last executing test programs:

11m13.321045412s ago: executing program 32 (id=671):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000180)="484a1e9f0a296a1edda568735b175adba4a3682cabf4e8373bb7e7daf0dce87850ec769df0796230b08ed89fce6abe202dec401a3a8e7b87d7eaa3fda0984550f74589859ef7a5f516a584fa15cfcb2e45c1bb2c33905d9b03fec894fdb285c03c99a80e1e8f4a0401b76c6328d378f237ee3370dd0d60ffabbca116eb882e12e042b371f637108a6b2bbb5fd7e8464ed528b333bf1d959d3b92511f72de2f6990a0e22652b82e3d17a4bbe4fa89a8e783fe4ceec3d0", &(0x7f0000000300)=""/137, &(0x7f00000003c0), 0x0, 0x1, r0}, 0x38)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63", 0xa5}], 0x1}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="ef16", 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="00022cbd7000fddbdf25080000000c00028005000d0001"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45", 0xc8}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

10m35.317032777s ago: executing program 33 (id=804):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, 0xffffffffffffffff, 0x100000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_VFIO_IOAS$GET(r3, 0x3b88, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f0000000200)={0xc, r4})
ioctl$IOMMU_VFIO_GET_API_VERSION(r3, 0x3b64)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x9)
ioctl$IOMMU_DESTROY$ioas(r3, 0x3b80, &(0x7f0000000380)={0x8, r4}) (fail_nth: 1)

9m56.371165455s ago: executing program 34 (id=948):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667", 0xa0}], 0x1}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000001"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="ef16", 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="00022cbd7000fddbdf25080000000c00028005000d0001"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

9m3.812717513s ago: executing program 35 (id=1086):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
read(r1, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x5, 0x7fff, 0x7, 0x0, 0x1, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x80002}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000003000000000000000040000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r3, r2}, 0xc)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000000140)=0x4, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r4=>r1, {r0}}, './file0\x00'})
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x3c, r5, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x28, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x9}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048040}, 0x4000)
unshare(0x480)
futex(0x0, 0x5, 0x20400002, 0x0, 0x0, 0x0)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
pidfd_send_signal(r6, 0x2, &(0x7f0000000000)={0x2, 0x7, 0x40}, 0x0)
sendto$inet6(r0, &(0x7f0000000300)="00f0", 0x2, 0x2002c144, &(0x7f00000001c0)={0xa, 0x2, 0x0, @loopback, 0xd}, 0x1c)

8m11.649309525s ago: executing program 36 (id=1304):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
listen(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m49.962574693s ago: executing program 4 (id=1388):
socket$alg(0x26, 0x5, 0x0)
sigaltstack(&(0x7f0000000080)={&(0x7f0000000180)=""/235, 0x2, 0xeb}, &(0x7f0000000100)={&(0x7f0000000280)=""/159, 0x0, 0x9f})

7m49.68736526s ago: executing program 4 (id=1391):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0xaa001)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000180)={0x5, 0x2000000}) (fail_nth: 1)

7m49.367995784s ago: executing program 4 (id=1393):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x44, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10010}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

7m49.0940429s ago: executing program 4 (id=1395):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000ff1000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffb000/0x4000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a0b0400000000000002000200ffff0900010073797a30000000000900020073797a320000000034000480300001800b00010074617267657400002000028008000100534554000c00030002b51112d439c5920800024000000001140000001100010000000000000000000000000a"], 0xfea1}}, 0x800)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x4000000)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r2}, 0x8)
r3 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x20000040, 0x8, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
write$binfmt_aout(r0, 0x0, 0xff2e)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r5 = syz_open_dev$usbmon(0x0, 0x7, 0x8800)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r6, 0x40086602, &(0x7f0000000000))
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
r8 = fcntl$dupfd(r4, 0x406, r4)
ioctl$MON_IOCX_GETX(r5, 0x4018920a, 0x0)
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000850000000500000095", @ANYRESHEX=r7, @ANYRESHEX=r3], &(0x7f0000000200)='syzkaller\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)

7m48.402738614s ago: executing program 4 (id=1398):
r0 = timerfd_create(0x0, 0x80800)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0xb, [@datasec={0xe, 0x1, 0x0, 0xf, 0x2, [{0x2, 0x4560, 0x10000}], "8532"}, @datasec={0xb, 0x2, 0x0, 0xf, 0x2, [{0x1, 0x26}, {0x2, 0x28f, 0x7}], "64b3"}]}, {0x0, [0x6f, 0x30, 0x0, 0x0, 0x61, 0x2e, 0x61, 0x2e, 0x30]}}, &(0x7f0000000280)=""/130, 0x63, 0x82, 0x1, 0x101, 0x10000, @value=r3}, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000023c0)={0x24, r5, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x20}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x24}}, 0x18)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x53d040)
dup3(0xffffffffffffffff, r3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000000), 0xff, 0x0)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x400448e6, &(0x7f0000000380)='G')
ioctl$TFD_IOC_SET_TICKS(r0, 0x541b, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000480)={0x0, <r9=>0x0}, &(0x7f00000004c0)=0xc)
sendmsg$nl_xfrm(r3, &(0x7f0000000700)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xcf562c7897e27e21}, 0xc, &(0x7f00000006c0)={&(0x7f0000000580)=@report={0x140, 0x20, 0x100, 0x70bd29, 0x25dfdbfc, {0xff, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x382f, 0x4e20, 0x8, 0xa, 0x20, 0x80, 0x3c}}, [@etimer_thresh={0x8, 0xc, 0x80000001}, @sa={0xe4, 0x6, {{@in=@dev={0xac, 0x14, 0x14, 0x34}, @in=@broadcast, 0x4e22, 0x0, 0x4e24, 0xe, 0x2, 0x40, 0x80, 0x5c, 0x0, r9}, {@in6=@remote, 0x4d3, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x17}, {0x4, 0x936c, 0x8, 0xfff, 0x2, 0x3, 0x0, 0x7}, {0x9a51, 0x7ff, 0x8, 0x5}, {0xa, 0x8, 0x1}, 0x70bd26, 0x3503, 0xa, 0x4, 0x1, 0x13}}, @extra_flags={0x8, 0x18, 0xac}]}, 0x140}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000091)

7m47.729806427s ago: executing program 4 (id=1406):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x55, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x50}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000fd3f00000009213cc9facbe3a110000000000500aeffffffff00010000000001000000a6dc4c31dd7a22afbc2c03854379438431849c9ba3322ae7f671abb76282eb03ec845a4ab23fc1a10c39deb9d716e4340dc9a6c8c0efa246cb6fe668978a244f92cfebfc9f42"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)

7m47.503752793s ago: executing program 37 (id=1406):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x55, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x50}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000fd3f00000009213cc9facbe3a110000000000500aeffffffff00010000000001000000a6dc4c31dd7a22afbc2c03854379438431849c9ba3322ae7f671abb76282eb03ec845a4ab23fc1a10c39deb9d716e4340dc9a6c8c0efa246cb6fe668978a244f92cfebfc9f42"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)

7m10.637799254s ago: executing program 2 (id=1537):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20045808}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x2f, 0xc, 0xed, 0x6be8, 0x48, @rand_addr=' \x01\x00', @private0, 0x7, 0x10, 0x8, 0x2}})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016", 0x33}], 0x1}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x2, [@enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x100}]}, @union={0x6, 0x3, 0x0, 0x5, 0x1, 0x1, [{0x7, 0x4, 0x1}, {0x2, 0x5, 0x8001}, {0x0, 0x4, 0x6}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}]}}, &(0x7f0000000640)=""/160, 0x6a, 0xa0, 0x1, 0xfffffff8}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYBLOB="00022cbd7000fddbdf2508"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

7m10.434342426s ago: executing program 2 (id=1538):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20045808}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x2f, 0xc, 0xed, 0x6be8, 0x48, @rand_addr=' \x01\x00', @private0, 0x7, 0x10, 0x8, 0x2}})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016", 0x33}], 0x1}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x8, [@enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x100}]}, @union={0x6, 0x3, 0x0, 0x5, 0x1, 0x1, [{0x7, 0x4, 0x1}, {0x2, 0x5, 0x8001}, {0x0, 0x4, 0x6}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x0, 0x2e, 0x61, 0x2e, 0x5f]}}, &(0x7f0000000640)=""/160, 0x70, 0xa0, 0x1, 0xfffffff8}, 0x28)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYBLOB="00022cbd7000fddbdf25080000000c00028005000d0001"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

7m10.079213945s ago: executing program 2 (id=1541):
open$dir(&(0x7f0000000300)='./file0\x00', 0x141000, 0x41)
file_setattr(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x5481, 0xdc, 0x8003, 0x2, 0x57519bea}, 0x18, 0x400)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000013c0)="d0", 0x1}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
unshare(0x8040600)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40010025, 0x0)
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0xfffffffd, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x80, 0x0}, 0x20000001)
r1 = socket(0x25, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1a, 0x6, 0x1)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$sock(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000840), 0x28}, 0x400c0)
syz_usb_connect(0x0, 0x48, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0000009047500038cbb2a0009050ac95da39efdbbec3b0ae3aae186e58eda0000000000", @ANYRESDEC=r1], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x4, &(0x7f0000000180)=[{0x4006, 0x0, 0x0, 0x7ffc1ffb}, {0xa, 0xa, 0xc, 0x8}, {0x2, 0x1, 0xb, 0x5}, {0x800, 0xc0, 0xa, 0x7e}]})
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0x9, &(0x7f0000000140)={0x2e73, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, 0x0)

7m5.928942416s ago: executing program 2 (id=1552):
r0 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r0, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="a90500000000001318e5c00b58e56472887fa4317a128ad991dac681611ce1e54f00601c", 0x24}], 0x1}}], 0x1, 0x40884)

7m5.594885065s ago: executing program 2 (id=1554):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000180000000800000040"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f0000000340), 0x0}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10)
mknod$loop(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x40, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000005c0), 0x8040, &(0x7f0000000600)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r2, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
r3 = epoll_create1(0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x80)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r2, 0x8010aebc, &(0x7f0000000140)={0xdddd0000, 0x14000})
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080)
fsync(r2)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r5)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x22}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)

7m5.456048457s ago: executing program 1 (id=1556):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x2, {0x0, 0xff, 0x3}, 0xfd}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000b06030000000000000040c10100000605000100070000000900020073797a3200000000180007800900120073797a310000000008000840"], 0x40}, 0x1, 0x0, 0x0, 0x44080}, 0x4000002)

7m4.211590435s ago: executing program 2 (id=1560):
syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='children\x00')
openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x1c, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000040)={0x0, r0, 0x11, {0x5, 0x10001}, 0x6}, 0x1) (fail_nth: 1)

7m4.147431549s ago: executing program 1 (id=1561):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x20, 0x10, 0x601, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x22030, 0x9}}, 0x20}, 0x1, 0x0, 0x0, 0x20045808}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x2f, 0xc, 0xed, 0x6be8, 0x48, @rand_addr=' \x01\x00', @private0, 0x7, 0x10, 0x8, 0x2}})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1138}}, 0xc000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e", 0x27}], 0x1}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x2, [@enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x100}]}, @union={0x6, 0x2, 0x0, 0x5, 0x1, 0x1, [{0x7, 0x4, 0x1}, {0x0, 0x4, 0x6}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}]}}, &(0x7f0000000640)=""/160, 0x5e, 0xa0, 0x1, 0xfffffff8}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYBLOB="00022cbd7000fddbdf25080000000c00028005000d0001"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

7m3.909678935s ago: executing program 1 (id=1563):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x8, @bearer=@udp='udp:syz0\x00'}}}}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40001)
r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
add_key$fscrypt_v1(0x0, &(0x7f00000000c0)={'fscrypt:', @auto=[0x63, 0x32, 0x63, 0x33, 0x30, 0x39, 0x31, 0x33, 0x33, 0x39, 0x31, 0x31, 0x35, 0x30, 0x37, 0x31]}, &(0x7f0000000280)={0x0, "dab4a452bdd07784b7538ced77de7fa6adaec66db650c36ecd562efd7ccb0b8d75c4349352304833903ddf23b9bfffbd44722ade2fa7f30060d69d514adabfd6", 0x22}, 0x48, 0x0)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

7m3.736898242s ago: executing program 1 (id=1564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000180000000800000040"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f0000000340), 0x0}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10)
mknod$loop(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x40, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000005c0), 0x8040, &(0x7f0000000600)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r2, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
r3 = epoll_create1(0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x80)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r2, 0x8010aebc, &(0x7f0000000140)={0xdddd0000, 0x14000})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080)
fsync(r2)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x22}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)

7m3.1664723s ago: executing program 1 (id=1565):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x20, 0x10, 0x601, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x22030, 0x9}}, 0x20}, 0x1, 0x0, 0x0, 0x20045808}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x2f, 0xc, 0xed, 0x6be8, 0x48, @rand_addr=' \x01\x00', @private0, 0x7, 0x10, 0x8, 0x2}})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1138}}, 0xc000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016", 0x33}], 0x1}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x2, [@enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x100}]}, @union={0x6, 0x2, 0x0, 0x5, 0x1, 0x1, [{0x7, 0x4, 0x1}, {0x0, 0x4, 0x6}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}]}}, &(0x7f0000000640)=""/160, 0x5e, 0xa0, 0x1, 0xfffffff8}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYBLOB="00022cbd7000fddbdf25080000000c00028005000d0001"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f40600", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

7m2.507116284s ago: executing program 1 (id=1566):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@link_local, @random="4bb7e00d2cac", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x100, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x1c, 0x0, @opaque="c0e90236d9e21c57b6671cb23a19518ce4dbfdab"}}}}}, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x8, @bearer=@udp='udp:syz0\x00'}}}}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40001)
r2 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
add_key$fscrypt_v1(0x0, &(0x7f00000000c0)={'fscrypt:', @auto=[0x63, 0x32, 0x63, 0x33, 0x30, 0x39, 0x31, 0x33, 0x33, 0x39, 0x31, 0x31, 0x35, 0x30, 0x37, 0x31]}, &(0x7f0000000280)={0x0, "dab4a452bdd07784b7538ced77de7fa6adaec66db650c36ecd562efd7ccb0b8d75c4349352304833903ddf23b9bfffbd44722ade2fa7f30060d69d514adabfd6", 0x22}, 0x48, 0x0)
r3 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r3}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

7m2.138544142s ago: executing program 38 (id=1566):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@link_local, @random="4bb7e00d2cac", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x100, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x1c, 0x0, @opaque="c0e90236d9e21c57b6671cb23a19518ce4dbfdab"}}}}}, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x8, @bearer=@udp='udp:syz0\x00'}}}}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40001)
r2 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
add_key$fscrypt_v1(0x0, &(0x7f00000000c0)={'fscrypt:', @auto=[0x63, 0x32, 0x63, 0x33, 0x30, 0x39, 0x31, 0x33, 0x33, 0x39, 0x31, 0x31, 0x35, 0x30, 0x37, 0x31]}, &(0x7f0000000280)={0x0, "dab4a452bdd07784b7538ced77de7fa6adaec66db650c36ecd562efd7ccb0b8d75c4349352304833903ddf23b9bfffbd44722ade2fa7f30060d69d514adabfd6", 0x22}, 0x48, 0x0)
r3 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r3}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

6m49.092478376s ago: executing program 39 (id=1560):
syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='children\x00')
openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x1c, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000040)={0x0, r0, 0x11, {0x5, 0x10001}, 0x6}, 0x1) (fail_nth: 1)

5m39.555325492s ago: executing program 3 (id=1841):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)=0x4)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x3) (fail_nth: 1)

5m39.504567772s ago: executing program 3 (id=1843):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltaction={0x24, 0x31, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}]}]}, 0x24}}, 0x0)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

5m39.335635653s ago: executing program 3 (id=1844):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20045808}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x2f, 0xc, 0xed, 0x6be8, 0x48, @rand_addr=' \x01\x00', @private0, 0x7, 0x10, 0x8, 0x2}})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016", 0x33}], 0x1}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x2, [@enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x100}]}, @union={0x6, 0x3, 0x0, 0x5, 0x1, 0x1, [{0x7, 0x4, 0x1}, {0x2, 0x5, 0x8001}, {0x0, 0x4, 0x6}]}, @restrict={0x10, 0x0, 0x0, 0xb, 0x5}]}}, &(0x7f0000000640)=""/160, 0x6a, 0xa0, 0x1, 0xfffffff8}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYBLOB="00022cbd7000fddbdf2508"], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5m39.215478404s ago: executing program 3 (id=1845):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000180000000800000040"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f0000000340), 0x0}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10)
mknod$loop(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x40, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000005c0), 0x8040, &(0x7f0000000600)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r2, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
r3 = epoll_create1(0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x80)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r2, 0x8010aebc, &(0x7f0000000140)={0xdddd0000, 0x14000})
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080)
fsync(r2)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r5)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x22}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)

5m38.715487724s ago: executing program 3 (id=1848):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x8)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000340)={r5, &(0x7f0000000180)="b97d", &(0x7f00000004c0)=""/178, 0x4}, 0x20)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r7, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000d00)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e529c670669e7567ef1e73ee7ea1a050ac5040adac01847839fc378469d5765b9cc2418408adc1498194a7197b4d", 0x36}], 0x3}, 0x0)
recvmsg$can_raw(r7, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0x40010020)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_ECN={0x8, 0x4, 0x1}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x2}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x9}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x20, 0x70bd26, 0x80000, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0x5, 0xb}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350180696d367265673000000020000000001400400076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d61449311d070000000140035006772e530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x20040014)
shutdown(r1, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)

5m35.465142624s ago: executing program 3 (id=1870):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000006c00010029bd7000fcdbdf25000000"], 0xe8}}, 0x0)

5m35.060267237s ago: executing program 40 (id=1870):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000006c00010029bd7000fcdbdf25000000"], 0xe8}}, 0x0)

5m33.611381116s ago: executing program 0 (id=1885):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="b800000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000900016806c0001800c0003000100000006000100280001"], 0xb8}}, 0x0)

5m33.442248694s ago: executing program 0 (id=1886):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000002c0), 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000280)=0x99, 0x4)
readv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/178, 0xb2}], 0x1)

5m32.258781892s ago: executing program 0 (id=1895):
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$kcm(0x2, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) (async)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000840)='/sys/power/wakeup_count', 0x0, 0x10)
read$char_usb(r4, 0x0, 0x0) (async)
read$char_usb(r4, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x173)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {}, 0x0, 0x2}})
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e00000066ef64f30fc7b000100f850100f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f23f8b8f4008ee0", 0x57}], 0x1, 0x48, 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r7 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000380)="a8", 0x1, 0xfffffffffffffffe)
keyctl$get_security(0x11, r7, &(0x7f0000000080)=""/39, 0x27)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000100)=0x100, 0x4)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
listen(r1, 0x0) (async)
listen(r1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r1, 0x0, 0x0) (async)
r9 = accept(r1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000080)='westwood', 0x8)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0) (async)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@deltclass={0x24, 0x29, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xe}, {0x10, 0xfff1}, {0xd, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40804}, 0x40000)

5m31.820419661s ago: executing program 0 (id=1900):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000180000000800000040"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f0000000340), 0x0}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10)
mknod$loop(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x40, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000005c0), 0x8040, &(0x7f0000000600)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r2, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
r3 = epoll_create1(0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x80)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r2, 0x8010aebc, &(0x7f0000000140)={0xdddd0000, 0x14000})
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080)
fsync(r2)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r5)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x22}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0)

5m31.128814036s ago: executing program 0 (id=1902):
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r6, 0x110, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = openat$smackfs_revoke_subject(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_label(r7, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$FOU_CMD_DEL(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01062cbd7000ffdbdf250200000008000600e000000208000b00", @ANYRES32=0x0, @ANYBLOB="2fab135da70c225de3cefcdfadb4"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x4090)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=ANY=[@ANYBLOB="69286f31aca9840b0630215fb5e56e257bb33c708461ce06382a1c1ee8418766a7b73d55803ed609dfca71077d1c27d154128c130ca92449a3b6b54ba75de0254af6717fb4235e73fc8e714bdd0593312cdcda1bfa04dd7eb23a3d22de3f472443b69ed0007d2141492e14817f6aa2b7642299a84ce83246f139e5573473ebd0a62df76902f1e4444dc65f5cb040345215f4dd9977c283dc04fe275d935a9ba42de2b84fa429a17ee3b48b595fd6f657cdadca97756fe9f89e7038bcdd43bb02ad7ac39885f9742f4191c58b4333925b3736", @ANYRESHEX=r0, @ANYBLOB="010028bd7040010000000f00000005002e002000000008000300", @ANYRES32=r4, @ANYBLOB], 0x24}}, 0x18)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x53d040)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r2, 0xc02054a5, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000000), 0xff, 0x0)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)

5m29.371644373s ago: executing program 0 (id=1910):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="28000000040601020000000000000000050000000900020073797a31000000000500010007000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

5m29.100159366s ago: executing program 41 (id=1910):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="28000000040601020000000000000000050000000900020073797a31000000000500010007000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

11.547165793s ago: executing program 6 (id=3198):
prlimit64(0x0, 0x3, &(0x7f0000000240)={0x6, 0xa}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = syz_open_dev$vim2m(&(0x7f00000013c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000006c0)={0x38, 0x2, 0x40, "9611ba5a0000000000000000e8fefa00e9ffffffffffffff6bdf00", 0x50313134})
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r4, 0x107, 0x9, 0x0, &(0x7f0000001600))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
lseek(r5, 0x101, 0x1)
getdents64(r5, 0xfffffffffffffffe, 0x29)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x40002000, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4)
bind$phonet(r5, &(0x7f00000000c0)={0x23, 0x1, 0xa, 0x37}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001480)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r7 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
write$binfmt_format(r7, &(0x7f0000000100)='-1\x00', 0x2)
close(r7)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)

10.517392744s ago: executing program 9 (id=3202):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f00000001c0)="92", 0x1}], 0x1}, 0x5)
recvmsg$unix(r1, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x100)
sendmsg$sock(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="a2", 0x1}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000000100), 0x4)
recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x40)

10.282881354s ago: executing program 6 (id=3203):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x28}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200200, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x2, 0x5}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r8, 0x3a, 0x1, 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r10=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r10, @ANYBLOB="0006000000000000240012800b00010067656e657665000014000280060005"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000d40)={'syztnl2\x00', 0x0, 0x20, 0x8, 0x2d6, 0x4, {{0x20, 0x4, 0x1, 0x22, 0x80, 0x66, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, {[@ssrr={0x89, 0x7, 0x5, [@loopback]}, @generic={0x82, 0x8, "14c3887520be"}, @generic={0x89, 0x2}, @timestamp_prespec={0x44, 0x2c, 0x57, 0x3, 0x5, [{@broadcast, 0x4}, {@loopback, 0x8}, {@dev={0xac, 0x14, 0x14, 0xc}}, {@dev={0xac, 0x14, 0x14, 0x37}, 0xb}, {@multicast2, 0x3}]}, @timestamp_addr={0x44, 0xc, 0xf2, 0x1, 0x0, [{@broadcast, 0x6}]}, @rr={0x7, 0x23, 0xd8, [@local, @remote, @empty, @remote, @empty, @remote, @dev={0xac, 0x14, 0x14, 0x7}, @multicast2]}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbc, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000004c0), &(0x7f0000000540), 0x8, 0x31, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000600), &(0x7f0000000680)=0x4)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000c80)={'lo\x00', <r12=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r12, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xf, 0xffffffff, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x20040000)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
r13 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x14, 0xbf, 0x20, 0xac8, 0xc301, 0x82d5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x53, 0x8, 0x98}}]}}]}}, 0x0)
syz_usb_control_io(r13, 0x0, 0x0)

9.501700909s ago: executing program 8 (id=3205):
r0 = socket$kcm(0xa, 0x3, 0x3a)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a48000000060a010400000000000000000a0000040900010073797a31000000000900020073797a32000000001c000480180001800d00010073796e70726f78790000000004000280140000001100010000000000000000000100000a713fcd8a751859813ef8482fe451694426ac73d2b041967360af7c7960754a763d598fb1633876f79698cd7a5bc154f996b8396fa6f1b58a390119634c479606ecc25cf7ba203a24dcddd8907f4c000b48938edabd828363c0134d468bfb7bd263a9ebd6c6fdc5f1187ed25aca4f123be4393b88d8437442446587d612a0027908f04e96e7a7c35f24d198bd3a159eacbe098d265a6a3a518b90f56a14308f85ce5c2899b5425116ae785f436a2c501c03f2ce89b9ff6d65ee12"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0x7, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="040e1a00031000"], 0xf)
listen(0xffffffffffffffff, 0x80000000)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0xf3a, 0xb)
write(r2, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xfe80000000000000, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)='\x00\x00', 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

8.285192915s ago: executing program 6 (id=3208):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de", 0x37}, {&(0x7f0000000680)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d271d30d1a5fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035887b20a6c23f1fc4af2990c07f784b985a3de7740bd33848702930760416dd3cc0cc7a30cda837d7ec4fdcf77f2fc74b7b2e4a93c742dfae5239c3ee6b7b8db4816bfa711ce2535c47cbc750be7939d75f1d22ace2ec7c80962fc5351b33d7c1aee965f2812d55520d63a4c856ad5ca6446bdd65ac36984231331ad19b7a76e7a955012f8c2a530da2202bc5c5a84683a1e573db9479d630ca2b6e48aaf378b8ad", 0x1a8}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932", 0x1e}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae916", 0x25}], 0x4}}], 0x1, 0x2090)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

8.200629779s ago: executing program 9 (id=3210):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de", 0x37}, {&(0x7f0000000680)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d271d30d1a5fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035887b20a6c23f1fc4af2990c07f784b985a3de7740bd33848702930760416dd3cc0cc7a30cda837d7ec4fdcf77f2fc74b7b2e4a93c742dfae5239c3ee6b7b8db4816bfa711ce2535c47cbc750be7939d75f1d22ace2ec7c80962fc5351b33d7c1aee965f2812d55520d63a4c856ad5ca6446bdd65ac36984231331ad19b7a76e7a955012f8c2a530da2202bc5c5a84683a1e573db9479d630ca2b6e48aaf378b8ad", 0x1a8}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932", 0x1e}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae916", 0x25}], 0x4}}], 0x1, 0x2090)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) (fail_nth: 1)

8.147582663s ago: executing program 5 (id=3211):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
pipe(&(0x7f0000000000))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
waitid(0x1, r0, &(0x7f0000000340), 0x8, &(0x7f00000003c0))
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0xf, 0x0, 0x0)

7.943299646s ago: executing program 8 (id=3212):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x84}, 0x1, 0x0, 0x0, 0x10010}, 0x0)

7.879601636s ago: executing program 9 (id=3213):
rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r3 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x112})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
write$proc_mixer(r2, &(0x7f0000000240)=ANY=[@ANYBLOB='SYNTH \'Mic\'\t '], 0x86)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
dup3(r6, r2, 0x0)
r7 = syz_open_dev$loop(0x0, 0x8, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007bd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

7.432007752s ago: executing program 5 (id=3215):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x8000, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), &(0x7f0000002240)='./file1/file2\x00', 0xe, 0x3)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
landlock_restrict_self(r3, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r5, 0xc0405602, &(0x7f0000000100)=@fd={0xfffffffe, 0x1, 0x4, 0x0, 0x3, {0x0, 0xea60}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x82, ';\'S;'}, 0x4})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000001100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="010000000000000017002c"], 0x14}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90012000e0005"], 0x17)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x1000, 0x40})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)

7.231765156s ago: executing program 6 (id=3216):
open$dir(&(0x7f0000000300)='./file0\x00', 0x141000, 0x41)
file_setattr(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x5481, 0xdc, 0x8003, 0x2, 0x57519bea}, 0x18, 0x400)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)
unshare(0x8040600)
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0xfffffffd, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x80, 0x0}, 0x20000001)
r1 = socket(0x25, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1a, 0x6, 0x1)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r3)
sendmsg$nl_route(r2, 0x0, 0x0)
sendmsg$sock(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000840), 0x28}, 0x400c0)
syz_usb_connect(0x0, 0x48, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0000009047500038cbb2a0009050ac95da39efdbbec3b0ae3aae186e58eda0000000000", @ANYRESDEC=r1], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x4, &(0x7f0000000180)=[{0x4006, 0x0, 0x0, 0x7ffc1ffb}, {0xa, 0xa, 0xc, 0x8}, {0x2, 0x1, 0xb, 0x5}, {0x800, 0xc0, 0xa, 0x7e}]})
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0x9, &(0x7f0000000140)={0x2e73, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, 0x0)

7.205050832s ago: executing program 8 (id=3217):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = mq_open(&(0x7f0000000000)='\x9c-\x00', 0x41, 0x142, 0x0)
mq_notify(r3, &(0x7f00000001c0)={0x0, 0x29, 0x1})

6.778863154s ago: executing program 5 (id=3218):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x28}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200200, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x2, 0x5}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r8, 0x3a, 0x1, 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r10=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r10, @ANYBLOB="0006000000000000240012800b00010067656e657665000014000280060005"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000d40)={'syztnl2\x00', 0x0, 0x20, 0x8, 0x2d6, 0x4, {{0x20, 0x4, 0x1, 0x22, 0x80, 0x66, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, {[@ssrr={0x89, 0x7, 0x5, [@loopback]}, @generic={0x82, 0x8, "14c3887520be"}, @generic={0x89, 0x2}, @timestamp_prespec={0x44, 0x2c, 0x57, 0x3, 0x5, [{@broadcast, 0x4}, {@loopback, 0x8}, {@dev={0xac, 0x14, 0x14, 0xc}}, {@dev={0xac, 0x14, 0x14, 0x37}, 0xb}, {@multicast2, 0x3}]}, @timestamp_addr={0x44, 0xc, 0xf2, 0x1, 0x0, [{@broadcast, 0x6}]}, @rr={0x7, 0x23, 0xd8, [@local, @remote, @empty, @remote, @empty, @remote, @dev={0xac, 0x14, 0x14, 0x7}, @multicast2]}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbc, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000004c0), &(0x7f0000000540), 0x8, 0x31, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000600), &(0x7f0000000680)=0x4)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000c80)={'lo\x00', <r12=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r12, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xf, 0xffffffff, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x20040000)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
r13 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x14, 0xbf, 0x20, 0xac8, 0xc301, 0x82d5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x53, 0x8, 0x98}}]}}]}}, 0x0)
syz_usb_control_io(r13, 0x0, 0x0)

6.772089193s ago: executing program 7 (id=3219):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8010743f, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, '.\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = socket$unix(0x1, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)}], 0x2}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00010002"], 0x8)
sendmmsg(r3, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
msgget(0x1, 0x9b)
ptrace(0x10, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x388, 0x41d9fda7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES64=r6], 0x44}}, 0x0)
socket$kcm(0x10, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18006daaed13ff00000000000000000028"], 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x4)

5.599304579s ago: executing program 7 (id=3220):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x90000)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f00000002c0)={0x9, 0xffffffffffffffff, 'id0\x00'})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0xf, 0x12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x38dd53c5}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffd}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @func={0x85, 0x0, 0x1, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x7, 0xde, &(0x7f0000000f80)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f00000001c0)="92", 0x1}], 0x1}, 0x5)
recvmsg$unix(r4, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x100)
sendmsg$sock(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="a2", 0x1}], 0x1}, 0x0)
recvmsg(r3, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x40)

5.410451293s ago: executing program 9 (id=3221):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)) (fail_nth: 1)

5.319586556s ago: executing program 9 (id=3222):
r0 = socket(0x2b, 0x1, 0x1)
rseq(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x9}, 0x20, 0x0, 0x0)
r1 = msgget$private(0x0, 0x3ac)
msgrcv(r1, &(0x7f00000000c0)={0x0, ""/252}, 0x104, 0xced6b2bc496a26e6, 0x0)
msgsnd(r1, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000000000020"], 0x8, 0x0)
listen(r0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000680)={0x5, 0x6, 0xfffffff8})
ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00'})
r3 = syz_clone(0xe8b0a111, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f00000001c0))
sched_setscheduler(r3, 0x3, &(0x7f0000000100)=0xffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x83, &(0x7f0000000300)=@assoc_value={<r7=>0x0}, &(0x7f0000000240)=0xfffffdd9)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f0000000080)={r7}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r7, 0xfff}, 0x8)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00')
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)="a3919ebcafbe8c5d81bb9f3050f1681e03c4a63a7aa5e18d7eb5b1512b95028d9e", 0x21)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbf59c09c55f1086dd6100000000103afffe8000080000000000000000000000aa0000000000000000000000000000000186"], 0x0)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000002c0)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x20004084)
read$hiddev(r4, &(0x7f0000000080)=""/102, 0x18)

4.668910605s ago: executing program 8 (id=3223):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x90000)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f00000002c0)={0x9, 0xffffffffffffffff, 'id0\x00'})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0xf, 0x12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x38dd53c5}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffd}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @func={0x85, 0x0, 0x1, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x7, 0xde, &(0x7f0000000f80)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f00000001c0)="92", 0x1}], 0x1}, 0x5)
recvmsg$unix(r4, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x100)
sendmsg$sock(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="a2", 0x1}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x10, &(0x7f0000000100), 0x4)
recvmsg(r3, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x40)

4.559585692s ago: executing program 7 (id=3224):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="110000000400000004000000"], 0x50)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2711, &(0x7f0000032580)=""/102396, &(0x7f0000000000)=0x18ffc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xe, 0x0, &(0x7f0000000040)="25a688a800a34400000000000000", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4.311419337s ago: executing program 7 (id=3225):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
pipe(&(0x7f0000000000))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
waitid(0x1, r0, &(0x7f0000000340), 0x8, &(0x7f00000003c0))
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0xf, 0x0, 0x0)

3.099935889s ago: executing program 5 (id=3226):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x8000, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), &(0x7f0000002240)='./file1/file2\x00', 0xe, 0x3)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
landlock_restrict_self(r3, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r5, 0xc0405602, &(0x7f0000000100)=@fd={0xfffffffe, 0x1, 0x4, 0x0, 0x3, {0x0, 0xea60}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x82, ';\'S;'}, 0x4})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000001100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="010000000000000017002c"], 0x14}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90012000e0005"], 0x17)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x1000, 0x40})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)

3.027763045s ago: executing program 7 (id=3227):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x80, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)

2.827066518s ago: executing program 8 (id=3228):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0x47, &(0x7f0000000140)=ANY=[@ANYBLOB="0180c2000000aaaaa3aaaaaa86dd6001070000111100fc01000000000000000000000000000000000000aafffc0e220011c6bd6a2b6d7a154123b2a2"], 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006200)={0x2020}, 0x2020)
setregid(0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000440), 0x80)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001a80), 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5)

2.650688395s ago: executing program 6 (id=3229):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x8000, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), &(0x7f0000002240)='./file1/file2\x00', 0xe, 0x3)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r6, 0xc0405602, &(0x7f0000000100)=@fd={0xfffffffe, 0x1, 0x4, 0x0, 0x3, {0x0, 0xea60}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x82, ';\'S;'}, 0x4})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000001100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="010000000000000017002c"], 0x14}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c90012000e0005"], 0x17)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x1000, 0x40})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)

2.192650368s ago: executing program 5 (id=3230):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000026040a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0xfffffffc, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000891}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0xe, 0x13e, 0x89, 0xffffffff, 0x2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x88, 0x0, &(0x7f0000000200)="e30080670000ec67838717bd86dde148f0630962bb87dd44fe42904fcee14db4241544716b9ea42231ed3373a3e299531fd05dacf5bb80b4b7ee0fae7aea53492b18c3e6c807bc4b5d29a0ed834a6bd8c6f412bd3fca85921504f64d9161c6e3fa3b66840b6554128686e23595ee8cbe9d0137923b47ce083b3f6179c269f30e1d4fca495e440c20", 0x0, 0x7ffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xd}, 0x50)
r2 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x243)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x85)
modify_ldt$read(0x0, &(0x7f0000000140)=""/4101, 0xffffffffffffffd6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002800500190084"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf, 0x9}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.303457365s ago: executing program 7 (id=3231):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
socket$kcm(0x10, 0x2, 0x0) (async)
r0 = socket$kcm(0x10, 0x2, 0x0)
openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi2\x00', 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
userfaultfd(0x801) (async)
r1 = userfaultfd(0x801)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000001600)=[@nested_amd_stgi={0x17e, 0x10}, @nested_amd_stgi={0x17e, 0x10}, @nested_load_syzos={0x136, 0xc8, {0x1, 0x1, [@out_dx={0x6a, 0x28, {0x2b2f, 0x4, 0x9}}, @rdmsr={0x66, 0x18, {0xa8d}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x0, @ro_nat=0x640a, 0x400, 0xe1, 0xddc}}, @wr_crn={0x67, 0x20, {0x0, 0x8000}}, @nested_amd_clgi={0x17f, 0x10}]}}, @wr_drn={0x68, 0x20, {0x5, 0x7650d143}}, @out_dx={0x6a, 0x28, {0xe59a, 0x1}}], 0x130}) (async)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000001600)=[@nested_amd_stgi={0x17e, 0x10}, @nested_amd_stgi={0x17e, 0x10}, @nested_load_syzos={0x136, 0xc8, {0x1, 0x1, [@out_dx={0x6a, 0x28, {0x2b2f, 0x4, 0x9}}, @rdmsr={0x66, 0x18, {0xa8d}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x0, @ro_nat=0x640a, 0x400, 0xe1, 0xddc}}, @wr_crn={0x67, 0x20, {0x0, 0x8000}}, @nested_amd_clgi={0x17f, 0x10}]}}, @wr_drn={0x68, 0x20, {0x5, 0x7650d143}}, @out_dx={0x6a, 0x28, {0xe59a, 0x1}}], 0x130})
ioctl$KVM_GET_XSAVE(r4, 0x9000aea4, &(0x7f0000001740))
socket(0x840000000002, 0x3, 0xff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0xa, 0x5, 0x0) (async)
socket(0xa, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x2, 0x3a)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000c80)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36513001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e455fe2bb24ef66970746c7f1f2a5c4", 0x5b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000240)=[{0x2, 0x7, 0x1, 0xffffffff}, {0x81, 0x8, 0x5, 0x6}]}, 0x10) (async)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000240)=[{0x2, 0x7, 0x1, 0xffffffff}, {0x81, 0x8, 0x5, 0x6}]}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)

301.715226ms ago: executing program 6 (id=3232):
rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r3 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x112})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
write$proc_mixer(r2, &(0x7f0000000240)=ANY=[@ANYBLOB='SYNTH \'Mic\'\t '], 0x86)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
dup3(r6, r2, 0x0)
syz_open_dev$loop(0x0, 0x8, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007bd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

161.267942ms ago: executing program 9 (id=3233):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = mq_open(&(0x7f0000000000)='\x9c-\x00', 0x41, 0x142, 0x0)
mq_notify(r3, &(0x7f00000001c0)={0x0, 0x29, 0x1})

103.678849ms ago: executing program 5 (id=3234):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x90000)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f00000002c0)={0x9, 0xffffffffffffffff, 'id0\x00'})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0xf, 0x12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x38dd53c5}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffd}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @func={0x85, 0x0, 0x1, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x7, 0xde, &(0x7f0000000f80)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f00000001c0)="92", 0x1}], 0x1}, 0x5)
recvmsg$unix(r4, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x100)
sendmsg$sock(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="a2", 0x1}], 0x1}, 0x0)
recvmsg(r3, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x40)

0s ago: executing program 8 (id=3235):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00'})
r1 = socket(0xa, 0x3, 0x3a)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0)
lseek(r2, 0x7fffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f00000000c0)={0x6, 0x80000004, 0x0, 0x0, 0x1e})
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xc}, {0xa, 0x4e64, 0x0, @empty}, 0x1}, 0x5c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a2c00000018f605000000000000000000020001000c00054000000000000000020900010073797a300000000014000000020a0101000000000000000000000006140000001100010000000040000000000300000a"], 0x68}, 0x1, 0x0, 0x0, 0x4048000}, 0x880)
sendmsg$L2TP_CMD_NOOP(r1, 0x0, 0x40c0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000080))
r7 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff})
getsockname$packet(r8, 0x0, &(0x7f0000000400))
sendmsg$nl_route_sched(r7, &(0x7f0000006280)={0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

ace number 0
[  624.462525][ T5862] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  624.462552][ T5862] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  624.462578][ T5862] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  624.462604][ T5862] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  624.462629][ T5862] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  624.462657][ T5862] usb 8-1: config 179 interface 65 has no altsetting 0
[  624.462692][ T5862] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  624.462714][ T5862] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.641697][   T31] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  624.735461][ T5862] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input18
[  624.834972][   T31] usb 6-1: too many configurations: 64, using maximum allowed: 8
[  624.840780][   T31] usb 6-1: unable to read config index 0 descriptor/start: -61
[  624.840817][   T31] usb 6-1: can't read configurations, error -61
[  624.927062][ T5146] input input18: unable to receive magic message: -110
[  624.994279][   T31] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  625.157735][   T31] usb 6-1: too many configurations: 64, using maximum allowed: 8
[  625.161185][   T31] usb 6-1: unable to read config index 0 descriptor/start: -61
[  625.161220][   T31] usb 6-1: can't read configurations, error -61
[  625.162364][   T31] usb usb6-port1: attempt power cycle
[  625.210759][T13088] usb 7-1: USB disconnect, device number 20
[  625.275496][ T5146] input input18: unable to receive magic message: -71
[  625.394465][ T5146] input input18: unable to receive magic message: -71
[  625.494546][ T5862] usb 8-1: USB disconnect, device number 6
[  625.494650][    C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  625.795670][   T31] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  625.822952][   T31] usb 6-1: too many configurations: 64, using maximum allowed: 8
[  625.829805][   T31] usb 6-1: unable to read config index 0 descriptor/start: -61
[  625.829841][   T31] usb 6-1: can't read configurations, error -61
[  625.986116][T14083] netlink: 1624 bytes leftover after parsing attributes in process `syz.7.2193'.
[  626.055381][   T31] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  626.110510][   T31] usb 6-1: too many configurations: 64, using maximum allowed: 8
[  626.428188][   T31] usb 6-1: unable to read config index 0 descriptor/start: -61
[  626.428437][   T31] usb 6-1: can't read configurations, error -61
[  626.504751][   T31] usb usb6-port1: unable to enumerate USB device
[  627.143011][T14111] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2202'.
[  627.143048][T14111] netlink: 'syz.6.2202': attribute type 30 has an invalid length.
[  627.174449][ T8537] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  627.174972][ T8537] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  627.175023][ T8537] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  627.175057][ T8537] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  627.505494][ T5862] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  627.676540][ T5862] usb 9-1: Using ep0 maxpacket: 16
[  627.678976][ T5862] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.679008][ T5862] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  627.679031][ T5862] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  627.679142][ T5862] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  627.679164][ T5862] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.689765][ T5862] usb 9-1: config 0 descriptor??
[  629.939914][ T5862] usbhid 9-1:0.0: can't add hid device: -71
[  629.940024][ T5862] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  629.963289][ T5862] usb 9-1: USB disconnect, device number 3
[  631.252501][T14187] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2227'.
[  635.697587][T14227] FAULT_INJECTION: forcing a failure.
[  635.697587][T14227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  635.697624][T14227] CPU: 1 UID: 0 PID: 14227 Comm: syz.5.2237 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  635.697651][T14227] Tainted: [L]=SOFTLOCKUP
[  635.697659][T14227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  635.697671][T14227] Call Trace:
[  635.697679][T14227]  <TASK>
[  635.697687][T14227]  dump_stack_lvl+0xe8/0x150
[  635.697721][T14227]  should_fail_ex+0x46b/0x600
[  635.697757][T14227]  _copy_from_user+0x2d/0xb0
[  635.697781][T14227]  __sys_bpf+0x229/0x950
[  635.697809][T14227]  ? __pfx___sys_bpf+0x10/0x10
[  635.697830][T14227]  ? rt_mutex_slowunlock+0x1cb/0x300
[  635.697867][T14227]  ? ksys_write+0x248/0x270
[  635.697904][T14227]  ? __pfx_ksys_write+0x10/0x10
[  635.697938][T14227]  __x64_sys_bpf+0x7c/0x90
[  635.697960][T14227]  do_syscall_64+0x14d/0xf80
[  635.697985][T14227]  ? trace_irq_disable+0x3b/0x150
[  635.698007][T14227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.698027][T14227]  ? clear_bhb_loop+0x40/0x90
[  635.698051][T14227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.698070][T14227] RIP: 0033:0x7f73d1c9c799
[  635.698088][T14227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  635.698104][T14227] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  635.698125][T14227] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  635.698139][T14227] RDX: 0000000000000094 RSI: 0000200000000080 RDI: 0000000000000005
[  635.698151][T14227] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  635.698164][T14227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  635.698175][T14227] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  635.698206][T14227]  </TASK>
[  635.736462][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  635.736538][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  635.788303][T14225] ieee802154 phy0 wpan0: encryption failed: -22
[  636.364132][ T5880] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  636.457363][T14245] FAULT_INJECTION: forcing a failure.
[  636.457363][T14245] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  636.457399][T14245] CPU: 1 UID: 0 PID: 14245 Comm: syz.7.2244 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  636.457426][T14245] Tainted: [L]=SOFTLOCKUP
[  636.457433][T14245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  636.457445][T14245] Call Trace:
[  636.457451][T14245]  <TASK>
[  636.457460][T14245]  dump_stack_lvl+0xe8/0x150
[  636.457493][T14245]  should_fail_ex+0x46b/0x600
[  636.457529][T14245]  _copy_from_user+0x2d/0xb0
[  636.457553][T14245]  ___sys_sendmsg+0x1c6/0x360
[  636.457585][T14245]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.457642][T14245]  ? __fget_files+0x2a/0x420
[  636.457665][T14245]  ? __fget_files+0x3a6/0x420
[  636.457695][T14245]  __x64_sys_sendmsg+0x1c3/0x2a0
[  636.457720][T14245]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  636.457752][T14245]  ? __pfx_ksys_write+0x10/0x10
[  636.457788][T14245]  do_syscall_64+0x14d/0xf80
[  636.457812][T14245]  ? trace_irq_disable+0x3b/0x150
[  636.457834][T14245]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.457855][T14245]  ? clear_bhb_loop+0x40/0x90
[  636.457879][T14245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.457898][T14245] RIP: 0033:0x7ff373d3c799
[  636.457916][T14245] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  636.457933][T14245] RSP: 002b:00007ff371f96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  636.457953][T14245] RAX: ffffffffffffffda RBX: 00007ff373fb5fa0 RCX: 00007ff373d3c799
[  636.457968][T14245] RDX: 0000000000020001 RSI: 0000200000000240 RDI: 0000000000000004
[  636.457982][T14245] RBP: 00007ff371f96090 R08: 0000000000000000 R09: 0000000000000000
[  636.457994][T14245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  636.458006][T14245] R13: 00007ff373fb6038 R14: 00007ff373fb5fa0 R15: 00007ffc6cc13d08
[  636.458042][T14245]  </TASK>
[  636.503043][ T5880] usb 6-1: device descriptor read/64, error -71
[  636.791645][ T5880] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  636.941225][ T5880] usb 6-1: device descriptor read/64, error -71
[  637.080313][ T5880] usb usb6-port1: attempt power cycle
[  637.164697][   T36] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  637.357974][   T36] usb 9-1: Using ep0 maxpacket: 16
[  637.361290][   T36] usb 9-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  637.361307][   T36] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.361317][   T36] usb 9-1: Product: syz
[  637.361325][   T36] usb 9-1: Manufacturer: syz
[  637.361332][   T36] usb 9-1: SerialNumber: syz
[  637.440241][   T36] usb 9-1: config 0 descriptor??
[  637.468899][   T36] ums-onetouch 9-1:0.0: USB Mass Storage device detected
[  637.561030][ T5880] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  637.608211][ T5880] usb 6-1: device descriptor read/8, error -71
[  637.631027][T14265] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2248'.
[  637.926659][ T5880] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  637.926673][   T36] usb 9-1: USB disconnect, device number 4
[  637.946473][ T5880] usb 6-1: device descriptor read/8, error -71
[  638.063632][ T5880] usb usb6-port1: unable to enumerate USB device
[  639.099919][   T36] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  639.265013][   T36] usb 8-1: config 0 has an invalid interface number: 111 but max is 0
[  639.265040][   T36] usb 8-1: config 0 has no interface number 0
[  639.265084][   T36] usb 8-1: New USB device found, idVendor=05a9, idProduct=8065, bcdDevice=41.96
[  639.265106][   T36] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.306070][   T36] usb 8-1: config 0 descriptor??
[  639.322981][   T36] gspca_main: ov534_9-2.14.0 probing 05a9:8065
[  639.541986][   T36] gspca_ov534_9: reg_w failed -71
[  639.577245][T14314] FAULT_INJECTION: forcing a failure.
[  639.577245][T14314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  639.577280][T14314] CPU: 1 UID: 0 PID: 14314 Comm: syz.5.2260 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  639.577307][T14314] Tainted: [L]=SOFTLOCKUP
[  639.577313][T14314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  639.577323][T14314] Call Trace:
[  639.577331][T14314]  <TASK>
[  639.577339][T14314]  dump_stack_lvl+0xe8/0x150
[  639.577372][T14314]  should_fail_ex+0x46b/0x600
[  639.577414][T14314]  _copy_from_user+0x2d/0xb0
[  639.577437][T14314]  rds_get_mr+0xee/0x180
[  639.577462][T14314]  ? __pfx_rds_get_mr+0x10/0x10
[  639.577496][T14314]  rds_setsockopt+0x1db/0xd90
[  639.577523][T14314]  ? __pfx_rds_setsockopt+0x10/0x10
[  639.577564][T14314]  ? __fget_files+0x2a/0x420
[  639.577589][T14314]  ? __fget_files+0x2a/0x420
[  639.577609][T14314]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  639.577635][T14314]  ? __pfx_rds_setsockopt+0x10/0x10
[  639.577658][T14314]  do_sock_setsockopt+0x17c/0x1b0
[  639.577687][T14314]  __x64_sys_setsockopt+0x143/0x1b0
[  639.577717][T14314]  do_syscall_64+0x14d/0xf80
[  639.577742][T14314]  ? trace_irq_disable+0x3b/0x150
[  639.577763][T14314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.577784][T14314]  ? clear_bhb_loop+0x40/0x90
[  639.577806][T14314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.577825][T14314] RIP: 0033:0x7f73d1c9c799
[  639.577842][T14314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  639.577858][T14314] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  639.577878][T14314] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  639.577892][T14314] RDX: 0000000000000002 RSI: 0000000000000114 RDI: 0000000000000003
[  639.577904][T14314] RBP: 00007f73cfeee090 R08: 0000000000000020 R09: 0000000000000000
[  639.577916][T14314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.577927][T14314] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  639.577958][T14314]  </TASK>
[  639.608667][T14311] netlink: 152 bytes leftover after parsing attributes in process `syz.6.2258'.
[  639.853520][T14319] 9p: Bad value for 'wfdno'
[  639.858923][T14319] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2263'.
[  639.858948][T14319] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2263'.
[  639.965352][   T36] gspca_ov534_9: Unknown sensor 0000
[  639.965434][   T36] ov534_9 8-1:0.111: probe with driver ov534_9 failed with error -22
[  639.977578][   T36] usb 8-1: USB disconnect, device number 7
[  640.755129][T14342] netlink: 'syz.7.2267': attribute type 10 has an invalid length.
[  640.769101][T14342] veth1_vlan: entered allmulticast mode
[  640.907019][T14342] team0: Device veth1_vlan failed to register rx_handler
[  640.950846][T14352] FAULT_INJECTION: forcing a failure.
[  640.950846][T14352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  640.950884][T14352] CPU: 0 UID: 0 PID: 14352 Comm: syz.6.2270 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  640.950912][T14352] Tainted: [L]=SOFTLOCKUP
[  640.950918][T14352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  640.950930][T14352] Call Trace:
[  640.950937][T14352]  <TASK>
[  640.950945][T14352]  dump_stack_lvl+0xe8/0x150
[  640.950980][T14352]  should_fail_ex+0x46b/0x600
[  640.951017][T14352]  _copy_from_user+0x2d/0xb0
[  640.951041][T14352]  __sys_bpf+0x229/0x950
[  640.951067][T14352]  ? __pfx___sys_bpf+0x10/0x10
[  640.951088][T14352]  ? rt_mutex_slowunlock+0x1cb/0x300
[  640.951125][T14352]  ? ksys_write+0x248/0x270
[  640.951155][T14352]  ? __pfx_ksys_write+0x10/0x10
[  640.951188][T14352]  __x64_sys_bpf+0x7c/0x90
[  640.951210][T14352]  do_syscall_64+0x14d/0xf80
[  640.951235][T14352]  ? trace_irq_disable+0x3b/0x150
[  640.951255][T14352]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.951273][T14352]  ? clear_bhb_loop+0x40/0x90
[  640.951296][T14352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.951313][T14352] RIP: 0033:0x7f05f36dc799
[  640.951330][T14352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  640.951347][T14352] RSP: 002b:00007f05f192e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  640.951367][T14352] RAX: ffffffffffffffda RBX: 00007f05f3955fa0 RCX: 00007f05f36dc799
[  640.951382][T14352] RDX: 0000000000000050 RSI: 00002000000001c0 RDI: 000000000000000a
[  640.951395][T14352] RBP: 00007f05f192e090 R08: 0000000000000000 R09: 0000000000000000
[  640.951415][T14352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.951426][T14352] R13: 00007f05f3956038 R14: 00007f05f3955fa0 R15: 00007ffda7927ea8
[  640.951458][T14352]  </TASK>
[  641.276756][T14361] x_tables: ip6_tables: TEE.1 target: invalid size 40 (kernel) != (user) 48
[  641.307464][T14360] netlink: 152 bytes leftover after parsing attributes in process `syz.7.2273'.
[  642.398274][T14395] netlink: 92 bytes leftover after parsing attributes in process `syz.8.2280'.
[  642.398860][T14395] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  642.563524][T14400] netlink: 'syz.8.2283': attribute type 13 has an invalid length.
[  642.626301][T14400] gretap0: refused to change device tx_queue_len
[  642.626826][T14400] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  642.675033][T14406] netlink: 152 bytes leftover after parsing attributes in process `syz.7.2286'.
[  643.165484][T14429] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2293'.
[  643.168617][T14429] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  643.525112][   T36] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  643.547208][T14445] netlink: 'syz.9.2295': attribute type 2 has an invalid length.
[  644.228855][   T36] usb 7-1: config 0 has an invalid interface number: 255 but max is 0
[  644.228882][   T36] usb 7-1: config 0 has no interface number 0
[  644.228925][   T36] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  644.242952][   T36] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  644.243742][   T36] usb 7-1: config 0 interface 255 has no altsetting 0
[  644.243780][   T36] usb 7-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  644.246072][   T36] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.564772][   T36] usb 7-1: config 0 descriptor??
[  644.568473][   T36] ums-realtek 7-1:0.255: USB Mass Storage device detected
[  644.657463][T14456] netlink: 152 bytes leftover after parsing attributes in process `syz.7.2298'.
[  644.785625][T14431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.786478][T14431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.789208][   T36] usb 7-1: USB disconnect, device number 21
[  645.051459][T14464] CIFS mount error: No usable UNC path provided in device string!
[  645.051459][T14464] 
[  645.051481][T14464] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  645.679726][T14492] FAULT_INJECTION: forcing a failure.
[  645.679726][T14492] name failslab, interval 1, probability 0, space 0, times 0
[  645.679763][T14492] CPU: 0 UID: 0 PID: 14492 Comm: syz.6.2307 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  645.679791][T14492] Tainted: [L]=SOFTLOCKUP
[  645.679797][T14492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  645.679810][T14492] Call Trace:
[  645.679817][T14492]  <TASK>
[  645.679826][T14492]  dump_stack_lvl+0xe8/0x150
[  645.679861][T14492]  should_fail_ex+0x46b/0x600
[  645.679898][T14492]  should_failslab+0xa8/0x100
[  645.679929][T14492]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  645.679957][T14492]  ? __alloc_skb+0x1d0/0x7d0
[  645.679979][T14492]  ? lockdep_hardirqs_on+0x7a/0x110
[  645.680011][T14492]  __alloc_skb+0x1d0/0x7d0
[  645.680038][T14492]  alloc_skb_with_frags+0xca/0x890
[  645.680067][T14492]  ? __lock_acquire+0x6b5/0x2cf0
[  645.680093][T14492]  sock_alloc_send_pskb+0x884/0x9a0
[  645.680139][T14492]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  645.680188][T14492]  tun_get_user+0x92d/0x3de0
[  645.680221][T14492]  ? arch_stack_walk+0xfb/0x150
[  645.680248][T14492]  ? __pfx_tun_get_user+0x10/0x10
[  645.680277][T14492]  ? __lock_acquire+0x6b5/0x2cf0
[  645.680304][T14492]  ? ref_tracker_alloc+0x332/0x4a0
[  645.680326][T14492]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  645.680350][T14492]  ? tun_get+0x1c/0x2f0
[  645.680376][T14492]  ? tun_get+0x1c/0x2f0
[  645.680397][T14492]  ? tun_get+0x1c/0x2f0
[  645.680423][T14492]  tun_chr_write_iter+0x119/0x200
[  645.680448][T14492]  vfs_write+0x629/0xba0
[  645.680484][T14492]  ? __pfx_vfs_write+0x10/0x10
[  645.680520][T14492]  ? __fget_files+0x2a/0x420
[  645.680551][T14492]  ksys_write+0x156/0x270
[  645.680581][T14492]  ? __pfx_ksys_write+0x10/0x10
[  645.680618][T14492]  do_syscall_64+0x14d/0xf80
[  645.680643][T14492]  ? trace_irq_disable+0x3b/0x150
[  645.680666][T14492]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.680685][T14492]  ? clear_bhb_loop+0x40/0x90
[  645.680709][T14492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.680729][T14492] RIP: 0033:0x7f05f369cfce
[  645.680746][T14492] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  645.680764][T14492] RSP: 002b:00007f05f192dfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  645.680785][T14492] RAX: ffffffffffffffda RBX: 00007f05f192e6c0 RCX: 00007f05f369cfce
[  645.680800][T14492] RDX: 000000000000fdef RSI: 0000200000000080 RDI: 00000000000000c8
[  645.680813][T14492] RBP: 00007f05f192e090 R08: 0000000000000000 R09: 0000000000000000
[  645.680826][T14492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.680838][T14492] R13: 00007f05f3956038 R14: 00007f05f3955fa0 R15: 00007ffda7927ea8
[  645.680869][T14492]  </TASK>
[  645.725550][T14498] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2309'.
[  647.721625][T14531] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2323'.
[  647.759344][T14530] FAULT_INJECTION: forcing a failure.
[  647.759344][T14530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  647.759382][T14530] CPU: 0 UID: 0 PID: 14530 Comm: syz.5.2322 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  647.759409][T14530] Tainted: [L]=SOFTLOCKUP
[  647.759416][T14530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  647.759429][T14530] Call Trace:
[  647.759437][T14530]  <TASK>
[  647.759447][T14530]  dump_stack_lvl+0xe8/0x150
[  647.759482][T14530]  should_fail_ex+0x46b/0x600
[  647.759520][T14530]  _copy_from_user+0x2d/0xb0
[  647.759544][T14530]  __sys_connect+0x156/0x450
[  647.759572][T14530]  ? __pfx___sys_connect+0x10/0x10
[  647.759607][T14530]  ? __pfx_ksys_write+0x10/0x10
[  647.759642][T14530]  __x64_sys_connect+0x7a/0x90
[  647.759666][T14530]  do_syscall_64+0x14d/0xf80
[  647.759693][T14530]  ? trace_irq_disable+0x3b/0x150
[  647.759716][T14530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.759737][T14530]  ? clear_bhb_loop+0x40/0x90
[  647.759769][T14530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.759790][T14530] RIP: 0033:0x7f73d1c9c799
[  647.759809][T14530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  647.759827][T14530] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  647.759848][T14530] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  647.759863][T14530] RDX: 000000000000001e RSI: 00002000000000c0 RDI: 0000000000000006
[  647.759877][T14530] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  647.759889][T14530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.759902][T14530] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  647.759934][T14530]  </TASK>
[  647.809096][   T31] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  648.001828][T14533] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2324'.
[  648.022637][   T31] usb 9-1: device descriptor read/64, error -71
[  648.170526][T14541] FAULT_INJECTION: forcing a failure.
[  648.170526][T14541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.170563][T14541] CPU: 0 UID: 0 PID: 14541 Comm: syz.5.2326 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  648.170592][T14541] Tainted: [L]=SOFTLOCKUP
[  648.170600][T14541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  648.170612][T14541] Call Trace:
[  648.170621][T14541]  <TASK>
[  648.170630][T14541]  dump_stack_lvl+0xe8/0x150
[  648.170663][T14541]  should_fail_ex+0x46b/0x600
[  648.170698][T14541]  _copy_from_user+0x2d/0xb0
[  648.170722][T14541]  ___sys_sendmsg+0x1c6/0x360
[  648.170754][T14541]  ? __pfx____sys_sendmsg+0x10/0x10
[  648.170809][T14541]  ? __fget_files+0x2a/0x420
[  648.170832][T14541]  ? __fget_files+0x3a6/0x420
[  648.170862][T14541]  __x64_sys_sendmsg+0x1c3/0x2a0
[  648.170891][T14541]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  648.170923][T14541]  ? __pfx_ksys_write+0x10/0x10
[  648.170961][T14541]  do_syscall_64+0x14d/0xf80
[  648.170985][T14541]  ? trace_irq_disable+0x3b/0x150
[  648.171008][T14541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.171037][T14541]  ? clear_bhb_loop+0x40/0x90
[  648.171061][T14541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.171081][T14541] RIP: 0033:0x7f73d1c9c799
[  648.171100][T14541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  648.171116][T14541] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  648.171138][T14541] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  648.171153][T14541] RDX: 0000000004008000 RSI: 0000200000000300 RDI: 0000000000000003
[  648.171165][T14541] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  648.171177][T14541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.171194][T14541] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  648.171224][T14541]  </TASK>
[  648.195087][T14537] FAULT_INJECTION: forcing a failure.
[  648.195087][T14537] name failslab, interval 1, probability 0, space 0, times 0
[  648.195123][T14537] CPU: 0 UID: 0 PID: 14537 Comm: syz.6.2327 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  648.195150][T14537] Tainted: [L]=SOFTLOCKUP
[  648.195157][T14537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  648.195170][T14537] Call Trace:
[  648.195178][T14537]  <TASK>
[  648.195187][T14537]  dump_stack_lvl+0xe8/0x150
[  648.195221][T14537]  should_fail_ex+0x46b/0x600
[  648.195266][T14537]  should_failslab+0xa8/0x100
[  648.195297][T14537]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  648.195326][T14537]  ? __alloc_skb+0x1d0/0x7d0
[  648.195347][T14537]  ? lockdep_hardirqs_on+0x7a/0x110
[  648.195378][T14537]  __alloc_skb+0x1d0/0x7d0
[  648.195404][T14537]  alloc_skb_with_frags+0xca/0x890
[  648.195432][T14537]  ? __lock_acquire+0x6b5/0x2cf0
[  648.195457][T14537]  sock_alloc_send_pskb+0x884/0x9a0
[  648.195503][T14537]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  648.195544][T14537]  tun_get_user+0x92d/0x3de0
[  648.195575][T14537]  ? arch_stack_walk+0xfb/0x150
[  648.195601][T14537]  ? __pfx_tun_get_user+0x10/0x10
[  648.195626][T14537]  ? __lock_acquire+0x6b5/0x2cf0
[  648.195651][T14537]  ? ref_tracker_alloc+0x332/0x4a0
[  648.195672][T14537]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  648.195697][T14537]  ? tun_get+0x1c/0x2f0
[  648.195723][T14537]  ? tun_get+0x1c/0x2f0
[  648.195744][T14537]  ? tun_get+0x1c/0x2f0
[  648.195768][T14537]  tun_chr_write_iter+0x119/0x200
[  648.195793][T14537]  vfs_write+0x629/0xba0
[  648.195828][T14537]  ? __pfx_vfs_write+0x10/0x10
[  648.195864][T14537]  ? __fget_files+0x2a/0x420
[  648.195894][T14537]  ksys_write+0x156/0x270
[  648.195924][T14537]  ? __pfx_ksys_write+0x10/0x10
[  648.195961][T14537]  do_syscall_64+0x14d/0xf80
[  648.195985][T14537]  ? trace_irq_disable+0x3b/0x150
[  648.196007][T14537]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.196035][T14537]  ? clear_bhb_loop+0x40/0x90
[  648.196059][T14537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.196077][T14537] RIP: 0033:0x7f05f369cfce
[  648.196096][T14537] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  648.196113][T14537] RSP: 002b:00007f05f192dfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  648.196135][T14537] RAX: ffffffffffffffda RBX: 00007f05f192e6c0 RCX: 00007f05f369cfce
[  648.196150][T14537] RDX: 0000000000000e80 RSI: 0000200000000f40 RDI: 00000000000000c8
[  648.196162][T14537] RBP: 00007f05f192e090 R08: 0000000000000000 R09: 0000000000000000
[  648.196175][T14537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.196187][T14537] R13: 00007f05f3956038 R14: 00007f05f3955fa0 R15: 00007ffda7927ea8
[  648.196218][T14537]  </TASK>
[  648.364657][   T31] usb 9-1: new full-speed USB device number 6 using dummy_hcd
[  648.413316][T14546] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  648.413341][T14546] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  648.413608][T14546] bond0: (slave ipvlan0): Error -95 calling set_mac_address
[  648.557260][   T31] usb 9-1: device descriptor read/64, error -71
[  648.674782][   T31] usb usb9-port1: attempt power cycle
[  649.070576][   T31] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  649.134584][   T31] usb 9-1: device descriptor read/8, error -71
[  649.202499][T14571] netlink: 92 bytes leftover after parsing attributes in process `syz.6.2340'.
[  649.202950][T14571] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  649.624008][   T31] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[  649.636972][   T31] usb 9-1: device descriptor read/8, error -71
[  650.199329][   T31] usb usb9-port1: unable to enumerate USB device
[  650.887425][T14584] netlink: 'syz.5.2343': attribute type 21 has an invalid length.
[  650.887450][T14584] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2343'.
[  650.887569][T14584] netlink: 3 bytes leftover after parsing attributes in process `syz.5.2343'.
[  650.980708][T14588] FAULT_INJECTION: forcing a failure.
[  650.980708][T14588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.980746][T14588] CPU: 0 UID: 0 PID: 14588 Comm: syz.6.2345 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  650.980774][T14588] Tainted: [L]=SOFTLOCKUP
[  650.980781][T14588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  650.980794][T14588] Call Trace:
[  650.980801][T14588]  <TASK>
[  650.980810][T14588]  dump_stack_lvl+0xe8/0x150
[  650.980845][T14588]  should_fail_ex+0x46b/0x600
[  650.980882][T14588]  _copy_from_user+0x2d/0xb0
[  650.980908][T14588]  ___sys_sendmsg+0x1c6/0x360
[  650.980941][T14588]  ? __pfx____sys_sendmsg+0x10/0x10
[  650.981000][T14588]  ? __fget_files+0x2a/0x420
[  650.981024][T14588]  ? __fget_files+0x3a6/0x420
[  650.981056][T14588]  __x64_sys_sendmsg+0x1c3/0x2a0
[  650.981088][T14588]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  650.981124][T14588]  ? __pfx_ksys_write+0x10/0x10
[  650.981161][T14588]  do_syscall_64+0x14d/0xf80
[  650.981187][T14588]  ? trace_irq_disable+0x3b/0x150
[  650.981210][T14588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.981231][T14588]  ? clear_bhb_loop+0x40/0x90
[  650.981256][T14588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.981276][T14588] RIP: 0033:0x7f05f36dc799
[  650.981294][T14588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  650.981311][T14588] RSP: 002b:00007f05f192e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  650.981332][T14588] RAX: ffffffffffffffda RBX: 00007f05f3955fa0 RCX: 00007f05f36dc799
[  650.981347][T14588] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  650.981360][T14588] RBP: 00007f05f192e090 R08: 0000000000000000 R09: 0000000000000000
[  650.981373][T14588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.981385][T14588] R13: 00007f05f3956038 R14: 00007f05f3955fa0 R15: 00007ffda7927ea8
[  650.981414][T14588]  </TASK>
[  651.773438][T13088] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  651.944389][T13088] usb 7-1: Using ep0 maxpacket: 16
[  651.946696][T13088] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  651.946749][T13088] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  651.946780][T13088] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  651.948069][T13088] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  651.948096][T13088] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  651.948115][T13088] usb 7-1: Manufacturer: syz
[  651.997012][T13088] usb 7-1: config 0 descriptor??
[  653.066530][ T5880] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  653.218422][ T5880] usb 8-1: device descriptor read/64, error -71
[  653.808089][ T5880] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  654.754862][ T5880] usb 8-1: device descriptor read/64, error -71
[  654.763729][    T9] usb 7-1: USB disconnect, device number 22
[  654.872651][ T5880] usb usb8-port1: attempt power cycle
[  655.578626][ T5880] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  655.782402][ T5880] usb 8-1: device descriptor read/8, error -71
[  656.111930][ T5880] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  656.336482][ T5880] usb 8-1: device not accepting address 11, error -71
[  656.336895][ T5880] usb usb8-port1: unable to enumerate USB device
[  658.890297][ T5880] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  659.063070][ T5880] usb 8-1: Using ep0 maxpacket: 16
[  659.065894][ T5880] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.065948][ T5880] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  659.065976][ T5880] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  659.067605][ T5880] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  659.067632][ T5880] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  659.067652][ T5880] usb 8-1: Manufacturer: syz
[  659.383377][ T5880] usb 8-1: config 0 descriptor??
[  660.076469][T13088] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[  660.108548][T13054] usb 7-1: new full-speed USB device number 23 using dummy_hcd
[  660.226076][T13088] usb 9-1: device descriptor read/64, error -71
[  660.273624][T13054] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  660.273652][T13054] usb 7-1: config 0 has no interface number 0
[  660.273696][T13054] usb 7-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid maxpacket 128, setting to 64
[  660.273722][T13054] usb 7-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  660.273749][T13054] usb 7-1: config 0 interface 1 has no altsetting 0
[  660.273782][T13054] usb 7-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  660.273805][T13054] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.294920][T13054] usb 7-1: config 0 descriptor??
[  660.297776][T14725] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  660.514631][T13088] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[  660.653590][T13088] usb 9-1: device descriptor read/64, error -71
[  660.771480][T13088] usb usb9-port1: attempt power cycle
[  660.954548][T13054] usbhid 7-1:0.1: can't add hid device: -71
[  660.954661][T13054] usbhid 7-1:0.1: probe with driver usbhid failed with error -71
[  660.973044][T13054] usb 7-1: USB disconnect, device number 23
[  661.075402][T14756] netlink: 'syz.9.2384': attribute type 180 has an invalid length.
[  661.134612][T13088] usb 9-1: new full-speed USB device number 11 using dummy_hcd
[  661.156484][T13088] usb 9-1: device descriptor read/8, error -71
[  661.428082][T13088] usb 9-1: new full-speed USB device number 12 using dummy_hcd
[  661.444830][T13088] usb 9-1: device descriptor read/8, error -71
[  661.563475][T13088] usb usb9-port1: unable to enumerate USB device
[  661.615276][T13054] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  661.640642][T14773] netlink: 'syz.6.2386': attribute type 12 has an invalid length.
[  661.754566][T13054] usb 6-1: device descriptor read/64, error -71
[  661.832478][T13157] usb 8-1: USB disconnect, device number 12
[  662.104145][T13054] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  662.193619][T14790] FAULT_INJECTION: forcing a failure.
[  662.193619][T14790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  662.193658][T14790] CPU: 0 UID: 0 PID: 14790 Comm: syz.8.2389 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  662.193686][T14790] Tainted: [L]=SOFTLOCKUP
[  662.193693][T14790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  662.193704][T14790] Call Trace:
[  662.193712][T14790]  <TASK>
[  662.193721][T14790]  dump_stack_lvl+0xe8/0x150
[  662.193758][T14790]  should_fail_ex+0x46b/0x600
[  662.193795][T14790]  _copy_from_user+0x2d/0xb0
[  662.193820][T14790]  __sys_bpf+0x229/0x950
[  662.193850][T14790]  ? __pfx___sys_bpf+0x10/0x10
[  662.193872][T14790]  ? rt_mutex_slowunlock+0x1cb/0x300
[  662.193910][T14790]  ? ksys_write+0x248/0x270
[  662.193939][T14790]  ? __pfx_ksys_write+0x10/0x10
[  662.193972][T14790]  __x64_sys_bpf+0x7c/0x90
[  662.193995][T14790]  do_syscall_64+0x14d/0xf80
[  662.194029][T14790]  ? trace_irq_disable+0x3b/0x150
[  662.194052][T14790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.194073][T14790]  ? clear_bhb_loop+0x40/0x90
[  662.194099][T14790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.194119][T14790] RIP: 0033:0x7fa8cb8fc799
[  662.194138][T14790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  662.194154][T14790] RSP: 002b:00007fa8c9b4e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  662.194177][T14790] RAX: ffffffffffffffda RBX: 00007fa8cbb75fa0 RCX: 00007fa8cb8fc799
[  662.194191][T14790] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  662.194204][T14790] RBP: 00007fa8c9b4e090 R08: 0000000000000000 R09: 0000000000000000
[  662.194217][T14790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.194230][T14790] R13: 00007fa8cbb76038 R14: 00007fa8cbb75fa0 R15: 00007ffd01537258
[  662.194262][T14790]  </TASK>
[  662.246282][T13054] usb 6-1: device descriptor read/64, error -71
[  662.363685][T13054] usb usb6-port1: attempt power cycle
[  662.769993][T13054] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  663.526477][T13054] usb 6-1: device descriptor read/8, error -71
[  663.535806][T14800] netlink: 83 bytes leftover after parsing attributes in process `syz.9.2391'.
[  663.773919][T13054] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  663.796003][T13054] usb 6-1: device descriptor read/8, error -71
[  663.916450][T13054] usb usb6-port1: unable to enumerate USB device
[  664.318840][T13088] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  664.489855][T13088] usb 7-1: Using ep0 maxpacket: 8
[  664.491821][T13088] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  664.491855][T13088] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  664.491879][T13088] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  664.491903][T13088] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  664.491943][T13088] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  664.491965][T13088] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.548880][T13088] usb 7-1: usb_control_msg returned -32
[  665.548927][T13088] usbtmc 7-1:16.0: can't read capabilities
[  665.919551][T14865] FAULT_INJECTION: forcing a failure.
[  665.919551][T14865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  665.919587][T14865] CPU: 0 UID: 0 PID: 14865 Comm: syz.7.2408 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  665.919615][T14865] Tainted: [L]=SOFTLOCKUP
[  665.919628][T14865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  665.919641][T14865] Call Trace:
[  665.919649][T14865]  <TASK>
[  665.919658][T14865]  dump_stack_lvl+0xe8/0x150
[  665.919693][T14865]  should_fail_ex+0x46b/0x600
[  665.919730][T14865]  _copy_from_user+0x2d/0xb0
[  665.919755][T14865]  do_sock_getsockopt+0x165/0x3f0
[  665.919784][T14865]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  665.919813][T14865]  ? ksys_write+0x202/0x270
[  665.919847][T14865]  __x64_sys_getsockopt+0x1aa/0x250
[  665.919881][T14865]  do_syscall_64+0x14d/0xf80
[  665.919907][T14865]  ? trace_irq_disable+0x3b/0x150
[  665.919931][T14865]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.919952][T14865]  ? clear_bhb_loop+0x40/0x90
[  665.919977][T14865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.919997][T14865] RIP: 0033:0x7ff373d3c799
[  665.920017][T14865] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  665.920041][T14865] RSP: 002b:00007ff371f96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  665.920062][T14865] RAX: ffffffffffffffda RBX: 00007ff373fb5fa0 RCX: 00007ff373d3c799
[  665.920077][T14865] RDX: 0000000000000047 RSI: 0000000000000001 RDI: 0000000000000003
[  665.920089][T14865] RBP: 00007ff371f96090 R08: 0000200000000040 R09: 0000000000000000
[  665.920103][T14865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.920115][T14865] R13: 00007ff373fb6038 R14: 00007ff373fb5fa0 R15: 00007ffc6cc13d08
[  665.920146][T14865]  </TASK>
[  666.168606][T14871] netlink: 'syz.8.2412': attribute type 13 has an invalid length.
[  666.223381][T14871] gretap0: refused to change device tx_queue_len
[  666.224620][T14871] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  666.766109][ T5880] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  666.915709][ T5880] usb 8-1: device descriptor read/64, error -71
[  667.172461][ T5880] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  667.310993][ T5880] usb 8-1: device descriptor read/64, error -71
[  667.359312][T13157] usb 7-1: USB disconnect, device number 24
[  667.430125][ T5880] usb usb8-port1: attempt power cycle
[  667.661285][T14919] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  667.825522][ T5880] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  667.875360][ T5880] usb 8-1: device descriptor read/8, error -71
[  668.123117][ T5880] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  668.145215][ T5880] usb 8-1: device descriptor read/8, error -71
[  668.262710][ T5880] usb usb8-port1: unable to enumerate USB device
[  669.090203][    T9] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  669.263854][    T9] usb 6-1: Using ep0 maxpacket: 8
[  669.275696][    T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  669.275724][    T9] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  669.275778][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  669.275818][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  669.275845][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.357776][    T9] usbtmc 6-1:16.0: bulk endpoints not found
[  670.638898][T14952] GUP no longer grows the stack in syz.6.2430 (14952): 200000006000-200000008000 (200000004000)
[  670.638938][T14952] CPU: 1 UID: 0 PID: 14952 Comm: syz.6.2430 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  670.638957][T14952] Tainted: [L]=SOFTLOCKUP
[  670.638961][T14952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  670.638968][T14952] Call Trace:
[  670.638973][T14952]  <TASK>
[  670.638979][T14952]  dump_stack_lvl+0xe8/0x150
[  670.639000][T14952]  fixup_user_fault+0x637/0x6f0
[  670.639018][T14952]  fault_in_user_writeable+0x71/0xd0
[  670.639037][T14952]  futex_lock_pi+0x80c/0xb00
[  670.639055][T14952]  ? __pfx_futex_lock_pi+0x10/0x10
[  670.639081][T14952]  ? __pfx_futex_wake_mark+0x10/0x10
[  670.639100][T14952]  ? __pfx_userfaultfd_unmap_complete+0x10/0x10
[  670.639120][T14952]  do_futex+0x292/0x420
[  670.639133][T14952]  ? __pfx_do_futex+0x10/0x10
[  670.639143][T14952]  ? __vm_munmap+0x2e6/0x3d0
[  670.639158][T14952]  __se_sys_futex+0x3a8/0x450
[  670.639172][T14952]  ? __pfx___se_sys_futex+0x10/0x10
[  670.639182][T14952]  ? rcu_is_watching+0x15/0xb0
[  670.639201][T14952]  ? __x64_sys_futex+0x21/0xf0
[  670.639224][T14952]  do_syscall_64+0x14d/0xf80
[  670.639249][T14952]  ? trace_irq_disable+0x3b/0x150
[  670.639262][T14952]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.639273][T14952]  ? clear_bhb_loop+0x40/0x90
[  670.639286][T14952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.639296][T14952] RIP: 0033:0x7f05f36dc799
[  670.639307][T14952] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  670.639317][T14952] RSP: 002b:00007f05f192e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  670.639329][T14952] RAX: ffffffffffffffda RBX: 00007f05f3955fa0 RCX: 00007f05f36dc799
[  670.639336][T14952] RDX: 00000000fffff7fc RSI: 000000000000008d RDI: 0000200000004000
[  670.639343][T14952] RBP: 00007f05f3772bd9 R08: 0000000000000000 R09: 0000000000000000
[  670.639349][T14952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  670.639356][T14952] R13: 00007f05f3956038 R14: 00007f05f3955fa0 R15: 00007ffda7927ea8
[  670.639372][T14952]  </TASK>
[  670.889263][T13054] usb 6-1: USB disconnect, device number 29
[  671.322679][T14967] Bluetooth: MGMT ver 1.23
[  671.917422][T14983] netlink: 'syz.9.2438': attribute type 13 has an invalid length.
[  671.945749][T14983] gretap0: refused to change device tx_queue_len
[  671.946237][T14983] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  675.985911][T15051] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  675.985943][T15051] batman_adv: batadv0: Removing interface: batadv_slave_0
[  676.021820][T15051] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  676.021849][T15051] batman_adv: batadv0: Removing interface: batadv_slave_1
[  676.148321][T13157] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  676.151650][T15056] FAULT_INJECTION: forcing a failure.
[  676.151650][T15056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.151686][T15056] CPU: 0 UID: 0 PID: 15056 Comm: syz.7.2455 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  676.151713][T15056] Tainted: [L]=SOFTLOCKUP
[  676.151721][T15056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  676.151732][T15056] Call Trace:
[  676.151740][T15056]  <TASK>
[  676.151748][T15056]  dump_stack_lvl+0xe8/0x150
[  676.151780][T15056]  should_fail_ex+0x46b/0x600
[  676.151816][T15056]  _copy_from_user+0x2d/0xb0
[  676.151840][T15056]  ___sys_sendmsg+0x1c6/0x360
[  676.151877][T15056]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.151936][T15056]  ? __fget_files+0x2a/0x420
[  676.151959][T15056]  ? __fget_files+0x3a6/0x420
[  676.151991][T15056]  __x64_sys_sendmsg+0x1c3/0x2a0
[  676.152020][T15056]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  676.152055][T15056]  ? __pfx_ksys_write+0x10/0x10
[  676.152093][T15056]  do_syscall_64+0x14d/0xf80
[  676.152127][T15056]  ? trace_irq_disable+0x3b/0x150
[  676.152149][T15056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.152170][T15056]  ? clear_bhb_loop+0x40/0x90
[  676.152198][T15056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.152218][T15056] RIP: 0033:0x7ff373d3c799
[  676.152236][T15056] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  676.152254][T15056] RSP: 002b:00007ff371f96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  676.152273][T15056] RAX: ffffffffffffffda RBX: 00007ff373fb5fa0 RCX: 00007ff373d3c799
[  676.152287][T15056] RDX: 922bac8576bdadce RSI: 0000200000000080 RDI: 0000000000000003
[  676.152300][T15056] RBP: 00007ff371f96090 R08: 0000000000000000 R09: 0000000000000000
[  676.152311][T15056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.152323][T15056] R13: 00007ff373fb6038 R14: 00007ff373fb5fa0 R15: 00007ffc6cc13d08
[  676.152352][T15056]  </TASK>
[  676.352368][ T5796] Bluetooth: hci1: command 0x0406 tx timeout
[  676.418908][T13157] usb 6-1: config 0 has an invalid interface number: 113 but max is 0
[  676.418932][T13157] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.418947][T13157] usb 6-1: config 0 has no interface number 0
[  676.418977][T13157] usb 6-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  676.418997][T13157] usb 6-1: config 0 interface 113 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  676.419016][T13157] usb 6-1: config 0 interface 113 has no altsetting 0
[  676.425299][T13157] usb 6-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  676.425329][T13157] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.425348][T13157] usb 6-1: Product: syz
[  676.425363][T13157] usb 6-1: Manufacturer: syz
[  676.425377][T13157] usb 6-1: SerialNumber: syz
[  676.535874][T13157] usb 6-1: config 0 descriptor??
[  676.551570][T13157] pn533_usb 6-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[  676.565247][    T9] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  676.703997][    T9] usb 8-1: device descriptor read/64, error -71
[  676.981753][    T9] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  677.903714][    T9] usb 8-1: device descriptor read/64, error -71
[  678.020125][    T9] usb usb8-port1: attempt power cycle
[  678.392783][    T9] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  678.417698][    T9] usb 8-1: device descriptor read/8, error -71
[  678.670269][    T9] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  678.703059][    T9] usb 8-1: device descriptor read/8, error -71
[  678.820196][    T9] usb usb8-port1: unable to enumerate USB device
[  679.142629][T13157] usb 6-1: USB disconnect, device number 30
[  679.276899][T15138] tmpfs: Bad value for 'mpol'
[  679.610696][T13157] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  679.770902][T13157] usb 6-1: Using ep0 maxpacket: 8
[  679.773092][T13157] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  679.773118][T13157] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  679.773164][T13157] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  679.773280][T13157] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  679.773304][T13157] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.845292][T13157] usbtmc 6-1:16.0: bulk endpoints not found
[  680.294442][ T5958] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  680.486856][ T5958] usb 8-1: Using ep0 maxpacket: 32
[  680.491142][ T5958] usb 8-1: config 0 interface 0 has no altsetting 0
[  680.493506][ T5958] usb 8-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  680.493523][ T5958] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.493534][ T5958] usb 8-1: Product: syz
[  680.493541][ T5958] usb 8-1: Manufacturer: syz
[  680.493549][ T5958] usb 8-1: SerialNumber: syz
[  680.496996][ T5958] usb 8-1: config 0 descriptor??
[  681.288662][ T5796] Bluetooth: hci2: command 0x0406 tx timeout
[  681.671140][T13157] usb 6-1: USB disconnect, device number 31
[  681.693814][T15171] netlink: 'syz.7.2477': attribute type 3 has an invalid length.
[  681.704465][ T5958] gs_usb 8-1:0.0: Configuring for 1 interfaces
[  682.860205][T15240] FAULT_INJECTION: forcing a failure.
[  682.860205][T15240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  682.860248][T15240] CPU: 0 UID: 0 PID: 15240 Comm: syz.5.2492 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  682.860307][T15240] Tainted: [L]=SOFTLOCKUP
[  682.860322][T15240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  682.860350][T15240] Call Trace:
[  682.860366][T15240]  <TASK>
[  682.860384][T15240]  dump_stack_lvl+0xe8/0x150
[  682.860436][T15240]  should_fail_ex+0x46b/0x600
[  682.860473][T15240]  _copy_from_user+0x2d/0xb0
[  682.860498][T15240]  ___sys_recvmsg+0x175/0x590
[  682.860531][T15240]  ? __pfx____sys_recvmsg+0x10/0x10
[  682.860588][T15240]  ? __fget_files+0x3a6/0x420
[  682.860622][T15240]  do_recvmmsg+0x33a/0x800
[  682.860658][T15240]  ? __pfx_do_recvmmsg+0x10/0x10
[  682.860696][T15240]  ? rt_mutex_slowunlock+0x1cb/0x300
[  682.860733][T15240]  __x64_sys_recvmmsg+0x198/0x250
[  682.860764][T15240]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  682.860802][T15240]  do_syscall_64+0x14d/0xf80
[  682.860831][T15240]  ? trace_irq_disable+0x3b/0x150
[  682.860853][T15240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.860873][T15240]  ? clear_bhb_loop+0x40/0x90
[  682.860901][T15240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.860920][T15240] RIP: 0033:0x7f73d1c9c799
[  682.860939][T15240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  682.860956][T15240] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  682.860977][T15240] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  682.860992][T15240] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003
[  682.861006][T15240] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  682.861019][T15240] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  682.861031][T15240] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  682.861061][T15240]  </TASK>
[  683.872372][ T5862] usb 8-1: USB disconnect, device number 21
[  684.291124][T13157] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  684.485656][T13157] usb 6-1: Using ep0 maxpacket: 8
[  684.508635][T13157] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  684.508677][T13157] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  684.508703][T13157] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  684.509885][T13157] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  684.510824][T13157] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  684.511168][T13157] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.086438][T13157] usb 6-1: GET_CAPABILITIES returned 0
[  685.086486][T13157] usbtmc 6-1:16.0: can't read capabilities
[  686.988286][    T9] usb 6-1: USB disconnect, device number 32
[  687.060001][T15281] FAULT_INJECTION: forcing a failure.
[  687.060001][T15281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.060038][T15281] CPU: 1 UID: 0 PID: 15281 Comm: syz.5.2505 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  687.060066][T15281] Tainted: [L]=SOFTLOCKUP
[  687.060074][T15281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  687.060087][T15281] Call Trace:
[  687.060096][T15281]  <TASK>
[  687.060105][T15281]  dump_stack_lvl+0xe8/0x150
[  687.060139][T15281]  should_fail_ex+0x46b/0x600
[  687.060176][T15281]  _copy_from_user+0x2d/0xb0
[  687.060201][T15281]  ___sys_recvmsg+0x175/0x590
[  687.060234][T15281]  ? __pfx____sys_recvmsg+0x10/0x10
[  687.060286][T15281]  ? __fget_files+0x3a6/0x420
[  687.060320][T15281]  do_recvmmsg+0x33a/0x800
[  687.060355][T15281]  ? __pfx_do_recvmmsg+0x10/0x10
[  687.060403][T15281]  ? rt_mutex_slowunlock+0x1cb/0x300
[  687.060440][T15281]  __x64_sys_recvmmsg+0x198/0x250
[  687.060471][T15281]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  687.060511][T15281]  do_syscall_64+0x14d/0xf80
[  687.060538][T15281]  ? trace_irq_disable+0x3b/0x150
[  687.060560][T15281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.060581][T15281]  ? clear_bhb_loop+0x40/0x90
[  687.060606][T15281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.060626][T15281] RIP: 0033:0x7f73d1c9c799
[  687.060644][T15281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  687.060663][T15281] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  687.060684][T15281] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  687.060699][T15281] RDX: 0000000000000001 RSI: 0000200000005200 RDI: 0000000000000004
[  687.060712][T15281] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  687.060725][T15281] R10: 0000000040000120 R11: 0000000000000246 R12: 0000000000000001
[  687.060738][T15281] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  687.060770][T15281]  </TASK>
[  687.457182][T15294] FAULT_INJECTION: forcing a failure.
[  687.457182][T15294] name failslab, interval 1, probability 0, space 0, times 0
[  687.457218][T15294] CPU: 0 UID: 0 PID: 15294 Comm: syz.5.2508 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  687.457243][T15294] Tainted: [L]=SOFTLOCKUP
[  687.457251][T15294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  687.457263][T15294] Call Trace:
[  687.457271][T15294]  <TASK>
[  687.457280][T15294]  dump_stack_lvl+0xe8/0x150
[  687.457313][T15294]  should_fail_ex+0x46b/0x600
[  687.457349][T15294]  should_failslab+0xa8/0x100
[  687.457381][T15294]  __kmalloc_cache_noprof+0x84/0x690
[  687.457410][T15294]  ? alloc_pipe_info+0xe8/0x4d0
[  687.457442][T15294]  alloc_pipe_info+0xe8/0x4d0
[  687.457471][T15294]  splice_direct_to_actor+0xa19/0xc80
[  687.457499][T15294]  ? kstrtoull+0x12f/0x1d0
[  687.457527][T15294]  ? kstrtouint+0x6e/0xe0
[  687.457555][T15294]  ? __pfx_direct_splice_actor+0x10/0x10
[  687.457578][T15294]  ? get_pid_task+0x20/0x1f0
[  687.457601][T15294]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  687.457624][T15294]  ? get_pid_task+0x20/0x1f0
[  687.457649][T15294]  do_splice_direct+0x19b/0x2a0
[  687.457673][T15294]  ? __pfx_do_splice_direct+0x10/0x10
[  687.457697][T15294]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  687.457728][T15294]  ? rw_verify_area+0x25b/0x4e0
[  687.457759][T15294]  do_sendfile+0x547/0x7e0
[  687.457781][T15294]  ? __pfx_vfs_write+0x10/0x10
[  687.457813][T15294]  ? __pfx_do_sendfile+0x10/0x10
[  687.457847][T15294]  __se_sys_sendfile64+0x144/0x1a0
[  687.457870][T15294]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  687.457902][T15294]  do_syscall_64+0x14d/0xf80
[  687.457928][T15294]  ? trace_irq_disable+0x3b/0x150
[  687.457950][T15294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.457971][T15294]  ? clear_bhb_loop+0x40/0x90
[  687.457996][T15294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.458016][T15294] RIP: 0033:0x7f73d1c9c799
[  687.458034][T15294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  687.458052][T15294] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  687.458074][T15294] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  687.458089][T15294] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003
[  687.458109][T15294] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  687.458122][T15294] R10: 0000000000009cba R11: 0000000000000246 R12: 0000000000000001
[  687.458135][T15294] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  687.458167][T15294]  </TASK>
[  692.038647][ T5862] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  692.241589][ T5862] usb 6-1: Using ep0 maxpacket: 8
[  692.467287][ T5862] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  692.467328][ T5862] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  692.467409][ T5862] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  692.467464][ T5862] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  692.467506][ T5862] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  692.467529][ T5862] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.059141][ T5862] usb 6-1: GET_CAPABILITIES returned 0
[  693.059248][ T5862] usbtmc 6-1:16.0: can't read capabilities
[  694.652925][T13054] usb 6-1: USB disconnect, device number 33
[  694.930335][T15357] netlink: 64 bytes leftover after parsing attributes in process `syz.9.2523'.
[  695.758009][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.759223][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.760116][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.760967][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.761847][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.762665][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.763473][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.991609][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.995569][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  695.996495][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  696.939758][T15387] netlink: 'syz.7.2528': attribute type 5 has an invalid length.
[  697.657814][T15418] overlayfs: failed to get inode (-116)
[  697.658910][T15418] overlayfs: failed to get inode (-116)
[  697.689388][T15424] dlm: no locking on control device
[  698.022609][ T5862] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  698.183165][ T5862] usb 6-1: Using ep0 maxpacket: 8
[  698.185157][ T5862] usb 6-1: config 0 interface 0 has no altsetting 0
[  698.187742][ T5862] usb 6-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  698.187770][ T5862] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.187793][ T5862] usb 6-1: Product: syz
[  698.187807][ T5862] usb 6-1: Manufacturer: syz
[  698.187820][ T5862] usb 6-1: SerialNumber: syz
[  699.140310][ T5862] usb 6-1: config 0 descriptor??
[  699.561688][   T10] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  699.743112][   T10] usb 8-1: Using ep0 maxpacket: 8
[  699.760273][   T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  699.760309][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  699.760333][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  699.760355][   T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  699.760396][   T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  699.760418][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.974288][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  700.976559][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  701.066654][ T5862] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 found
[  701.175256][ T5862] snd_usb_toneport 6-1:0.0: set_interface failed
[  701.435996][ T5862] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 now disconnected
[  701.444729][ T5862] snd_usb_toneport 6-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  701.459543][ T5862] usb 6-1: USB disconnect, device number 34
[  701.740420][   T10] usb 8-1: usb_control_msg returned -71
[  701.740468][   T10] usbtmc 8-1:16.0: can't read capabilities
[  701.826492][   T10] usb 8-1: USB disconnect, device number 22
[  701.890212][T15472] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2552'.
[  702.191799][   T37] kauditd_printk_skb: 1 callbacks suppressed
[  702.191817][   T37] audit: type=1326 audit(3919683910.277:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.192202][   T37] audit: type=1326 audit(3919683910.277:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.192435][   T37] audit: type=1326 audit(3919683910.277:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.192696][   T37] audit: type=1326 audit(3919683910.277:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.193006][   T37] audit: type=1326 audit(3919683910.277:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.193290][   T37] audit: type=1326 audit(3919683910.277:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.193676][   T37] audit: type=1326 audit(3919683910.277:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.193717][   T37] audit: type=1326 audit(3919683910.277:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.393336][ T5862] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  702.407257][   T37] audit: type=1326 audit(3919683910.371:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.407311][   T37] audit: type=1326 audit(3919683910.474:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.9.2555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbf7bdc799 code=0x7ffc0000
[  702.567648][ T5862] usb 8-1: Using ep0 maxpacket: 32
[  702.587954][ T5862] usb 8-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  702.587981][ T5862] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.587999][ T5862] usb 8-1: Product: syz
[  702.588012][ T5862] usb 8-1: Manufacturer: syz
[  702.588033][ T5862] usb 8-1: SerialNumber: syz
[  702.620934][ T5862] usb 8-1: config 0 descriptor??
[  702.640726][ T5862] hub 8-1:0.0: bad descriptor, ignoring hub
[  702.640765][ T5862] hub 8-1:0.0: probe with driver hub failed with error -5
[  702.643570][ T5862] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  703.932056][ T5862] gspca_vc032x: reg_w err -71
[  703.932076][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932087][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932096][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932106][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932115][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932124][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932133][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932142][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932152][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932160][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932170][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932178][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932192][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932202][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932211][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932220][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932230][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932239][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932248][ T5862] gspca_vc032x: I2c Bus Busy Wait 00
[  703.932257][ T5862] gspca_vc032x: Unknown sensor...
[  703.932339][ T5862] vc032x 8-1:0.0: probe with driver vc032x failed with error -22
[  704.023351][ T5862] usb 8-1: USB disconnect, device number 23
[  704.482233][T15515] netlink: 'syz.5.2563': attribute type 1 has an invalid length.
[  704.482256][T15515] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2563'.
[  705.535395][T15539] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2566'.
[  705.548827][T15539] bridge_slave_1: left allmulticast mode
[  705.548864][T15539] bridge_slave_1: left promiscuous mode
[  705.564940][T15539] bridge0: port 2(bridge_slave_1) entered disabled state
[  705.770489][T15547] CIFS mount error: No usable UNC path provided in device string!
[  705.770489][T15547] 
[  705.770512][T15547] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  705.780283][T15539] bridge_slave_0: left allmulticast mode
[  705.780312][T15539] bridge_slave_0: left promiscuous mode
[  705.780792][T15539] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.838814][T15548] CIFS mount error: No usable UNC path provided in device string!
[  705.838814][T15548] 
[  705.838829][T15548] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  705.973642][ T5862] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  706.145782][ T5862] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  706.145802][ T5862] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.148548][ T5862] usb 6-1: config 0 descriptor??
[  707.639640][T15582] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2575'.
[  709.395567][ T5862] usb 6-1: string descriptor 0 read error: -71
[  709.447945][ T5862] usbhid 6-1:0.0: can't add hid device: -71
[  709.448058][ T5862] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  709.494885][ T5862] usb 6-1: USB disconnect, device number 35
[  710.535221][T15615] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2582'.
[  710.611956][T15619] CIFS mount error: No usable UNC path provided in device string!
[  710.611956][T15619] 
[  710.611978][T15619] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  711.173775][T15640] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2587'.
[  712.716736][ T5880] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  712.918907][ T5880] usb 6-1: Using ep0 maxpacket: 16
[  712.921185][ T5880] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  712.921218][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  712.921249][ T5880] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  712.921270][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.986884][ T5880] usb 6-1: config 0 descriptor??
[  713.216649][T15649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  713.217252][T15649] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  713.672745][T15649] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2588'.
[  713.695525][T15649] vlan1: entered promiscuous mode
[  713.695549][T15649] bridge0: entered promiscuous mode
[  714.684631][ T5880] nzxt-smart2 0003:1E71:2009.0009: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0
[  714.692713][T15621] orangefs_mount: mount request failed with -4
[  715.087521][ T5880] usb 6-1: USB disconnect, device number 36
[  715.119181][T15687] netlink: 'syz.9.2596': attribute type 10 has an invalid length.
[  715.275629][T15681] fido_id[15681]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  716.039289][ T5862] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  716.416401][ T5862] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  716.416433][ T5862] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  716.416474][ T5862] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  716.416497][ T5862] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.674805][ T5862] usb 8-1: config 0 descriptor??
[  718.112857][ T5862] kovaplus 0003:1E7D:2D50.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.7-1/input0
[  718.481789][T15715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  718.482279][T15715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  718.862360][ T5862] kovaplus 0003:1E7D:2D50.000A: couldn't init struct kovaplus_device
[  718.862414][ T5862] kovaplus 0003:1E7D:2D50.000A: couldn't install mouse
[  718.896739][ T5862] kovaplus 0003:1E7D:2D50.000A: probe with driver kovaplus failed with error -71
[  719.095104][ T5862] usb 8-1: USB disconnect, device number 24
[  719.802143][T15775] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2617'.
[  719.872229][T15779] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2616'.
[  719.872268][T15779] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2616'.
[  723.491094][T15875] CIFS mount error: No usable UNC path provided in device string!
[  723.491094][T15875] 
[  723.491118][T15875] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  724.160640][ T5880] usb 8-1: new full-speed USB device number 25 using dummy_hcd
[  724.344144][ T5880] usb 8-1: config 0 has an invalid interface number: 20 but max is 1
[  724.344175][ T5880] usb 8-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  724.344194][ T5880] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2
[  724.344214][ T5880] usb 8-1: config 0 has no interface number 0
[  724.345533][ T5880] usb 8-1: config 0 interface 20 altsetting 185 has an invalid descriptor for endpoint zero, skipping
[  724.345558][ T5880] usb 8-1: config 0 interface 20 altsetting 185 has an invalid descriptor for endpoint zero, skipping
[  724.345580][ T5880] usb 8-1: config 0 interface 20 altsetting 185 endpoint 0x9 has an invalid bInterval 0, changing to 4
[  724.345606][ T5880] usb 8-1: config 0 interface 20 altsetting 185 endpoint 0x9 has invalid maxpacket 1024, setting to 1023
[  724.345633][ T5880] usb 8-1: config 0 interface 20 altsetting 185 has 8 endpoint descriptors, different from the interface descriptor's value: 9
[  724.345660][ T5880] usb 8-1: config 0 interface 20 has no altsetting 0
[  724.348224][ T5880] usb 8-1: New USB device found, idVendor=046d, idProduct=08a0, bcdDevice=41.a5
[  724.348253][ T5880] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.348273][ T5880] usb 8-1: Product: syz
[  724.348288][ T5880] usb 8-1: Manufacturer: syz
[  724.348302][ T5880] usb 8-1: SerialNumber: syz
[  724.363375][ T5880] usb 8-1: config 0 descriptor??
[  724.650943][T15892] netlink: 80 bytes leftover after parsing attributes in process `syz.7.2650'.
[  724.650968][T15892] net_ratelimit: 22 callbacks suppressed
[  724.650980][T15892] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  724.979271][T15892] overlayfs: workdir and upperdir must be separate subtrees
[  725.531357][ T5880] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08a0
[  725.534354][ T5880] gspca_zc3xx: reg_w_i err -71
[  725.903119][T15931] CIFS mount error: No usable UNC path provided in device string!
[  725.903119][T15931] 
[  725.903140][T15931] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  726.161366][ T5880] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  726.161462][ T5880] gspca_zc3xx 8-1:0.20: probe with driver gspca_zc3xx failed with error -71
[  726.217298][ T5880] usb 8-1: USB disconnect, device number 25
[  726.490865][T15951] netlink: 'syz.7.2664': attribute type 1 has an invalid length.
[  726.547886][T15951] 8021q: adding VLAN 0 to HW filter on device bond1
[  726.553448][T15949] CIFS mount error: No usable UNC path provided in device string!
[  726.553448][T15949] 
[  726.553462][T15949] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  726.617931][T15954] FAULT_INJECTION: forcing a failure.
[  726.617931][T15954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.617967][T15954] CPU: 0 UID: 0 PID: 15954 Comm: syz.7.2664 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  726.617993][T15954] Tainted: [L]=SOFTLOCKUP
[  726.618001][T15954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  726.618013][T15954] Call Trace:
[  726.618021][T15954]  <TASK>
[  726.618029][T15954]  dump_stack_lvl+0xe8/0x150
[  726.618062][T15954]  should_fail_ex+0x46b/0x600
[  726.618098][T15954]  _copy_from_user+0x2d/0xb0
[  726.618122][T15954]  ___sys_sendmsg+0x1c6/0x360
[  726.618155][T15954]  ? __pfx____sys_sendmsg+0x10/0x10
[  726.618212][T15954]  ? __fget_files+0x2a/0x420
[  726.618238][T15954]  ? __fget_files+0x3a6/0x420
[  726.618268][T15954]  __x64_sys_sendmsg+0x1c3/0x2a0
[  726.618296][T15954]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  726.618326][T15954]  ? __pfx_ksys_write+0x10/0x10
[  726.618361][T15954]  do_syscall_64+0x14d/0xf80
[  726.618384][T15954]  ? trace_irq_disable+0x3b/0x150
[  726.618405][T15954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.618425][T15954]  ? clear_bhb_loop+0x40/0x90
[  726.618467][T15954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.618483][T15954] RIP: 0033:0x7ff373d3c799
[  726.618499][T15954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  726.618513][T15954] RSP: 002b:00007ff371f75028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  726.618531][T15954] RAX: ffffffffffffffda RBX: 00007ff373fb6090 RCX: 00007ff373d3c799
[  726.618545][T15954] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000008
[  726.618563][T15954] RBP: 00007ff371f75090 R08: 0000000000000000 R09: 0000000000000000
[  726.618576][T15954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.618588][T15954] R13: 00007ff373fb6128 R14: 00007ff373fb6090 R15: 00007ffc6cc13d08
[  726.618620][T15954]  </TASK>
[  726.659279][T15951] vlan1: entered promiscuous mode
[  726.659301][T15951] bond1: entered promiscuous mode
[  726.659453][T15951] vlan1: entered allmulticast mode
[  726.659466][T15951] bond1: entered allmulticast mode
[  726.691835][T15958] sch_tbf: burst 274 is lower than device lo mtu (65550) !
[  726.752183][T15963] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2668'.
[  727.895555][T15978] FAULT_INJECTION: forcing a failure.
[  727.895555][T15978] name failslab, interval 1, probability 0, space 0, times 0
[  727.895592][T15978] CPU: 0 UID: 0 PID: 15978 Comm: syz.5.2670 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  727.895619][T15978] Tainted: [L]=SOFTLOCKUP
[  727.895633][T15978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  727.895648][T15978] Call Trace:
[  727.895656][T15978]  <TASK>
[  727.895665][T15978]  dump_stack_lvl+0xe8/0x150
[  727.895701][T15978]  should_fail_ex+0x46b/0x600
[  727.895739][T15978]  should_failslab+0xa8/0x100
[  727.895776][T15978]  __kmalloc_cache_noprof+0x84/0x690
[  727.895807][T15978]  ? do_eventfd+0x79/0x2b0
[  727.895831][T15978]  do_eventfd+0x79/0x2b0
[  727.895854][T15978]  __x64_sys_eventfd+0x39/0x50
[  727.895874][T15978]  do_syscall_64+0x14d/0xf80
[  727.895901][T15978]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.895922][T15978]  ? clear_bhb_loop+0x40/0x90
[  727.895947][T15978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.895966][T15978] RIP: 0033:0x7f73d1c9c799
[  727.895986][T15978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  727.896003][T15978] RSP: 002b:00007f73cfecd028 EFLAGS: 00000246 ORIG_RAX: 000000000000011c
[  727.896024][T15978] RAX: ffffffffffffffda RBX: 00007f73d1f16090 RCX: 00007f73d1c9c799
[  727.896040][T15978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000fffffff9
[  727.896053][T15978] RBP: 00007f73cfecd090 R08: 0000000000000000 R09: 0000000000000000
[  727.896065][T15978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.896077][T15978] R13: 00007f73d1f16128 R14: 00007f73d1f16090 R15: 00007ffe3eb7bc08
[  727.896105][T15978]  </TASK>
[  728.761109][T15996] FAULT_INJECTION: forcing a failure.
[  728.761109][T15996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  728.761145][T15996] CPU: 0 UID: 0 PID: 15996 Comm: syz.5.2676 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  728.761174][T15996] Tainted: [L]=SOFTLOCKUP
[  728.761181][T15996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  728.761193][T15996] Call Trace:
[  728.761201][T15996]  <TASK>
[  728.761210][T15996]  dump_stack_lvl+0xe8/0x150
[  728.761244][T15996]  should_fail_ex+0x46b/0x600
[  728.761286][T15996]  _copy_to_user+0x31/0xb0
[  728.761313][T15996]  __x64_sys_getitimer+0x163/0x1e0
[  728.761354][T15996]  ? __pfx___x64_sys_getitimer+0x10/0x10
[  728.761399][T15996]  do_syscall_64+0x14d/0xf80
[  728.761426][T15996]  ? trace_irq_disable+0x3b/0x150
[  728.761449][T15996]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.761470][T15996]  ? clear_bhb_loop+0x40/0x90
[  728.761495][T15996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.761541][T15996] RIP: 0033:0x7f73d1c9c799
[  728.761560][T15996] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  728.761578][T15996] RSP: 002b:00007f73cfeac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000024
[  728.761599][T15996] RAX: ffffffffffffffda RBX: 00007f73d1f16180 RCX: 00007f73d1c9c799
[  728.761614][T15996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  728.761626][T15996] RBP: 00007f73cfeac090 R08: 0000000000000000 R09: 0000000000000000
[  728.761639][T15996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  728.761651][T15996] R13: 00007f73d1f16218 R14: 00007f73d1f16180 R15: 00007ffe3eb7bc08
[  728.761682][T15996]  </TASK>
[  729.954085][ T5958] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  730.116949][ T5958] usb 8-1: Using ep0 maxpacket: 8
[  730.122073][ T5958] usb 8-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  730.122102][ T5958] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.122121][ T5958] usb 8-1: Product: syz
[  730.122136][ T5958] usb 8-1: Manufacturer: syz
[  730.122149][ T5958] usb 8-1: SerialNumber: syz
[  730.178243][ T5958] usb 8-1: config 0 descriptor??
[  730.186031][ T5958] gspca_main: vc032x-2.14.0 probing 046d:0896
[  730.417168][T16008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  730.420832][T16008] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  730.450894][ T5958] gspca_vc032x: reg_r err -71
[  730.450989][ T5958] vc032x 8-1:0.0: probe with driver vc032x failed with error -71
[  730.482895][ T5958] usb 8-1: USB disconnect, device number 26
[  731.790474][   T31] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  731.815762][T16059] netlink: 'syz.9.2695': attribute type 18 has an invalid length.
[  731.929418][   T31] usb 6-1: device descriptor read/64, error -71
[  732.185912][   T31] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  732.255064][T16048] bridge0: port 1(bridge_slave_0) entered disabled state
[  732.255705][T16048] bridge0: port 1(bridge_slave_0) entered blocking state
[  732.293167][T16048] bridge0: port 1(bridge_slave_0) entered forwarding state
[  732.335498][   T31] usb 6-1: device descriptor read/64, error -71
[  732.453639][   T31] usb usb6-port1: attempt power cycle
[  732.827120][   T31] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  732.867559][   T31] usb 6-1: device descriptor read/8, error -71
[  732.976151][T16089] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2698'.
[  732.984642][T16089] bridge_slave_1: left allmulticast mode
[  732.984672][T16089] bridge_slave_1: left promiscuous mode
[  732.984906][T16089] bridge0: port 2(bridge_slave_1) entered disabled state
[  733.084845][T16088] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2699'.
[  733.147636][   T31] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  733.179107][   T31] usb 6-1: device descriptor read/8, error -71
[  733.221769][T16089] bridge_slave_0: left allmulticast mode
[  733.221802][T16089] bridge_slave_0: left promiscuous mode
[  733.222060][T16089] bridge0: port 1(bridge_slave_0) entered disabled state
[  733.286933][   T31] usb usb6-port1: unable to enumerate USB device
[  736.365949][T16126] FAULT_INJECTION: forcing a failure.
[  736.365949][T16126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.366010][T16126] CPU: 0 UID: 0 PID: 16126 Comm: syz.7.2708 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  736.366039][T16126] Tainted: [L]=SOFTLOCKUP
[  736.366046][T16126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  736.366059][T16126] Call Trace:
[  736.366067][T16126]  <TASK>
[  736.366076][T16126]  dump_stack_lvl+0xe8/0x150
[  736.366111][T16126]  should_fail_ex+0x46b/0x600
[  736.366148][T16126]  _copy_from_user+0x2d/0xb0
[  736.366173][T16126]  ___sys_sendmsg+0x1c6/0x360
[  736.366206][T16126]  ? __pfx____sys_sendmsg+0x10/0x10
[  736.366236][T16126]  ? __schedule+0x1511/0x52c0
[  736.366287][T16126]  ? __fget_files+0x2a/0x420
[  736.366311][T16126]  ? __fget_files+0x3a6/0x420
[  736.366343][T16126]  __x64_sys_sendmsg+0x1c3/0x2a0
[  736.366368][T16126]  ? irqentry_exit+0x59e/0x620
[  736.366397][T16126]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  736.366422][T16126]  ? rcu_is_watching+0x15/0xb0
[  736.366465][T16126]  do_syscall_64+0x14d/0xf80
[  736.366492][T16126]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.366513][T16126]  ? clear_bhb_loop+0x40/0x90
[  736.366537][T16126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.366557][T16126] RIP: 0033:0x7ff373d3c799
[  736.366575][T16126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  736.366594][T16126] RSP: 002b:00007ff371f54028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  736.366621][T16126] RAX: ffffffffffffffda RBX: 00007ff373fb6180 RCX: 00007ff373d3c799
[  736.366636][T16126] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000006
[  736.366650][T16126] RBP: 00007ff371f54090 R08: 0000000000000000 R09: 0000000000000000
[  736.366663][T16126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.366675][T16126] R13: 00007ff373fb6218 R14: 00007ff373fb6180 R15: 00007ffc6cc13d08
[  736.366706][T16126]  </TASK>
[  737.189716][T16130] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2710'.
[  737.467260][T16136] befs: (nullb0): No write support. Marking filesystem read-only
[  737.469756][T16136] befs: (nullb0): invalid magic header
[  737.540346][T16144] FAULT_INJECTION: forcing a failure.
[  737.540346][T16144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  737.540382][T16144] CPU: 0 UID: 0 PID: 16144 Comm: syz.5.2716 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  737.540409][T16144] Tainted: [L]=SOFTLOCKUP
[  737.540417][T16144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  737.540429][T16144] Call Trace:
[  737.540445][T16144]  <TASK>
[  737.540454][T16144]  dump_stack_lvl+0xe8/0x150
[  737.540489][T16144]  should_fail_ex+0x46b/0x600
[  737.540526][T16144]  _copy_from_user+0x2d/0xb0
[  737.540550][T16144]  ___sys_sendmsg+0x1c6/0x360
[  737.540583][T16144]  ? __pfx____sys_sendmsg+0x10/0x10
[  737.540642][T16144]  ? __fget_files+0x2a/0x420
[  737.540665][T16144]  ? __fget_files+0x3a6/0x420
[  737.540696][T16144]  __x64_sys_sendmsg+0x1c3/0x2a0
[  737.540725][T16144]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  737.540761][T16144]  ? __pfx_ksys_write+0x10/0x10
[  737.540799][T16144]  do_syscall_64+0x14d/0xf80
[  737.540824][T16144]  ? trace_irq_disable+0x3b/0x150
[  737.540844][T16144]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.540865][T16144]  ? clear_bhb_loop+0x40/0x90
[  737.540889][T16144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.540908][T16144] RIP: 0033:0x7f73d1c9c799
[  737.540927][T16144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  737.540944][T16144] RSP: 002b:00007f73cfeee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  737.540965][T16144] RAX: ffffffffffffffda RBX: 00007f73d1f15fa0 RCX: 00007f73d1c9c799
[  737.540980][T16144] RDX: 0000000000000000 RSI: 0000200000000900 RDI: 0000000000000003
[  737.540993][T16144] RBP: 00007f73cfeee090 R08: 0000000000000000 R09: 0000000000000000
[  737.541006][T16144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  737.541018][T16144] R13: 00007f73d1f16038 R14: 00007f73d1f15fa0 R15: 00007ffe3eb7bc08
[  737.541048][T16144]  </TASK>
[  737.914605][T16156] IPVS: set_ctl: invalid protocol: 29 224.0.0.2:20003
[  737.918779][T13157] IPVS: starting estimator thread 0...
[  737.923164][T16156] netlink: 212360 bytes leftover after parsing attributes in process `syz.7.2720'.
[  738.012068][T16157] IPVS: using max 10 ests per chain, 24000 per kthread
[  740.330065][T16187] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2728'.
[  742.683057][T16198] CIFS mount error: No usable UNC path provided in device string!
[  742.683057][T16198] 
[  742.683079][T16198] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  743.749454][T16211] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2723'.
[  745.453934][T16253] CIFS mount error: No usable UNC path provided in device string!
[  745.453934][T16253] 
[  745.453957][T16253] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  746.265693][T16256] comedi comedi3: pcl812: I/O port conflict (0x8001,16)
[  746.548811][T16267] CIFS mount error: No usable UNC path provided in device string!
[  746.548811][T16267] 
[  746.548835][T16267] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  746.882665][T16285] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2751'.
[  746.960719][T16285] bridge_slave_1: left allmulticast mode
[  746.960749][T16285] bridge_slave_1: left promiscuous mode
[  746.961003][T16285] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.162638][T16285] bridge_slave_0: left allmulticast mode
[  747.162668][T16285] bridge_slave_0: left promiscuous mode
[  747.162912][T16285] bridge0: port 1(bridge_slave_0) entered disabled state
[  749.405630][T16340] overlayfs: failed to clone upperpath
[  751.525705][T10382] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  751.687871][T10382] usb 6-1: Using ep0 maxpacket: 32
[  751.691698][T10382] usb 6-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  751.691717][T10382] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  751.691728][T10382] usb 6-1: Product: syz
[  751.691735][T10382] usb 6-1: Manufacturer: syz
[  751.691743][T10382] usb 6-1: SerialNumber: syz
[  751.720134][T10382] usb 6-1: config 0 descriptor??
[  752.026057][T10382] RobotFuzz Open Source InterFace, OSIF 6-1:0.0: failure sending bit rate
[  752.026085][T10382] RobotFuzz Open Source InterFace, OSIF 6-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71
[  752.056781][T10382] usb 6-1: USB disconnect, device number 41
[  752.899332][T16421] befs: (nullb0): No write support. Marking filesystem read-only
[  752.900494][T16421] befs: (nullb0): invalid magic header
[  753.761587][T16446] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2787'.
[  754.561790][T16459] netlink: 52 bytes leftover after parsing attributes in process `syz.7.2791'.
[  754.984317][T16473] overlayfs: failed to clone upperpath
[  755.293984][T16477] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2799'.
[  755.296367][T16477] overlay: ./file1 is not a directory
[  756.288403][T16489] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2803'.
[  759.083202][T16518] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2809'.
[  762.877220][T16579] CIFS mount error: No usable UNC path provided in device string!
[  762.877220][T16579] 
[  762.877244][T16579] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  763.036473][   T36] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  763.196800][   T36] usb 6-1: Using ep0 maxpacket: 32
[  763.199098][   T36] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  763.199131][   T36] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  763.199166][   T36] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  763.199187][   T36] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.206121][   T36] usb 6-1: config 0 descriptor??
[  763.264516][T16594] netlink: 'syz.9.2831': attribute type 13 has an invalid length.
[  763.294638][T16594] gretap0: refused to change device tx_queue_len
[  763.295088][T16594] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  763.872905][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  763.873061][   T36] usbhid 6-1:0.0: can't add hid device: -32
[  763.873163][   T36] usbhid 6-1:0.0: probe with driver usbhid failed with error -32
[  763.923960][   T36] usb 6-1: USB disconnect, device number 42
[  764.761042][T16626] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2843'.
[  766.191684][T16639] netlink: 'syz.8.2847': attribute type 4 has an invalid length.
[  766.245463][T16640] netlink: 'syz.8.2847': attribute type 4 has an invalid length.
[  766.422012][T16643] pimreg: entered allmulticast mode
[  766.446755][T16643] pimreg: left allmulticast mode
[  766.564925][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  766.739455][T16657] netlink: 1688 bytes leftover after parsing attributes in process `syz.7.2852'.
[  767.040884][T16664] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.2855'.
[  767.041150][T16664] openvswitch: netlink: Message has 6 unknown bytes.
[  767.135178][T16673] CIFS mount error: No usable UNC path provided in device string!
[  767.135178][T16673] 
[  767.135201][T16673] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  767.643089][T16692] netlink: 'syz.8.2863': attribute type 13 has an invalid length.
[  767.686054][T16692] gretap0: refused to change device tx_queue_len
[  767.686624][T16692] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  767.717532][T13054] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  767.890121][T13054] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  767.890150][T13054] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.896854][T13054] usb 6-1: config 0 descriptor??
[  767.902209][T13054] cp210x 6-1:0.0: cp210x converter detected
[  767.953297][T16695] netlink: 'syz.9.2864': attribute type 33 has an invalid length.
[  767.953320][T16695] netlink: 152 bytes leftover after parsing attributes in process `syz.9.2864'.
[  768.342534][T13054] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  768.346182][T13054] cp210x 6-1:0.0: failed to get vendor val 0x000e size 678: -121
[  768.346239][T13054] cp210x 6-1:0.0: GPIO initialisation failed: -121
[  768.375390][T13054] usb 6-1: cp210x converter now attached to ttyUSB0
[  768.599032][T16715] netlink: 156 bytes leftover after parsing attributes in process `syz.8.2872'.
[  768.667772][T16717] overlayfs: failed to clone lowerpath
[  768.701988][T16717] overlayfs: failed to clone lowerpath
[  771.168911][T13157] usb 6-1: USB disconnect, device number 43
[  771.225895][T13157] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  771.226599][T13157] cp210x 6-1:0.0: device disconnected
[  771.294088][T16741] syz_tun: entered allmulticast mode
[  771.325296][T16737] syz_tun: left allmulticast mode
[  774.792637][T16778] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2896'.
[  775.925835][T16804] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2906'.
[  779.215831][T13054] usb 6-1: new low-speed USB device number 44 using dummy_hcd
[  779.523115][T13054] usb 6-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config
[  779.523157][T13054] usb 6-1: too many endpoints for config 0 interface 0 altsetting 9: 34, using maximum allowed: 30
[  779.523196][T13054] usb 6-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  779.523210][T13054] usb 6-1: config 0 interface 0 has no altsetting 0
[  779.523227][T13054] usb 6-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  779.523239][T13054] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.555752][T16826] netlink: 'syz.9.2911': attribute type 13 has an invalid length.
[  779.607637][T13054] usb 6-1: config 0 descriptor??
[  779.670359][T16826] gretap0: refused to change device tx_queue_len
[  779.670907][T16826] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  780.158141][   T60] Bluetooth: hci5: unexpected event for opcode 0x0000
[  780.733742][T13054] usb 6-1: string descriptor 0 read error: -71
[  780.767487][T13054] usb 6-1: USB disconnect, device number 44
[  783.201308][T16850] can: request_module (can-proto-5) failed.
[  784.494108][   T60] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  784.498354][   T60] Bluetooth: hci5: Injecting HCI hardware error event
[  784.500665][   T60] Bluetooth: hci5: hardware error 0x00
[  785.723132][T16896] netlink: 'syz.8.2930': attribute type 13 has an invalid length.
[  785.817146][T16896] gretap0: refused to change device tx_queue_len
[  785.817688][T16896] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  786.438864][ T5958] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  786.564123][T16923] netlink: 'syz.9.2937': attribute type 33 has an invalid length.
[  786.564190][T16923] netlink: 152 bytes leftover after parsing attributes in process `syz.9.2937'.
[  787.229738][   T60] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  787.276301][T16918] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2936'.
[  787.348409][ T5958] usb 6-1: Using ep0 maxpacket: 32
[  787.362294][ T5958] usb 6-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  787.362324][ T5958] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.362343][ T5958] usb 6-1: Product: syz
[  787.362360][ T5958] usb 6-1: Manufacturer: syz
[  787.362375][ T5958] usb 6-1: SerialNumber: syz
[  787.367416][ T5958] usb 6-1: config 0 descriptor??
[  787.372703][ T5958] hub 6-1:0.0: bad descriptor, ignoring hub
[  787.372743][ T5958] hub 6-1:0.0: probe with driver hub failed with error -5
[  787.375503][ T5958] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  787.803379][ T5958] gspca_vc032x: reg_w err -71
[  787.803399][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803452][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803470][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803476][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803488][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803493][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803498][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803503][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803508][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803512][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803517][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803522][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803526][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803531][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803536][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803540][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803545][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803552][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803557][ T5958] gspca_vc032x: I2c Bus Busy Wait 00
[  787.803562][ T5958] gspca_vc032x: Unknown sensor...
[  787.803626][ T5958] vc032x 6-1:0.0: probe with driver vc032x failed with error -22
[  788.000829][ T5958] usb 6-1: USB disconnect, device number 45
[  788.568392][T16939] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2940'.
[  790.026680][T16944] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2942'.
[  790.382049][T16951] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.2944'.
[  790.382165][T16951] openvswitch: netlink: Message has 6 unknown bytes.
[  794.241444][T16989] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.2956'.
[  794.241516][T16989] openvswitch: netlink: Message has 6 unknown bytes.
[  797.735112][ T5880] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  800.028243][ T5880] usb 6-1: Using ep0 maxpacket: 8
[  800.059035][ T5880] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  800.061124][ T5880] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  800.101767][ T5880] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  800.103088][ T5880] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  800.132239][ T5880] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  800.133733][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.018150][ T5880] usb 6-1: usb_control_msg returned -71
[  801.018195][ T5880] usbtmc 6-1:16.0: can't read capabilities
[  801.072645][ T5880] usb 6-1: USB disconnect, device number 46
[  802.533801][T17069] netlink: 'syz.8.2978': attribute type 33 has an invalid length.
[  802.533869][T17069] netlink: 152 bytes leftover after parsing attributes in process `syz.8.2978'.
[  805.598967][   T10] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  805.792482][   T10] usb 6-1: Using ep0 maxpacket: 8
[  806.543937][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  806.543987][   T10] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  806.544010][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.607727][   T10] usb 6-1: config 0 descriptor??
[  806.932150][   T10] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  809.136346][T17100] tipc: Started in network mode
[  809.136389][T17100] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  809.137151][T17100] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0001
[  809.139353][T17100] tipc: Enabled bearer <udp:syz2>, priority 10
[  809.474197][T13054] usb 6-1: USB disconnect, device number 47
[  810.403831][   T10] tipc: Node number set to 1
[  811.399791][T17138] bond2: option arp_all_targets: invalid value (786433)
[  811.601862][T17138] bond2 (unregistering): Released all slaves
[  812.095173][ T5796] Bluetooth: hci0: unexpected event 0x14 length: 20 > 6
[  812.438180][ T5880] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  814.532466][ T5880] usb 6-1: Using ep0 maxpacket: 32
[  814.543606][ T5880] usb 6-1: config 0 has an invalid interface number: 126 but max is 0
[  814.543636][ T5880] usb 6-1: config 0 has no interface number 0
[  814.543683][ T5880] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  814.543709][ T5880] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  814.543730][ T5880] usb 6-1: config 0 interface 126 has no altsetting 0
[  814.555365][T17179] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3008'.
[  814.573060][ T5880] usb 6-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  814.573089][ T5880] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  814.573110][ T5880] usb 6-1: Product: syz
[  814.573125][ T5880] usb 6-1: Manufacturer: syz
[  814.573140][ T5880] usb 6-1: SerialNumber: syz
[  814.585617][ T5880] usb 6-1: config 0 descriptor??
[  814.586780][T17164] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  814.586891][T17164] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  815.732997][ T5880] ir_usb 6-1:0.126: IR Dongle converter detected
[  815.756996][ T5880] usb 6-1: IRDA class descriptor not found, device not bound
[  815.960409][ T5880] usb 6-1: USB disconnect, device number 48
[  824.022353][   T37] kauditd_printk_skb: 471 callbacks suppressed
[  824.022395][   T37] audit: type=1326 audit(3919684024.145:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.022754][   T37] audit: type=1326 audit(3919684024.145:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.023016][   T37] audit: type=1326 audit(3919684024.173:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.023302][   T37] audit: type=1326 audit(3919684024.183:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.023507][   T37] audit: type=1326 audit(3919684024.183:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.023915][   T37] audit: type=1326 audit(3919684024.192:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.024176][   T37] audit: type=1326 audit(3919684024.201:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.024446][   T37] audit: type=1326 audit(3919684024.201:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.024573][   T37] audit: type=1326 audit(3919684024.211:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  824.024967][   T37] audit: type=1326 audit(3919684024.220:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17268 comm="syz.7.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff373d3c799 code=0x7ffc0000
[  825.075533][T17288] openvswitch: netlink: Missing valid actions attribute.
[  825.075564][T17288] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  825.113903][T17289] netlink: 'syz.9.3044': attribute type 13 has an invalid length.
[  825.165214][T17289] gretap0: refused to change device tx_queue_len
[  825.165710][T17289] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  825.271073][T17290] FAULT_INJECTION: forcing a failure.
[  825.271073][T17290] name failslab, interval 1, probability 0, space 0, times 0
[  825.271108][T17290] CPU: 0 UID: 0 PID: 17290 Comm: syz.5.3039 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  825.271134][T17290] Tainted: [L]=SOFTLOCKUP
[  825.271141][T17290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  825.271154][T17290] Call Trace:
[  825.271163][T17290]  <TASK>
[  825.271172][T17290]  dump_stack_lvl+0xe8/0x150
[  825.271209][T17290]  should_fail_ex+0x46b/0x600
[  825.271246][T17290]  should_failslab+0xa8/0x100
[  825.271280][T17290]  kmem_cache_alloc_noprof+0x87/0x680
[  825.271307][T17290]  ? audit_log_start+0x367/0xa40
[  825.271343][T17290]  audit_log_start+0x367/0xa40
[  825.271378][T17290]  ? __pfx_audit_log_start+0x10/0x10
[  825.271411][T17290]  ? __lock_acquire+0x6b5/0x2cf0
[  825.271438][T17290]  audit_seccomp+0x63/0x190
[  825.271467][T17290]  __seccomp_filter+0xd48/0x1ef0
[  825.271505][T17290]  ? __pfx___seccomp_filter+0x10/0x10
[  825.271533][T17290]  ? lockdep_hardirqs_on+0x7a/0x110
[  825.271564][T17290]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  825.271592][T17290]  ? rt_mutex_slowunlock+0x1cb/0x300
[  825.271613][T17290]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  825.271643][T17290]  ? fput+0xa0/0xd0
[  825.271677][T17290]  ? __pfx_ksys_write+0x10/0x10
[  825.271703][T17290]  ? __se_sys_mkdirat+0xc9/0x150
[  825.271737][T17290]  ? __secure_computing+0xe1/0x2a0
[  825.271768][T17290]  do_syscall_64+0xf4/0xf80
[  825.271793][T17290]  ? trace_irq_disable+0x3b/0x150
[  825.271814][T17290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.271831][T17290]  ? clear_bhb_loop+0x40/0x90
[  825.271852][T17290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.271870][T17290] RIP: 0033:0x7f73d1c9c799
[  825.271887][T17290] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  825.271903][T17290] RSP: 002b:00007f73cfeac028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  825.271924][T17290] RAX: ffffffffffffffda RBX: 00007f73d1f16180 RCX: 00007f73d1c9c799
[  825.271938][T17290] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: 0000000000000000
[  825.271950][T17290] RBP: 00007f73cfeac090 R08: 0000000000000000 R09: 0000000000000000
[  825.271962][T17290] R10: 0000000002010042 R11: 0000000000000246 R12: 0000000000000001
[  825.271975][T17290] R13: 00007f73d1f16218 R14: 00007f73d1f16180 R15: 00007ffe3eb7bc08
[  825.272002][T17290]  </TASK>
[  826.626128][T17325] netlink: 'syz.8.3056': attribute type 33 has an invalid length.
[  826.626186][T17325] netlink: 152 bytes leftover after parsing attributes in process `syz.8.3056'.
[  828.377092][T17345] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3063'.
[  828.640634][T17356] netlink: 'syz.6.3068': attribute type 13 has an invalid length.
[  828.660739][T17360] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3069'.
[  828.731919][T17356] gretap0: refused to change device tx_queue_len
[  828.732265][T17356] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  828.901588][ T5796] Bluetooth: hci1: unexpected event for opcode 0x1005
[  830.111781][T17373] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3074'.
[  831.176266][T17389] netlink: 176 bytes leftover after parsing attributes in process `syz.9.3075'.
[  831.177514][T17389] netlink: 'syz.9.3075': attribute type 10 has an invalid length.
[  832.021465][T17389] team0: Port device netdevsim0 added
[  832.302619][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  833.292684][T17404] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3085'.
[  834.585842][ T5796] Bluetooth: hci1: unexpected event for opcode 0x1005
[  834.956283][T17414] kvm: kvm [17413]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1000011d8
[  834.977632][T17414] kvm: kvm [17413]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x58b9
[  835.004007][T17414] kvm_intel: kvm [17413]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x513f
[  835.030389][T17414] kvm: kvm [17413]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x3109
[  835.707424][T17432] mmap: syz.5.3092 (17432): VmData 25837568 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data.
[  836.085667][T17439] sctp: [Deprecated]: syz.7.3093 (pid 17439) Use of struct sctp_assoc_value in delayed_ack socket option.
[  836.085667][T17439] Use struct sctp_sack_info instead
[  836.346663][T17452] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3096'.
[  836.346744][T17452] bridge_slave_1: left allmulticast mode
[  836.346767][T17452] bridge_slave_1: left promiscuous mode
[  836.347011][T17452] bridge0: port 2(bridge_slave_1) entered disabled state
[  836.442644][T17452] bridge_slave_0: left allmulticast mode
[  836.442679][T17452] bridge_slave_0: left promiscuous mode
[  836.443163][T17452] bridge0: port 1(bridge_slave_0) entered disabled state
[  836.869583][   T10] usb 6-1: new full-speed USB device number 49 using dummy_hcd
[  837.062533][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  837.062565][   T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  837.062606][   T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  837.062629][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.141254][ T5796] Bluetooth: hci4: unexpected event for opcode 0x1005
[  837.409676][   T10] usb 6-1: usb_control_msg returned -32
[  837.409720][   T10] usbtmc 6-1:16.0: can't read capabilities
[  837.439911][T17468] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3104'.
[  838.820184][   T10] usb 6-1: USB disconnect, device number 49
[  844.173715][T17522] netlink: 'syz.8.3119': attribute type 33 has an invalid length.
[  844.173744][T17522] netlink: 152 bytes leftover after parsing attributes in process `syz.8.3119'.
[  844.930656][T17541] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3124'.
[  845.010914][T17544] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3123'.
[  848.063365][T17560] Invalid source name
[  849.210666][T17578] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3138'.
[  850.134558][T17596] netlink: 'syz.9.3141': attribute type 33 has an invalid length.
[  850.134638][T17596] netlink: 152 bytes leftover after parsing attributes in process `syz.9.3141'.
[  851.312704][ T5796] Bluetooth: hci2: unexpected event for opcode 0x1005
[  856.099019][T17660] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3157'.
[  856.290724][ T5796] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  856.290754][ T5796] CPU: 1 UID: 0 PID: 5796 Comm: kworker/u9:2 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  856.290783][ T5796] Tainted: [L]=SOFTLOCKUP
[  856.290791][ T5796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  856.290805][ T5796] Workqueue: hci4 hci_rx_work
[  856.290845][ T5796] Call Trace:
[  856.290854][ T5796]  <TASK>
[  856.290864][ T5796]  dump_stack_lvl+0xe8/0x150
[  856.290900][ T5796]  sysfs_create_dir_ns+0x271/0x2a0
[  856.290923][ T5796]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  856.290947][ T5796]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  856.290972][ T5796]  ? rt_spin_unlock+0x160/0x200
[  856.290997][ T5796]  kobject_add_internal+0x631/0xd10
[  856.291040][ T5796]  kobject_add+0x163/0x240
[  856.291075][ T5796]  ? __pfx_kobject_add+0x10/0x10
[  856.291112][ T5796]  ? get_device_parent+0x370/0x3a0
[  856.291146][ T5796]  device_add+0x408/0xb80
[  856.291180][ T5796]  hci_conn_add_sysfs+0xd5/0x210
[  856.291209][ T5796]  le_conn_complete_evt+0xf1d/0x1430
[  856.291250][ T5796]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  856.291282][ T5796]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  856.291309][ T5796]  ? lockdep_hardirqs_on+0x7a/0x110
[  856.291338][ T5796]  ? skb_pull_data+0xfb/0x200
[  856.291374][ T5796]  hci_le_conn_complete_evt+0x187/0x470
[  856.291412][ T5796]  hci_event_packet+0x7af/0x12c0
[  856.291444][ T5796]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  856.291473][ T5796]  ? __pfx_hci_event_packet+0x10/0x10
[  856.291505][ T5796]  ? rt_spin_unlock+0x14f/0x200
[  856.291536][ T5796]  ? hci_send_to_monitor+0xe2/0x590
[  856.291573][ T5796]  hci_rx_work+0x3ee/0x1030
[  856.291607][ T5796]  ? process_scheduled_works+0xa25/0x1830
[  856.291640][ T5796]  process_scheduled_works+0xb02/0x1830
[  856.291697][ T5796]  ? __pfx_process_scheduled_works+0x10/0x10
[  856.291732][ T5796]  ? assign_work+0x3d5/0x5e0
[  856.291764][ T5796]  worker_thread+0xa50/0xfc0
[  856.291821][ T5796]  kthread+0x388/0x470
[  856.291845][ T5796]  ? __pfx_worker_thread+0x10/0x10
[  856.291872][ T5796]  ? __pfx_kthread+0x10/0x10
[  856.291895][ T5796]  ret_from_fork+0x51e/0xb90
[  856.291928][ T5796]  ? __pfx_ret_from_fork+0x10/0x10
[  856.291956][ T5796]  ? __switch_to+0xc7d/0x1450
[  856.291986][ T5796]  ? __pfx_kthread+0x10/0x10
[  856.292009][ T5796]  ret_from_fork_asm+0x1a/0x30
[  856.292046][ T5796]  </TASK>
[  856.292078][ T5796] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  856.292116][ T5796] Bluetooth: hci4: failed to register connection device
[  856.292900][ T5796] Bluetooth: hci4: link tx timeout
[  856.293365][ T5796] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  856.785076][    T9] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  856.945531][    T9] usb 6-1: Using ep0 maxpacket: 32
[  856.949286][    T9] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  856.949317][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.968987][    T9] usb 6-1: config 0 descriptor??
[  857.147223][T17673] syz.8.3158 (17673) used greatest stack depth: 18056 bytes left
[  857.438775][    T9] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  857.604345][    T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  857.604407][    T9] dib0700: firmware download failed at 7 with -22
[  857.640056][    T9] usb 6-1: USB disconnect, device number 50
[  857.715186][T17671] Bluetooth: hci0: unexpected event for opcode 0x1005
[  858.789896][T17671] Bluetooth: hci4: command 0x0406 tx timeout
[  858.847495][    T9] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  859.030849][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  859.129115][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  859.129159][    T9] usb 6-1: can't read configurations, error -61
[  859.622125][    T9] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  860.013324][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  860.015168][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  860.015202][    T9] usb 6-1: can't read configurations, error -61
[  860.015582][    T9] usb usb6-port1: attempt power cycle
[  860.375595][    T9] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  860.398730][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  860.400669][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  860.400705][    T9] usb 6-1: can't read configurations, error -61
[  860.536134][    T9] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  860.559324][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  860.562054][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  860.562090][    T9] usb 6-1: can't read configurations, error -61
[  860.562708][    T9] usb usb6-port1: unable to enumerate USB device
[  862.639587][ T5796] Bluetooth: hci0: unexpected event for opcode 0x1005
[  862.908194][    T9] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  863.094915][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  863.096682][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  863.096717][    T9] usb 6-1: can't read configurations, error -61
[  863.232628][    T9] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  863.453543][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  863.461972][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  863.462099][    T9] usb 6-1: can't read configurations, error -61
[  863.462496][    T9] usb usb6-port1: attempt power cycle
[  863.934049][    T9] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[  863.963256][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  863.971426][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  863.971463][    T9] usb 6-1: can't read configurations, error -61
[  864.127681][    T9] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  864.155498][    T9] usb 6-1: too many configurations: 117, using maximum allowed: 8
[  864.157402][    T9] usb 6-1: unable to read config index 0 descriptor/start: -61
[  864.157436][    T9] usb 6-1: can't read configurations, error -61
[  864.183355][T17766] tipc: Started in network mode
[  864.183373][T17766] tipc: Node identity , cluster identity 4711
[  864.192252][    T9] usb usb6-port1: unable to enumerate USB device
[  864.496555][T17777] netlink: 52 bytes leftover after parsing attributes in process `syz.6.3195'.
[  866.821342][ T5796] Bluetooth: hci2: unexpected event for opcode 0x1003
[  867.274594][T17818] netlink: 'syz.7.3207': attribute type 33 has an invalid length.
[  867.274662][T17818] netlink: 152 bytes leftover after parsing attributes in process `syz.7.3207'.
[  870.901712][    T9] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  871.498593][ T5796] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  871.499540][ T5796] Bluetooth: hci2: Injecting HCI hardware error event
[  871.505974][   T60] Bluetooth: hci2: hardware error 0x00
[  871.606634][    T9] usb 6-1: Using ep0 maxpacket: 32
[  871.625863][    T9] usb 6-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  871.625892][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.625912][    T9] usb 6-1: Product: syz
[  871.625927][    T9] usb 6-1: Manufacturer: syz
[  871.625941][    T9] usb 6-1: SerialNumber: syz
[  871.710126][    T9] usb 6-1: config 0 descriptor??
[  871.722320][    T9] hub 6-1:0.0: bad descriptor, ignoring hub
[  871.722372][    T9] hub 6-1:0.0: probe with driver hub failed with error -5
[  871.745924][    T9] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  872.207890][    T9] gspca_vc032x: reg_w err -71
[  872.207911][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207922][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207931][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207941][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207950][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207960][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207969][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207978][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207987][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.207997][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208006][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208015][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208024][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208033][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208041][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208050][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208059][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208068][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208077][    T9] gspca_vc032x: I2c Bus Busy Wait 00
[  872.208086][    T9] gspca_vc032x: Unknown sensor...
[  872.208166][    T9] vc032x 6-1:0.0: probe with driver vc032x failed with error -22
[  873.146234][    T9] usb 6-1: USB disconnect, device number 59
[  873.992418][   T60] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  875.057814][T17896] gretap1: entered promiscuous mode
[  875.882292][T17903] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3230'.
[  875.882317][T17903] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3230'.
[  875.927189][   T13] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  875.927750][   T13] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  875.927936][   T13] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  875.928008][   T13] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  876.382612][T17898] ------------[ cut here ]------------
[  876.382623][T17898] kernel BU[  876.382623][T17898] kernel BUG at mm/hugetlb.c:1153!
[  876.394148][T17898] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  876.394172][T17898] CPU: 0 UID: 0 PID: 17898 Comm: syz.7.3231 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  876.394188][T17898] Tainted: [L]=SOFTLOCKUP
[  876.394192][T17898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  876.394198][T17898] RIP: 0010:resv_map_release+0x1e5/0x1f0
[  876.394219][T17898] Code: 41 c2 a0 ff 4d 85 f6 75 1b e8 d7 bc a0 ff 48 89 df 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 91 e7 fa ff e8 bc bc a0 ff 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90
[  876.394229][T17898] RSP: 0018:ffffc900056b7998 EFLAGS: 00010293
[  876.394238][T17898] RAX: ffffffff82239674 RBX: ffff888059f2c000 RCX: ffff888025768000
[  876.394246][T17898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  876.394253][T17898] RBP: dead000000000122 R08: 0000000000000000 R09: 0000000000000000
[  876.394259][T17898] R10: dffffc0000000000 R11: fffffbfff1ed45b7 R12: ffff888059f2c0a0
[  876.394267][T17898] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff888059f2c0a0
[  876.394274][T17898] FS:  0000000000000000(0000) GS:ffff888126342000(0000) knlGS:0000000000000000
[  876.394282][T17898] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  876.394289][T17898] CR2: 00007ffd01535e70 CR3: 0000000092480000 CR4: 00000000003526f0
[  876.394299][T17898] Call Trace:
[  876.394304][T17898]  <TASK>
[  876.394310][T17898]  ? __pfx_hugetlb_vm_op_close+0x10/0x10
[  876.394326][T17898]  remove_vma+0x8b/0x130
[  876.394336][T17898]  tear_down_vmas+0x312/0x520
[  876.394353][T17898]  exit_mmap+0x4b6/0xa10
[  876.394367][T17898]  ? __pfx_exit_mmap+0x10/0x10
[  876.394379][T17898]  ? do_raw_spin_lock+0x12b/0x2f0
[  876.394396][T17898]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  876.394411][T17898]  ? __pfx_exit_aio+0x10/0x10
[  876.394426][T17898]  ? uprobe_clear_state+0x288/0x2a0
[  876.394444][T17898]  __mmput+0xcb/0x3d0
[  876.394460][T17898]  exit_mm+0x168/0x220
[  876.394472][T17898]  do_exit+0x62e/0x2320
[  876.394482][T17898]  ? lockdep_hardirqs_on+0x7a/0x110
[  876.394496][T17898]  ? reacquire_held_locks+0x104/0x190
[  876.394507][T17898]  ? rt_spin_lock+0x1e0/0x400
[  876.394516][T17898]  ? __pfx_do_exit+0x10/0x10
[  876.394526][T17898]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  876.394538][T17898]  ? rt_spin_unlock+0x160/0x200
[  876.394548][T17898]  do_group_exit+0x21b/0x2d0
[  876.394560][T17898]  __x64_sys_exit_group+0x3f/0x40
[  876.394570][T17898]  x64_sys_call+0x221a/0x2240
[  876.394580][T17898]  do_syscall_64+0x14d/0xf80
[  876.394601][T17898]  ? trace_irq_disable+0x3b/0x150
[  876.394622][T17898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.394636][T17898]  ? clear_bhb_loop+0x40/0x90
[  876.394656][T17898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.394675][T17898] RIP: 0033:0x7ff373d3c799
[  876.394691][T17898] Code: Unable to access opcode bytes at 0x7ff373d3c76f.
[  876.394710][T17898] RSP: 002b:00007ffc6cc14048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  876.394725][T17898] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff373d3c799
[  876.394733][T17898] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  876.394739][T17898] RBP: 00007ffc6cc140ac R08: 0000000000000000 R09: 00000000000927c0
[  876.394746][T17898] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000000000e1
[  876.394752][T17898] R13: 00000000000927c0 R14: 00000000000cec0e R15: 00007ffc6cc14100
[  876.394762][T17898]  </TASK>
[  876.394770][T17898] Modules linked in:
[  876.394785][T17898] ---[ end trace 0000000000000000 ]---
[  876.394796][T17898] RIP: 0010:resv_map_release+0x1e5/0x1f0
[  876.394810][T17898] Code: 41 c2 a0 ff 4d 85 f6 75 1b e8 d7 bc a0 ff 48 89 df 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 91 e7 fa ff e8 bc bc a0 ff 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90
[  876.394819][T17898] RSP: 0018:ffffc900056b7998 EFLAGS: 00010293
[  876.394827][T17898] RAX: ffffffff82239674 RBX: ffff888059f2c000 RCX: ffff888025768000
[  876.394835][T17898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  876.394841][T17898] RBP: dead000000000122 R08: 0000000000000000 R09: 0000000000000000
[  876.394848][T17898] R10: dffffc0000000000 R11: fffffbfff1ed45b7 R12: ffff888059f2c0a0
[  876.394855][T17898] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff888059f2c0a0
[  876.394862][T17898] FS:  0000000000000000(0000) GS:ffff888126342000(0000) knlGS:0000000000000000
[  876.394870][T17898] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  876.394877][T17898] CR2: 00007ffd01535e70 CR3: 0000000092480000 CR4: 00000000003526f0
[  876.394891][T17898] Kernel panic - not syncing: Fatal exception
[  876.395362][T17898] Kernel Offset: disabled