s ago: executing program 1 (id=417):
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESDEC, @ANYRESOCT], 0x68}, 0x1, 0x0, 0x0, 0x24048084}, 0x4000082)
syz_emit_ethernet(0x12, &(0x7f0000000440)=ANY=[], 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408)
prlimit64(0x0, 0x9, &(0x7f0000000140)={0xfffffffffffff2fc, 0x8e}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000000001)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f00000000c0)=0x10001, 0x12)
setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000200)=0x6, 0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
r5 = fsopen(0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000600)=[@exit_looper, @decrefs={0x40046307, 0x1}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={@fd={0x66642a85, 0x0, r5}, @fda={0x66646185, 0x9, 0x0, 0x3}, @fda={0x66646185, 0x7, 0x0, 0x23}}, &(0x7f0000000380)}}, @free_buffer, @request_death={0x400c630e, 0x1}, @exit_looper], 0x46, 0x0, 0x0})
r7 = dup3(r6, r3, 0x80000)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs2/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
connect$unix(r2, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

4m59.764427094s ago: executing program 1 (id=418):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x1a0, 0x4c, 0x1a, 0x1a0, 0x73, 0x300, 0x258, 0x258, 0x300, 0x258, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0x0, 0x0, 0xff], [0x0, 0xffffff00], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x138, 0x1a0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@unspec=@rateest={{0x68}, {'veth1_vlan\x00', 'veth0\x00', 0x24, 0x3, 0x8, 0x2, 0x39, 0x80000001, {0x8001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xe, 0xb, 0xc, 0xc07, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@icmp6={{0x28}, {0xc, "fc84"}}, @common=@icmp6={{0x28}, {0x0, "e1f6", 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x8000, 0x7, 0x18d, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x3c, r1, 0x5, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @crypto_settings, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_PBSS={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
unshare(0x2000080)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x84, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x30, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}]}, 0x84}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257075bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000071000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b257183fa3bcd48666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09601f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebd00000000000000005839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dcc718a09f4886afc26abba34635d0e8b54bc76be40d435aa8b5202db761014b1b999a12df6bee431a666100"/296], &(0x7f0000000100)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x7300, 0x4000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x4}, 0x28)
r6 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r7 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x10100000000001f, 0x2)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELCHAIN={0x60, 0x5, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_CHAIN_HOOK={0x3c, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_HOOK_DEV={0x14, 0x3, 'pimreg0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x20e0d434}, @NFTA_HOOK_DEV={0x14, 0x3, 'nicvf0\x00'}]}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x9}]}]}, @NFT_MSG_DELCHAIN={0x6c, 0x5, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x334e}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}]}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}]}, @NFT_MSG_DELOBJ={0xc4, 0x14, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_USERDATA={0x6c, 0x8, "80103e73f911c29108cff70fa41a8a3c075d96141fec0b5aaeaa272c4809eb86eafcb73fcf59f28ade8ca37c6d3956ff3fb2f7f59220881bb6fcd955a4721d1bfdb240a2c566f84adde8dc32f6a40ea3471b4a5d3f87e33c234072ba386fa2cefed26184877739ba"}, @NFTA_OBJ_USERDATA={0x16, 0x8, "f346ad9c2b1d9c1ee5708dfb857f5e3039a8"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}]}, @NFT_MSG_DELOBJ={0x8c, 0x14, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_USERDATA={0x14, 0x8, "23553cacc00478235012d0e5b80ea93b"}, @NFTA_OBJ_TYPE={0x8}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJ_USERDATA={0x11, 0x8, "7fca86f0eec2a4ac7c564556b0"}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x5, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWOBJ={0x18c, 0x12, 0xa, 0x101, 0x0, 0x0, {0xc61759ca96648a82, 0x0, 0x1}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_DATA={0x178, 0x4, 0x0, 0x1, [@NFTA_SECMARK_CTX={0x2f, 0x1, 'system_u:object_r:xserver_misc_device_t:s0\x00'}, @NFTA_SECMARK_CTX={0x28, 0x1, 'system_u:object_r:sulogin_exec_t:s0\x00'}, @NFTA_SECMARK_CTX={0x2c, 0x1, 'system_u:object_r:load_policy_exec_t:s0\x00'}, @NFTA_SECMARK_CTX={0x20, 0x1, 'system_u:object_r:root_t:s0\x00'}, @NFTA_SECMARK_CTX={0x2b, 0x1, 'system_u:object_r:user_cron_spool_t:s0\x00'}, @NFTA_SECMARK_CTX={0x20, 0x1, 'system_u:object_r:cert_t:s0\x00'}, @NFTA_SECMARK_CTX={0x2d, 0x1, 'system_u:object_r:public_content_rw_t:s0\x00'}, @NFTA_SECMARK_CTX={0x29, 0x1, 'system_u:object_r:utempter_exec_t:s0\x00'}, @NFTA_SECMARK_CTX={0x28, 0x1, 'system_u:object_r:syslogd_exec_t:s0\x00'}]}}], {0x14}}, 0x3e4}, 0x1, 0x0, 0x0, 0x800}, 0x200000cc)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000000)={0x88000102, 0x3})
ioctl$TCSETS(r6, 0x5402, &(0x7f00000000c0)={0x4, 0x3, 0x746, 0x6, 0xc, "f066dff2022a1234d1ff558eceda81b985846a"})
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2)
r9 = accept4$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000003c0)=0x14, 0x80800)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000400)={0x4, 0x3}, 0x4)
r10 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r11=>0x0})
connect$can_bcm(r10, &(0x7f00000000c0)={0x1d, r11}, 0x10)
sendmsg$can_bcm(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x230, 0x7, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{0x2}, 0x3, 0x3, 0x0, 0x0, "ae771958a0cb06cc"}}, 0x48}}, 0x20000000)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r12=>r7, {0xe1f9}}, './file0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r12, 0x400448c9, &(0x7f0000000280)={@any, 0xd})
ioctl$SCSI_IOCTL_STOP_UNIT(r8, 0x5319)

4m59.503841271s ago: executing program 1 (id=419):
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$userio(0xffffff9c, &(0x7f0000000080), 0x400, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0xfffffffc, 0xc}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000280)={{0xc, 0x4}, 0x0, [0x40000000, 0x0, 0x4, 0x3, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x2, 0x3, 0x4, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x4829d, 0x0, 0x0, 0x0, 0x0, 0x1000008000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffc, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x4, 0x0, 0x10000, 0x4, 0xfdfffffffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1, 0x20040000000, 0x0, 0x8, 0x80000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x100003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1075, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2, 0x3, 0x7, 0x0, 0x20, 0x6, 0xffffffff80000001, 0x2, 0x0, 0xfffffffffffffffc, 0x4]})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7", 0xf)
r4 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x1000000)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040), 0x0, 0x40800)

4m57.529567969s ago: executing program 1 (id=421):
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(0x0, 0x0)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000100)='ncpfs\x00', 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

4m57.23423575s ago: executing program 9 (id=402):
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000500)={0x0, 0x9}, 0x8)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
r6 = gettid()
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r7, &(0x7f0000000200)=""/202, 0xca)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}})
tkill(r6, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r7, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3})
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x13}, 0x1000000, 0x0, 0x0, 0xfd, 0x400}}, 0xe8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000340), 0x129202, 0x0)

4m56.771842568s ago: executing program 39 (id=402):
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000500)={0x0, 0x9}, 0x8)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
r6 = gettid()
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r7, &(0x7f0000000200)=""/202, 0xca)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}})
tkill(r6, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r7, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3})
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x13}, 0x1000000, 0x0, 0x0, 0xfd, 0x400}}, 0xe8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000340), 0x129202, 0x0)

4m56.728739167s ago: executing program 0 (id=403):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x1, 0x80, 0x6, @remote}, 0x14)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

4m56.40532581s ago: executing program 40 (id=403):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x4, 0x0, 0x1, 0x80, 0x6, @remote}, 0x14)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

4m56.380709047s ago: executing program 1 (id=424):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x2})
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})

4m56.380381819s ago: executing program 41 (id=424):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x2})
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})

4m56.371950062s ago: executing program 4 (id=405):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r0)
socket(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2c, 0x6, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYRES8=r4], 0x40}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000002300)='./file0\x00')
stat(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000004001b0000000c00228059fe00800400008006002100", @ANYRES8=r3], 0x28}, 0x1, 0x0, 0x0, 0x20000810}, 0x24000000)
bind$unix(r2, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f0000001ff0), 0x10)
r7 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r7, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1400000000000000100100000d0000004404f1a600000000"], 0x18}, 0x0)
sendmsg$can_bcm(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x20000078}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
sendmsg$can_bcm(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="07000010df1100008000060000200000c990bc0a8fbc35f4bf1fa3f35bb3859767314825edfa7a36360d05f39b350100000000000000b1b820ca82fbe43e21cdc745ff9d0c4e66bae60d913d9a210c28d5b3f63138040ad468518258ea06331f62f8d5", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000070000000000000000000000a8c7e9385559d457"], 0x48}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x44, r8, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x2}}, @FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20002801}, 0x800)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000010c0)={0x3c, r9, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}]}, 0x3c}}, 0x4)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000640)={0x28, r9, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x2a}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x88d0)

4m56.34884031s ago: executing program 42 (id=405):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r0)
socket(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2c, 0x6, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYRES8=r4], 0x40}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000002300)='./file0\x00')
stat(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000004001b0000000c00228059fe00800400008006002100", @ANYRES8=r3], 0x28}, 0x1, 0x0, 0x0, 0x20000810}, 0x24000000)
bind$unix(r2, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f0000001ff0), 0x10)
r7 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r7, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1400000000000000100100000d0000004404f1a600000000"], 0x18}, 0x0)
sendmsg$can_bcm(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x20000078}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
sendmsg$can_bcm(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="07000010df1100008000060000200000c990bc0a8fbc35f4bf1fa3f35bb3859767314825edfa7a36360d05f39b350100000000000000b1b820ca82fbe43e21cdc745ff9d0c4e66bae60d913d9a210c28d5b3f63138040ad468518258ea06331f62f8d5", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000070000000000000000000000a8c7e9385559d457"], 0x48}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x44, r8, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x2}}, @FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20002801}, 0x800)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000010c0)={0x3c, r9, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}]}, 0x3c}}, 0x4)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000640)={0x28, r9, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x2a}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x88d0)

1m2.557574958s ago: executing program 2 (id=979):
mq_open(&(0x7f0000000200)='5{$\x00)9\xe3\xc2\xaa\xf4\x88X\x93\x04\xf5<\x91\xac\xee\xe8\xb2~T)\x00\x00=\xb6\x8d3\x04\xe6\xf5U\xcf\x04\\,\x10\x87\xc2\x84}\xc4\\<:\x1cIR\xe0\xabN<\xd7\xcb(\xb5\x95\xbc\":\xcc\xe4wui\xf8\x02Ng.\n\x9dQ\x12\x8a\x9eh\x84\x14\x86\xd1v[\x89\x9aA\xdd\x94\x00\xf0)S\xb0E\x97\x9e\xe4\x06\x18M;hfWi3\xc9\xf9\r\xad\x81w\xf2\xe03\x96\xea\xca\xe7)\xde\x9a\xe9\t\xe1y\xb4\xd8\xda9BW\x9c\x14\x99Ii0W\x8e\x06\xc0\xf4-\xc0\xb6\xc8\x157K\xa8,1\x8d\x85\xbf\xd0\x03\x12*\vT\xc8\x9dv\'\xfc\xbe\t\x93\xff\xeeD\xc4\xceS\x1c\r\x88\xbd\xaf\x9f\x10\x96\xfd', 0x40, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0xffffffffffffff2b)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f00000000c0)={0x1, 0xfffffffe, 0x3, 0x7})

56.303905975s ago: executing program 2 (id=992):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @private1, 0x1000}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000980)={@flat=@weak_handle={0x77682a85, 0x1, 0x1}, @fd={0x70742a85, 0x0, r4}, @flat=@handle={0x73682a85, 0x0, 0x3}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x4e24, 0x3, 'sh\x00', 0x1, 0x6, 0x6d}, 0x2c)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040f04000404089512eafdee781f5cd4efc84cc6e6ff2b8511d293b9e95302f4a8cab44afad5b00553ad5fab8e4de2904fec0df368160cc71c8f38a8374e2eabb3"], 0x7)

55.201987103s ago: executing program 2 (id=995):
memfd_create(&(0x7f0000000440)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xbb\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x01@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1fY\xe5\xb00\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x06%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0xc)
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000040000106161154d00000000000109022400010000000009040000010300000009210000000122f80409058103"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c"], 0x20}}, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCFLSH(r2, 0x8910, 0x40000020001100)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0x7000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
copy_file_range(r5, &(0x7f0000000000)=0x3ff, r5, 0x0, 0x6, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000180), 0x203, 0x2581)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4000005, 0x40010, r1, 0xcd230000)

51.170311581s ago: executing program 2 (id=1003):
r0 = mq_open(&(0x7f000084dff0)='z\xbf\x17', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101})
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0xcc2}}, './file0\x00'})
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x90000) (async)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
write$tun(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="01800400060005000200aaab47fce2ed9a0000f725d22d06d6cae72015a5374b1775396f7db4d95b39977b45ce90e00065b96e03b0b4f4426a2d4a851d6e8d6400666176ad4573f597e7eaca0a3fa83e587376542eb68cd9e4d5665dd1cc7ad99449e12333c2ce4096"], 0x69)

49.977730253s ago: executing program 2 (id=1007):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(0x0, 0x7)
syz_open_dev$cec(0x0, 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f0000000180), 0x100, 0xffffffffffffffff, 0x4}, 0xffffff81)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0xfffffffffffffe2d, &(0x7f0000000000)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x25}}, [@NFT_MSG_NEWTABLE={0xc0, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_USERDATA={0xa9, 0x6, "8c2e685b3142777a1bb4f4d8da818ee68aa581421ce09c143677b843c899b4f91ecea97fd263b26693ebbcc6a558865060773c8c6bbde43f5fee675ed2fd2479a2578897b3695a8279305a0e69c743f59bb651bce96905f98c6215d71c1ea13d862d4cd1ee0459af5ccb6d77915741c525ab4b3ef2634ed1a8d0235ed1e2979c9b01ae8880af4c8a98941bb1a2e789596dbae54fbbe7470c35f713405c0ee12bf56ff8c025"}]}, @NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x2}}, @NFT_MSG_NEWSETELEM={0x4c, 0x1e, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x6}, @NFTA_SET_ELEM_EXPRESSIONS={0x10, 0xb, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @ct={{0x7}, @void}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x148}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
open(0x0, 0x1850c0, 0x14e)
ioprio_get$pid(0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0xfffffffe, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r7}]}, 0x20}}, 0x0)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000140), 0x13f, 0x8}}, 0x20)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)

46.77250812s ago: executing program 2 (id=1014):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x7fffffe, 0x420, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

31.089812424s ago: executing program 43 (id=1014):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x7fffffe, 0x420, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

14.048933858s ago: executing program 3 (id=1109):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x21, 0x8, 0xc, 0xffffffff, 0x1}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000880)="9606c9aae8e7c5a2919a4702cce324f290d6d34520a5f04a65e6fbb7967635f97bc31744383de3db9eb4e2ad3ee85a3deaeb83c29be60539e6f3cbcb7b98613b8ed70b4d6b59467aceb15cfcd4821285284cc6dc8524cf0cd03d66ec3a63b19e76d6f99dbfab7bc7473c8bc3c8c08628964d47010c3c22c611bcd4b0dd684ca306eedd56383d", 0x10005, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001c0035742bbd7000fedbdf2502000000", @ANYRES32=r4, @ANYBLOB="1e002606080001"], 0x24}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000004)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001c0035742baa2a00fedbdf2502000000", @ANYRES32=r4, @ANYBLOB='!'], 0x24}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r6, &(0x7f0000000380), &(0x7f0000000040)=@udp=r7}, 0x20)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r7, 0x0)
read$msr(r7, &(0x7f0000000940)=""/130, 0x82)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x2d, 0xb, 0x0, 0x0, {0x2}, [@typed={0x8, 0x3, 0x0, 0x0, @u32=0x10004}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x88H'}]}]}, 0x28}}, 0x8000)
sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400c0)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c40)=@bpf_lsm={0x1d, 0x17, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x8, 0x1000, &(0x7f0000000e80)=""/4096, 0x40f00, 0x44, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x1, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x2, 0xd, 0x4, 0xc8}, 0x10, 0xffffffffffffffff, 0x0, 0x9, 0x0, &(0x7f0000000980)=[{0x4, 0x1, 0x2, 0x9}, {0x3, 0x1, 0x10, 0x4}, {0x3, 0x1, 0x3, 0xb}, {0x2, 0x2, 0xf, 0x3}, {0x4, 0x4, 0xd, 0x7}, {0x5, 0x1, 0x2, 0x5}, {0x5, 0x5, 0x4, 0x9}, {0x0, 0x5, 0x75, 0x4}, {0xffffffff, 0x5, 0x9, 0x3}], 0x10, 0x2}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000640)=@o_path={&(0x7f00000001c0)='./file0/../file0/file0\x00', r10, 0x4000, r2}, 0x18)
read$FUSE(0xffffffffffffffff, &(0x7f0000004140)={0x2020, 0x0, <r11=>0x0, <r12=>0x0}, 0xfffffffffffffdc7)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3d4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b1ec1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cbbc44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af4180753388f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x4, 0x2, 0x3, 0x8, 0x9, 0x6, {0x5, 0x1, 0x97c, 0xfffffffffffffffd, 0x170, 0xdbf, 0x10, 0x0, 0x6, 0xc000, 0x2, r12}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$L2TP_CMD_SESSION_MODIFY(r3, &(0x7f0000000840)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000680)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010025bd7000fddbdf2507000000060003000f00000005000500010000000800090000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20004010}, 0x0)
sendfile(r1, 0xffffffffffffffff, &(0x7f0000000a40)=0x6, 0x9)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0x0, r11, {0x7, 0x27, 0x0, 0x801001a, 0x66d, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50)

12.965582594s ago: executing program 3 (id=1112):
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(0x0, 0x0)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000100)='ncpfs\x00', 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={0x0}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

9.843454928s ago: executing program 3 (id=1116):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000001c0), 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x8100)
ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464af, &(0x7f0000000340))
ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000080)={0x800})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x1000080002, 0x100000000000088)
socket$inet6(0xa, 0x802, 0x88)
openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x900, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000080)=ANY=[], 0x118)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1000001, 0x12, r5, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_GETKMSGREDIRECT(r6, 0x541c, &(0x7f0000000000))
syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r4)
r7 = io_uring_setup(0x2c4c, &(0x7f00000000c0)={0x0, 0x2, 0x1000, 0x1000000, 0x204})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r7, 0x18, &(0x7f0000000000), 0x1)
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_INITSTATE(r8, 0x113, 0x4, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r9=>0x0})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.memory_pressure_enabled\x00', 0x26e1, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRESOCT=r0, @ANYBLOB="0315000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r10, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

8.389302264s ago: executing program 3 (id=1120):
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040e07072d0cffc90008def877f459cb8f489713bd73b12b9bb369c7fafaa7cf2f2dfecbeb8a4b984d854e90e0424128360407f6a7aa475784a2031d148bc343d1083f9bef6349f67e81b8a0e4da737102075a01dd6d362da4430e64f5a8c654d94379d3729b65595381dfe4e1b855c4c3c033a85e1f5efa3d2d68590b68c5ce23421eb3b77ba9fd970bd03d1fac7171a0b3684c28"], 0xa)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x33f}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x20, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)="711f664e185906a9b8e2818bb9b5", 0xe}, 0x1, 0x0, 0x0, 0x20040040}, 0x4044014)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
ioctl$SIOCAX25CTLCON(r3, 0x89e8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xae}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
clock_settime(0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioperm(0x0, 0x6, 0x2da3b9f3)
r5 = openat$binder_debug(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
fchown(r5, 0x0, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

6.934538503s ago: executing program 5 (id=1122):
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000653000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
tkill(0x0, 0x3f)
prlimit64(0x0, 0x1, &(0x7f0000000380)={0x9, 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(&(0x7f0000000240)=@md0, 0x0, &(0x7f0000000440)='cifs\x00', 0x800400, 0x0)
r2 = semget$private(0x0, 0x3, 0x2a0)
semctl$SEM_STAT_ANY(r2, 0x3, 0x14, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x4b8800, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000100)="81941e19292f035619a00da567d9f072c95ee47922a54378350bb2b1f7c14f19f5f163ebc680", 0x26}, {&(0x7f0000000500)="f27f037f68bd120e512f649bcac308024cdb58fe9c6746bd92f3b58bde754781b99ff8df9b29efd04a259a6d00e90a8a5697ecd8cfc1ef8b9d9d7748362735017beb2ab400ba3a25b35f30c56132af04d87581d8abd30a024967280c49d27852cd45133e3075d030d2682d7b939c10737b6da18a731839133de41d5f259a395245fa3a94ecf98c06e72b38d0bd57d26e26a87d5ea5caa2d9c36b902f9ea1305972d6fd5636a5f6197eb423f2ebd5c2ce97160ecb869c57634c6e58865a4b6ded7c07d6999fd2521784e837c060", 0xcd}, {&(0x7f0000000600)="09bd0378c41df94336730cef50081a2e214ce16c354efd15df104374f459f22fcf9cb7f650de0b79f8bbc29a8d641cfd611b8155dd38e121683330a6402300ea70b1922a7534ccd918a892f012c542ec9c244522c89b7c48471f7a9f6b01f0a34b8f534ce61f5c5cbced12ef9cd1eab7ca81", 0x72}, {&(0x7f00000002c0)="c4e37222a6555225ac305ad5c2c1f06dd1c1ca211bb76b648026d2c5d0fbffffa2ea575abdb26847c72e1abf4419ebcfafff57ce67", 0x35}], 0x4)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='net/ipv6_route\x00')
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050026bf700000000dfa0e6318e00116cdfac335000000080003009e6b15587e7974bda1eec7126cef5d7b245bcb2aeed8b5fca951e8051a", @ANYRES32=r7], 0x7c}}, 0x20008814)
io_setup(0xb, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002)
io_submit(0x0, 0x0, 0x0)
lseek(r3, 0x10001, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x0, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)
ioctl$VIDIOC_SUBDEV_S_CROP(r3, 0xc038563c, 0x0)

6.910526852s ago: executing program 3 (id=1123):
r0 = timerfd_create(0x6, 0x800)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x101091, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="120100005ab05740450c088085e10000000109021200b8dc0000000904"], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6.713279171s ago: executing program 5 (id=1124):
r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x29c)
r1 = open(0x0, 0x531343, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
syz_open_dev$vbi(0x0, 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000180)={0x70f040, 0x71f})
fcntl$setlease(r1, 0x400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)=<r2=>0x0)
fcntl$setsig(r0, 0xa, 0x22)
sched_setscheduler(r2, 0x3, 0x0)
syz_clone3(&(0x7f0000000280)={0x84080, &(0x7f0000000040), &(0x7f0000000300), 0x0, {0x19}, &(0x7f0000000340)=""/113, 0x71, &(0x7f00000001c0)=""/5, &(0x7f0000000200)=[0x0, 0x0], 0x2}, 0x58)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000768000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000e39000/0x1000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f000023d000/0x4000)=nil, &(0x7f00004fa000/0x4000)=nil, 0x0, &(0x7f00000021c0)=[{0x40, 0xffffffff, 0x4000000000000}], 0x1, 0x1c3, 0x0, 0x0, 0x15})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='loginuid\x00')
preadv(r4, 0x0, 0x0, 0x300, 0x0)
mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000b0c000/0x2000)=nil)
mlock(&(0x7f0000bfc000/0x3000)=nil, 0x3000)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000240)={'pcl724\x00', [0x10009e1, 0x2165, 0x4, 0x9, 0x88d7, 0x8008f, 0x1, 0x10, 0x1002, 0xffffffff, 0x408, 0x8, 0x344, 0x1, 0x7, 0x2, 0x8, 0x3, 0x8, 0x1, 0x100, 0xffffffff, 0x7, 0xe, 0x82, 0x1, 0xb0c4, 0x7df, 0xb, 0x400007, 0x8]})
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4002, 0x0, 0x0, 0x2)
timer_create(0x6, &(0x7f0000000080)={0x0, 0xf}, &(0x7f0000000000))
fremovexattr(0xffffffffffffffff, 0x0)
syz_clone(0x480, &(0x7f00000003c0)="bcafd66b87db33a5274fd2ed48ad6dc241107c694e9a0beda5c01d1f63bf76a7a34ea245988803f8acd457206db9a87c7eb07f3317e11134a1073a1a2dc4de7fd69d6d1348434206e80a85b2f06e7d1a0ceabef98cbd986a5b0060cf6ee2298569ede475bf3ac9fb5d72f2d50694626df40f8e", 0x73, &(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000540)="3b376fd990ffd688873ba13519ebea1c05a9dfef2468e5d8b1b4a2215d3b8c95863109cc84cae779e01e7f669ea245924cc0a537b5480ece8d3937f64136eb1e864892cd772d54f27fc2cc76811da7854b6e029b6796a4a28078e69a19f62cebe4ea55277fe05637e9eab32c05b08a33af49e8795330328ecebdb864bf27d54fdaa2e7df83ac88dd8b04a24a862032b3530a2724d978640639c65e924d823ac8d949337f327e124975b01492348613b6edbbb44d987932e78b89435b80f49096dd0912c77ce9f21a912ea937eecd31c59e1b59a3992bab132f8afd47c8a6c39d3ed86a45c20496900698e5d94a5e0519e294eb97d0da21431b20f328714f4bfde454bc96933572f907378785abd860763ba98efadb19277e1a58a2e3e0d798439e6cf021ed08c2664e17cafda1f12bc44066253a5432ed37160737a0c61f24bb9f404c9d0b1854da2d24f18dfa5103f2583ddf0c8ecb221e416ce04c622104d92e746999a59b94bbb53e3f9c075c42713544e86ad3527487ffb73dd3271b1b1adfcc61c5d9d04c5931cc0b219b764fb1ad285ad739775344a02354a69e1e04a05239029e797f8c5ff2ed3725c1d0f470bcb8ea7b1ebbb6ac5bb56a699d30d174f428c56951fcd79fe58c8b8fdd4b8f69aaa18656fecac41b276433222f896def9fa258340b3a9e67c206f58522fb4beaed10c6b2f32fc6d7a183013373564babd9ffb34e574782c491bd668bb07547f8d13b75294f3cb1f1aa866b9f67bd0d017e75c3bcbfba99fd1b886bea2623dd804e241fe0906b22ce500c1157bb3a5b86c5a136941d7eb85724fa7cf7db901a812d921653316d8548eabc29d971802d3e2ac7176f0b6553aa59e3a1f9374d3d0a820e648e028a744670575f9cd893f1c9a23e106c34bacc54a57e1edc756dae67da8504160ee79eda9268c24d588795d5fa40f5d1048e69d2066d9ad5c446a44f0e55d469351e210dd8d887511bedbcd85a12e06a5b75f3a0970fe26f1a276381bedca2199a838aa55d9ef14bb6b39b690c9181090386a84f20caaeb942613cc1fac6c631ac7040d72d219843085dc42534218ff93105793c88b51535ba870d38678d4d4bc8892e0d4ed519e67f400c2501e402f1134256422054bd5a6d9882ab1dd7185ce76acec98819cf3391eac01b59b86ae1e426fb296635e55bb5c1533e1bb038076e3fc1d3771722ee46268dfed5ea29aa88a3678d807241d5b1d2f669e7b9c2f28933e46e02fcc682d1d090dc7772305296c4f0c35d3b55018e04583230c879659f22f1e25cdd1ee4fb9a284ea827220f2f62c2ccfe84f6bd9e5b7aed13d94c849d27adab3fe6b9fcf6c91fd3c478ef7905c9d9d74b17758fae5e5ff11c427db3bccffcf257d4e3098b3642434e1fa27be9e7ddbc7168c08dc1056549926669bb8156ca487374714dd847028ffafc6540b039cf32c565465913fccd81de1e9caeb5e8b2d5f1f31fb3668cfc01612cf79e489f28149ada64f6320faab6c7883a00bcd75d7ea65376ece3db88214e750c249686d290cf7d9ff22fddd5ae2c206b5d11abfe9cad676959b1006c2c3dcffe8f4ef1045291dda3d2638e1f5f3a4b1378e639941113eb11a892bfd474dfab7581ad233100f66ee7eda5af50df009652c0bdb99341cf6e92103be98a1dd4665c96e3577916dcd8d4fa75151b56e0bf7a537db4abac88285d683dcb9aa4b52a4958eaf1d1068ee1e0f04934d3a2e22806f1047a0f4a2eabb44d239f2702302dafb16d8824a27076b15976399e1dc85236b06388c1702434b5181456db5f8a88386e4aeb29d1b60d4a35937c9710e4cf669a5ed146a80b4db76247cfd42893be89f823a8884ae5d3633adbca0dbade03459122d34485b28c251baace79b64849923e8764277e48550db94e209c82e814a7b995d75d00b268c0a74ff4020acfbb199c638be78752c29d23e1be38d3ba8a1bc7197dff5227aac4231370b320433d3d27bb3d7cb566d1457e41146bf14cf8075ceb7becb919c6a178d866cbaa986b7837e7b8e2f977b5ca47d18e27a6ce0c6dcbd6a42bf12dffc71a200214f140096902f7e5412b1ecafd0f3a3435825d771dd38cce60d4035563b1c1da104a14127a9cb5f53d6c8584ac42517bd257caa9924ed45e6b807f8f5bacf39e874644eb6265122555c0f41bf153748f44ef39d70cd595f79668b86f0940feb3505b89d3486c6338a991c080dc65c0a6c1f06b117145c8209ae01fc8ddee701d0d5cda807e2f78ff8fb6ee7219e7210f170c1cb104139451ad9af3baa3e60050af977f4d5457f265092365f8c2d4a31d75e0296c6ace841660d97a727603afddc09900b22963664291992d8ca1f633bd277aa97e3ef9fe18bb2309dcbe2959ca36b967591d9de2be0cbb36b9b8d055ad14f7ca03c98ae3e5558f61e00f7c483ebb6575cd9cbcbddaf7bdcfd0d22ba83f624f3c53824f3b8cf755172f7390ce0ea9142dd2f8cbf6bdce5742ea43096011b911e067d2375648370cdb1894e72cdc99a6be274075a64e7448595389d0c20ef46805bf3ee01abed1dde851832f1f0e33f91a8230f6c767fe244a98605375d25532838fc54de67383d73c75cdff05e8a9f11e1ac2deceecc30b56d02153280e3bd6af1130e1b73a6fb4eaa38b2e3dfc6fa29454204fffbd2263a73def376397619466e6e8b329390d15701c5a09a37846099eb2648d760d6045adddac51cdbd989e9d46434b36abc8432652a74cc4ac746fc43cbcc55d2597047917950c49f64d1ecd0f12b27540bebe24f76008c558b7e4b2e3a02c15cb6ca852ff03f03b801276f09094b639bc2c1f6893f4e59b5c60a58c797b3d8cb7415d275daeb5a43900f50c352fe446e276e71de4621b6f2bbc517d599fb9f03842aec2a65f6676548267b32cf3161ad23fa247206eaad3d7ff35726fc136c55be9f0a8e660be63549191713755bcc4273c017aad4a212d851c6a44fe2c7a4324e0085be9b71f7bd83f739bb069973d3a6c429bb17d14f2b05580c1117743070cfa63cfdcf7ffbd82eca879a12ab6479526dad2b17deeeab3f2ea68af534cebd2cbcd954c821bb06569b11a10f82cae11ed7f0e8acc1d6fdb19731f1b75bc4ac661b6b63f39c95bdcb89121c94f51160ac08abe1cfd955df98dcd6c226605177f6424b6e6cb03263a38e1511cb2254376a4e71ac802b3cefb1a122819f4faf8ca5559ab0a8a27a3c2d70a23ca72795648db4a39e587087fdbf2684f29d312a2539daca0d6b5b8c98422865546e3829f46c8a48ed122a7a432b9f83450e8b0f1118f0e73194b16ea35263b89f4bffdc2bcb1011f1b762ecd0d69bf646a034b79937e7febbdb7ab33e797fdd1163582c37a31bb21f0d0e4fb147efe9bdc2610e5b282c59624813f23e7185a3f00f29101d9eae3b4530b160df17c062aa997f11e45ba70733304f3c040e6767a2dfc3abf6eaa0842634c8703595787ccddefc719711c434f2fdef42caab2c8844ffd2cf7b97a4b5a416e77c6ca7e4de641184f0f386d67c7ae53612dbe8ef3b355d5903e2594d44111ef6f7c6c44d793b6aa2833a3bc51c4c719d070669ab7586c642ba5c00e7cac53564ed317329b46e08fd09fed4c5461cef2d1feccfac07761dc48536011c1a401df7a108169d56af673f84d0cee1ba392c25d28b6a8a988c907216c1e31f8a267ffe6734bdab3b504324bb40319d85fced01b68cd0375f4944f4a2def7a9c634ed826d7ef39155770d026bb0628f362805747397e7c322a8ff341e22455c9e504cf5517221c8aca0036b7edebc992c914116f6b9f83ed3e80665c195a46341ebe543279ddaa2a74a6a83f5e9f7706f1fa82c75f43cdf23836742d0185b4b7f5cd44d0a4812a73dafc930538f11d4a2751412cf9b273f8ee10f75fe435134019459c3e141fa9f6a307a1c0630af32a20c32ca0d4e51d5fe88be259392022cadc91e588ab8ad9b9d3cd28aff10777c5bce61cb22b8ca853649631a6da60780b705f644fca8b9967e2de66f3c7b785c8a86f0505b54962baf21c1cb66ff2f309e3a646905943c9d0c37dc3ffecc278dc022c8ea2a94a55fe7e287e8894904e53bee6d650f65a36529fc7a6f19dcb9c1b731807a2abfa758e5b3af26f6c83abb7c58428fb79f276b183133fe4537233c8e3311bb98a3d5ea57f89fdf9749fece8ae3f43de7cd45ee75841cbdfef97d932f1d569871910db7b41aa286cb98f5a98f7c1df7ddbde4169cf5f465adf834b4adc770c67b8bddc6974cd8d94de22d5d19d33684e1e75b89da2860215a49fa687731d385d7efa9623249f41602f0e12358d6c4a2ffa2c6cea3cd752fbca566472f9ba8511335d535e09d1fa20696c52d1062a5de37caada8e957ce540df48c83fbac3c0910e597f4dbcb86fa5195b8bc6da97de8171f921f5709d444f5a2b44b8d1fd76b7f6f4fb223c27a869c0fa3e2430587b62badbe59cdf0ef81e76e1e4b021b0b7d41cf01baeb37b0ffa52af8d411d5293182314d0df85cf33407b5b9e4e4a87e251b2219cff7a8a35ac02846ad530e2178e0565f114aab2d5b2fd8e774bb77e5aabac7f4a527ba78bf9cf6a343d81cafc4177522632ec11d0e472e282bd194e0918fb58106cf8c2a0297e354d304fabcc248ad448a66aab857b7fa7b59ee6afa2d4eea163f61e08e21c70ebd3c545c84fb13a28250ac9cddf9fffa61403300f34a973c71ea420b10454817e0d5a3f3d8a2a925dd12e5a9cd7321186b67a2348575795f0a2c89f8cdcca76f289e1855701d5b1b75023545d79d3af0c86ac890638b3668f59098153f67e707df52049b6862141d0aecfef65d79a7037c0fb0b4d0aa6ef632f493211b4d37eeeec540f86008260b658fe8d196fd7b1d77735b02258486286cfc2fba186a2326f6482f591173c947cf25f7c3e8a216f7b616c01bf85c1d95a646f3c283b69424be135328dcf5105e3d2e91a229928c56c86a756886ca83bece1816cdf813d681d9a4841414a820b7209947f38a7f39bb2fd30616a655762e97ac82f67a4f91a6c9063de298e1fa84c89bb37eae8d2b44a1ec59aae5069c215a466b4f239992e5a3e0bc5108d0f87b430ee04670ce4d7ccc9e9d14ca543e86fc746fbe831b555e75853ad8b9775cd4d8d454ea2a281691d79fdffbdb47fd047da74c296bda8e1c1421319d33632dfd27a96e1d44fc0d4d4f0eedbcfc8ba7f942fb8a1ea854006c309c72568308750c9f2c4c61752931b462ea718d0180edbe00414b6fcbf88333d9e52cd8fa3c942837b405f40f1e0cd772836806b480e31909e2e8725a84a1cae9f91c57d223f9cbef7447d3546b14a26fc02e6e962eb42219185652a1decd753ada3f9e9a190bc0bcc66519f1ffd98076ce4cf2493fda3a871831fb5e4aa7806872e1379f96abd53fd247a051aa18791b847e239d43b9ff29f0463c3e3b83ce887a09097efc7bbe847907885d6ac7cb1175759ce288868982128b1a4918a1925fd18959e703017301531f18063b15c0a853e02505f85163144ab4d31be136c3de2bec54f6feea8f552a341a235bd4ef5c472224d7da9f9fe779a48e628d13fe22f302c66fa5b1750c38954781c97c7bc3d2c0f7cc0c577f3929150a2e2c886a527b3fe19a5c9c52b0359712fcf6e94b9ea275906430a599b8dfd9455bf615ec29771ec078d89dedf5f8e945fbf1982dca9aadecf2312a2cb0829553208c4a0377b0b89e66bc2a29a1f1e9fd501cfc44f895ec6513103168ccec808d841526dfd896175e76128799508ed")

6.177163616s ago: executing program 7 (id=1125):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
ptrace(0x8, r0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='attr\x00')
fchdir(r3)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000540)={{0x1, 0x1, 0x18, r1, {0x800007}}, './file0\x00'})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000380009020000000000000000020003004d00000000000000100009800b0000007b26282f283a0000"], 0x2c}}, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt(r5, 0x110, 0x6, 0x0, 0x0)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

6.087358579s ago: executing program 8 (id=1126):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x405, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0xfc}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}, 0x30a}, 0x0)

5.04648414s ago: executing program 7 (id=1127):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004300)=@newtaction={0x88, 0x30, 0xffff, 0xfffffffc, 0x6000000, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0x6}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0xffffffffffffffff}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000e40)='ns\x00')
getdents(r2, 0x0, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x20000000000000ad, &(0x7f00000001c0)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200004}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x1, 0x4, 0x0, @vifc_lcl_addr=@remote, @remote}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r4, r3, 0x4}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000040), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
madvise(&(0x7f000027f000/0x1000)=nil, 0x1000, 0x19)
lseek(r6, 0x0, 0x4)
r7 = getpgrp(0x0)
syz_pidfd_open(r7, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000)=r7, 0x12)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0x6}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "1cb315f3c5e23d27d29a00dd397b5c11d4cf201c1a0619fc314514ab71788e4079fdbe4f2a0d60b83a7d04c1d709981110401e5e10685abbad9b6f18e303e902c77244658a099a36fa486760c4941ea7df64250af29a4935de76bc6b1c9735ff8243f088e67455ba14975d12e5903ceeb7a23d62ecb5253ad444ef726b58a00f13f22ccc84cc06c9912b621c3ddc5f3229dc84c0880b5c6faefe33413b34a146e592fc15ae234dac030f05bb99eab08dfd2cb5659c6fc21fb7da6c380165ddde4659e75538dc864a53f691e1d785d6e6f73a03abf2120bce67e2d50075fd0700000000000000335bdee19738a0c1fb79b77d00"}]}}]}, 0x14c}}, 0x0)

4.901545061s ago: executing program 8 (id=1128):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x300, 0xf5f9)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000140)=@x86={0xf0, 0x4, 0x1, 0x0, 0x80000000, 0x7f, 0x3, 0x3, 0x6, 0x2, 0xc, 0x40, 0x0, 0x2, 0xba, 0xd7, 0xff, 0x8, 0x8, '\x00', 0xab, 0xc0000000})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x9, 0x5)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = inotify_init()
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d41200000000000000290000003b000000", 0xfe60)
readv(r2, &(0x7f0000000140)=[{&(0x7f0000000340)=""/263, 0x107}], 0x1)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58007f67b5a3e100004af42c24b23191c2da9cf81960da7ef7f426c152dc271b73b5a8e086f9a9d9ab973c2ffdc37552627056f69f7d7ffdf44d89517665f42e1366a689531f1bf7802c4d429ffc2aac3216fd183c51855d02febab3d76c5b59470a5d5aa06500709e52061a465dcf83cd24794ace96afeb3ac5", @ANYRES32=0x0, @ANYRES64=r0], 0x58}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)

4.901100181s ago: executing program 3 (id=1129):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0xa, 0x3, 0x3a)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000877a00000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x8, 0x0, 0x401}, 0xc)
setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0xc, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200fefffffff8ffffff2f00320002000000000000000000000002000000000000000000000000000000fc020000000000000000000000000004030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r7}, 0x38)

4.727771648s ago: executing program 7 (id=1130):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r3 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0xfffffff5, 0x80, 0x200, 0x351}, &(0x7f0000002340)=<r4=>0x0, &(0x7f0000002380)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x567, 0x1000a387, 0x0, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r6}, 0x90)
exit(0xa)
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x2, "e6fd8258ffffb70a000000e2ff0000ff7800"})
r7 = dup(r2)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0xff)
bpf$PROG_LOAD(0x5, &(0x7f0000002280)={0x1f, 0x5, &(0x7f0000002240)=ANY=[@ANYRES64=r0, @ANYRESDEC=r1, @ANYRES16=r2, @ANYRESDEC, @ANYRES8=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x12, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000023c0)=[<r8=>0x0, 0x0, 0x0], 0x3})
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r9, &(0x7f0000000200)={0x2020}, 0x2020)
semget$private(0x0, 0x1, 0x210)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000002400)=[0x0, 0x0, 0x0, 0x0]})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x0)
setresuid(0x0, r10, 0x0)
getresgid(&(0x7f0000004540), &(0x7f0000004580), &(0x7f00000045c0))
r11 = getpid()
sched_setscheduler(r11, 0x2, &(0x7f0000000200)=0x7)
r12 = syz_open_procfs(r11, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000040)={'sit0\x00', <r13=>0x0, 0x20, 0x80, 0xffff, 0x2, {{0xb, 0x4, 0x3, 0x0, 0x2c, 0x66, 0x0, 0x3, 0xc21e7b23d62c6de8, 0x0, @multicast2, @broadcast, {[@noop, @timestamp_prespec={0x44, 0x14, 0x17, 0x3, 0x4, [{@remote, 0xe0}, {@loopback, 0x7}]}]}}}}})
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r14=>0x0}, 0x4000)
chown(&(0x7f00000003c0)='./file0\x00', r14, 0xee01)
setsockopt$inet6_IPV6_XFRM_POLICY(r12, 0x29, 0x23, &(0x7f0000000280)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e24, 0x2, 0x4e24, 0x9, 0x2, 0x80, 0xc0, 0x3b, r13, r14}, {0x7, 0x8, 0x1ff, 0x8, 0x9, 0xfff, 0x920, 0x9e8}, {0x0, 0x8000, 0xfffffffffffffffc, 0x9}, 0x5, 0x6e6bbf, 0x1, 0x0, 0x1}, {{@in=@multicast2, 0x4d3, 0x3c}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x3505, 0x1, 0x2, 0xf9, 0xfffffff0, 0x2, 0xc}}, 0xe8)

4.488775816s ago: executing program 5 (id=1131):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x37, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f00003d9000/0x1000)=nil, 0x1000, 0xb635773f04ebbeee, 0x4010, 0xffffffffffffffff, 0x6d32f000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x42, 0x4, 0x2c8, 0xffffffff, 0x0, 0x198, 0x198, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x4, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'netpci0\x00', 'syzkaller1\x00', {}, {}, 0x6, 0x1}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@remote, @multicast2, 0x0, 0xffffff00, 'veth1_macvtap\x00', 'ip6_vti0\x00'}, 0x0, 0xa0, 0x100, 0x0, {0x60010000}, [@common=@unspec=@connmark={{0x30}, {0x2, 0x4, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @empty, 0x0, 0xfffc, [0x16]}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x110)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$netlink(0x10, 0x3, 0x4)
write(r5, &(0x7f0000000140)="27000000140007f2030e0000120f0a0011000100f5fe001205010000078a151f75080039000500", 0x27)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0x10, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
bind$bt_rfcomm(r4, &(0x7f0000000100)={0x1f, @any, 0x6}, 0xa)
r6 = socket(0x1d, 0x2, 0x6)
socket(0x1d, 0x2, 0x6)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="38000000151401"], 0x38}}, 0x0)
bind$can_j1939(r6, &(0x7f0000000400)={0x1d, 0x0, 0x2}, 0x18)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
fchmodat(r4, &(0x7f00000000c0)='./file0\x00', 0x5c)

3.997703565s ago: executing program 8 (id=1132):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x18)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x13, 0xffffffffffffffff, 0x1000)

3.858190309s ago: executing program 8 (id=1133):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
io_setup(0x1, &(0x7f00000000c0)=<r1=>0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd11=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0), 0x18)
r2 = syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x0)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000001b00)={0x0})
io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000140)='-3', 0x2}])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x48}}, 0x40000)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x12}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r4)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f0000000600)={0x18, r5, 0x1, 0x70bd2a, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4c051}, 0xc0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x120040}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x300, 0x70bd28, 0x25dfdbfd}, 0x14}}, 0x40055)

3.767273528s ago: executing program 7 (id=1134):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x12)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d0000008f71daae68301aeaa6832a4252180100002020642500000000002020207b00000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
setresuid(0xee01, 0xee01, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4085}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=[@cred={{0x1c}}], 0x20, 0x4004}}], 0x2, 0xc0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
tee(r6, r9, 0x100000af5, 0x0)
close(r7)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001", @ANYBLOB], 0x48)
sysfs$1(0x1, &(0x7f0000000380)='@!!!]()$%}$[\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000400000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xc, 0xc}, {}, {0x5, 0x2}}}, 0x24}}, 0x40084)
r11 = memfd_create(&(0x7f00000009c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.E\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
write$binfmt_misc(r11, &(0x7f0000000180)="e502", 0x2)

3.441612904s ago: executing program 5 (id=1135):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, 0x0, 0x20048080)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd27, 0x300, {{@in=@multicast2, @in6=@empty, 0x1fe, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x8, 0x0, 0x2, 0x40}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)

2.620637847s ago: executing program 7 (id=1136):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
ptrace(0x8, r0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='attr\x00')
fchdir(r3)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000540)={{0x1, 0x1, 0x18, r1, {0x800007}}, './file0\x00'})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000380009020000000000000000020003004d00000000000000100009800b0000007b26282f283a0000"], 0x2c}}, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt(r5, 0x110, 0x6, 0x0, 0x0)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2.53571486s ago: executing program 8 (id=1137):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
ptrace(0x8, r0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='attr\x00')
fchdir(r3)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000540)={{0x1, 0x1, 0x18, r1, {0x800007}}, './file0\x00'})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000380009020000000000000000020003004d00000000000000100009800b0000007b26282f283a0000"], 0x2c}}, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt(r5, 0x110, 0x6, 0x0, 0x0)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2.48929334s ago: executing program 5 (id=1138):
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
syz_io_uring_setup(0x49c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}}, 0x0)
mount(&(0x7f00000000c0)=@sr0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='pstore\x00', 0x400, &(0x7f0000000280)='-#\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)=""/1, &(0x7f00000000c0)=0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006380)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x2026012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f9ffffff0000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
lseek(r5, 0x7, 0x1)
getdents64(r5, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0)

1.3369377s ago: executing program 7 (id=1139):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="bf020100000000006109000000000000040000000000000095000000000000004eac28e5cfc1644dd253d67a4c935d2cb39d25e9281c41d221d305008a5f"], &(0x7f0000003ff6)='GPL\x00', 0xe, 0xfd90, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe40}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000007bc0)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000000000000000000000000000000700000000f701e91bfd9948", @ANYRES32=0x0, @ANYBLOB="1011935784800000140003006e657464657673696d3000000000000014001400697036677265746170300000000000001800168014000180100002007d0200000f09000000000000"], 0x60}, 0x1, 0x0, 0x0, 0x20000084}, 0x4800)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
pipe(&(0x7f00000004c0))
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, 0x0)
ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, &(0x7f0000000000)={0x980915, 0x8, @value=0x3})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000009f00)=ANY=[@ANYBLOB="ffff0200", @ANYRES16=r3, @ANYBLOB="050026bd7000000000000f00000008000300", @ANYRES32=r4, @ANYBLOB="30000e0080000000ffffffffffff08021100000008021100000000000000000000000000640001007206030303030303080026006c09000008000c000008000d0000000000000000"], 0x64}}, 0x20000014)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
ioctl$BLKBSZSET(r7, 0x40081271, &(0x7f0000000100)=0x10000)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000480)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2b}}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3c}}], 0x20)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000280)=0x3fa, 0x4)
listen(r2, 0x4000007)
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000002c0)={<r8=>0x0, 0x1ff}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000380)={r8, 0x7, 0x7f}, &(0x7f00000003c0)=0x8)
recvmmsg(r2, &(0x7f0000000640)=[{{&(0x7f0000000400)=@hci, 0x80, &(0x7f0000000540)=[{&(0x7f00000004c0)}, {&(0x7f0000000500)=""/56, 0x38}], 0x2, &(0x7f0000000580)=""/185, 0xb9}, 0x9}], 0x1, 0x10020, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002cc0)=@newtaction={0x894, 0x30, 0xffff, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xfffffffc, 0x0, 0x0, 0x0, 0x20000, 0x733f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xcff, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x5, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x200, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1000, 0x0, 0x40, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b3, 0x0, 0xfffffffd, 0x0, 0x0, 0xffffffff, 0xfffffffd, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xd, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xb, 0x1000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80000, 0x9, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x80000000, 0x0, 0x0, 0x0, 0x10000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c692401, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x20000000, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0xd50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000006, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x4756, 0x4, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xd4, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c6d, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x4}], [@TCA_POLICE_TBF={0x3c, 0x1, {0xe, 0x3, 0x4, 0x80000004, 0x4, {0x5, 0x0, 0x8, 0x1, 0x7, 0x1f7}, {0x5, 0x0, 0x6, 0x800, 0x1ff, 0x4}, 0x2, 0x82e, 0x9}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x894}}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r10, 0x300, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x6e}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000d0}, 0x20008809)

1.215809173s ago: executing program 8 (id=1140):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000240)={0x0, 0x1, 0x6, @local}, 0x10)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
semtimedop(0x0, &(0x7f0000000180)=[{0x3, 0x1}], 0x1f4, &(0x7f0000000240)={0x0, 0x989680})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000000c0)={0x48, 0x5, r3})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r4, 0x400454c9, 0x1)
ioctl$TUNSETPERSIST(r4, 0x400454ce, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = fsopen(&(0x7f0000000400)='ext2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', 0x0, 0x0)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r6, &(0x7f0000000840)=@target={'target ', {'PCI:', 'b', ':', '3', ':', '1c', '.', '6'}}, 0x14)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000001ec0)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000380)='\xbd\x10\xe2\n\xc4\xa8\xa8?\a\x9e@O<\xf4s\x85~X\x85\xdc\x11\x04a\xf8\xa6f\x96nB\x02\x10+C$\f\xb3\xcc\xed\"M\xb6 V\xc5\x9a\x11o^\xda\xc8', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000001104000000002e"], 0x0, 0x37}, 0x20)

0s ago: executing program 5 (id=1141):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0)
close_range(r0, r1, 0x0) (async)
close_range(r0, r1, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) (async)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r4 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
shmat(r4, &(0x7f0000ffc000/0x2000)=nil, 0x4000) (async)
shmat(r4, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000fff000/0x1000)=nil)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x40, r5, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x40}, 0x1, 0x0, 0x0, 0x1004}, 0x0) (async)
sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x40, r5, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x40}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
syz_open_dev$MSR(&(0x7f0000000200), 0x6, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r6, 0xc018480b, 0x0)

kernel console output (not intermixed with test programs):

80 RDI: 0000000000000000
[  351.006702][ T8322] RBP: 00007f150b349090 R08: 00002000000047c0 R09: 0000000000000000
[  351.006716][ T8322] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  351.006729][ T8322] R13: 0000000000000000 R14: 00007f150a7b5fa0 R15: 00007ffed4dd73f8
[  351.006763][ T8322]  </TASK>
[  351.271128][ T5939] usb 9-1: device not accepting address 12, error -71
[  351.334398][  T978] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  351.337495][ T8324] netlink: 8 bytes leftover after parsing attributes in process `syz.8.595'.
[  351.445803][ T5932] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  351.446003][ T5909] usb 3-1: new low-speed USB device number 15 using dummy_hcd
[  351.578920][  T978] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  351.600543][ T5932] usb 6-1: config 0 has an invalid interface number: 207 but max is 0
[  351.618905][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.627243][ T5932] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.697155][  T978] usb 4-1: Product: syz
[  351.701593][  T978] usb 4-1: Manufacturer: syz
[  351.725938][ T5932] usb 6-1: config 0 has no interface number 0
[  351.744219][  T978] usb 4-1: SerialNumber: syz
[  351.841252][ T5932] usb 6-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  351.884981][  T978] usb 4-1: config 0 descriptor??
[  351.905099][ T5909] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  351.911026][ T5932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.961183][ T5909] usb 3-1: config 0 has an invalid descriptor of length 254, skipping remainder of the config
[  351.973351][ T5932] usb 6-1: Product: syz
[  351.996523][ T5932] usb 6-1: Manufacturer: syz
[  352.001637][ T5909] usb 3-1: config 0 has no interface number 0
[  352.011712][ T5932] usb 6-1: SerialNumber: syz
[  352.029045][ T5909] usb 3-1: too many endpoints for config 0 interface 255 altsetting 34: 244, using maximum allowed: 30
[  352.130860][ T5932] usb 6-1: config 0 descriptor??
[  352.211316][ T5932] qmi_wwan 6-1:0.207: probe with driver qmi_wwan failed with error -22
[  352.212328][ T5909] usb 3-1: config 0 interface 255 altsetting 34 has 0 endpoint descriptors, different from the interface descriptor's value: 244
[  352.236021][ T8313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.247301][ T5909] usb 3-1: config 0 interface 255 has no altsetting 0
[  352.247955][ T8313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.262140][ T5909] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  352.271279][  T978] hso 4-1:0.0: Failed to find BULK IN ep
[  352.284245][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.310349][ T5909] usb 3-1: config 0 descriptor??
[  352.314918][  T978] usb-storage 4-1:0.0: USB Mass Storage device detected
[  352.512841][ T5839] usb 4-1: USB disconnect, device number 25
[  352.544928][ T5902] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  353.532422][ T5909] usb 3-1: string descriptor 0 read error: -71
[  353.541578][ T5902] usb 8-1: config 0 has an invalid interface number: 207 but max is 0
[  353.552477][ T5902] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.568655][ T5909] usb 3-1: USB disconnect, device number 15
[  353.579459][ T5902] usb 8-1: config 0 has no interface number 0
[  353.593382][ T5902] usb 8-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  353.602645][ T5902] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.611022][ T5902] usb 8-1: Product: syz
[  353.619115][ T5902] usb 8-1: Manufacturer: syz
[  353.623812][ T5902] usb 8-1: SerialNumber: syz
[  353.642477][ T5902] usb 8-1: config 0 descriptor??
[  353.651813][ T5902] qmi_wwan 8-1:0.207: probe with driver qmi_wwan failed with error -22
[  355.490065][ T5910] usb 6-1: USB disconnect, device number 11
[  355.709727][ T5932] usb 8-1: USB disconnect, device number 9
[  356.031735][ T8365] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  356.171192][ T8369] random: crng reseeded on system resumption
[  356.394955][ T8372] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11
[  356.537417][ T8379] IPv6: NLM_F_CREATE should be specified when creating new route
[  357.224376][ T5939] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  357.334438][ T5932] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  357.506212][ T5939] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  357.523641][ T5939] usb 9-1: config 0 interface 0 has no altsetting 0
[  357.534422][  T978] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  357.550126][ T5939] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  357.559521][ T5939] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  357.568109][ T5932] usb 8-1: Using ep0 maxpacket: 16
[  357.577880][ T5939] usb 9-1: Product: syz
[  357.582473][ T5939] usb 9-1: Manufacturer: syz
[  357.589054][ T5939] usb 9-1: SerialNumber: syz
[  357.603474][ T5939] usb 9-1: config 0 descriptor??
[  357.615531][ T5939] usb 9-1: selecting invalid altsetting 0
[  358.617154][ T5980] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  358.671465][  T978] usb 3-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[  358.692143][  T978] usb 3-1: config 0 interface 0 has no altsetting 0
[  358.711861][ T5939] usb 9-1: USB disconnect, device number 14
[  358.754428][  T978] usb 3-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[  358.789322][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.805786][ T5980] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  358.826375][ T5980] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  358.856109][  T978] usb 3-1: config 0 descriptor??
[  358.873060][ T5980] usb 4-1: config 0 has no interface number 0
[  358.894029][ T5980] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  358.916844][ T5980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.934725][ T5980] usb 4-1: Product: syz
[  358.944736][ T5980] usb 4-1: Manufacturer: syz
[  358.956395][ T5980] usb 4-1: SerialNumber: syz
[  358.975318][ T5980] usb 4-1: config 0 descriptor??
[  358.993185][ T5980] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[  359.348459][  T978] apple 0003:05AC:027A.0004: hidraw0: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.2-1/input0
[  360.480145][  T981] usb 4-1: USB disconnect, device number 26
[  360.724157][ T5932] usb 8-1: unable to get BOS descriptor or descriptor too short
[  360.745547][ T5932] usb 8-1: unable to read config index 0 descriptor/start: -71
[  360.764380][ T5932] usb 8-1: can't read configurations, error -71
[  360.988852][ T8426] evm: overlay not supported
[  361.016871][ T8427] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  361.690955][ T8430] random: crng reseeded on system resumption
[  362.228504][ T8431] overlayfs: missing 'lowerdir'
[  362.327521][ T8431] could not allocate digest TFM handle blake2s-160
[  362.367949][ T8433] could not allocate digest TFM handle blake2s-160
[  362.575074][  T978] usb 3-1: USB disconnect, device number 16
[  362.692795][ T8447] input: syz0 as /devices/virtual/input/input12
[  362.749263][ T8447] input: failed to attach handler leds to device input12, error: -6
[  362.766077][ T8448] mkiss: ax0: crc mode is auto.
[  362.882928][ T8452] netlink: 4 bytes leftover after parsing attributes in process `syz.5.627'.
[  362.950418][ T8455] overlayfs: missing 'lowerdir'
[  363.584833][  T978] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  363.783528][  T978] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.761295][  T978] usb 8-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  364.775438][  T978] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.783948][  T978] usb 8-1: Product: syz
[  364.788449][  T978] usb 8-1: Manufacturer: syz
[  364.793530][  T978] usb 8-1: SerialNumber: syz
[  364.808956][  T978] usb 8-1: config 0 descriptor??
[  364.821264][  T978] ims_pcu 8-1:0.0: Missing CDC union descriptor
[  364.835780][  T978] ims_pcu 8-1:0.0: probe with driver ims_pcu failed with error -22
[  364.853802][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.036790][  T978] usb 8-1: USB disconnect, device number 12
[  365.078662][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.255924][ T5910] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  365.850038][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.006653][ T5910] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  366.026565][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.037840][ T5910] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024
[  366.049372][ T5910] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  366.059752][ T5910] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  366.071359][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.084099][ T8488] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received
[  366.182079][ T8481] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  366.229293][ T5910] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  366.232403][ T8490] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  366.370977][ T8494] random: crng reseeded on system resumption
[  366.482206][ T8492] vivid-000: disconnect
[  366.506402][ T8492] vivid-000: reconnect
[  366.568988][ T8498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  366.594942][ T8498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  366.635014][   T12] bridge_slave_1: left allmulticast mode
[  366.686022][   T12] bridge_slave_1: left promiscuous mode
[  366.779740][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  366.835085][   T12] bridge_slave_0: left allmulticast mode
[  366.881825][   T12] bridge_slave_0: left promiscuous mode
[  366.896065][ T8480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  366.919711][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.926069][ T8480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  366.984934][  T978] usb 4-1: USB disconnect, device number 27
[  366.996205][ T8501] IPv6: addrconf: prefix option has invalid lifetime
[  367.412081][   T30] audit: type=1326 audit(1753417402.064:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8505 comm="syz.8.642" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f150a58e9a9 code=0x0
[  367.445849][ T8507] kvm: user requested TSC rate below hardware speed
[  367.968972][ T8512] random: crng reseeded on system resumption
[  368.372526][ T5839] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  368.464348][ T8519] random: crng reseeded on system resumption
[  368.526728][ T8519] FAULT_INJECTION: forcing a failure.
[  368.526728][ T8519] name failslab, interval 1, probability 0, space 0, times 0
[  368.541045][ T8519] CPU: 1 UID: 0 PID: 8519 Comm: syz.8.645 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  368.541077][ T8519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  368.541090][ T8519] Call Trace:
[  368.541098][ T8519]  <TASK>
[  368.541106][ T8519]  dump_stack_lvl+0x189/0x250
[  368.541137][ T8519]  ? __pfx____ratelimit+0x10/0x10
[  368.541161][ T8519]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.541185][ T8519]  ? __pfx__printk+0x10/0x10
[  368.541221][ T8519]  ? __pfx___might_resched+0x10/0x10
[  368.541245][ T8519]  ? fs_reclaim_acquire+0x7d/0x100
[  368.541278][ T8519]  should_fail_ex+0x414/0x560
[  368.541307][ T8519]  should_failslab+0xa8/0x100
[  368.541334][ T8519]  __kmalloc_noprof+0xcb/0x4f0
[  368.541353][ T8519]  ? kfree+0x4d/0x440
[  368.541383][ T8519]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  368.541418][ T8519]  tomoyo_realpath_from_path+0xe3/0x5d0
[  368.541449][ T8519]  ? tomoyo_domain+0xda/0x130
[  368.541489][ T8519]  tomoyo_path_perm+0x213/0x4b0
[  368.541513][ T8519]  ? tomoyo_path_perm+0x1e3/0x4b0
[  368.541535][ T8519]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  368.541600][ T8519]  ? __pfx_current_check_access_path+0x10/0x10
[  368.541648][ T8519]  tomoyo_path_rmdir+0xa2/0xe0
[  368.541680][ T8519]  ? __pfx_tomoyo_path_rmdir+0x10/0x10
[  368.541725][ T8519]  security_path_rmdir+0x167/0x360
[  368.541763][ T8519]  do_rmdir+0x219/0x630
[  368.541793][ T8519]  ? __pfx_do_rmdir+0x10/0x10
[  368.541822][ T8519]  ? getname_flags+0x1e5/0x540
[  368.541853][ T8519]  __x64_sys_rmdir+0x47/0x50
[  368.541873][ T8519]  do_syscall_64+0xfa/0x3b0
[  368.541898][ T8519]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.541917][ T8519]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  368.541937][ T8519]  ? clear_bhb_loop+0x60/0xb0
[  368.541964][ T8519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.541986][ T8519] RIP: 0033:0x7f150a58e9a9
[  368.542006][ T8519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.542026][ T8519] RSP: 002b:00007f15083f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[  368.542049][ T8519] RAX: ffffffffffffffda RBX: 00007f150a7b6160 RCX: 00007f150a58e9a9
[  368.542065][ T8519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0
[  368.542079][ T8519] RBP: 00007f15083f6090 R08: 0000000000000000 R09: 0000000000000000
[  368.542092][ T8519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.542104][ T8519] R13: 0000000000000000 R14: 00007f150a7b6160 R15: 00007ffed4dd73f8
[  368.542139][ T8519]  </TASK>
[  368.542158][ T8519] ERROR: Out of memory at tomoyo_realpath_from_path.
[  369.031642][ T5839] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  370.344433][ T5839] usb 4-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00
[  370.353555][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.497964][ T5839] usb 4-1: config 0 descriptor??
[  371.115283][ T8527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.124060][ T8527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.772850][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.854773][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.920478][   T12] bond0 (unregistering): Released all slaves
[  371.926878][ T8537] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (pcl812)
[  372.015663][ T8537] netlink: 8 bytes leftover after parsing attributes in process `syz.7.649'.
[  372.400750][ T8533] comedi comedi2: pcl724: I/O port conflict (0x10009e1,4)
[  372.454790][   T30] audit: type=1326 audit(1753417407.074:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8539 comm="syz.8.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f150a58e9a9 code=0x7ffc0000
[  372.484823][ T8542] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  372.603097][   T30] audit: type=1326 audit(1753417407.074:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8539 comm="syz.8.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f150a58e9a9 code=0x7ffc0000
[  372.655866][ T8542] random: crng reseeded on system resumption
[  372.734528][   T30] audit: type=1326 audit(1753417407.084:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8539 comm="syz.8.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7f150a58e9a9 code=0x7ffc0000
[  372.764920][  T978] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  372.869966][   T12] hsr_slave_0: left promiscuous mode
[  372.908391][   T12] hsr_slave_1: left promiscuous mode
[  372.920119][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  372.944514][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  372.958017][  T978] usb 9-1: device descriptor read/64, error -71
[  372.971389][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  372.983410][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  373.078488][ T5839] usbhid 4-1:0.0: can't add hid device: -71
[  373.101856][   T12] veth1_macvtap: left promiscuous mode
[  373.135659][ T5839] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  373.154063][ T5839] usb 4-1: USB disconnect, device number 28
[  373.175602][   T12] veth0_macvtap: left promiscuous mode
[  373.205631][  T978] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  373.218983][   T12] veth1_vlan: left promiscuous mode
[  373.231259][   T12] veth0_vlan: left promiscuous mode
[  373.355747][  T978] usb 9-1: device descriptor read/64, error -71
[  373.477086][  T978] usb usb9-port1: attempt power cycle
[  373.834422][  T978] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  373.880468][  T978] usb 9-1: device descriptor read/8, error -71
[  374.134549][  T978] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  374.424533][  T978] usb 9-1: device descriptor read/8, error -71
[  374.685860][  T978] usb usb9-port1: unable to enumerate USB device
[  375.836753][ T8586] misc userio: Invalid payload size
[  375.843680][ T8586] misc userio: Invalid payload size
[  375.850329][ T8586] misc userio: The device must be registered before sending interrupts
[  375.878638][ T8586] Bluetooth: MGMT ver 1.23
[  377.259805][ T8595] netlink: 44 bytes leftover after parsing attributes in process `syz.2.662'.
[  378.302794][   T12] team0 (unregistering): Port device team_slave_1 removed
[  378.461002][   T12] team0 (unregistering): Port device team_slave_0 removed
[  378.641091][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.647568][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  379.494372][ T8582] tap0: tun_chr_ioctl cmd 1074025677
[  379.499960][ T8582] tap0: linktype set to 805
[  379.525150][ T8584] tap0: tun_chr_ioctl cmd 1074025677
[  379.530863][ T8584] tap0: linktype set to 19
[  379.724798][ T8601] loop6: detected capacity change from 0 to 524287999
[  379.751598][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  379.802664][ T8604] veth0_to_bridge: entered promiscuous mode
[  379.824641][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  379.837164][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  379.964236][ T8603] syz.7.663: attempt to access beyond end of device
[  379.964236][ T8603] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  379.974606][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  380.155153][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  380.548594][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  380.829627][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.026273][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.631440][ T8601] ldm_validate_partition_table(): Disk read failed.
[  381.720679][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.755002][ T8601] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.763167][ T8601] Dev loop6: unable to read RDB block 0
[  381.775017][ T8600] veth0_to_bridge: left promiscuous mode
[  381.885838][ T8601]  loop6: unable to read partition table
[  381.914642][ T8601] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  382.458185][ T8623] netlink: 8 bytes leftover after parsing attributes in process `syz.7.667'.
[  383.370377][ T8641] misc userio: Invalid payload size
[  383.396551][ T8641] misc userio: Invalid payload size
[  383.415281][ T8641] misc userio: The device must be registered before sending interrupts
[  386.313120][ T8658] netlink: 48 bytes leftover after parsing attributes in process `syz.3.675'.
[  388.524388][ T5910] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  388.757869][ T5910] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  389.183710][ T5910] usb 9-1: config 0 has no interfaces?
[  389.190148][ T5910] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  389.206406][ T5910] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.232229][ T5910] usb 9-1: config 0 descriptor??
[  389.471115][ T8692] misc userio: Invalid payload size
[  389.477254][ T8692] misc userio: Invalid payload size
[  389.483438][ T8692] misc userio: The device must be registered before sending interrupts
[  391.312245][ T8707] netlink: 12 bytes leftover after parsing attributes in process `syz.2.688'.
[  392.603965][ T5910] usb 9-1: USB disconnect, device number 19
[  393.055569][ T8720] ksmbd: Unknown IPC event: 4, ignore.
[  394.324766][  T978] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  395.628288][  T978] usb 3-1: Using ep0 maxpacket: 32
[  395.796775][  T978] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  395.919123][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.066130][  T978] usb 3-1: Product: syz
[  396.086243][ T8728] Bluetooth: hci0: command 0x0406 tx timeout
[  396.095972][ T8728] Bluetooth: hci1: command 0x0406 tx timeout
[  396.103396][ T8728] Bluetooth: hci2: command 0x0406 tx timeout
[  396.232009][  T978] usb 3-1: Manufacturer: syz
[  396.356588][  T978] usb 3-1: SerialNumber: syz
[  396.569908][  T978] usb 3-1: config 0 descriptor??
[  396.772711][  T978] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  396.874409][ T8729] netlink: 4 bytes leftover after parsing attributes in process `syz.7.698'.
[  397.083705][  T978] gspca_stk1135: reg_w 0x2 err -71
[  397.100055][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.124399][  T978] gspca_stk1135: Sensor write failed
[  397.129819][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.194762][  T978] gspca_stk1135: Sensor write failed
[  397.202678][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.254372][  T978] gspca_stk1135: Sensor read failed
[  397.274602][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.320036][  T978] gspca_stk1135: Sensor read failed
[  397.346633][  T978] gspca_stk1135: Detected sensor type unknown (0x0)
[  397.364339][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.391168][  T978] gspca_stk1135: Sensor read failed
[  397.411485][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.441858][  T978] gspca_stk1135: Sensor read failed
[  397.469063][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.496934][  T978] gspca_stk1135: Sensor write failed
[  397.528962][  T978] gspca_stk1135: serial bus timeout: status=0x00
[  397.545101][  T978] gspca_stk1135: Sensor write failed
[  397.564231][  T978] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  397.603453][  T978] usb 3-1: USB disconnect, device number 17
[  397.695422][   T30] audit: type=1804 audit(1753417432.324:57): pid=8741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.8.701" name="/newroot/75/file1" dev="fuse" ino=1 res=1 errno=0
[  397.754867][   T30] audit: type=1800 audit(1753417432.324:58): pid=8741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.8.701" name="/" dev="fuse" ino=1 res=0 errno=0
[  397.804336][   T30] audit: type=1800 audit(1753417432.324:59): pid=8741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.8.701" name="/" dev="fuse" ino=1 res=0 errno=0
[  399.083521][ T8763] 9pnet: p9_errstr2errno: server reported unknown error �p
[  399.148737][ T8763] netlink: 60 bytes leftover after parsing attributes in process `syz.8.706'.
[  399.179731][ T8763] netlink: 28 bytes leftover after parsing attributes in process `syz.8.706'.
[  403.548609][ T8797] netlink: 4 bytes leftover after parsing attributes in process `syz.5.713'.
[  403.612250][ T8803] netlink: 4 bytes leftover after parsing attributes in process `syz.5.713'.
[  403.986883][ T8816] vivid-002: disconnect
[  404.750114][ T8811] vivid-002: reconnect
[  405.174635][ T8834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.722'.
[  405.187407][ T8835] netlink: 104 bytes leftover after parsing attributes in process `syz.2.722'.
[  405.981050][ T8852] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  406.245850][ T8854] netlink: 'syz.5.724': attribute type 1 has an invalid length.
[  406.374424][ T5932] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  406.668220][ T5932] usb 9-1: config 0 has an invalid descriptor of length 65, skipping remainder of the config
[  406.680950][ T5932] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  406.698006][ T5932] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  406.774885][ T5932] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.831472][ T5932] usb 9-1: config 0 descriptor??
[  407.611246][ T8882] netlink: 36 bytes leftover after parsing attributes in process `syz.3.729'.
[  408.093693][ T8848] delete_channel: no stack
[  408.102321][ T5932] usb 9-1: string descriptor 0 read error: -71
[  408.165092][ T5932] usb 9-1: USB disconnect, device number 20
[  408.609176][ T8893] netlink: 16 bytes leftover after parsing attributes in process `syz.3.733'.
[  409.244501][ T8899] netlink: 16 bytes leftover after parsing attributes in process `syz.2.734'.
[  409.889197][ T8910] hsr0 speed is unknown, defaulting to 1000
[  409.936333][ T8910] hsr0 speed is unknown, defaulting to 1000
[  409.953002][ T8910] hsr0 speed is unknown, defaulting to 1000
[  409.989503][ T8910] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  410.016337][ T8910] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  410.059555][ T8910] hsr0 speed is unknown, defaulting to 1000
[  410.069368][ T8910] hsr0 speed is unknown, defaulting to 1000
[  410.078612][ T8910] hsr0 speed is unknown, defaulting to 1000
[  410.087410][ T8910] hsr0 speed is unknown, defaulting to 1000
[  410.097004][ T8910] hsr0 speed is unknown, defaulting to 1000
[  410.110687][ T8910] hsr0 speed is unknown, defaulting to 1000
[  410.300407][ T8915] FAULT_INJECTION: forcing a failure.
[  410.300407][ T8915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.327832][ T8915] CPU: 1 UID: 0 PID: 8915 Comm: syz.7.740 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  410.327865][ T8915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  410.327879][ T8915] Call Trace:
[  410.327887][ T8915]  <TASK>
[  410.327897][ T8915]  dump_stack_lvl+0x189/0x250
[  410.327928][ T8915]  ? __pfx____ratelimit+0x10/0x10
[  410.327952][ T8915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.327976][ T8915]  ? __pfx__printk+0x10/0x10
[  410.328005][ T8915]  ? __might_fault+0xb0/0x130
[  410.328040][ T8915]  should_fail_ex+0x414/0x560
[  410.328067][ T8915]  _copy_from_user+0x2d/0xb0
[  410.328106][ T8915]  ___sys_sendmsg+0x158/0x2a0
[  410.328144][ T8915]  ? __pfx____sys_sendmsg+0x10/0x10
[  410.328218][ T8915]  ? __fget_files+0x2a/0x420
[  410.328242][ T8915]  ? __fget_files+0x3a0/0x420
[  410.328278][ T8915]  __x64_sys_sendmsg+0x19b/0x260
[  410.328314][ T8915]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  410.328359][ T8915]  ? __pfx_ksys_write+0x10/0x10
[  410.328376][ T8915]  ? rcu_is_watching+0x15/0xb0
[  410.328405][ T8915]  ? do_syscall_64+0xbe/0x3b0
[  410.328434][ T8915]  do_syscall_64+0xfa/0x3b0
[  410.328456][ T8915]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.328478][ T8915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.328500][ T8915]  ? clear_bhb_loop+0x60/0xb0
[  410.328525][ T8915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.328545][ T8915] RIP: 0033:0x7f7249f8e9a9
[  410.328564][ T8915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.328582][ T8915] RSP: 002b:00007f724ad5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  410.328604][ T8915] RAX: ffffffffffffffda RBX: 00007f724a1b5fa0 RCX: 00007f7249f8e9a9
[  410.328620][ T8915] RDX: 0000000020000000 RSI: 0000200000000a80 RDI: 0000000000000006
[  410.328634][ T8915] RBP: 00007f724ad5a090 R08: 0000000000000000 R09: 0000000000000000
[  410.328647][ T8915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.328659][ T8915] R13: 0000000000000000 R14: 00007f724a1b5fa0 R15: 00007ffe2827e968
[  410.328691][ T8915]  </TASK>
[  410.723882][ T8920] mmap: syz.8.742 (8920): VmData 37462016 exceed data ulimit 5. Update limits or use boot option ignore_rlimit_data.
[  410.771896][ T8920] netlink: 20 bytes leftover after parsing attributes in process `syz.8.742'.
[  410.865176][ T8926] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14
[  410.890355][  T978] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  411.065604][  T978] usb 8-1: Using ep0 maxpacket: 16
[  411.073546][  T978] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.087136][  T978] usb 8-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  411.103259][  T978] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.121133][  T978] usb 8-1: Product: syz
[  411.132026][  T978] usb 8-1: Manufacturer: syz
[  411.134610][ T5910] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  411.136820][  T978] usb 8-1: SerialNumber: syz
[  411.153069][  T978] usb 8-1: config 0 descriptor??
[  411.178015][  T978] port100 8-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  411.192679][ T8933] IPv6: NLM_F_REPLACE set, but no existing node found!
[  411.369885][ T5910] usb 6-1: config 0 has no interfaces?
[  412.053832][ T5910] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  412.063548][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.080504][ T5910] usb 6-1: Product: syz
[  412.093829][ T5910] usb 6-1: Manufacturer: syz
[  412.111915][ T5910] usb 6-1: SerialNumber: syz
[  412.404383][ T5910] usb 6-1: config 0 descriptor??
[  412.462958][ T8941] veth0: entered promiscuous mode
[  412.555402][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.749'.
[  413.285829][ T8927] netlink: 20 bytes leftover after parsing attributes in process `syz.5.743'.
[  413.967335][ T8954] netlink: 'syz.8.752': attribute type 29 has an invalid length.
[  414.015081][ T8954] netlink: 76 bytes leftover after parsing attributes in process `syz.8.752'.
[  414.482997][ T5839] usb 8-1: USB disconnect, device number 13
[  415.174392][ T5839] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  415.972208][ T5910] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  416.088699][ T5839] usb 3-1: config 0 has an invalid interface number: 29 but max is 0
[  416.101649][ T5839] usb 3-1: config 0 has no interface number 0
[  416.117480][ T5839] usb 3-1: config 0 interface 29 has no altsetting 0
[  416.304819][ T5910] usb 4-1: Using ep0 maxpacket: 8
[  416.328034][ T5839] usb 3-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  416.375137][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.421877][ T5839] usb 3-1: Product: syz
[  416.427692][ T5910] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  416.436270][ T5910] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  416.464317][ T5839] usb 3-1: Manufacturer: syz
[  416.470167][ T5910] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  416.480266][ T5839] usb 3-1: SerialNumber: syz
[  416.495614][ T5839] usb 3-1: config 0 descriptor??
[  416.500819][ T5910] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  416.727972][ T5910] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  417.396215][ T5910] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  417.406409][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.535982][ T8988] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_macvtap, syncid = 131076, id = 0
[  417.633176][  T978] usb 6-1: USB disconnect, device number 12
[  417.634420][ T5910] usb 4-1: usb_control_msg returned -71
[  417.699512][ T5910] usbtmc 4-1:16.0: can't read capabilities
[  417.765049][ T5910] usb 4-1: USB disconnect, device number 29
[  417.828937][ T8997] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6tnl0, syncid = 3, id = 0
[  418.105718][ T5902] usb 8-1: new full-speed USB device number 14 using dummy_hcd
[  418.165914][ T5910] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  418.245605][  T978] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  418.358402][ T5910] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  418.377544][ T5910] usb 4-1: config 0 has no interface number 0
[  418.389424][ T5902] usb 8-1: config 0 has an invalid interface number: 11 but max is 0
[  418.403177][ T5910] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  418.414320][  T978] usb 6-1: Using ep0 maxpacket: 16
[  418.420520][  T978] usb 6-1: too many configurations: 60, using maximum allowed: 8
[  418.432825][ T5902] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  418.448509][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.500801][  T978] usb 6-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  418.531408][  T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  418.558064][  T978] usb 6-1: Product: syz
[  418.572905][  T978] usb 6-1: Manufacturer: syz
[  418.574387][ T5910] usb 4-1: Product: syz
[  418.581871][ T5902] usb 8-1: config 0 has no interface number 0
[  418.610947][ T5902] usb 8-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64
[  418.622365][ T5910] usb 4-1: Manufacturer: syz
[  418.632483][  T978] usb 6-1: SerialNumber: syz
[  418.640199][ T5910] usb 4-1: SerialNumber: syz
[  418.660212][ T5902] usb 8-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  418.674380][ T5910] usb 4-1: config 0 descriptor??
[  418.700758][ T5902] usb 8-1: config 0 interface 11 has no altsetting 0
[  418.722561][  T978] usb 6-1: config 0 descriptor??
[  418.727939][ T5902] usb 8-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  418.757142][  T978] pwc: Philips SPC 880NC USB webcam detected.
[  418.989611][  T978] pwc: Warning: more than 1 configuration available.
[  419.001570][  T978] pwc: Failed to set LED on/off time (-71)
[  419.144747][ T5932] usb 9-1: new full-speed USB device number 21 using dummy_hcd
[  419.690516][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.714891][ T5902] usb 8-1: config 0 descriptor??
[  419.724368][ T5932] usb 9-1: config 0 has an invalid interface number: 207 but max is 0
[  419.733968][ T5932] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  419.751114][ T5910] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  419.760780][  T978] pwc: send_video_command error -71
[  419.770653][ T5910] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  419.776316][  T978] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  419.805047][ T5910] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  419.823365][ T5932] usb 9-1: config 0 has no interface number 0
[  419.840156][ T5910] usb 4-1: media controller created
[  419.843746][  T978] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  419.884869][ T5932] usb 9-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  419.925407][ T5932] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.942873][  T978] usb 6-1: USB disconnect, device number 13
[  419.959854][ T8995] ip6gre1: entered promiscuous mode
[  419.965206][ T8995] ip6gre1: entered allmulticast mode
[  420.002308][ T5902] usb 8-1: can't set config #0, error -71
[  420.013089][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  420.013534][ T5932] usb 9-1: Product: syz
[  420.067905][ T5932] usb 9-1: Manufacturer: syz
[  420.074469][ T5902] usb 8-1: USB disconnect, device number 14
[  420.082877][ T5932] usb 9-1: SerialNumber: syz
[  420.109624][ T5932] usb 9-1: config 0 descriptor??
[  420.134394][ T5932] qmi_wwan 9-1:0.207: probe with driver qmi_wwan failed with error -22
[  420.473984][ T5839] peak_usb 3-1:0.29 can0: unable to request usb[type=0 value=1] err=-71
[  420.498252][ T5839] peak_usb 3-1:0.29: unable to read PCAN-USB X6 firmware info (err -71)
[  420.595440][ T5839] peak_usb 3-1:0.29: probe with driver peak_usb failed with error -71
[  420.614198][ T9016] fuse: Unknown parameter '0xffffffffffffffff0x0000000000000004'
[  420.634325][ T5839] usb 3-1: USB disconnect, device number 18
[  420.900092][ T9023] overlayfs: failed to resolve './file1': -2
[  421.276395][ T5910] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  421.420199][ T5910] usb 4-1: USB disconnect, device number 30
[  421.441532][ T9033] binder: 9032:9033 ioctl c018620c 200000000000 returned -22
[  421.464413][ T5902] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  422.158817][ T5932] usb 9-1: USB disconnect, device number 21
[  422.454418][ T5902] usb 6-1: Using ep0 maxpacket: 16
[  423.430498][ T5902] usb 6-1: config 1 has an invalid descriptor of length 140, skipping remainder of the config
[  423.569548][ T5902] usb 6-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  423.584145][ T5902] usb 6-1: config 1 interface 0 has no altsetting 0
[  423.761590][ T5902] usb 6-1: string descriptor 0 read error: -22
[  423.777935][ T5902] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  423.797370][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.804534][ T5980] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  424.237734][ T9046] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  424.794426][ T5980] usb 9-1: device descriptor read/64, error -71
[  425.065827][ T5980] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  425.149737][ T9050] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input15
[  425.245589][ T5980] usb 9-1: device descriptor read/64, error -71
[  425.285309][ T9053] FAULT_INJECTION: forcing a failure.
[  425.285309][ T9053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.298679][ T9053] CPU: 1 UID: 0 PID: 9053 Comm: syz.2.780 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  425.298709][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  425.298726][ T9053] Call Trace:
[  425.298737][ T9053]  <TASK>
[  425.298745][ T9053]  dump_stack_lvl+0x189/0x250
[  425.298770][ T9053]  ? irqentry_exit+0x74/0x90
[  425.298791][ T9053]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.298826][ T9053]  should_fail_ex+0x414/0x560
[  425.298849][ T9053]  _copy_from_iter+0x1db/0x16f0
[  425.298876][ T9053]  ? rcu_is_watching+0x15/0xb0
[  425.298895][ T9053]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  425.298916][ T9053]  ? __pfx__copy_from_iter+0x10/0x10
[  425.298940][ T9053]  ? __build_skb_around+0x257/0x3e0
[  425.298968][ T9053]  ? netlink_sendmsg+0x642/0xb30
[  425.298992][ T9053]  ? skb_put+0x11b/0x210
[  425.299020][ T9053]  netlink_sendmsg+0x6b2/0xb30
[  425.299053][ T9053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.299085][ T9053]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  425.299109][ T9053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.299135][ T9053]  __sock_sendmsg+0x21c/0x270
[  425.299159][ T9053]  ____sys_sendmsg+0x505/0x830
[  425.299191][ T9053]  ? __pfx_____sys_sendmsg+0x10/0x10
[  425.299227][ T9053]  ? import_iovec+0x74/0xa0
[  425.299260][ T9053]  ___sys_sendmsg+0x21f/0x2a0
[  425.299290][ T9053]  ? __pfx____sys_sendmsg+0x10/0x10
[  425.299353][ T9053]  ? __fget_files+0x2a/0x420
[  425.299373][ T9053]  ? __fget_files+0x3a0/0x420
[  425.299401][ T9053]  __x64_sys_sendmsg+0x19b/0x260
[  425.299430][ T9053]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  425.299470][ T9053]  ? __pfx_ksys_write+0x10/0x10
[  425.299487][ T9053]  ? rcu_is_watching+0x15/0xb0
[  425.299511][ T9053]  ? do_syscall_64+0xbe/0x3b0
[  425.299534][ T9053]  do_syscall_64+0xfa/0x3b0
[  425.299553][ T9053]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.299571][ T9053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.299588][ T9053]  ? clear_bhb_loop+0x60/0xb0
[  425.299608][ T9053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.299625][ T9053] RIP: 0033:0x7f7ea058e9a9
[  425.299641][ T9053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.299657][ T9053] RSP: 002b:00007f7ea14d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.299676][ T9053] RAX: ffffffffffffffda RBX: 00007f7ea07b5fa0 RCX: 00007f7ea058e9a9
[  425.299689][ T9053] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000003
[  425.299701][ T9053] RBP: 00007f7ea14d3090 R08: 0000000000000000 R09: 0000000000000000
[  425.299712][ T9053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.299722][ T9053] R13: 0000000000000000 R14: 00007f7ea07b5fa0 R15: 00007ffce9121fa8
[  425.299748][ T9053]  </TASK>
[  425.570838][ T5980] usb usb9-port1: attempt power cycle
[  425.638349][  T978] usb 6-1: USB disconnect, device number 14
[  425.727220][ T9057] netlink: 'syz.7.783': attribute type 10 has an invalid length.
[  425.836475][ T9057] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  426.054400][ T5980] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  426.319743][ T5980] usb 9-1: device descriptor read/8, error -71
[  426.327151][    T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  426.815559][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  426.897455][ T5980] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  426.917315][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  426.935488][ T9069] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  426.944163][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  426.963750][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  427.032854][ T5980] usb 9-1: device descriptor read/8, error -71
[  427.147873][    T9] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  427.178210][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.199859][    T9] usb 3-1: config 0 descriptor??
[  427.240802][ T5980] usb usb9-port1: unable to enumerate USB device
[  427.464467][ T5902] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  427.642332][    T9] hdpvr 3-1:0.0: firmware version 0x1e dated ��q|RC�@�2���2[�7�B���D�^jvi0�
[  427.642332][    T9] �����pY
[  428.277392][ T5902] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  428.287596][ T5902] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  428.423420][ T5902] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  429.774367][ T5839] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  429.897065][    T9] hdpvr 3-1:0.0: device init failed
[  429.902406][    T9] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[  429.959114][ T5839] usb 4-1: Using ep0 maxpacket: 32
[  429.997953][    T9] usb 3-1: USB disconnect, device number 19
[  430.011173][ T1144] bridge_slave_1: left allmulticast mode
[  430.016717][ T5839] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  430.039052][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.047151][ T1144] bridge_slave_1: left promiscuous mode
[  430.047477][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.061316][ T5839] usb 4-1: config 0 descriptor??
[  430.092902][ T5839] gspca_main: nw80x-2.14.0 probing 055f:d001
[  430.129723][ T1144] bridge_slave_0: left allmulticast mode
[  430.144327][ T1144] bridge_slave_0: left promiscuous mode
[  430.152855][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.164346][ T5902] usb 6-1: string descriptor 0 read error: -71
[  430.172111][ T5902] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  430.226223][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.248134][ T5902] usb 6-1: can't set config #1, error -71
[  430.266358][ T5902] usb 6-1: USB disconnect, device number 15
[  430.289032][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.793'.
[  430.418119][ T9104] netlink: 8 bytes leftover after parsing attributes in process `syz.5.794'.
[  431.087097][ T9094] netlink: 'syz.3.791': attribute type 10 has an invalid length.
[  431.095306][ T5839] gspca_nw80x: reg_r err -32
[  431.100331][ T5839] nw80x 4-1:0.0: probe with driver nw80x failed with error -32
[  432.108954][ T9114] IPv6: Can't replace route, no match found
[  432.137419][ T9114] FAULT_INJECTION: forcing a failure.
[  432.137419][ T9114] name failslab, interval 1, probability 0, space 0, times 0
[  432.150340][ T9114] CPU: 1 UID: 0 PID: 9114 Comm: syz.5.797 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  432.150372][ T9114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  432.150385][ T9114] Call Trace:
[  432.150394][ T9114]  <TASK>
[  432.150402][ T9114]  dump_stack_lvl+0x189/0x250
[  432.150434][ T9114]  ? __pfx____ratelimit+0x10/0x10
[  432.150459][ T9114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.150484][ T9114]  ? __pfx__printk+0x10/0x10
[  432.150519][ T9114]  ? __pfx___might_resched+0x10/0x10
[  432.150550][ T9114]  ? fs_reclaim_acquire+0x7d/0x100
[  432.150582][ T9114]  should_fail_ex+0x414/0x560
[  432.150610][ T9114]  should_failslab+0xa8/0x100
[  432.150636][ T9114]  __kmalloc_cache_noprof+0x70/0x3d0
[  432.150658][ T9114]  ? __se_sys_mount+0x165/0x410
[  432.150680][ T9114]  ? memdup_user+0x99/0xd0
[  432.150712][ T9114]  __se_sys_mount+0x165/0x410
[  432.150744][ T9114]  ? __pfx___se_sys_mount+0x10/0x10
[  432.150775][ T9114]  ? do_syscall_64+0xbe/0x3b0
[  432.150799][ T9114]  ? __x64_sys_mount+0x20/0xc0
[  432.150826][ T9114]  do_syscall_64+0xfa/0x3b0
[  432.150852][ T9114]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.150873][ T9114]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  432.150894][ T9114]  ? clear_bhb_loop+0x60/0xb0
[  432.150921][ T9114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.150942][ T9114] RIP: 0033:0x7fe3f058e9a9
[  432.150962][ T9114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.150981][ T9114] RSP: 002b:00007fe3f1497038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  432.151004][ T9114] RAX: ffffffffffffffda RBX: 00007fe3f07b6160 RCX: 00007fe3f058e9a9
[  432.151020][ T9114] RDX: 0000200000002880 RSI: 0000200000002840 RDI: 0000000000000000
[  432.151035][ T9114] RBP: 00007fe3f1497090 R08: 0000200000000000 R09: 0000000000000000
[  432.151050][ T9114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.151062][ T9114] R13: 0000000000000000 R14: 00007fe3f07b6160 R15: 00007ffc72882f78
[  432.151096][ T9114]  </TASK>
[  432.550816][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  432.563432][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  432.588309][ T1144] bond0 (unregistering): (slave team0): Releasing backup interface
[  432.600979][ T1144] bond0 (unregistering): Released all slaves
[  432.774739][ T5902] usb 4-1: USB disconnect, device number 31
[  432.818002][ T1144] : left promiscuous mode
[  433.147364][  T978] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  433.802983][ T9139] netlink: 20 bytes leftover after parsing attributes in process `syz.7.805'.
[  433.845573][ T5902] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  434.117423][  T978] usb 3-1: New USB device found, idVendor=8420, idProduct=157a, bcdDevice=77.64
[  434.186207][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.215913][  T978] usb 3-1: Product: syz
[  434.225050][  T978] usb 3-1: Manufacturer: syz
[  434.246391][ T5902] usb 4-1: Using ep0 maxpacket: 16
[  434.250374][  T978] usb 3-1: SerialNumber: syz
[  434.325134][ T5902] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  434.422811][ T5902] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  434.491930][ T5902] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  434.501432][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.509717][ T5902] usb 4-1: Product: syz
[  434.518657][ T5902] usb 4-1: Manufacturer: syz
[  434.523327][ T5902] usb 4-1: SerialNumber: syz
[  434.633403][  T978] usb 3-1: config 0 descriptor??
[  434.749399][ T9145] netlink: 8 bytes leftover after parsing attributes in process `syz.5.806'.
[  434.914956][ T9145] Cannot find add_set index 0 as target
[  435.433453][ T5902] usb 4-1: 0:2 : does not exist
[  435.451094][ T5902] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  435.519585][ T5902] usb 4-1: USB disconnect, device number 32
[  435.582293][ T9151] Cannot find set identified by id 0 to match
[  435.602325][ T5980] usb 3-1: USB disconnect, device number 20
[  435.669721][ T1144] hsr_slave_0: left promiscuous mode
[  435.683148][ T1144] hsr_slave_1: left promiscuous mode
[  435.691525][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.708607][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  436.188080][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  436.217156][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  436.293761][ T1144] veth1_macvtap: left promiscuous mode
[  436.313717][ T1144] veth0_macvtap: left promiscuous mode
[  436.328419][ T1144] veth1_vlan: left promiscuous mode
[  436.591704][ T9133] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  436.619664][ T9133] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  437.055077][ T9133] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  437.064531][ T9133] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  437.219904][ T9177] fuse: Bad value for 'fd'
[  437.279190][ T9133] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  437.461068][ T9173] netlink: 'syz.3.815': attribute type 6 has an invalid length.
[  437.471048][ T9133] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  438.117317][ T5849] Bluetooth: hci3: command 0x0406 tx timeout
[  438.133746][ T9133] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  438.140019][ T9133] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  438.164513][ T9175] trusted_key: encrypted_key: insufficient parameters specified
[  438.195425][ T9133] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  438.203928][ T9133] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  438.276705][ T9182] trusted_key: encrypted_key: insufficient parameters specified
[  438.312358][ T9133] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  439.114380][ T5856] Bluetooth: hci0: command 0x0406 tx timeout
[  439.354363][ T5856] Bluetooth: hci1: command 0x0406 tx timeout
[  439.536220][ T5856] Bluetooth: hci1: unexpected event for opcode 0x0c2d
[  440.131892][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  440.143751][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  440.175068][ T5856] Bluetooth: hci2: command 0x0406 tx timeout
[  440.181629][ T5849] Bluetooth: hci3: command 0x0406 tx timeout
[  440.245562][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  440.620513][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  440.670810][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  441.203005][ T5849] Bluetooth: hci0: command 0x0406 tx timeout
[  441.809397][ T9206] netlink: 'syz.3.822': attribute type 2 has an invalid length.
[  441.920206][ T9208] netlink: 24 bytes leftover after parsing attributes in process `syz.7.821'.
[  442.234491][ T5849] Bluetooth: hci2: command 0x0406 tx timeout
[  442.321833][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  442.711016][ T9213] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  443.400402][ T9218] netlink: 20 bytes leftover after parsing attributes in process `syz.8.827'.
[  443.410016][ T9218] netlink: 20 bytes leftover after parsing attributes in process `syz.8.827'.
[  443.420763][ T9218] netlink: 36 bytes leftover after parsing attributes in process `syz.8.827'.
[  443.561069][ T9228] netlink: 4 bytes leftover after parsing attributes in process `syz.3.830'.
[  443.645263][ T9231] sg_read: process 238 (syz.3.830) changed security contexts after opening file descriptor, this is not allowed.
[  443.674652][ T5939] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  443.828315][ T5902] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  443.878571][ T5939] usb 9-1: Using ep0 maxpacket: 16
[  443.964575][ T5902] usb 6-1: device descriptor read/64, error -71
[  444.315369][ T5939] usb 9-1: config index 0 descriptor too short (expected 16456, got 72)
[  444.434373][ T5939] usb 9-1: config 0 has an invalid interface number: 125 but max is 1
[  444.434455][ T5902] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  444.456622][ T5939] usb 9-1: config 0 has an invalid interface number: 125 but max is 1
[  444.468487][ T5856] Bluetooth: hci4: command 0x0c1a tx timeout
[  444.650442][ T5939] usb 9-1: config 0 has an invalid interface number: 125 but max is 1
[  444.675030][ T5939] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  444.684100][ T5939] usb 9-1: config 0 has no interface number 0
[  444.696168][ T5939] usb 9-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  444.707694][ T5939] usb 9-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  444.717705][ T5939] usb 9-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  444.727802][ T5939] usb 9-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  444.740952][ T5939] usb 9-1: too many endpoints for config 0 interface 125 altsetting 190: 255, using maximum allowed: 30
[  444.752265][ T5939] usb 9-1: config 0 interface 125 altsetting 190 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  444.765979][ T5939] usb 9-1: config 0 interface 125 has no altsetting 0
[  444.772790][ T5939] usb 9-1: config 0 interface 125 has no altsetting 2
[  444.782095][ T5939] usb 9-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  444.953734][ T5939] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.958609][ T9228] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105)
[  444.969133][ T5939] usb 9-1: Product: syz
[  444.972963][ T5902] usb 6-1: device descriptor read/64, error -71
[  445.000096][ T9228] team0 (unregistering): Port device team_slave_0 removed
[  445.022287][ T9228] team0 (unregistering): Failed to send options change via netlink (err -105)
[  445.027396][ T5939] usb 9-1: Manufacturer: syz
[  445.040625][ T9228] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  445.052487][ T9228] team0 (unregistering): Port device team_slave_1 removed
[  445.060009][ T5939] usb 9-1: SerialNumber: syz
[  445.091620][ T5939] usb 9-1: config 0 descriptor??
[  445.106503][ T5939] usb 9-1: selecting invalid altsetting 2
[  445.109830][ T5902] usb usb6-port1: attempt power cycle
[  445.550324][ T9248] comedi comedi2: pcl724: I/O port conflict (0x10009e1,4)
[  445.554687][ T5902] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  445.589065][ T5902] usb 6-1: device descriptor read/8, error -71
[  445.846855][ T5902] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  445.890145][ T5902] usb 6-1: device descriptor read/8, error -71
[  446.084390][ T5902] usb usb6-port1: unable to enumerate USB device
[  446.154510][ T5939] get_1284_register timeout
[  446.160281][    C1] usb 9-1: async_complete: urb error -104
[  446.166191][    C1] usb 9-1: async_complete: urb error -104
[  446.173220][ T5939] uss720 9-1:0.125: probe with driver uss720 failed with error -5
[  446.576185][  T978] usb 9-1: USB disconnect, device number 26
[  446.714575][ T5856] Bluetooth: hci4: command 0x0c1a tx timeout
[  446.780598][ T9270] program syz.8.840 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  446.998497][ T9272] tmpfs: Bad value for 'mpol'
[  447.088307][ T9276] netlink: 'syz.5.839': attribute type 83 has an invalid length.
[  447.852558][ T9278] netlink: 4 bytes leftover after parsing attributes in process `syz.7.844'.
[  448.094912][ T9282] random: crng reseeded on system resumption
[  448.687907][ T9293] binder: 9290:9293 ioctl c0306201 2000000003c0 returned -14
[  448.698933][ T9293] binder: 9290:9293 ioctl 541c 200000000200 returned -22
[  448.710169][ T9293] binder: 9290:9293 ioctl 40045565 2f returned -22
[  449.005233][ T9298] netlink: 96 bytes leftover after parsing attributes in process `syz.8.845'.
[  450.027616][ T9278] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105)
[  450.103580][ T9278] team0 (unregistering): Port device team_slave_0 removed
[  450.137293][ T9278] team0 (unregistering): Failed to send options change via netlink (err -105)
[  450.147902][ T9278] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  450.159667][ T9278] team0 (unregistering): Port device team_slave_1 removed
[  450.231465][ T9298] 8021q: VLANs not supported on ip6tnl0
[  451.562969][   T30] audit: type=1326 audit(1753417486.214:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  451.635333][   T30] audit: type=1326 audit(1753417486.214:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  451.701127][   T30] audit: type=1326 audit(1753417486.244:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  451.729855][ T9330] FAULT_INJECTION: forcing a failure.
[  451.729855][ T9330] name failslab, interval 1, probability 0, space 0, times 0
[  451.777219][   T30] audit: type=1326 audit(1753417486.244:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  451.809099][ T9330] CPU: 1 UID: 0 PID: 9330 Comm: syz.7.851 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  451.809133][ T9330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  451.809148][ T9330] Call Trace:
[  451.809156][ T9330]  <TASK>
[  451.809166][ T9330]  dump_stack_lvl+0x189/0x250
[  451.809197][ T9330]  ? __pfx____ratelimit+0x10/0x10
[  451.809220][ T9330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  451.809245][ T9330]  ? __pfx__printk+0x10/0x10
[  451.809276][ T9330]  ? __pfx___might_resched+0x10/0x10
[  451.809300][ T9330]  ? fs_reclaim_acquire+0x7d/0x100
[  451.809332][ T9330]  should_fail_ex+0x414/0x560
[  451.809361][ T9330]  should_failslab+0xa8/0x100
[  451.809386][ T9330]  __kmalloc_cache_noprof+0x70/0x3d0
[  451.809407][ T9330]  ? dev_ingress_queue_create+0xfe/0x190
[  451.809437][ T9330]  dev_ingress_queue_create+0xfe/0x190
[  451.809464][ T9330]  tc_modify_qdisc+0x5e6/0x20e0
[  451.809507][ T9330]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  451.809567][ T9330]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  451.809590][ T9330]  rtnetlink_rcv_msg+0x77c/0xb70
[  451.809624][ T9330]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  451.809652][ T9330]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  451.809677][ T9330]  ? ref_tracker_free+0x63a/0x7d0
[  451.809699][ T9330]  ? __copy_skb_header+0xa7/0x550
[  451.809721][ T9330]  ? __pfx_ref_tracker_free+0x10/0x10
[  451.809743][ T9330]  ? __skb_clone+0x63/0x7a0
[  451.809772][ T9330]  netlink_rcv_skb+0x208/0x470
[  451.809803][ T9330]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  451.809832][ T9330]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  451.809876][ T9330]  ? netlink_deliver_tap+0x2e/0x1b0
[  451.809912][ T9330]  ? netlink_deliver_tap+0x2e/0x1b0
[  451.809948][ T9330]  netlink_unicast+0x75c/0x8e0
[  451.809988][ T9330]  netlink_sendmsg+0x805/0xb30
[  451.810029][ T9330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  451.810069][ T9330]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  451.810090][ T9330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  451.810127][ T9330]  __sock_sendmsg+0x21c/0x270
[  451.810155][ T9330]  ____sys_sendmsg+0x505/0x830
[  451.810194][ T9330]  ? __pfx_____sys_sendmsg+0x10/0x10
[  451.810237][ T9330]  ? import_iovec+0x74/0xa0
[  451.810270][ T9330]  ___sys_sendmsg+0x21f/0x2a0
[  451.810305][ T9330]  ? __pfx____sys_sendmsg+0x10/0x10
[  451.810377][ T9330]  ? __fget_files+0x2a/0x420
[  451.810400][ T9330]  ? __fget_files+0x3a0/0x420
[  451.810435][ T9330]  __x64_sys_sendmsg+0x19b/0x260
[  451.810471][ T9330]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  451.810514][ T9330]  ? __pfx_ksys_write+0x10/0x10
[  451.810531][ T9330]  ? rcu_is_watching+0x15/0xb0
[  451.810560][ T9330]  ? do_syscall_64+0xbe/0x3b0
[  451.810588][ T9330]  do_syscall_64+0xfa/0x3b0
[  451.810610][ T9330]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.810631][ T9330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.810651][ T9330]  ? clear_bhb_loop+0x60/0xb0
[  451.810676][ T9330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.810696][ T9330] RIP: 0033:0x7f7249f8e9a9
[  451.810715][ T9330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.810734][ T9330] RSP: 002b:00007f724ad39038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  451.810756][ T9330] RAX: ffffffffffffffda RBX: 00007f724a1b6080 RCX: 00007f7249f8e9a9
[  451.810771][ T9330] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000003
[  451.810785][ T9330] RBP: 00007f724ad39090 R08: 0000000000000000 R09: 0000000000000000
[  451.810798][ T9330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.810811][ T9330] R13: 0000000000000000 R14: 00007f724a1b6080 R15: 00007ffe2827e968
[  451.810844][ T9330]  </TASK>
[  452.165771][   T30] audit: type=1326 audit(1753417486.244:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  452.194486][   T30] audit: type=1326 audit(1753417486.244:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  452.205152][ T9335] tmpfs: Bad value for 'mpol'
[  452.215861][   T30] audit: type=1326 audit(1753417486.244:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  452.242142][   T30] audit: type=1326 audit(1753417486.244:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  452.263589][   T30] audit: type=1326 audit(1753417486.254:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  452.285520][   T30] audit: type=1326 audit(1753417486.254:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9315 comm="syz.5.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7ffc0000
[  453.043385][ T9345] Bluetooth: MGMT ver 1.23
[  456.854535][  T978] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  457.080944][  T978] usb 8-1: unable to get BOS descriptor or descriptor too short
[  457.111248][  T978] usb 8-1: config 66 has an invalid interface number: 108 but max is 1
[  457.133226][  T978] usb 8-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config
[  457.195981][  T978] usb 8-1: config 66 has 1 interface, different from the descriptor's value: 2
[  457.274742][  T978] usb 8-1: config 66 has no interface number 0
[  457.303207][  T978] usb 8-1: too many endpoints for config 66 interface 108 altsetting 221: 200, using maximum allowed: 30
[  457.357531][  T978] usb 8-1: config 66 interface 108 altsetting 221 has 0 endpoint descriptors, different from the interface descriptor's value: 200
[  457.416092][  T978] usb 8-1: config 66 interface 108 has no altsetting 0
[  457.539640][  T978] usb 8-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a5.95
[  457.554661][  T978] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.595454][  T978] usb 8-1: Product: syz
[  457.607105][  T978] usb 8-1: Manufacturer: syz
[  457.619366][  T978] usb 8-1: SerialNumber: syz
[  458.584754][ T9387] tmpfs: Bad value for 'mpol'
[  460.044035][  T978] usb 8-1: USB disconnect, device number 15
[  461.543035][ T9408] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.585900][ T9408] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.768788][ T9402] comedi comedi2: pcl724: I/O port conflict (0x10009e1,4)
[  461.888858][ T5856] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  462.206931][ T9421] netlink: 'syz.8.880': attribute type 10 has an invalid length.
[  463.078346][ T9434] tmpfs: Bad value for 'mpol'
[  463.432447][ T9441] syz.2.885: attempt to access beyond end of device
[  463.432447][ T9441] loop2: rw=0, sector=16, nr_sectors = 2 limit=0
[  464.234494][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  464.311904][ T9450] CIFS: Unable to determine destination address
[  465.771902][ T9463] netlink: 14544 bytes leftover after parsing attributes in process `syz.8.890'.
[  466.094803][ T5839] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  466.254652][ T5839] usb 6-1: Using ep0 maxpacket: 32
[  466.544530][ T5839] usb 6-1: config 0 has an invalid interface number: 27 but max is 0
[  466.574420][ T5839] usb 6-1: config 0 has no interface number 0
[  466.616714][ T5902] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  466.668357][ T9475] netlink: 'syz.3.895': attribute type 1 has an invalid length.
[  466.813199][ T5839] usb 6-1: New USB device found, idVendor=050d, idProduct=0122, bcdDevice=9a.5e
[  466.840862][ T5839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.858807][ T5839] usb 6-1: config 0 descriptor??
[  467.894845][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  468.223507][ T9467] netlink: 4 bytes leftover after parsing attributes in process `syz.5.891'.
[  468.240814][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.265683][ T5839] pegasus 6-1:0.27: probe with driver pegasus failed with error -71
[  468.274350][ T5902] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  468.299527][ T5839] usb 6-1: USB disconnect, device number 20
[  468.326654][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.361413][ T5902] usb 3-1: config 0 descriptor??
[  468.649857][ T9487] netlink: 'syz.3.897': attribute type 83 has an invalid length.
[  469.415519][ T9490] tmpfs: Bad value for 'mpol'
[  469.478866][ T9492] usb usb8: usbfs: process 9492 (syz.5.900) did not claim interface 0 before use
[  469.582237][ T5902] usbhid 3-1:0.0: can't add hid device: -71
[  469.604500][ T5902] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  469.637390][ T5902] usb 3-1: USB disconnect, device number 21
[  471.948270][ T9515] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  471.984404][ T5902] usb 6-1: new low-speed USB device number 21 using dummy_hcd
[  472.178344][ T5856] Bluetooth: hci4: unexpected event for opcode 0x2042
[  472.804741][ T5902] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  472.824330][ T5902] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  472.839133][ T5902] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  472.850093][ T5902] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  472.863375][ T5902] usb 6-1: New USB device found, idVendor=046d, idProduct=c70a, bcdDevice= 0.00
[  472.894442][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.953649][ T5902] usb 6-1: config 0 descriptor??
[  472.987687][ T9513] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  473.404041][ T9513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.085604][ T9536] sctp: [Deprecated]: syz.2.910 (pid 9536) Use of int in maxseg socket option.
[  474.085604][ T9536] Use struct sctp_assoc_value instead
[  474.178022][ T9537] netlink: 176 bytes leftover after parsing attributes in process `syz.2.910'.
[  476.288226][ T5856] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  476.304392][ T5856] Bluetooth: hci4: Injecting HCI hardware error event
[  476.305500][ T9513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.315294][ T5856] Bluetooth: hci4: hardware error 0x00
[  476.428922][ T5902] usbhid 6-1:0.0: can't add hid device: -71
[  476.439185][ T5902] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  476.457131][ T5902] usb 6-1: USB disconnect, device number 21
[  478.557819][ T5856] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  479.059092][ T9563] netlink: 'syz.7.918': attribute type 1 has an invalid length.
[  479.274535][ T9564] netlink: 4 bytes leftover after parsing attributes in process `syz.5.916'.
[  479.292201][ T9563] bond2: entered promiscuous mode
[  479.352158][ T9563] 8021q: adding VLAN 0 to HW filter on device bond2
[  479.474358][ T5902] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  479.484753][ T9566] bond2: (slave bridge1): making interface the new active one
[  479.492309][ T9566] bridge1: entered promiscuous mode
[  479.589912][ T9566] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  479.724535][ T5902] usb 8-1: device descriptor read/64, error -71
[  479.964550][ T5902] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  479.994644][ T5910] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  480.051687][ T9577] hsr0 speed is unknown, defaulting to 1000
[  480.113837][ T9577] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  480.154385][ T5910] usb 6-1: Using ep0 maxpacket: 8
[  480.174509][ T5902] usb 8-1: device descriptor read/64, error -71
[  480.202453][ T5910] usb 6-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9
[  480.244034][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.293950][ T5902] usb usb8-port1: attempt power cycle
[  480.322528][ T5910] usb 6-1: config 0 descriptor??
[  480.362417][ T5910] usblcd 6-1:0.0: USBLCD model not supported.
[  480.694579][ T5902] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  481.315499][ T5902] usb 8-1: device descriptor read/8, error -71
[  481.642165][ T5902] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  481.775069][ T5902] usb 8-1: device descriptor read/8, error -71
[  482.012362][ T5902] usb usb8-port1: unable to enumerate USB device
[  482.179780][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  482.179800][   T30] audit: type=1326 audit(1753417516.834:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  482.207744][    C1] vkms_vblank_simulate: vblank timer overrun
[  482.795791][   T30] audit: type=1326 audit(1753417516.884:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.299471][   T30] audit: type=1326 audit(1753417516.894:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.321008][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.403535][   T30] audit: type=1326 audit(1753417516.894:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.424880][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.431033][   T30] audit: type=1326 audit(1753417516.894:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.465798][   T30] audit: type=1326 audit(1753417516.894:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.524467][   T30] audit: type=1326 audit(1753417516.894:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.558011][   T30] audit: type=1326 audit(1753417516.894:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.664514][   T30] audit: type=1326 audit(1753417516.894:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  483.984569][   T30] audit: type=1326 audit(1753417516.894:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.3.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969a18e9a9 code=0x7ffc0000
[  485.212918][ T5902] usb 6-1: USB disconnect, device number 22
[  485.430131][ T9623] FAULT_INJECTION: forcing a failure.
[  485.430131][ T9623] name failslab, interval 1, probability 0, space 0, times 0
[  485.660859][ T9623] CPU: 1 UID: 0 PID: 9623 Comm: syz.7.931 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  485.660892][ T9623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  485.660908][ T9623] Call Trace:
[  485.660918][ T9623]  <TASK>
[  485.660929][ T9623]  dump_stack_lvl+0x189/0x250
[  485.660961][ T9623]  ? __pfx____ratelimit+0x10/0x10
[  485.660985][ T9623]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.661008][ T9623]  ? __pfx__printk+0x10/0x10
[  485.661046][ T9623]  ? __pfx___might_resched+0x10/0x10
[  485.661077][ T9623]  ? fs_reclaim_acquire+0x7d/0x100
[  485.661112][ T9623]  should_fail_ex+0x414/0x560
[  485.661141][ T9623]  should_failslab+0xa8/0x100
[  485.661167][ T9623]  __kmalloc_noprof+0xcb/0x4f0
[  485.661188][ T9623]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  485.661224][ T9623]  tomoyo_realpath_from_path+0xe3/0x5d0
[  485.661255][ T9623]  ? tomoyo_domain+0xda/0x130
[  485.661291][ T9623]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  485.661314][ T9623]  tomoyo_path_number_perm+0x1e8/0x5a0
[  485.661341][ T9623]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  485.661362][ T9623]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.661405][ T9623]  ? hook_file_ioctl+0xd1/0x530
[  485.661458][ T9623]  ? __fget_files+0x2a/0x420
[  485.661487][ T9623]  ? __fget_files+0x2a/0x420
[  485.661509][ T9623]  ? __fget_files+0x3a0/0x420
[  485.661531][ T9623]  ? __fget_files+0x2a/0x420
[  485.661577][ T9623]  security_file_ioctl+0xcb/0x2d0
[  485.661604][ T9623]  __se_sys_ioctl+0x47/0x170
[  485.661640][ T9623]  do_syscall_64+0xfa/0x3b0
[  485.661666][ T9623]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.661687][ T9623]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  485.661707][ T9623]  ? clear_bhb_loop+0x60/0xb0
[  485.661733][ T9623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.661755][ T9623] RIP: 0033:0x7f7249f8e9a9
[  485.661774][ T9623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  485.661794][ T9623] RSP: 002b:00007f724ad39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  485.661818][ T9623] RAX: ffffffffffffffda RBX: 00007f724a1b6080 RCX: 00007f7249f8e9a9
[  485.661834][ T9623] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000006
[  485.661849][ T9623] RBP: 00007f724ad39090 R08: 0000000000000000 R09: 0000000000000000
[  485.661862][ T9623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  485.661874][ T9623] R13: 0000000000000000 R14: 00007f724a1b6080 R15: 00007ffe2827e968
[  485.661908][ T9623]  </TASK>
[  485.745840][ T9626] netlink: 12 bytes leftover after parsing attributes in process `syz.5.932'.
[  485.971312][ T9623] ERROR: Out of memory at tomoyo_realpath_from_path.
[  486.253417][ T9626] 8021q: adding VLAN 0 to HW filter on device bond1
[  486.702135][ T9629] 8021q: adding VLAN 0 to HW filter on device bond1
[  486.718145][ T9629] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  486.751714][ T9629] bond1: (slave vti0): Error -95 calling set_mac_address
[  487.236885][ T9641] netlink: 24 bytes leftover after parsing attributes in process `syz.7.934'.
[  488.394090][ T9655] netlink: 'syz.8.937': attribute type 83 has an invalid length.
[  489.831162][ T9669] loop6: detected capacity change from 0 to 2098
[  490.054742][ T5839] usb 9-1: new low-speed USB device number 27 using dummy_hcd
[  490.966456][ T5839] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  491.058453][ T5839] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.088961][ T5839] usb 9-1: config 0 descriptor??
[  491.342427][ T5932] IPVS: starting estimator thread 0...
[  491.444475][ T9684] IPVS: using max 28 ests per chain, 67200 per kthread
[  491.776873][ T9678] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  492.168524][ T5932] IPVS: starting estimator thread 0...
[  492.364607][ T9693] IPVS: using max 22 ests per chain, 52800 per kthread
[  492.923418][ T5839] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  492.954539][ T5932] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  492.971790][ T5839] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  492.983867][ T5839] asix 9-1:0.0: probe with driver asix failed with error -71
[  493.002274][ T5839] usb 9-1: USB disconnect, device number 27
[  493.224440][ T5932] usb 8-1: Using ep0 maxpacket: 16
[  493.233865][ T5932] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  493.253642][ T5932] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  493.317539][ T9703] netlink: 'syz.2.949': attribute type 83 has an invalid length.
[  493.862215][ T5932] usb 8-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  493.871468][ T5932] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.002100][ T5932] usb 8-1: config 0 descriptor??
[  494.853851][ T5932] hid-multitouch 0003:1FD2:6007.0005: unknown main item tag 0x1
[  494.862551][ T5932] hid-multitouch 0003:1FD2:6007.0005: item fetching failed at offset 1/5
[  494.883677][ T5932] hid-multitouch 0003:1FD2:6007.0005: probe with driver hid-multitouch failed with error -22
[  495.130427][ T9719] Cannot find add_set index 0 as target
[  496.145127][   T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  496.624506][   T24] usb 4-1: Using ep0 maxpacket: 32
[  496.680870][   T24] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  496.794440][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.829258][   T24] usb 4-1: Product: syz
[  496.864066][   T24] usb 4-1: Manufacturer: syz
[  496.875799][   T24] usb 4-1: SerialNumber: syz
[  496.881298][ T9731] FAULT_INJECTION: forcing a failure.
[  496.881298][ T9731] name failslab, interval 1, probability 0, space 0, times 0
[  496.894019][ T9731] CPU: 0 UID: 0 PID: 9731 Comm: syz.7.960 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  496.894049][ T9731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  496.894069][ T9731] Call Trace:
[  496.894078][ T9731]  <TASK>
[  496.894087][ T9731]  dump_stack_lvl+0x189/0x250
[  496.894117][ T9731]  ? __pfx____ratelimit+0x10/0x10
[  496.894141][ T9731]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.894165][ T9731]  ? __pfx__printk+0x10/0x10
[  496.894201][ T9731]  ? __rt6_find_exception_rcu+0x127/0x4c0
[  496.894233][ T9731]  should_fail_ex+0x414/0x560
[  496.894260][ T9731]  should_failslab+0xa8/0x100
[  496.894282][ T9731]  ? __pfx_ip6_dst_gc+0x10/0x10
[  496.894305][ T9731]  kmem_cache_alloc_noprof+0x73/0x3c0
[  496.894325][ T9731]  ? dst_alloc+0x105/0x170
[  496.894346][ T9731]  ? __pfx_ip6_dst_gc+0x10/0x10
[  496.894370][ T9731]  dst_alloc+0x105/0x170
[  496.894395][ T9731]  ip6_pol_route+0xa21/0x1180
[  496.894421][ T9731]  ? ip6_pol_route+0x162/0x1180
[  496.894450][ T9731]  ? __pfx_ip6_pol_route+0x10/0x10
[  496.894473][ T9731]  ? ip6_addr_string+0x246/0x2e0
[  496.894498][ T9731]  ? __pfx_ip6_addr_string+0x10/0x10
[  496.894533][ T9731]  fib6_rule_lookup+0x1fc/0x6f0
[  496.894563][ T9731]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  496.894591][ T9731]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  496.894645][ T9731]  ip6_route_output_flags+0x364/0x5d0
[  496.894674][ T9731]  ? ip6_route_output_flags+0x2e/0x5d0
[  496.894706][ T9731]  ip6_dst_lookup_tail+0x299/0x1510
[  496.894754][ T9731]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  496.894798][ T9731]  ? l2tp_ip6_sendmsg+0x9d1/0x17c0
[  496.894836][ T9731]  ip6_dst_lookup_flow+0x47/0xe0
[  496.894872][ T9731]  l2tp_ip6_sendmsg+0xfc6/0x17c0
[  496.894901][ T9731]  ? smack_ipv6host_label+0x824/0x8e0
[  496.894930][ T9731]  ? __pfx_tomoyo_check_inet_address+0x10/0x10
[  496.894971][ T9731]  ? __pfx_l2tp_ip6_sendmsg+0x10/0x10
[  496.894997][ T9731]  ? smack_socket_sendmsg+0x460/0x520
[  496.895051][ T9731]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  496.895099][ T9731]  ? inet_sendmsg+0x2f4/0x370
[  496.895123][ T9731]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  496.895149][ T9731]  __sock_sendmsg+0x19c/0x270
[  496.895179][ T9731]  ____sys_sendmsg+0x52d/0x830
[  496.895220][ T9731]  ? __pfx_____sys_sendmsg+0x10/0x10
[  496.895264][ T9731]  ? import_iovec+0x74/0xa0
[  496.895299][ T9731]  ___sys_sendmsg+0x21f/0x2a0
[  496.895336][ T9731]  ? __pfx____sys_sendmsg+0x10/0x10
[  496.895412][ T9731]  ? __fget_files+0x2a/0x420
[  496.895436][ T9731]  ? __fget_files+0x3a0/0x420
[  496.895473][ T9731]  __sys_sendmmsg+0x227/0x430
[  496.895514][ T9731]  ? __pfx___sys_sendmmsg+0x10/0x10
[  496.895545][ T9731]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  496.895601][ T9731]  ? ksys_write+0x22a/0x250
[  496.895624][ T9731]  ? __pfx_ksys_write+0x10/0x10
[  496.895641][ T9731]  ? rcu_is_watching+0x15/0xb0
[  496.895674][ T9731]  __x64_sys_sendmmsg+0xa0/0xc0
[  496.895710][ T9731]  do_syscall_64+0xfa/0x3b0
[  496.895734][ T9731]  ? lockdep_hardirqs_on+0x9c/0x150
[  496.895756][ T9731]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.895778][ T9731]  ? clear_bhb_loop+0x60/0xb0
[  496.895804][ T9731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.895826][ T9731] RIP: 0033:0x7f7249f8e9a9
[  496.895845][ T9731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.895864][ T9731] RSP: 002b:00007f724ad5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  496.895886][ T9731] RAX: ffffffffffffffda RBX: 00007f724a1b5fa0 RCX: 00007f7249f8e9a9
[  496.895902][ T9731] RDX: 0000000000000001 RSI: 0000200000000c40 RDI: 0000000000000003
[  496.895915][ T9731] RBP: 00007f724ad5a090 R08: 0000000000000000 R09: 0000000000000000
[  496.895928][ T9731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  496.895940][ T9731] R13: 0000000000000000 R14: 00007f724a1b5fa0 R15: 00007ffe2827e968
[  496.895974][ T9731]  </TASK>
[  497.274101][ T5932] usb 8-1: USB disconnect, device number 20
[  497.342412][   T24] usb 4-1: config 0 descriptor??
[  497.383069][   T24] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  498.081742][ T9740] netlink: 'syz.7.962': attribute type 83 has an invalid length.
[  498.681690][   T24] gspca_ov534_9: reg_w failed -110
[  499.014319][   T24] gspca_ov534_9: Unknown sensor 0000
[  499.015333][   T24] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  499.085415][ T9728] /dev/nullb0: Can't open blockdev
[  499.167194][ T9744] Cannot find add_set index 0 as target
[  499.275488][ T9728] nfs: Unknown parameter '/-)&:'
[  499.287137][ T5980] kernel write not supported for file /334/attr/exec (pid: 5980 comm: kworker/1:7)
[  499.306758][ T9750] FAULT_INJECTION: forcing a failure.
[  499.306758][ T9750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  499.322109][ T9750] CPU: 0 UID: 0 PID: 9750 Comm: syz.7.966 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  499.322142][ T9750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  499.322156][ T9750] Call Trace:
[  499.322164][ T9750]  <TASK>
[  499.322173][ T9750]  dump_stack_lvl+0x189/0x250
[  499.322203][ T9750]  ? __pfx____ratelimit+0x10/0x10
[  499.322227][ T9750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.322250][ T9750]  ? __pfx__printk+0x10/0x10
[  499.322293][ T9750]  should_fail_ex+0x414/0x560
[  499.322320][ T9750]  _copy_from_user+0x2d/0xb0
[  499.322351][ T9750]  __copy_msghdr+0x3c5/0x5b0
[  499.322393][ T9750]  ___sys_sendmsg+0x1a5/0x2a0
[  499.322428][ T9750]  ? __pfx____sys_sendmsg+0x10/0x10
[  499.322502][ T9750]  ? __fget_files+0x2a/0x420
[  499.322525][ T9750]  ? __fget_files+0x3a0/0x420
[  499.322561][ T9750]  __x64_sys_sendmsg+0x19b/0x260
[  499.322597][ T9750]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  499.322647][ T9750]  ? __pfx_ksys_write+0x10/0x10
[  499.322665][ T9750]  ? rcu_is_watching+0x15/0xb0
[  499.322694][ T9750]  ? do_syscall_64+0xbe/0x3b0
[  499.322723][ T9750]  do_syscall_64+0xfa/0x3b0
[  499.322745][ T9750]  ? lockdep_hardirqs_on+0x9c/0x150
[  499.322768][ T9750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.322788][ T9750]  ? clear_bhb_loop+0x60/0xb0
[  499.322813][ T9750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.322833][ T9750] RIP: 0033:0x7f7249f8e9a9
[  499.322853][ T9750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.322870][ T9750] RSP: 002b:00007f724ad5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  499.322893][ T9750] RAX: ffffffffffffffda RBX: 00007f724a1b5fa0 RCX: 00007f7249f8e9a9
[  499.322909][ T9750] RDX: 0000000000000810 RSI: 0000200000007940 RDI: 0000000000000003
[  499.322923][ T9750] RBP: 00007f724ad5a090 R08: 0000000000000000 R09: 0000000000000000
[  499.322936][ T9750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.322948][ T9750] R13: 0000000000000000 R14: 00007f724a1b5fa0 R15: 00007ffe2827e968
[  499.322981][ T9750]  </TASK>
[  499.893847][ T9757] overlayfs: failed to resolve './file0': -2
[  500.801020][   T24] usb 4-1: USB disconnect, device number 33
[  500.991545][ T9774] FAULT_INJECTION: forcing a failure.
[  500.991545][ T9774] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.187752][ T9774] CPU: 0 UID: 0 PID: 9774 Comm: syz.2.970 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  501.187786][ T9774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.187801][ T9774] Call Trace:
[  501.187809][ T9774]  <TASK>
[  501.187818][ T9774]  dump_stack_lvl+0x189/0x250
[  501.187848][ T9774]  ? __pfx____ratelimit+0x10/0x10
[  501.187875][ T9774]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.187899][ T9774]  ? __pfx__printk+0x10/0x10
[  501.187927][ T9774]  ? __might_fault+0xb0/0x130
[  501.187962][ T9774]  should_fail_ex+0x414/0x560
[  501.187990][ T9774]  _copy_from_user+0x2d/0xb0
[  501.188021][ T9774]  drm_ioctl+0x58a/0xb10
[  501.188043][ T9774]  ? smk_tskacc+0x2fc/0x370
[  501.188076][ T9774]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  501.188117][ T9774]  ? __pfx_drm_ioctl+0x10/0x10
[  501.188155][ T9774]  ? __fget_files+0x2a/0x420
[  501.188184][ T9774]  ? bpf_lsm_file_ioctl+0x9/0x20
[  501.188210][ T9774]  ? __pfx_drm_ioctl+0x10/0x10
[  501.188232][ T9774]  __se_sys_ioctl+0xf9/0x170
[  501.188268][ T9774]  do_syscall_64+0xfa/0x3b0
[  501.188293][ T9774]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.188314][ T9774]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  501.188336][ T9774]  ? clear_bhb_loop+0x60/0xb0
[  501.188363][ T9774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.188384][ T9774] RIP: 0033:0x7f7ea058e9a9
[  501.188403][ T9774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.188423][ T9774] RSP: 002b:00007f7ea14b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  501.188446][ T9774] RAX: ffffffffffffffda RBX: 00007f7ea07b6080 RCX: 00007f7ea058e9a9
[  501.188462][ T9774] RDX: 0000200000000380 RSI: 00000000c03864bc RDI: 0000000000000009
[  501.188476][ T9774] RBP: 00007f7ea14b1090 R08: 0000000000000000 R09: 0000000000000000
[  501.188490][ T9774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.188502][ T9774] R13: 0000000000000000 R14: 00007f7ea07b6080 R15: 00007ffce9121fa8
[  501.188535][ T9774]  </TASK>
[  502.152825][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  502.159543][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  503.557606][   T24] usb 9-1: new full-speed USB device number 28 using dummy_hcd
[  503.866715][   T24] usb 9-1: no configurations
[  503.899477][   T24] usb 9-1: can't read configurations, error -22
[  504.064345][   T24] usb 9-1: new full-speed USB device number 29 using dummy_hcd
[  504.094133][ T9797] netlink: 20 bytes leftover after parsing attributes in process `syz.7.980'.
[  504.103277][ T9797] netlink: 28 bytes leftover after parsing attributes in process `syz.7.980'.
[  505.200525][   T24] usb 9-1: device descriptor read/all, error -71
[  505.207712][   T24] usb usb9-port1: attempt power cycle
[  505.478518][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  505.478540][   T30] audit: type=1326 audit(1753417540.124:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9802 comm="syz.5.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3f058e9a9 code=0x7fc00000
[  505.929753][   T30] audit: type=1326 audit(1753417540.584:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9802 comm="syz.5.981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe3f0585967 code=0x7fc00000
[  506.439689][ T9821] input: syz0 as /devices/virtual/input/input18
[  506.479123][ T9821] input: failed to attach handler leds to device input18, error: -6
[  506.611594][ T9817] netlink: 'syz.8.984': attribute type 83 has an invalid length.
[  507.435648][ T5839] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  508.064322][ T5839] usb 4-1: Using ep0 maxpacket: 8
[  508.082065][ T5839] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  508.192603][ T5839] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  508.207142][ T5839] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  508.514387][ T5839] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  508.538149][ T5839] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  508.666848][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.820654][ T9830] comedi comedi2: pcl724: I/O port conflict (0x10009e1,4)
[  509.676486][ T5902] IPVS: starting estimator thread 0...
[  509.764383][ T9844] IPVS: using max 37 ests per chain, 88800 per kthread
[  509.852042][ T5839] usb 4-1: usb_control_msg returned -71
[  509.874405][ T5839] usbtmc 4-1:16.0: can't read capabilities
[  509.919632][ T5839] usb 4-1: USB disconnect, device number 34
[  510.233273][ T9852] binder: BINDER_SET_CONTEXT_MGR already set
[  510.239805][ T9852] binder: 9846:9852 ioctl 4018620d 200000000040 returned -16
[  510.944595][ T5856] Bluetooth: hci3: unexpected event for opcode 0x0c2d
[  511.236380][ T5902] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  511.414561][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  511.453383][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.480405][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  511.557416][ T5902] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  511.578644][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.597234][ T5902] usb 3-1: config 0 descriptor??
[  511.767533][ T5980] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  512.136052][ T9858] mkiss: ax0: crc mode is auto.
[  512.934541][ T5902] usbhid 3-1:0.0: can't add hid device: -71
[  512.940620][ T5902] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  513.016740][ T5902] usb 3-1: USB disconnect, device number 22
[  515.989870][ T9897] kernel read not supported for file /z� (pid: 9897 comm: syz.2.1003)
[  516.033341][   T30] audit: type=1800 audit(1753417550.684:114): pid=9897 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1003" name=7ABF17 dev="mqueue" ino=35112 res=0 errno=0
[  516.686965][ T9909] Cannot find del_set index 3 as target
[  518.922423][ T9922] netlink: 'syz.7.1011': attribute type 10 has an invalid length.
[  519.308534][ T9925] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1012'.
[  521.054680][ T9949] netlink: 'syz.8.1020': attribute type 1 has an invalid length.
[  521.093393][   T30] audit: type=1400 audit(1753417555.724:115): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=9945 comm="syz.8.1020" dest=20002 netif=wpan0
[  521.135879][ T9951] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  521.174649][ T9951] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  521.255001][ T5910] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  521.566004][ T5910] usb 8-1: config 0 has an invalid interface number: 235 but max is 0
[  521.574444][ T5910] usb 8-1: config 0 has no interface number 0
[  521.580606][ T5910] usb 8-1: New USB device found, idVendor=0451, idProduct=5416, bcdDevice= 1.00
[  521.589978][ T5910] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.601039][ T5910] usb 8-1: config 0 descriptor??
[  521.608295][ T5910] usb-storage 8-1:0.235: USB Mass Storage device detected
[  522.489045][ T9963] netlink: 'syz.5.1024': attribute type 4 has an invalid length.
[  522.527721][ T5910] usb-storage 8-1:0.235: Quirks match for vid 0451 pid 5416: 2
[  523.011916][ T5910] usb 8-1: USB disconnect, device number 22
[  523.102021][ T9966] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1025'.
[  523.417289][ T9969] binder: 9968:9969 unknown command 0
[  523.422743][ T9969] binder: 9968:9969 ioctl c0306201 2000000003c0 returned -22
[  523.799611][ T9933] syz.2.1014: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  524.005017][ T9933] CPU: 1 UID: 0 PID: 9933 Comm: syz.2.1014 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  524.005052][ T9933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  524.005064][ T9933] Call Trace:
[  524.005073][ T9933]  <TASK>
[  524.005082][ T9933]  dump_stack_lvl+0x189/0x250
[  524.005114][ T9933]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  524.005148][ T9933]  ? __pfx_dump_stack_lvl+0x10/0x10
[  524.005173][ T9933]  ? __pfx__printk+0x10/0x10
[  524.005199][ T9933]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  524.005225][ T9933]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  524.005259][ T9933]  warn_alloc+0x214/0x310
[  524.005294][ T9933]  ? __pfx_warn_alloc+0x10/0x10
[  524.005332][ T9933]  ? __get_vm_area_node+0x28f/0x300
[  524.005362][ T9933]  ? translate_table+0x19b/0x2040
[  524.005402][ T9933]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  524.005465][ T9933]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  524.005495][ T9933]  ? rcu_is_watching+0x15/0xb0
[  524.005519][ T9933]  ? translate_table+0x19b/0x2040
[  524.005548][ T9933]  ? translate_table+0x19b/0x2040
[  524.005576][ T9933]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  524.005599][ T9933]  ? translate_table+0x19b/0x2040
[  524.005626][ T9933]  ? xt_alloc_table_info+0x3b/0xa0
[  524.005655][ T9933]  translate_table+0x19b/0x2040
[  524.005700][ T9933]  ? __lock_acquire+0xab9/0xd20
[  524.005723][ T9933]  ? __pfx_translate_table+0x10/0x10
[  524.005758][ T9933]  ? __might_fault+0xb0/0x130
[  524.005799][ T9933]  ? _copy_from_user+0x94/0xb0
[  524.005836][ T9933]  do_ip6t_set_ctl+0x970/0xce0
[  524.005885][ T9933]  ? rcu_is_watching+0x15/0xb0
[  524.005908][ T9933]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  524.005961][ T9933]  ? __pfx___mutex_lock+0x10/0x10
[  524.005987][ T9933]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  524.006025][ T9933]  ? security_socket_setsockopt+0x18/0x2c0
[  524.006053][ T9933]  nf_setsockopt+0x26c/0x290
[  524.006090][ T9933]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  524.006122][ T9933]  do_sock_setsockopt+0x17c/0x1b0
[  524.006160][ T9933]  __x64_sys_setsockopt+0x13f/0x1b0
[  524.006200][ T9933]  do_syscall_64+0xfa/0x3b0
[  524.006225][ T9933]  ? lockdep_hardirqs_on+0x9c/0x150
[  524.006248][ T9933]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.006273][ T9933]  ? clear_bhb_loop+0x60/0xb0
[  524.006301][ T9933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.006325][ T9933] RIP: 0033:0x7f7ea058e9a9
[  524.006349][ T9933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.006371][ T9933] RSP: 002b:00007f7ea14d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  524.006400][ T9933] RAX: ffffffffffffffda RBX: 00007f7ea07b5fa0 RCX: 00007f7ea058e9a9
[  524.006419][ T9933] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  524.006434][ T9933] RBP: 00007f7ea0610d69 R08: 0000000000000518 R09: 0000000000000000
[  524.006449][ T9933] R10: 0000200000000600 R11: 0000000000000246 R12: 0000000000000000
[  524.006461][ T9933] R13: 0000000000000000 R14: 00007f7ea07b5fa0 R15: 00007ffce9121fa8
[  524.006487][ T9933]  </TASK>
[  524.006655][ T9933] Mem-Info:
[  524.686681][ T9933] active_anon:3136 inactive_anon:18835 isolated_anon:0
[  524.686681][ T9933]  active_file:24893 inactive_file:36357 isolated_file:0
[  524.686681][ T9933]  unevictable:768 dirty:284 writeback:0
[  524.686681][ T9933]  slab_reclaimable:11743 slab_unreclaimable:103755
[  524.686681][ T9933]  mapped:34812 shmem:18548 pagetables:1005
[  524.686681][ T9933]  sec_pagetables:0 bounce:0
[  524.686681][ T9933]  kernel_misc_reclaimable:0
[  524.686681][ T9933]  free:1262349 free_pcp:18936 free_cma:0
[  524.914343][ T9933] Node 0 active_anon:12544kB inactive_anon:74140kB active_file:99372kB inactive_file:145428kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130168kB dirty:1136kB writeback:0kB shmem:71556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11716kB pagetables:3852kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  525.046180][ T9933] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  525.098337][ T9933] Node 0 DMA free:15344kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  525.760637][ T9933] lowmem_reserve[]: 0 2500 2502 2502 2502
[  525.770721][ T9933] Node 0 DMA32 free:1133332kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12540kB inactive_anon:80996kB active_file:97604kB inactive_file:145368kB unevictable:1536kB writepending:1140kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:48628kB local_pcp:24788kB free_cma:0kB
[  525.804505][   T43] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[  526.205739][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  526.208703][ T9933] lowmem_reserve[]:
[  526.240298][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  526.257383][ T9933]  0 0 1 1 1
[  526.257447][ T9933] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:48kB active_file:1776kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  526.257514][ T9933] lowmem_reserve[]: 0 0 0 0
[  526.268001][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  526.353236][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  526.378751][ T9933]  0
[  526.388570][ T9933] Node 1 Normal free:3896168kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20832kB local_pcp:7200kB free_cma:0kB
[  526.395965][   T43] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  526.426587][ T9933] lowmem_reserve[]: 0 0 0 0 0
[  526.521336][ T9933] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  526.561603][   T43] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  526.571137][   T43] usb 4-1: Manufacturer: syz
[  526.590408][   T43] usb 4-1: config 0 descriptor??
[  526.634322][ T9933] Node 0 DMA32: 509*4kB (UM) 105*8kB (UM) 36*16kB (UME) 115*32kB (UME) 4*64kB (UME) 34*128kB (UM) 36*256kB (UM) 27*512kB (UME) 22*1024kB (UME) 7*2048kB (UM) 264*4096kB (UM) = 1152988kB
[  527.200323][ T9933] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  527.294889][ T9933] Node 1 Normal: 216*4kB (UE) 55*8kB (UME) 41*16kB (UME) 82*32kB (UME) 30*64kB (UME) 8*128kB (UME) 6*256kB (UME) 4*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 947*4096kB (M) = 3896168kB
[  527.324355][ T9933] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  527.324378][   T43] rc_core: IR keymap rc-hauppauge not found
[  527.324395][   T43] Registered IR keymap rc-empty
[  527.333953][ T9933] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  527.346366][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  527.411023][ T9933] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  527.426773][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  527.441538][ T9933] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  527.525701][ T9933] 74939 total pagecache pages
[  527.680256][ T9933] 0 pages in swap cache
[  527.705903][ T9933] Free swap  = 124996kB
[  527.710230][ T9933] Total swap = 124996kB
[  527.726693][ T9933] 2097051 pages RAM
[  528.501339][   T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  528.534588][ T9933] 0 pages HighMem/MovableOnly
[  528.539340][ T9933] 424695 pages reserved
[  528.543534][ T9933] 0 pages cma reserved
[  528.596625][   T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input19
[  528.688972][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  528.902918][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  529.737591][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  529.875987][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  529.904912][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  529.924431][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  529.958530][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  529.993358][T10029] bridge1: the hash_elasticity option has been deprecated and is always 16
[  530.341860][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  530.375353][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  531.157377][   T43] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  531.206854][   T43] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  531.244463][   T43] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  531.298364][   T43] usb 4-1: USB disconnect, device number 35
[  531.978482][T10047] syz.5.1043: attempt to access beyond end of device
[  531.978482][T10047] loop5: rw=0, sector=16, nr_sectors = 2 limit=0
[  532.027647][T10047] netlink: 'syz.5.1043': attribute type 10 has an invalid length.
[  532.043195][T10047] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.054374][T10047] bridge_slave_1: left allmulticast mode
[  532.060115][T10047] bridge_slave_1: left promiscuous mode
[  532.066553][T10047] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.129129][T10047] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  532.145739][T10048] FAULT_INJECTION: forcing a failure.
[  532.145739][T10048] name failslab, interval 1, probability 0, space 0, times 0
[  532.195415][T10048] CPU: 1 UID: 0 PID: 10048 Comm: syz.3.1044 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  532.195457][T10048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  532.195471][T10048] Call Trace:
[  532.195479][T10048]  <TASK>
[  532.195488][T10048]  dump_stack_lvl+0x189/0x250
[  532.195516][T10048]  ? __pfx____ratelimit+0x10/0x10
[  532.195535][T10048]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.195555][T10048]  ? __pfx__printk+0x10/0x10
[  532.195594][T10048]  should_fail_ex+0x414/0x560
[  532.195617][T10048]  should_failslab+0xa8/0x100
[  532.195639][T10048]  kmem_cache_alloc_noprof+0x73/0x3c0
[  532.195655][T10048]  ? skb_clone+0x212/0x3a0
[  532.195677][T10048]  skb_clone+0x212/0x3a0
[  532.195700][T10048]  __netlink_deliver_tap+0x404/0x850
[  532.195743][T10048]  ? netlink_deliver_tap+0x2e/0x1b0
[  532.195773][T10048]  netlink_deliver_tap+0x19c/0x1b0
[  532.195805][T10048]  netlink_sendskb+0x68/0x140
[  532.195836][T10048]  netlink_rcv_skb+0x28c/0x470
[  532.195868][T10048]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  532.195894][T10048]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  532.195932][T10048]  ? netlink_deliver_tap+0x2e/0x1b0
[  532.195961][T10048]  ? netlink_deliver_tap+0x2e/0x1b0
[  532.195999][T10048]  netlink_unicast+0x75c/0x8e0
[  532.196039][T10048]  netlink_sendmsg+0x805/0xb30
[  532.196081][T10048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.196129][T10048]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  532.196151][T10048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.196183][T10048]  __sock_sendmsg+0x21c/0x270
[  532.196213][T10048]  ____sys_sendmsg+0x505/0x830
[  532.196254][T10048]  ? __pfx_____sys_sendmsg+0x10/0x10
[  532.196299][T10048]  ? import_iovec+0x74/0xa0
[  532.196333][T10048]  ___sys_sendmsg+0x21f/0x2a0
[  532.196370][T10048]  ? __pfx____sys_sendmsg+0x10/0x10
[  532.196446][T10048]  ? __fget_files+0x2a/0x420
[  532.196469][T10048]  ? __fget_files+0x3a0/0x420
[  532.196506][T10048]  __x64_sys_sendmsg+0x19b/0x260
[  532.196543][T10048]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  532.196594][T10048]  ? __pfx_ksys_write+0x10/0x10
[  532.196612][T10048]  ? rcu_is_watching+0x15/0xb0
[  532.196641][T10048]  ? do_syscall_64+0xbe/0x3b0
[  532.196671][T10048]  do_syscall_64+0xfa/0x3b0
[  532.196694][T10048]  ? lockdep_hardirqs_on+0x9c/0x150
[  532.196718][T10048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.196739][T10048]  ? clear_bhb_loop+0x60/0xb0
[  532.196767][T10048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.196788][T10048] RIP: 0033:0x7f969a18e9a9
[  532.196807][T10048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.196826][T10048] RSP: 002b:00007f969af48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  532.196849][T10048] RAX: ffffffffffffffda RBX: 00007f969a3b5fa0 RCX: 00007f969a18e9a9
[  532.196866][T10048] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  532.196880][T10048] RBP: 00007f969af48090 R08: 0000000000000000 R09: 0000000000000000
[  532.196894][T10048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.196907][T10048] R13: 0000000000000000 R14: 00007f969a3b5fa0 R15: 00007ffd46031bf8
[  532.196940][T10048]  </TASK>
[  532.512006][    C1] vkms_vblank_simulate: vblank timer overrun
[  533.987278][T10061] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1047'.
[  534.366143][T10074] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1051'.
[  535.122977][T10078] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1054'.
[  535.446699][T10086] netlink: 209836 bytes leftover after parsing attributes in process `syz.5.1057'.
[  535.611931][T10093] Cannot find del_set index 3 as target
[  536.380533][T10099] comedi comedi1: comedi_config --init_data is deprecated
[  536.416629][T10098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1060'.
[  537.576859][T10113] Bluetooth: MGMT ver 1.23
[  537.830229][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  537.840289][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  537.853505][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  537.870374][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  537.879731][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  538.232784][ T6470] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.408338][T10123] hsr0 speed is unknown, defaulting to 1000
[  538.478230][T10141] Cannot find add_set index 0 as target
[  539.320792][ T6470] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.574749][ T6470] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.767214][ T6470] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.994455][ T5849] Bluetooth: hci1: command tx timeout
[  540.318640][T10123] chnl_net:caif_netlink_parms(): no params data found
[  540.404299][ T6470] bridge_slave_1: left allmulticast mode
[  540.416162][ T6470] bridge_slave_1: left promiscuous mode
[  540.432291][ T6470] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.476367][ T6470] bridge_slave_0: left allmulticast mode
[  540.482097][ T6470] bridge_slave_0: left promiscuous mode
[  540.499530][ T6470] bridge0: port 1(bridge_slave_0) entered disabled state
[  541.304122][T10182] Cannot find del_set index 3 as target
[  542.074624][ T5849] Bluetooth: hci1: command tx timeout
[  542.289977][T10189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1083'.
[  542.299232][T10189] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  542.306888][T10189] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  543.074661][ T5910] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  543.167321][ T6470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  543.182857][ T6470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  543.194064][ T6470] bond0 (unregistering): Released all slaves
[  543.238328][ T5910] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  543.254455][ T5910] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.277758][T10160] @: renamed from vlan0 (while UP)
[  543.282945][ T5910] usb 8-1: Product: syz
[  543.282972][ T5910] usb 8-1: Manufacturer: syz
[  543.282989][ T5910] usb 8-1: SerialNumber: syz
[  543.310272][ T5910] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  543.380170][T10195] syzkaller1: entered promiscuous mode
[  543.387508][T10195] syzkaller1: entered allmulticast mode
[  543.562852][ T6470] IPVS: stopping master sync thread 8997 ...
[  543.581440][ T5902] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  543.835056][T10123] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.842552][T10123] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.884527][T10123] bridge_slave_0: entered allmulticast mode
[  543.892727][T10123] bridge_slave_0: entered promiscuous mode
[  544.156948][ T5849] Bluetooth: hci1: command tx timeout
[  544.466861][T10123] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.532280][T10123] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.594486][T10123] bridge_slave_1: entered allmulticast mode
[  544.622141][T10123] bridge_slave_1: entered promiscuous mode
[  544.644428][ T5902] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  544.702765][ T5902] ath9k_htc: Failed to initialize the device
[  544.902446][    T9] usb 8-1: USB disconnect, device number 23
[  544.917047][    T9] usb 8-1: ath9k_htc: USB layer deinitialized
[  545.271880][T10123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  545.786712][ T6470] hsr_slave_0: left promiscuous mode
[  545.944569][ T6470] hsr_slave_1: left promiscuous mode
[  545.971177][ T6470] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  545.979537][ T6470] batman_adv: batadv0: Removing interface: batadv_slave_0
[  545.988322][ T6470] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  546.016884][ T6470] batman_adv: batadv0: Removing interface: batadv_slave_1
[  546.163745][ T6470] veth1_macvtap: left promiscuous mode
[  546.234708][ T5849] Bluetooth: hci1: command tx timeout
[  546.394353][ T6470] veth0_macvtap: left promiscuous mode
[  546.400102][ T6470] veth1_vlan: left promiscuous mode
[  546.411943][ T6470] veth0_vlan: left promiscuous mode
[  546.500854][T10234] Cannot find del_set index 3 as target
[  547.892884][T10240] overlay: Unknown parameter 'fsmagic'
[  549.356728][T10248] libceph: resolve '.
[  549.356728][T10248] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  549.356728][T10248] ' (ret=-3): failed
[  549.515221][ T5849] Bluetooth: hci3: unexpected event for opcode 0x0c2d
[  549.530841][ T6470] team0 (unregistering): Port device team_slave_1 removed
[  549.632914][ T6470] team0 (unregistering): Port device team_slave_0 removed
[  550.832844][ T5849] Bluetooth: hci3: unexpected event for opcode 0x0c2d
[  551.312662][T10123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  551.809794][T10274] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  551.817135][T10274] IPv6: NLM_F_CREATE should be set when creating new route
[  551.824453][T10274] IPv6: NLM_F_CREATE should be set when creating new route
[  551.831706][T10274] IPv6: NLM_F_CREATE should be set when creating new route
[  551.903650][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1106'.
[  551.930260][T10123] team0: Port device team_slave_0 added
[  551.960701][T10123] team0: Port device team_slave_1 added
[  552.176527][T10123] batman_adv: batadv0: Adding interface: batadv_slave_0
[  552.183559][T10123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.209723][ T5910] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  552.217501][ T5902] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  552.237247][T10123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  552.250215][T10123] batman_adv: batadv0: Adding interface: batadv_slave_1
[  552.257988][T10123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.289616][T10123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  552.396266][ T5910] usb 6-1: Using ep0 maxpacket: 16
[  552.401781][ T5902] usb 8-1: Using ep0 maxpacket: 16
[  552.479951][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.583110][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  552.598588][ T5910] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  552.609503][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.665548][ T5902] usb 8-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47
[  552.684454][ T5902] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.762568][ T5902] usb 8-1: Product: syz
[  552.876382][ T5902] usb 8-1: Manufacturer: syz
[  552.895637][ T5910] usb 6-1: config 0 descriptor??
[  552.904877][ T5902] usb 8-1: SerialNumber: syz
[  552.969030][ T6470] IPVS: stop unused estimator thread 0...
[  552.976814][ T5902] usb 8-1: config 0 descriptor??
[  552.986330][ T5902] gspca_main: sn9c2028-2.14.0 probing 0c45:800a
[  553.053340][T10123] hsr_slave_0: entered promiscuous mode
[  553.062088][T10123] hsr_slave_1: entered promiscuous mode
[  553.485843][ T5910] usbhid 6-1:0.0: can't add hid device: -71
[  553.492068][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  553.709365][ T5902] gspca_sn9c2028: read1 error -71
[  555.045564][ T5902] gspca_sn9c2028: read1 error -71
[  555.050965][ T5902] sn9c2028 8-1:0.0: probe with driver sn9c2028 failed with error -71
[  556.207623][ T5910] usb 6-1: USB disconnect, device number 23
[  556.215952][ T5902] usb 8-1: USB disconnect, device number 24
[  556.380093][T10310] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1116'.
[  556.668058][T10314] netlink: 'syz.7.1115': attribute type 83 has an invalid length.
[  558.114432][ T5839] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  558.246029][ T5980] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  558.438749][ T5980] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  558.451136][ T5980] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65327, setting to 1024
[  558.465216][ T5980] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  558.571315][ T5980] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  558.584116][ T5839] usb 9-1: Using ep0 maxpacket: 32
[  558.589345][ T5980] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.812225][ T5839] usb 9-1: unable to get BOS descriptor or descriptor too short
[  558.818507][T10321] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  558.905812][ T5839] usb 9-1: config 1 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 1056, setting to 1024
[  558.928931][ T5980] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  558.932375][ T5839] usb 9-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  558.974308][ T5839] usb 9-1: config 1 interface 0 has no altsetting 0
[  558.998515][ T5839] usb 9-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice= 0.40
[  559.037490][ T5839] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.078480][ T5839] usb 9-1: Product: syz
[  559.082725][ T5839] usb 9-1: Manufacturer: syz
[  559.098946][ T5839] usb 9-1: SerialNumber: syz
[  559.119396][ T5902] usb 8-1: USB disconnect, device number 25
[  559.146512][T10326] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  559.159552][T10123] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  559.200527][T10123] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  559.241238][T10123] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  559.257124][T10123] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  559.299688][T10340] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1122'.
[  559.411805][ T5839] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/input/input21
[  559.457954][ T5193] bcm5974 9-1:1.0: could not read from device
[  559.478967][T10123] 8021q: adding VLAN 0 to HW filter on device bond0
[  559.496587][ T5193] bcm5974 9-1:1.0: could not read from device
[  559.503147][ T5839] usb 9-1: USB disconnect, device number 31
[  559.524338][ T5910] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  559.529254][T10123] 8021q: adding VLAN 0 to HW filter on device team0
[  559.539932][ T5193] bcm5974 9-1:1.0: could not read from device
[  559.555866][ T7509] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.563104][ T7509] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.597543][ T7509] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.604826][ T7509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.652699][T10123] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  559.663772][T10123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  559.713900][ T5910] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  559.737859][ T5910] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184
[  559.774462][ T5910] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  559.793994][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.830967][ T5910] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  560.021544][ T5910] gspca_sn9c2028: read1 error -71
[  560.069721][ T5910] gspca_sn9c2028: read1 error -71
[  560.080784][ T5910] gspca_sn9c2028: read1 error -71
[  560.278348][ T5910] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71
[  560.282212][T10123] 8021q: adding VLAN 0 to HW filter on device batadv0
[  561.074278][ T5910] usb 4-1: USB disconnect, device number 36
[  561.165130][T10342] comedi comedi2: pcl724: I/O port conflict (0x10009e1,4)
[  561.194008][T10359] netlink: 'syz.7.1127': attribute type 4 has an invalid length.
[  561.242525][T10359] dvmrp0: entered allmulticast mode
[  561.455259][T10372] pim6reg: entered allmulticast mode
[  561.470403][T10372] pim6reg: left allmulticast mode
[  561.990075][T10379] netlink: 'syz.5.1131': attribute type 1 has an invalid length.
[  562.027110][T10379] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1131'.
[  562.254426][T10123] veth0_vlan: entered promiscuous mode
[  562.379699][T10123] veth1_vlan: entered promiscuous mode
[  563.340145][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  563.346802][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  563.576313][T10123] veth0_macvtap: entered promiscuous mode
[  563.654717][T10123] veth1_macvtap: entered promiscuous mode
[  563.981578][T10123] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.994076][T10123] batman_adv: batadv0: Interface activated: batadv_slave_1
[  564.027737][T10123] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  564.708185][T10123] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  564.886823][T10123] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  565.074321][T10123] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  565.714852][T10407] tun0: tun_chr_ioctl cmd 1074025678
[  565.720317][T10407] tun0: group set to 0
[  566.230858][ T8111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  566.293848][ T8111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  566.412830][T10369] ------------[ cut here ]------------
[  566.418678][T10369] kernel BUG at ./include/linux/pagemap.h:1379!
[  566.440360][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  566.460553][T10412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.478094][T10369] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  566.484426][T10369] CPU: 0 UID: 0 PID: 10369 Comm: syz.3.1129 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  566.495930][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  566.496492][T10369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  566.513984][T10369] RIP: 0010:mpage_readahead+0x637/0x650
[  566.519617][T10369] Code: c6 a0 d9 99 8b e8 69 13 c1 ff 90 0f 0b e8 b1 e6 7c ff 4c 89 ef 48 c7 c6 00 da 99 8b e8 52 13 c1 ff 90 0f 0b e8 9a e6 7c ff 90 <0f> 0b e8 92 e6 7c ff 90 0f 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00
[  566.535856][T10412] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.539251][T10369] RSP: 0018:ffffc90003876f40 EFLAGS: 00010246
[  566.553096][T10369] RAX: ffffffff82433f16 RBX: 0000000000000001 RCX: 0000000000080000
[  566.561178][T10369] RDX: ffffc90010f1f000 RSI: 000000000007ffff RDI: 0000000000080000
[  566.569181][T10369] RBP: ffffc90003877130 R08: ffffea00016fac07 R09: 1ffffd40002df580
[  566.577208][T10369] R10: dffffc0000000000 R11: fffff940002df581 R12: dffffc0000000000
[  566.585225][T10369] R13: ffffc900038773a8 R14: 0000000000000010 R15: ffffc900038773c0
[  566.593228][T10369] FS:  00007f969af276c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[  566.602182][T10369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  566.608907][T10369] CR2: 00007fe3f14b6fe0 CR3: 0000000030d80000 CR4: 00000000003526f0
[  566.616905][T10369] Call Trace:
[  566.620216][T10369]  <TASK>
[  566.623169][T10369]  ? __pfx_mpage_readahead+0x10/0x10
[  566.628499][T10369]  ? __pfx_blkdev_get_block+0x10/0x10
[  566.633906][T10369]  ? blk_start_plug+0x6f/0x1b0
[  566.638723][T10369]  read_pages+0x177/0x580
[  566.643078][T10369]  ? xa_load+0x60/0x210
[  566.647263][T10369]  ? __pfx_read_pages+0x10/0x10
[  566.652147][T10369]  ? xa_load+0x1ea/0x210
[  566.656415][T10369]  page_cache_ra_unbounded+0x346/0x7b0
[  566.661917][T10369]  do_sync_mmap_readahead+0x370/0x5f0
[  566.667316][T10369]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[  566.673238][T10369]  ? count_memcg_event_mm+0x1d/0x250
[  566.678561][T10369]  ? count_memcg_event_mm+0x1d/0x250
[  566.683897][T10369]  filemap_fault+0x62a/0x1200
[  566.688618][T10369]  ? __pfx_filemap_fault+0x10/0x10
[  566.693759][T10369]  ? __pfx_filemap_map_pages+0x10/0x10
[  566.699246][T10369]  ? __handle_mm_fault+0x296f/0x5620
[  566.704588][T10369]  __do_fault+0x135/0x390
[  566.708961][T10369]  __handle_mm_fault+0x37ed/0x5620
[  566.714129][T10369]  ? __pfx___handle_mm_fault+0x10/0x10
[  566.719642][T10369]  ? find_vma+0xe7/0x160
[  566.723910][T10369]  ? __pfx_find_vma+0x10/0x10
[  566.728605][T10369]  handle_mm_fault+0x2d5/0x7f0
[  566.733408][T10369]  do_user_addr_fault+0x764/0x1390
[  566.738565][T10369]  exc_page_fault+0x76/0xf0
[  566.743091][T10369]  asm_exc_page_fault+0x26/0x30
[  566.747957][T10369] RIP: 0010:rep_movs_alternative+0x30/0x90
[  566.753794][T10369] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  566.773436][T10369] RSP: 0018:ffffc90003877a18 EFLAGS: 00050206
[  566.779535][T10369] RAX: 00007ffffffff001 RBX: 0000000000000038 RCX: 0000000000000038
[  566.787527][T10369] RDX: 0000000000000001 RSI: 0000200000391000 RDI: ffffc90003877aa0
[  566.795520][T10369] RBP: ffffc90003877c30 R08: ffffc90003877ad7 R09: 1ffff9200070ef5a
[  566.803516][T10369] R10: dffffc0000000000 R11: fffff5200070ef5b R12: 0000000000000002
[  566.811509][T10369] R13: dffffc0000000000 R14: ffffc90003877aa0 R15: 0000200000391000
[  566.819519][T10369]  _copy_from_user+0x7a/0xb0
[  566.824194][T10369]  ___sys_recvmsg+0x12e/0x510
[  566.828924][T10369]  ? __pfx____sys_recvmsg+0x10/0x10
[  566.834166][T10369]  ? __might_fault+0xb0/0x130
[  566.838876][T10369]  do_recvmmsg+0x307/0x770
[  566.843325][T10369]  ? __pfx_do_recvmmsg+0x10/0x10
[  566.848312][T10369]  ? count_memcg_event_mm+0x21/0x260
[  566.853677][T10369]  ? count_memcg_event_mm+0x21/0x260
[  566.859007][T10369]  __x64_sys_recvmmsg+0x190/0x240
[  566.864061][T10369]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  566.869631][T10369]  ? do_syscall_64+0xbe/0x3b0
[  566.874339][T10369]  do_syscall_64+0xfa/0x3b0
[  566.878888][T10369]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.884113][T10369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.890203][T10369]  ? clear_bhb_loop+0x60/0xb0
[  566.894908][T10369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.900826][T10369] RIP: 0033:0x7f969a18e9a9
[  566.905271][T10369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.924907][T10369] RSP: 002b:00007f969af27038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  566.933348][T10369] RAX: ffffffffffffffda RBX: 00007f969a3b6080 RCX: 00007f969a18e9a9
[  566.941343][T10369] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  566.949338][T10369] RBP: 00007f969a210d69 R08: 0000000000000000 R09: 0000000000000000
[  566.957542][T10369] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  566.965561][T10369] R13: 0000000000000001 R14: 00007f969a3b6080 R15: 00007ffd46031bf8
[  566.973569][T10369]  </TASK>
[  566.976623][T10369] Modules linked in:
[  566.980879][T10369] ---[ end trace 0000000000000000 ]---
[  566.996226][T10369] RIP: 0010:mpage_readahead+0x637/0x650
[  567.001866][T10369] Code: c6 a0 d9 99 8b e8 69 13 c1 ff 90 0f 0b e8 b1 e6 7c ff 4c 89 ef 48 c7 c6 00 da 99 8b e8 52 13 c1 ff 90 0f 0b e8 9a e6 7c ff 90 <0f> 0b e8 92 e6 7c ff 90 0f 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00
[  567.021580][    C1] vkms_vblank_simulate: vblank timer overrun
[  567.099769][T10369] RSP: 0018:ffffc90003876f40 EFLAGS: 00010246
[  567.467595][ T5910] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  567.501205][T10369] RAX: ffffffff82433f16 RBX: 0000000000000001 RCX: 0000000000080000
[  567.515155][T10369] RDX: ffffc90010f1f000 RSI: 000000000007ffff RDI: 0000000000080000
[  567.526856][T10369] RBP: ffffc90003877130 R08: ffffea00016fac07 R09: 1ffffd40002df580
[  567.535262][T10369] R10: dffffc0000000000 R11: fffff940002df581 R12: dffffc0000000000
[  567.546052][T10369] R13: ffffc900038773a8 R14: 0000000000000010 R15: ffffc900038773c0
[  567.555370][T10369] FS:  00007f969af276c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  567.566689][T10369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  567.574869][T10369] CR2: 00007fe3f1497d58 CR3: 0000000030d80000 CR4: 00000000003526f0
[  567.585596][T10369] Kernel panic - not syncing: Fatal exception
[  567.591992][T10369] Kernel Offset: disabled
[  567.596335][T10369] Rebooting in 86400 seconds..