last executing test programs:

10.340266448s ago: executing program 3 (id=150):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc3", 0x6)
pselect6(0x40, &(0x7f0000000040)={0x80000000, 0x0, 0x3, 0x2, 0x4, 0x7, 0xffffffffffffff81, 0x9e}, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000200)=""/239, 0xef}, {&(0x7f0000000180)=""/57, 0x39}, {&(0x7f0000000300)=""/210, 0xd2}, {&(0x7f0000000440)=""/182, 0xb6}, {&(0x7f0000000500)=""/228, 0xe4}], 0x5, 0x4, 0xa)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0)
preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
write$dsp(r3, &(0x7f00000004c0)='\x00', 0x1)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000000)=""/91, 0x5b}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000680)={<r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000700)={r4, 0x1, r0, 0x3})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9.650950772s ago: executing program 3 (id=153):
removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.advise\x00')
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000a, 0x204031, 0xffffffffffffffff, 0x1bf5f000)
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x32)
read(r0, &(0x7f00000019c0)=""/4107, 0x100b)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8, 0x0, 0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, &(0x7f0000000080))
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x2e288501978821b, 0x80)
r4 = dup3(r3, r2, 0x0)
recvmmsg$unix(r4, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000005140)=""/4111, 0x100f}], 0x1}}], 0x1, 0x58ca2280, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1, 0x0, 0x0, 0x101d0}}], 0x400000000000181, 0x9200000000000000)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448e0, &(0x7f0000000080))
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r6, 0x0, 0x34004000)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0x80044100, &(0x7f0000000280)={0x0, [[0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]], '\x00', [{0x0, 0x4}, {0x0, 0x5}, {}, {}, {}, {0x0, 0x40000000}, {}, {}, {}, {0x0, 0xfffffffe}, {0x0, 0x80}]})
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000100), 0x4)

9.50016602s ago: executing program 3 (id=156):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000180)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ni={0x19d, 0x0, 0x0, 0x8, 0x3, 0x4029}}}}}}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x11}}, 0x1e)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='quota,grpquota_block_hardlimit=3'])
chown(&(0x7f00000003c0)='./file0\x00', 0xffffffffffffffff, 0xee01)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
prctl$PR_MCE_KILL(0x35, 0x0, 0x2)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002080)=@newtaction={0x44c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x438, 0x1, [@m_police={0x434, 0x1, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x81, 0x8c4b, 0x800, 0xa1, 0x4, 0x8, 0x3, 0x7, 0x1, 0x3, 0x8, 0x1000003, 0x7, 0xfffffe01, 0x1, 0x2, 0x4, 0x81, 0x9, 0x1, 0xb3b0, 0x5, 0x69, 0x8, 0x1000, 0x5, 0x8c0, 0x2, 0x75, 0x9, 0x7f, 0x4, 0x9, 0x0, 0xce, 0x1, 0xb, 0x0, 0xc4ff, 0x9436, 0x8, 0x3, 0x1, 0xa3f, 0x9, 0x200, 0xaaa, 0x2, 0x9, 0x200, 0x2, 0x86, 0xfffffff9, 0x100, 0x0, 0x3, 0xfffffffe, 0x6, 0x6, 0xd, 0xfd1, 0x8, 0x6, 0xff, 0x0, 0x7, 0x235, 0x1, 0x10001, 0xeec, 0x0, 0x4, 0xdbdf, 0x8, 0x5, 0x6, 0xee3a, 0x9a, 0x0, 0xffff, 0x9, 0x10001, 0x4, 0x5, 0x8001, 0x4, 0x0, 0x7, 0x1, 0x6, 0x200, 0x101, 0x0, 0x4, 0x7, 0x1000, 0x1, 0x4, 0x1, 0xfffffffa, 0x8, 0xd27, 0xf6, 0x4, 0xe48, 0x100, 0x9, 0x6, 0xfffffff7, 0xa6, 0x9, 0x59, 0x8, 0x5, 0x9, 0x9, 0xfffffff7, 0x723, 0xbc6, 0x4, 0x7, 0x10000, 0x7, 0xffff, 0x1, 0x0, 0xbb8, 0x3, 0xb, 0x2, 0xffffffff, 0x9, 0x5, 0x9, 0x1, 0x80000001, 0x80000000, 0x8800000, 0x4, 0x40, 0x0, 0x6789, 0x40, 0xdd9, 0x7ff, 0x800, 0xe, 0x1000, 0x2, 0x5347, 0x5, 0x9, 0x9, 0x8, 0x5, 0x101, 0x8, 0x3, 0x3, 0x1ff, 0x8004, 0x7, 0x1, 0x9, 0x801, 0x9, 0x54aa3579, 0x1, 0xfffffffe, 0x4, 0xdbdd, 0x4, 0x8000, 0x4, 0x4, 0x4, 0x3, 0xfffffff8, 0x1000, 0x200005, 0x400, 0xb, 0x0, 0x8, 0x6, 0x3f800000, 0x8, 0x810a, 0x6f5334a4, 0x29ad, 0xffffffff, 0x4822, 0x4, 0x4, 0xff, 0x368, 0x0, 0x9, 0x7f, 0xfffffffe, 0xac9, 0x8, 0x4, 0x5, 0x5, 0x3, 0x30000000, 0xb5000000, 0x4, 0x3, 0x4, 0x0, 0x3, 0xeb4, 0x8, 0x3, 0x5, 0x1, 0x7f, 0x7, 0x6, 0x3ff, 0x1, 0x1, 0x1, 0xfff, 0x3, 0x4, 0x3ff, 0x8000, 0x8, 0x9, 0x7, 0xa, 0xfff, 0x4, 0x6, 0x1, 0x8, 0x2, 0x10001, 0x4, 0x9, 0x0, 0x1, 0x25, 0x0, 0x6, 0x40, 0x6, 0x6, 0x6, 0x13, 0x6, 0x6]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x44c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4004045)
r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x1, 0x399})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000811010000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[], 0x18}}, 0x20004000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x63, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x4, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x13, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r2 = socket$netlink(0x10, 0x3, 0xa)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa}, 0x1c)
io_uring_enter(r1, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f0000000240)={0x0, 0x0, '\x00', @raw_data=[0xffffff80, 0x92d3, 0xfffffffe, 0x6, 0x8, 0x6, 0x386, 0x9, 0xeafd, 0x3, 0x9, 0xed41, 0x7, 0xcfc, 0x400, 0x0, 0x9, 0x101, 0x0, 0x1000, 0xfffffff9, 0x7fffffff, 0x9, 0x1ff, 0x1, 0x5, 0x8, 0x11, 0x0, 0xf, 0x8, 0x4]})
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
getdents64(r4, &(0x7f0000000500)=""/166, 0xa6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})

2.704076543s ago: executing program 1 (id=164):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000580)={0xd8, r1, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0x78, 0xa8, @random="b6ed0efef6a0075df4d68a9bcc8126c799d3cedd339c2694fc0d752cdde329d6bd60714f7222f095f49266154f300f56ae663bda2147fa04917a09b870f3d0140df0cbbf9ba381b286dc6f484390ad9200278f531ee67e26b97635bc5c136b64c566b73e79ae806903f4b9ca3c4b2235ddd9338d"}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xea2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x6}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) (async, rerun: 64)
r2 = socket$inet(0x2, 0x2, 0x0) (rerun: 64)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x8, 0x3, 0x258, 0x0, 0x8, 0xfa04, 0xc0, 0x6c02, 0x1c0, 0x194, 0x194, 0x1c0, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x8fb2bd54e1114dfe, 'sit0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x6, 0x0, 0x32}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x74020000}, [@common=@inet=@ecn={{0x28}, {0x10, 0x30, 0x5, 0x8}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@addrtype={{0x30}, {0x1a5, 0xc20, 0x1, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, 0x1, 0x10, [0x18, 0x2f, 0x22, 0x8, 0x1d, 0x18, 0x15, 0x2e, 0x29, 0x2a, 0xe, 0x2, 0x1a, 0x31, 0x39, 0x3f], 0x0, 0x8e, 0xffffffff}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2b8) (async)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) (async)
r4 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) (async, rerun: 32)
r5 = socket(0x10, 0x803, 0x0) (rerun: 32)
getsockname$packet(r5, 0x0, &(0x7f0000000080))
syz_emit_ethernet(0x86, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @multicast1}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x0, "eea2ce15f073cfc7b867a8f1eae374992b05d96de4fee8723648ec884824c0fa", "dad132180b5c87e3c4ce5aace7bd878f", {"bfb382e7c4f35588608b6b77d4179781", "5c1ef82da223af7e119100d169d1153d"}}}}}}}, 0x0) (async)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) (async, rerun: 32)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x102, 0x0) (rerun: 32)
ioctl$TCXONC(r6, 0x540a, 0x2) (async)
ioctl$TIOCSPTLCK(r6, 0x40045431, &(0x7f0000000000)) (async)
r7 = ioctl$TIOCGPTPEER(r6, 0x5441, 0x207a)
ppoll(&(0x7f0000000080)=[{r7, 0xfae83c30bf5f62a}], 0x1, 0x0, 0x0, 0x0) (async)
r8 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_GET_PROPERTY(r8, 0x80106f53, &(0x7f0000000340)={0x1e, &(0x7f00000003c0)=[{0x43, '\x00', @data=0x4, 0xbd}]}) (async)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f0000000040)={0x0, 0xae, 0x3ff, 0x30315559, 0x0, [], [0x0, 0x0, 0x33f1], [0x8, 0x0, 0x7d], [0x0, 0x0, 0x800000000001]}) (async, rerun: 32)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3}) (rerun: 32)

1.848265383s ago: executing program 1 (id=167):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000200)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f00000000c0))
connect$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x4}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)

1.752671926s ago: executing program 3 (id=169):
close(0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x20000}, {0x0, 0x0, 0x0, 0xc}, {}, {0x0, 0x9}, {}, {0x10001}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xf}, {}, {0x0, 0x0, 0x0, 0x0, 0xfff}, {}, {}, {0x0, 0x2}, {0x0, 0x0, 0x400}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x1}, {0x0, 0x8}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x2, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x690}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x100}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x9}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10004}, {}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x619}, {}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe81}, {0x4000000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {}, {0x3}, {}, {0x0, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7fffffff}, {}, {0x0, 0x0, 0x1000, 0x0, 0x4bf7ca16}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x200, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x20000, 0x0, 0x0, 0x0, 0x0, 0x40000000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x80, 0x3}], [{}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x3}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r3, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @multicast1}}}], 0x20, 0x3f}}], 0x1, 0xc0)
r4 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60)
r5 = fanotify_init(0x1a, 0x800)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8)
syz_create_resource$binfmt(&(0x7f0000000080)='./file0\x00')
fanotify_mark(r5, 0x441, 0x4800001a, r6, 0x0)
fanotify_mark(r5, 0x1, 0x20, r6, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000000)={0x63, 0xfffffffffffffff7, 0x2, 0x3, 0x2, 0x5, "0bf8fbd7015a4ece54e76d48f944c89a", 0x1b, 0x80, 0x4, 0x99, 0x10, 0x40, 0x4})

1.751959767s ago: executing program 2 (id=170):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
writev(r0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r5, @ANYBLOB="05005b"], 0x24}}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)=',', 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b000000", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r0], 0x3c}}, 0x10)

1.749803709s ago: executing program 3 (id=172):
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40002}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="1beb41ea4ea9ca354f167d9eaee7dc35eca218b865688d79fe31cbe00d190c853bfe6a22bd7dec0023aa0e038d07000040e37e00f7dd3afafdbc70e1b5928033df5e82fd76f31e8b29a0f05c2cef56f56cd0330dc984004f220b7dcb23a05d530df65691cf6a3cceb7a97c673856f552ded9530b52fe6d1e662090d2802233ec1adca9eaab9dd6f04b2717ed1552cf46dc28cd3fbf1ec1eaedd80d1da838a00a1e229ce16d2c", 0xa6}, {&(0x7f0000000b00)}], 0x2, 0x0, 0x0, 0x4004090}, {0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e", 0xc}], 0x1, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000fc0)}], 0x2, 0x0, 0x0, 0x84090}], 0x3, 0x4004000)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {0x0}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.687682631s ago: executing program 2 (id=173):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1900000004000000040000000900000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000002faffffff00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f0000000540)='P', &(0x7f0000000000)=""/7, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r3, &(0x7f0000000200)}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[], 0x74}, 0x1, 0x0, 0x0, 0x20000854}, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r7=>0xffffffffffffffff}, 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r7, 0xfffffe4d}}, 0x48)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r9=>0xffffffffffffffff}, 0x111, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r9, 0x7}}, 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4001ff}, 0x94)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
setsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, &(0x7f0000000140)=0x81, 0x4)

1.687443469s ago: executing program 3 (id=174):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x2b)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
ioctl$EVIOCGMASK(r2, 0x5b03, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000fc0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000126bd7000fddbdf253f00000008000300", @ANYRES32=r8, @ANYBLOB="0c005e8008000900080000002c005e8020000100ff000000ffffffff00000100070000007f04000005000000080000000800060003000000f151a491b41363fea74c19619c70d21258fad451d4ffd6594fe35f7ac132d288dd92403865cccbf452b401a7c3175a489aacc6257e97701e3d0af6a8db0e28b813b44d70e0e090704fe3d5889759ed5bce5be5bb4f170e456ee0897ce607f8b0770bacfe97995d09cf61cb45469f3c371bcb99d375bea61520c3ac035b77f4bb58272190a7f5fababc25459a5cd371cd5876ec3a919038b3dd26910f603e2c"], 0x54}, 0x1, 0x0, 0x0, 0x20048881}, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="09022abd7000fddbdf254400000008000300", @ANYRES32=r8, @ANYBLOB="000000000000000000000000cb3021fda8e9a487e431c4001cdeceb094b07d2fe15b5017b4d53049cb43407e362194ee61649f9cd3ca5c47da40d30feb1a3bb0007ad905b42aa939c14557442b0597558c8b43044d10022fd0ae0313feb85d22a381e6dc0ea976d7f4f0ee2dc3ad055442980defbfcd55e4e1f8eacf7a34d108dec2bc461348cd16c28bad76e416c0fb06e3521f32634ec82d0e7b0a722f5de1e99ac0d7fa122caac7e747f016f6042c05c93928a18fe4b9d9a3014526c96bf8748b953ff6949aaa59dfe7e9a8025717471f7781ca746ba9c19e5ed88459c5d79c7eb7dd54bde2b99751cd1cb00c58fcdaada80e1820d22c37938d827dc14e2c71ca72955b847a8b855d143768b07bf71ed51dbfdb558e8675d01afb460ce29ed9089144e2"], 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6d706f6c3d98a02e20ae6c23828462696e643d7374617469633a", @ANYRESDEC])
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x400})
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r10, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000140)={0x0, 0x0, r9, <r11=>0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000400)={r11, 0x0, 0x0, 0x0, 0x0, [<r12=>0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000100)={r12})

1.587204927s ago: executing program 0 (id=176):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x3)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'gretap0\x00', <r1=>0x0, 0x80, 0x80, 0x1, 0xffff8000, {{0x7, 0x4, 0x0, 0x22, 0x1c, 0x65, 0x0, 0x9, 0x4, 0x0, @remote, @multicast2, {[@timestamp={0x44, 0x4, 0x89, 0x0, 0xc}, @generic={0x94, 0x2}, @end]}}}}})
r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r4=>0x0})
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="000000000000000010011a80100005800400058008000000000000000800038030000180050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839fda9d9f088d80500060000000000130002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e83c000c8008002c000000000005000600000000001400190002"], 0x270}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="980000001000010400"/20, @ANYRES32=r7, @ANYBLOB="00030000000000004c001280110001006272696467655f736c61766500000000340005800500190002"], 0x98}, 0x1, 0x0, 0x0, 0x20010010}, 0x0)
readv(r2, 0x0, 0x0)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r9, 0x4008af24, &(0x7f0000000040)={0x1})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r11, &(0x7f00000002c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r12, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
r13 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r13)
getsockname$packet(r13, &(0x7f0000000180)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@delchain={0x34, 0x2c, 0xf31, 0x1, 0x2000, {0x0, 0x0, 0x0, r14, {}, {0xa, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004050}, 0x4010)

1.45092118s ago: executing program 0 (id=177):
r0 = syz_open_dev$dvb_dvr(&(0x7f0000000040), 0x0, 0x100)
ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r0, 0x6f2d, 0x1)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0100001000130700000000fcdbdf250a01010200000000000000000000000020010000000000000000000000000001000000004e230202020020003b000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000e000000100000000000000000000000000000000000000000400000000000000ff0000ffffffffff080000000000000000000000000000000000000000000000000000000000000043050000000000008400000000000000ffffffffffffff7f0000000000000000ff0f00000000000000000000000000000000000028bd70000035000002000400000000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
syz_open_dev$dvb_dvr(&(0x7f0000000040), 0x0, 0x100) (async)
ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r0, 0x6f2d, 0x1) (async)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0100001000130700000000fcdbdf250a01010200000000000000000000000020010000000000000000000000000001000000004e230202020020003b000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000e000000100000000000000000000000000000000000000000400000000000000ff0000ffffffffff080000000000000000000000000000000000000000000000000000000000000043050000000000008400000000000000ffffffffffffff7f0000000000000000ff0f00000000000000000000000000000000000028bd70000035000002000400000000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async)

1.399396142s ago: executing program 2 (id=178):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0x4, 0x5, 0xfffffffd, 0xc6cf, 0xfd, "0600000000000000150000000100", 0x240001, 0x1fd})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0xfffffffffffffffe, 0x5, 0x7, 0x3, 0x1, {0x2000400000080001, 0xfd, 0x20ff, 0xdd6, 0xe, 0xd615, 0x9, 0xffff, 0xfffffffc, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080)=0x9, 0x7f01)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f00000000c0)={0x0, r2, 0x28, {0x7fff, 0x5}, 0x9}, 0x1)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk={@lu}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x94)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r6=>0x0})
setsockopt$CAN_RAW_FD_FRAMES(r5, 0x65, 0x5, &(0x7f0000000180)=0x1, 0x4)
fchmodat(r2, &(0x7f0000000140)='./file0\x00', 0x4)
sendmsg$can_raw(r5, &(0x7f0000000340)={&(0x7f0000000080)={0x1d, r6}, 0x10, &(0x7f0000000000)={&(0x7f00000001c0)=@canfd={{}, 0x3b, 0x0, 0x0, 0x0, "4e4e488e419039dda425818c34de45852abd1372621b404219373c9a72cdb611ef256a70bf66c39d7082f2809cbc3da9bb3c86e0c5e53cff15d561c53fe9ae3a"}, 0x48}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
pwritev2(r5, &(0x7f0000000980)=[{&(0x7f0000000240)="387ea968be81", 0x6}], 0x1, 0x5, 0x5, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x14, 0x36, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a320000000005000400000000000500050002000000050001000600000014000780080006400000000208000c"], 0x58}}, 0x20000000)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x1)
r8 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f0000000280)={{r8}, 0x2, &(0x7f00000000c0)=[0x100, 0x9], 0x6, 0x1, 0x1})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)

1.393712503s ago: executing program 0 (id=179):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$x86(r3, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_kvm_setup_syzos_vm$x86(r6, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$x86(r7, &(0x7f0000000080)={0x0, &(0x7f00000006c0)})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r4, 0x4068aea3, &(0x7f0000000140)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r12 = socket$netlink(0x10, 0x3, 0x2)
r13 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r14, {}, {0xffff, 0xffff}, {0x7, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r15=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r15, <r16=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[<r17=>0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[<r18=>0x0, <r19=>0x0, 0x0], &(0x7f0000000040), 0x3, r16, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000180)=[r16], &(0x7f0000000200), &(0x7f00000000c0)=[0x0], &(0x7f0000000040), 0x0, 0x2fd})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f00000002c0)={0x3, 0x0, &(0x7f0000000240)=[<r20=>0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_ATOMIC(r9, 0xc03864bc, &(0x7f00000004c0)={0x600, 0x2, &(0x7f00000003c0)=[r17, r20], &(0x7f0000000400)=[0x1000, 0x8], &(0x7f0000000440)=[r18, r19, r18, 0x0], &(0x7f0000000480)=[0x5, 0x8], 0x0, 0xc})

1.029952233s ago: executing program 0 (id=180):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
r1 = open_tree(r0, &(0x7f0000000040)='./file0\x00', 0x1800) (async)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00'}) (async)
fsetxattr$trusted_overlay_origin(r2, &(0x7f00000000c0), &(0x7f0000000100), 0x2, 0x0)
inotify_init1(0x0)
fremovexattr(r0, &(0x7f0000000140)=@known='trusted.overlay.origin\x00')
r3 = open_tree(r0, &(0x7f0000000180)='./file0\x00', 0x1) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r3, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x5c, r4, 0x800, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x8}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x13}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x28}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4004880}, 0x7) (async)
write$qrtrtun(r3, &(0x7f0000000340)="dd5a06551276096232d305e326d3f4b963d4d23ba34426271f098d5422a5912b28e37e134c5761470ad7515d77d7dd7a69e9c2988d58ad490fa0dcb99d1b49f4e22e7bd23d6ee657c2c2abe2d66756510c931d7f619301e6995588591e7f6cb524e7a1b2b958de40580d28e23068b4f285b52d34a3b76635bf717b06f8aaedeb99363e08823dd2aca82d8a6ef327beb63a", 0x91) (async)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000400)={0x1db, <r5=>0x0}, 0x8)
r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000440)=r5, 0x4)
ioctl$AUTOFS_IOC_SETTIMEOUT(r6, 0x80049367, &(0x7f0000000480)=0x8) (async)
ioctl$SNDRV_PCM_IOCTL_LINK(r1, 0x40044160, &(0x7f00000004c0)) (async)
setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000000500)=0x1, 0x4) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r1, 0x22, 0x0, 0x1, &(0x7f0000000540)=[0x0], 0x1, 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r7=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000680)={@map=r3, r3, 0xd, 0x2, r1, @void, @value=r1, @void, @void, r7}, 0x20) (async)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000006c0)={0x0, <r8=>0x0})
r9 = syz_open_procfs(r8, &(0x7f0000000700)='net/icmp6\x00') (async)
ioprio_set$pid(0x0, r8, 0x4)
syz_open_dev$loop(&(0x7f0000000740), 0x47f4c8f6, 0x100001)
ioctl$LOOP_CHANGE_FD(r9, 0x4c06, 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000780), r9) (async)
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x840000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000800)={0x98, r4, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6}}}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x9, 0x24, [{0x6c}, {0x2}, {0x4}, {0xc, 0x1}, {0x60}]}, @NL80211_ATTR_MESH_CONFIG={0x54, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x21}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x16}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x6}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x800}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x6}, @NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0xe}, @NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0x40}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0x97}, @NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0xf}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0xa, 0x24, [{0x5}, {0x0, 0x1}, {0x36, 0x1}, {0xb}, {0x9, 0x1}, {0xc, 0x1}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0xc090}, 0x54) (async)
r10 = accept4$ax25(r0, &(0x7f0000000940)={{0x3, @bcast}, [@null, @default, @default, @bcast, @bcast, @rose, @remote, @default]}, &(0x7f00000009c0)=0x48, 0x800)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r10, 0x40189429, &(0x7f0000000a00)={0x1, 0xbf4, 0xd0}) (async)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r2, 0x80286722, &(0x7f0000000b00)={&(0x7f0000000a40)=""/159, 0x9f, 0x9, 0xe}) (async)
ptrace$setopts(0x4206, r8, 0x2, 0x10)
ioctl$SYNC_IOC_FILE_INFO(r9, 0xc0383e04, &(0x7f0000000c40)={""/32, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000b40)=[{}, {}, {}]})

1.029743484s ago: executing program 2 (id=181):
unshare(0x6a040000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0500fff5000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)

1.029524429s ago: executing program 0 (id=182):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc050}, 0x5d972a3e33914776)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000280))
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
sendmmsg$inet(r6, &(0x7f0000006340)=[{{&(0x7f0000000080)={0x2, 0x4e1e, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="14228b3bf93d6e6dac5ebafca0ade59019894b10d63ab89748270414dfedcf08b235e7c752c3fff183f69c85742b215ab7e25928d217167c3ec442a502158d4638c1ed89772d9200e49c6ebb3122aab47708964b0859808242343d941bae97c3aad96be236c049338767a83715a91dc507f5f79884a2b848bb8f88d04c3f83061fe3f196c6dfb00915492db99740ccf1f413a6369c2debf3bb194d1d1b8c77a1bbe0c22f3ee866957b26c5a436f85719ece52aa9d8448fb8215975290e4a39c0d1cba8b5a2e68fb079acd663074e5009760f0f25102eed45a71b52d1bdad7b73ad2fc4ce985d19a03a23d130fe2961bfddf6360533436664230fc6b900bab481584cfc9696e88aba675af1b0087911e8710d1172b6a3d28a20b29cb1bed7b1befb1e403103634c2e4f3fba3a330fa2df39bb481f2d1a318ef06e9371fb07d4d4e28b08d3da1fdd4f3aea26b74a1485a2997ea6308a76126362c3fba19722d4d1a007e9e41f32af849c4e9c5bd3515aeb8522f7f66b360be70bcefc6924ad9aed33db1d7cfe02c99957ca8b00043e474de18bfca6abaa276464d07a8bf1261a76a7a51179950d0fbe980287d7e3a296acff879bba6fe84bc980bdc0a1a4e02d6b5382d5730a7c65d3958f7b76b78a437341aaedcd180d9cd83a895a9afef271e6217e4205b1b3d6b8a8c249741ff1102676b62380741e48de57a973a11687249a297a288c8ffa54ae4d1f53320287c77f80817abb2a7fe87399e5dcca58a695e2e0b274a976ce6248158c02fbf9993a3b13c5ec402d2d83e9ca2bea1b2f7c5020bdc67d807f0ff90fbde8ce8b1399b8b3ad0f310340165b7dcdf92e6b17f19c9ac424b9a06ef8e3bfc11dc09c4e7db3ed5aeb17bf1fd8c9f7aba0627b48a2590c216ce949ba6b278edea7547095450851cf8d03ef93157e085e99708e1592857f0ecf1573d43eab0b00d28cacad9cda917e3df019d2158f52f3d597a3857b664085", 0x2c1}, {0x0}], 0x2}}], 0x2, 0xc044)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000100)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r8], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
write$binfmt_misc(r6, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYRESHEX=0x0], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x70f9a000)
write$UHID_INPUT2(r4, &(0x7f0000000140), 0x6)

960.648356ms ago: executing program 1 (id=183):
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40002}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="1beb41ea4ea9ca354f167d9eaee7dc35eca218b865688d79fe31cbe00d190c853bfe6a22bd7dec0023aa0e038d07000040e37e00f7dd3afafdbc70e1b5928033df5e82fd76f31e8b29a0f05c2cef56f56cd0330dc984004f220b7dcb23a05d530df65691cf6a3cceb7a97c673856f552ded9530b52fe6d1e662090d2802233ec1adca9eaab9dd6f04b2717ed1552cf46dc28cd3fbf1ec1eaedd80d1da838a00a1e229ce16d2c", 0xa6}, {&(0x7f0000000b00)}], 0x2, 0x0, 0x0, 0x4004090}, {0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e", 0xc}], 0x1, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000fc0)}], 0x2, 0x0, 0x0, 0x84090}], 0x3, 0x4004000)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

958.54092ms ago: executing program 1 (id=184):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000180)={0x1d8, 0x1})
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00'})
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$cgroup_devices(r2, &(0x7f0000000000)=ANY=[], 0x9)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(0xffffffffffffffff, 0xc0884123, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
lseek(r3, 0x3, 0x1)
getdents64(r3, 0x0, 0xfb)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$kcm(0x29, 0x5, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00')
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)

689.496916ms ago: executing program 2 (id=185):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a40)=@delchain={0x24, 0x2e, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20004001}, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x1100, 0x40})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r11 = dup3(r10, r9, 0x0)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40086315, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffff0}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r12, 0x8983, &(0x7f0000000340)={0x6, 'veth0_vlan\x00', {0x1}})

579.929863ms ago: executing program 0 (id=186):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0x6, 0x0, 0x1, 0xffffff80})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xa}, [@call={0x85, 0x0, 0x0, 0x41}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r1, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x4e23, @private=0xa010101}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001ec0)=""/4096, 0x1000}], 0x2}, 0x10000)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r3, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x18)
r4 = openat$ttyS3(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x13)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000f000/0x2000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$UHID_CREATE(r6, &(0x7f0000000080)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000001c0)=""/19, 0x13, 0xa0, 0x86, 0x3, 0x5, 0x1635}}, 0x120)
write$UHID_INPUT(r6, &(0x7f0000002080)={0xc, {"a2e3ad21ed0d52f91b5d390887f70e06d038e7ff7fc6e5539b3272298b089b07081b4d090890e0878f0e1ac6e7049b3366959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b39070d075d0936cd3b78130d9b61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251a4523a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x9c, 0x32, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x84, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0x9e, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfd}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x643}}, {0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}, @action_gd=@TCA_ACT_TAB={0x4}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4044}, 0x4000080)
io_uring_register$IORING_REGISTER_FILES(r5, 0x20, &(0x7f0000000000)=[r5], 0x1)

510.444637ms ago: executing program 2 (id=187):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc3", 0x6)
pselect6(0x40, &(0x7f0000000040)={0x80000000, 0x0, 0x3, 0x2, 0x4, 0x7, 0xffffffffffffff81, 0x9e}, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0)
preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGCOLLECTIONINFO(r4, 0xc0104811, &(0x7f0000000140)={0x10001, 0x80000000, 0x1, 0x4})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

406.413µs ago: executing program 1 (id=188):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='macvlan0\x00', 0x10)
listen(r0, 0x5)
syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100000007000000000002000000010102fe8000000000000000000000000000aaa5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"], 0x0)

0s ago: executing program 1 (id=189):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000400)={0x0, 0x1f000000})
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x4e21, 0x0, @mcast1={0xff, 0x7}, 0x10000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r3 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0xfffffffd, @mcast1={0xff, 0x7}, 0xc}}, {{0xa, 0x0, 0x8a, @remote, 0x1000}}}, 0x108)
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x3)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x800000000000, 0x0, 0x0, 0x751, 0x7, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000800000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000200000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000340)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000000000000000000000001fb195d574202b200000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)
lseek(r4, 0x1, 0x1)
lseek(r4, 0x9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xffff, 0x8}, {0x2}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x4, 0x9, 0x1}}]}}]}, 0x44}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008"], 0x4c}}, 0x40000)
sendmmsg(r7, &(0x7f0000000000), 0x4000000000001f2, 0xfc)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$COMEDI_CMD(r8, 0x80506409, &(0x7f0000000180)={0x1, 0x80, 0x80, 0xd, 0x10, 0x10000, 0x2, 0x40, 0x80, 0x1, 0x20, 0xffffffff, &(0x7f0000000600)=[0x7], 0x1, 0x0})

kernel console output (not intermixed with test programs):

[   53.018100][   T40] audit: type=1400 audit(1770924584.041:60): avc:  denied  { rlimitinh } for  pid=5902 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   53.024903][   T40] audit: type=1400 audit(1770924584.041:61): avc:  denied  { siginh } for  pid=5902 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '[localhost]:9287' (ED25519) to the list of known hosts.
[   54.796913][   T40] audit: type=1400 audit(1770924585.851:62): avc:  denied  { name_bind } for  pid=5910 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   54.826668][   T40] audit: type=1400 audit(1770924585.871:63): avc:  denied  { execute } for  pid=5911 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   54.833841][   T40] audit: type=1400 audit(1770924585.871:64): avc:  denied  { execute_no_trans } for  pid=5911 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   56.861894][   T40] audit: type=1400 audit(1770924587.911:65): avc:  denied  { mounton } for  pid=5911 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   56.872259][ T5911] cgroup: Unknown subsys name 'net'
[   56.875920][   T40] audit: type=1400 audit(1770924587.921:66): avc:  denied  { mount } for  pid=5911 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   57.002727][ T5911] cgroup: Unknown subsys name 'cpuset'
[   57.006485][ T5911] cgroup: Unknown subsys name 'rlimit'
[   57.175854][ T5916] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   57.836911][ T5911] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.940106][   T40] kauditd_printk_skb: 15 callbacks suppressed
[   60.940123][   T40] audit: type=1400 audit(1770924591.971:82): avc:  denied  { execmem } for  pid=5920 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   61.059587][   T40] audit: type=1400 audit(1770924592.101:83): avc:  denied  { create } for  pid=5924 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   61.073107][   T40] audit: type=1400 audit(1770924592.101:84): avc:  denied  { read write } for  pid=5924 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   61.084218][   T40] audit: type=1400 audit(1770924592.101:85): avc:  denied  { open } for  pid=5924 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   61.088234][ T5927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.095717][   T40] audit: type=1400 audit(1770924592.101:86): avc:  denied  { ioctl } for  pid=5924 comm="syz-executor" path="socket:[2964]" dev="sockfs" ino=2964 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   61.106602][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.110525][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   61.113477][ T5937] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   61.114130][ T5938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.117274][ T5937] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   61.119273][ T5939] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   61.120256][ T5941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.120712][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.122739][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   61.123779][ T5937] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   61.124228][ T5937] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   61.124519][ T5937] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   61.128477][ T5939] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   61.128652][ T5941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   61.130385][   T40] audit: type=1400 audit(1770924592.171:87): avc:  denied  { read } for  pid=5924 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   61.133494][ T5939] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   61.135138][   T40] audit: type=1400 audit(1770924592.181:88): avc:  denied  { open } for  pid=5924 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   61.135495][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   61.139126][ T5939] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   61.141624][   T40] audit: type=1400 audit(1770924592.181:89): avc:  denied  { mounton } for  pid=5924 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   61.146501][ T5939] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   61.154685][   T63] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   61.350755][   T40] audit: type=1400 audit(1770924592.401:90): avc:  denied  { module_request } for  pid=5924 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   61.387139][ T5924] chnl_net:caif_netlink_parms(): no params data found
[   61.520895][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.523760][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.526838][ T5924] bridge_slave_0: entered allmulticast mode
[   61.529818][ T5924] bridge_slave_0: entered promiscuous mode
[   61.544890][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.547528][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.550226][ T5924] bridge_slave_1: entered allmulticast mode
[   61.554239][ T5924] bridge_slave_1: entered promiscuous mode
[   61.568103][ T5930] chnl_net:caif_netlink_parms(): no params data found
[   61.594747][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.608507][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.623029][ T5929] chnl_net:caif_netlink_parms(): no params data found
[   61.637908][ T5928] chnl_net:caif_netlink_parms(): no params data found
[   61.662803][ T5924] team0: Port device team_slave_0 added
[   61.691400][ T5924] team0: Port device team_slave_1 added
[   61.755555][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.757834][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   61.766654][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.786317][ T5930] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.789360][ T5930] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.792666][ T5930] bridge_slave_0: entered allmulticast mode
[   61.796384][ T5930] bridge_slave_0: entered promiscuous mode
[   61.801267][ T5930] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.804153][ T5930] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.807122][ T5930] bridge_slave_1: entered allmulticast mode
[   61.811223][ T5930] bridge_slave_1: entered promiscuous mode
[   61.814232][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.816455][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   61.826788][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.846647][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.849727][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.852864][ T5929] bridge_slave_0: entered allmulticast mode
[   61.855941][ T5929] bridge_slave_0: entered promiscuous mode
[   61.868754][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.871787][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.874604][ T5929] bridge_slave_1: entered allmulticast mode
[   61.877777][ T5929] bridge_slave_1: entered promiscuous mode
[   61.938297][ T5930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.942690][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.951661][ T5924] hsr_slave_0: entered promiscuous mode
[   61.954941][ T5924] hsr_slave_1: entered promiscuous mode
[   61.958156][ T5928] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.960722][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.963002][ T5928] bridge_slave_0: entered allmulticast mode
[   61.966411][ T5928] bridge_slave_0: entered promiscuous mode
[   61.971833][ T5930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.975781][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.979388][ T5928] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.981855][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.984111][ T5928] bridge_slave_1: entered allmulticast mode
[   61.987095][ T5928] bridge_slave_1: entered promiscuous mode
[   62.019955][ T5930] team0: Port device team_slave_0 added
[   62.028075][ T5930] team0: Port device team_slave_1 added
[   62.056905][ T5928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.071667][ T5929] team0: Port device team_slave_0 added
[   62.081356][ T5928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.085642][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.088464][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.097752][ T5930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.103740][ T5929] team0: Port device team_slave_1 added
[   62.120709][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.123456][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.131623][ T5930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.164787][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.167015][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.175020][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.180104][ T5928] team0: Port device team_slave_0 added
[   62.187247][ T5928] team0: Port device team_slave_1 added
[   62.205031][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.207614][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.215736][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.229837][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.232748][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.241780][ T5928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.250214][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.252330][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.260295][ T5928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.307451][ T5930] hsr_slave_0: entered promiscuous mode
[   62.309742][ T5930] hsr_slave_1: entered promiscuous mode
[   62.312223][ T5930] debugfs: 'hsr0' already exists in 'hsr'
[   62.314368][ T5930] Cannot create hsr debugfs directory
[   62.362329][ T5929] hsr_slave_0: entered promiscuous mode
[   62.365280][ T5929] hsr_slave_1: entered promiscuous mode
[   62.367708][ T5929] debugfs: 'hsr0' already exists in 'hsr'
[   62.369714][ T5929] Cannot create hsr debugfs directory
[   62.375093][ T5928] hsr_slave_0: entered promiscuous mode
[   62.377353][ T5928] hsr_slave_1: entered promiscuous mode
[   62.379376][ T5928] debugfs: 'hsr0' already exists in 'hsr'
[   62.381478][ T5928] Cannot create hsr debugfs directory
[   62.546782][ T5924] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   62.558127][ T5924] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   62.583252][ T5924] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   62.594620][ T5924] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   62.653469][ T5930] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.660336][ T5930] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.665248][ T5930] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.670419][ T5930] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.719114][ T5928] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   62.724065][ T5928] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   62.728610][ T5928] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   62.733873][ T5928] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.787323][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.790614][ T5929] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.794811][ T5929] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.800680][ T5929] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.805149][ T5929] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.838756][ T5924] 8021q: adding VLAN 0 to HW filter on device team0
[   62.857149][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.860167][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.874936][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.877257][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.899638][ T5930] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.927771][ T5924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.946891][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.954399][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.968844][ T5930] 8021q: adding VLAN 0 to HW filter on device team0
[   62.972010][   T40] audit: type=1400 audit(1770924594.021:91): avc:  denied  { sys_module } for  pid=5924 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   62.974656][ T5929] 8021q: adding VLAN 0 to HW filter on device team0
[   62.994267][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.996820][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.002498][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.005513][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.010527][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.013446][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.018020][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.020720][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.045204][ T5928] 8021q: adding VLAN 0 to HW filter on device team0
[   63.064706][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.067465][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.088942][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.091825][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.105839][ T5929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.148750][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.171538][ T5927] Bluetooth: hci0: command tx timeout
[   63.180213][ T5927] Bluetooth: hci2: command tx timeout
[   63.234629][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.244613][ T5924] veth0_vlan: entered promiscuous mode
[   63.257346][ T5924] veth1_vlan: entered promiscuous mode
[   63.260787][ T5934] Bluetooth: hci3: command tx timeout
[   63.262844][ T5927] Bluetooth: hci1: command tx timeout
[   63.273845][ T5930] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.304364][ T5929] veth0_vlan: entered promiscuous mode
[   63.316854][ T5924] veth0_macvtap: entered promiscuous mode
[   63.329540][ T5924] veth1_macvtap: entered promiscuous mode
[   63.333644][ T5929] veth1_vlan: entered promiscuous mode
[   63.349934][ T5930] veth0_vlan: entered promiscuous mode
[   63.358597][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.367252][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.379272][ T5930] veth1_vlan: entered promiscuous mode
[   63.392578][ T5929] veth0_macvtap: entered promiscuous mode
[   63.396111][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.409476][   T61] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.414428][ T5929] veth1_macvtap: entered promiscuous mode
[   63.422475][   T61] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.425305][   T61] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.429707][   T61] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.453210][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.459535][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.469894][ T5930] veth0_macvtap: entered promiscuous mode
[   63.485368][ T5930] veth1_macvtap: entered promiscuous mode
[   63.493787][   T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.497325][   T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.502167][ T5928] veth0_vlan: entered promiscuous mode
[   63.507311][   T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.511128][   T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.522005][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.545150][ T5928] veth1_vlan: entered promiscuous mode
[   63.555333][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.565651][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.568813][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.580984][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.584444][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.587466][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.604895][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.630797][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.637243][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.638848][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.643411][ T5928] veth0_macvtap: entered promiscuous mode
[   63.643946][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.678538][ T5928] veth1_macvtap: entered promiscuous mode
[   63.695288][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.696100][ T5924] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   63.700394][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.711107][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.717637][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.750384][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.753565][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.769026][   T80] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.775609][   T80] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.796833][   T80] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.799556][   T80] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.817990][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.820635][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.857260][ T1228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.864571][ T1228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.899388][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.910105][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.948952][ T6022] use of bytesused == 0 is deprecated and will be removed in the future,
[   63.953728][ T6025] BIDI support in bsg has been removed.
[   63.954629][ T6022] use the actual size instead.
[   63.957451][ T6023] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'.
[   63.962350][ T6022] binder: 6021:6022 ioctl c0306201 200000000640 returned -22
[   64.023628][ T6023] mkiss: ax0: crc mode is auto.
[   64.175565][ T6039] syz.0.13 uses obsolete (PF_INET,SOCK_PACKET)
[   64.180843][ T6039] syzkaller1: entered promiscuous mode
[   64.182551][ T6039] syzkaller1: entered allmulticast mode
[   64.281429][ T6047] syzkaller1: entered promiscuous mode
[   64.283280][ T6047] syzkaller1: entered allmulticast mode
[   64.322734][ T6048] netlink: 16 bytes leftover after parsing attributes in process `syz.1.16'.
[   64.331332][ T6048] bond0: entered promiscuous mode
[   64.333541][ T6048] bond_slave_0: entered promiscuous mode
[   64.335953][ T6048] bond_slave_1: entered promiscuous mode
[   64.339837][ T6048] gretap0: entered promiscuous mode
[   64.343008][ T6048] hsr1: entered promiscuous mode
[   64.351055][ T6048] netlink: 16 bytes leftover after parsing attributes in process `syz.1.16'.
[   64.471584][ T6048] Zero length message leads to an empty skb
[   65.000469][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   65.040443][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   65.043341][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   65.261198][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   65.264329][ T5927] Bluetooth: hci2: command tx timeout
[   65.264357][ T5934] Bluetooth: hci0: command tx timeout
[   65.330169][ T5934] Bluetooth: hci1: command tx timeout
[   65.330176][ T5927] Bluetooth: hci3: command tx timeout
[   65.420175][   T24] usb 8-1: Using ep0 maxpacket: 8
[   65.424630][   T24] usb 8-1: config 9 has an invalid interface number: 172 but max is 2
[   65.427934][   T24] usb 8-1: config 9 has an invalid interface number: 231 but max is 2
[   65.431439][   T24] usb 8-1: config 9 has an invalid interface number: 219 but max is 2
[   65.434419][   T24] usb 8-1: config 9 has no interface number 0
[   65.436739][   T24] usb 8-1: config 9 has no interface number 1
[   65.438717][   T24] usb 8-1: config 9 has no interface number 2
[   65.440839][   T24] usb 8-1: config 9 interface 172 altsetting 0 endpoint 0x2 has invalid maxpacket 479, setting to 64
[   65.444305][   T24] usb 8-1: config 9 interface 172 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[   65.447430][   T24] usb 8-1: config 9 interface 172 altsetting 0 has an endpoint descriptor with address 0xD3, changing to 0x83
[   65.451220][   T24] usb 8-1: config 9 interface 172 altsetting 0 endpoint 0x83 has an invalid bInterval 203, changing to 7
[   65.454796][   T24] usb 8-1: config 9 interface 172 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[   65.458235][   T24] usb 8-1: config 9 interface 172 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[   65.461735][   T24] usb 8-1: config 9 interface 172 altsetting 0 endpoint 0x5 has invalid maxpacket 61932, setting to 64
[   65.465241][   T24] usb 8-1: config 9 interface 172 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[   65.468693][   T24] usb 8-1: config 9 interface 172 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[   65.472775][   T24] usb 8-1: config 9 interface 172 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024
[   65.475958][   T24] usb 8-1: config 9 interface 172 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   65.479533][   T24] usb 8-1: config 9 interface 172 altsetting 0 endpoint 0x9 has invalid maxpacket 511, setting to 64
[   65.483138][   T24] usb 8-1: config 9 interface 172 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[   65.486490][   T24] usb 8-1: config 9 interface 172 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[   65.490511][   T24] usb 8-1: config 9 interface 172 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   65.493908][   T24] usb 8-1: config 9 interface 172 altsetting 0 has 16 endpoint descriptors, different from the interface descriptor's value: 15
[   65.498061][   T24] usb 8-1: config 9 interface 231 altsetting 129 has a duplicate endpoint with address 0x6, skipping
[   65.501650][   T24] usb 8-1: config 9 interface 231 altsetting 129 has a duplicate endpoint with address 0x3, skipping
[   65.505043][   T24] usb 8-1: config 9 interface 231 altsetting 129 has a duplicate endpoint with address 0xA, skipping
[   65.509086][   T24] usb 8-1: config 9 interface 231 altsetting 129 endpoint 0x1 has invalid maxpacket 568, setting to 64
[   65.513631][   T24] usb 8-1: config 9 interface 231 altsetting 129 endpoint 0xE has invalid wMaxPacketSize 0
[   65.516806][   T24] usb 8-1: config 9 interface 219 altsetting 13 has a duplicate endpoint with address 0x81, skipping
[   65.520839][   T24] usb 8-1: config 9 interface 219 altsetting 13 has a duplicate endpoint with address 0x1, skipping
[   65.524402][   T24] usb 8-1: config 9 interface 219 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[   65.527832][   T24] usb 8-1: config 9 interface 219 altsetting 13 has a duplicate endpoint with address 0xE, skipping
[   65.531578][   T24] usb 8-1: config 9 interface 219 altsetting 13 has a duplicate endpoint with address 0x5, skipping
[   65.535197][   T24] usb 8-1: config 9 interface 219 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[   65.538656][   T24] usb 8-1: config 9 interface 219 altsetting 13 has a duplicate endpoint with address 0xB, skipping
[   65.542403][   T24] usb 8-1: config 9 interface 219 altsetting 13 has a duplicate endpoint with address 0x6, skipping
[   65.546075][   T24] usb 8-1: config 9 interface 231 has no altsetting 0
[   65.548322][   T24] usb 8-1: config 9 interface 219 has no altsetting 0
[   65.553772][   T24] usb 8-1: Dual-Role OTG device on HNP port
[   65.556194][   T24] usb 8-1: New USB device found, idVendor=045e, idProduct=04cb, bcdDevice=56.af
[   65.559079][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.566285][   T24] usb 8-1: Product: Ф
[   65.567570][   T24] usb 8-1: Manufacturer: ྦꥍ邆鴹ȹ骡鞯আꮽ⯶讁㟲幥姕墦诿맴茯ᕁ샠䰀휦费괯ꌙᕊ嗂೓䗌쏭들竿멂用絞⅏딦弒쯩帬雦颓⏂鉽ၕ⁒퐳垍狄ࣺ諜`ᨺ陱ﾴ੣噄뀾謂⣥뗙ﭤ驰痯봚甾술䛬䵨⼥䕘礃衜딘ꜟ䂐鴤閫汯緇頥꫻䯞湢쇰馭䲷岇횢䓴멱ӎ蒥利ኦ
[   65.579782][   T24] usb 8-1: SerialNumber: ꆃ㱝屈∏䯟艗᭠䤛ﮡ癌բ
[   65.586661][ T6057] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   65.589101][ T6057] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   65.645196][ T6063] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[   65.651034][ T6063] overlayfs: statfs failed on './file0'
[   65.663022][ T6063] netlink: 24 bytes leftover after parsing attributes in process `syz.1.21'.
[   65.678216][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.681619][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.684303][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.686703][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.689856][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.692802][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.695167][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.697520][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.699857][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.709773][   T39] hid-generic 0005:00B6:0009.0002: unknown main item tag 0x0
[   65.741098][   T39] hid-generic 0005:00B6:0009.0002: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1
[   65.787129][ T6069] fido_id[6069]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   65.837093][   T24] usb 8-1: USB disconnect, device number 2
[   65.886332][ T6082] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.952514][   T40] kauditd_printk_skb: 97 callbacks suppressed
[   65.952525][   T40] audit: type=1400 audit(1770924597.001:189): avc:  denied  { write } for  pid=6093 comm="syz.1.30" name="ip_vs" dev="proc" ino=4026533354 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   65.980729][   T40] audit: type=1400 audit(1770924597.041:190): avc:  denied  { read write } for  pid=6097 comm="syz.2.32" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   65.988811][   T40] audit: type=1400 audit(1770924597.041:191): avc:  denied  { open } for  pid=6097 comm="syz.2.32" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   66.001967][   T40] audit: type=1400 audit(1770924597.051:192): avc:  denied  { create } for  pid=6097 comm="syz.2.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   66.008236][   T40] audit: type=1400 audit(1770924597.051:193): avc:  denied  { getopt } for  pid=6097 comm="syz.2.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   66.017078][   T40] audit: type=1400 audit(1770924597.071:194): avc:  denied  { write } for  pid=6099 comm="syz.1.33" name="renderD128" dev="devtmpfs" ino=634 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   66.031266][ T6100] bond1 (unregistering): Released all slaves
[   66.053247][   T40] audit: type=1400 audit(1770924597.101:195): avc:  denied  { read append } for  pid=6103 comm="syz.2.34" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   66.065328][   T40] audit: type=1400 audit(1770924597.101:196): avc:  denied  { open } for  pid=6103 comm="syz.2.34" path="/dev/ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   66.122042][ T6107] pim6reg99999999: entered allmulticast mode
[   66.125241][   T40] audit: type=1400 audit(1770924597.181:197): avc:  denied  { write } for  pid=6106 comm="syz.2.35" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   66.187350][   T40] audit: type=1400 audit(1770924597.231:198): avc:  denied  { create } for  pid=6113 comm="syz.2.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   66.200305][   T39] IPVS: starting estimator thread 0...
[   66.300424][ T6117] IPVS: using max 43 ests per chain, 103200 per kthread
[   66.339347][ T6127] netlink: 276 bytes leftover after parsing attributes in process `syz.3.43'.
[   66.372236][ T6129] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   66.590393][ T5967] usb 7-1: new low-speed USB device number 2 using dummy_hcd
[   66.646266][ T6155] FAULT_INJECTION: forcing a failure.
[   66.646266][ T6155] name failslab, interval 1, probability 0, space 0, times 1
[   66.650613][ T6155] CPU: 1 UID: 0 PID: 6155 Comm: syz.3.52 Not tainted syzkaller #0 PREEMPT(full) 
[   66.650628][ T6155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   66.650634][ T6155] Call Trace:
[   66.650638][ T6155]  <TASK>
[   66.650642][ T6155]  dump_stack_lvl+0x100/0x190
[   66.650662][ T6155]  should_fail_ex.cold+0x5/0xa
[   66.650676][ T6155]  should_failslab+0xc2/0x120
[   66.650690][ T6155]  kmem_cache_alloc_noprof+0x7b/0x6e0
[   66.650707][ T6155]  ? security_inode_alloc+0x3b/0x2c0
[   66.650721][ T6155]  ? lockdep_init_map_type+0x5c/0x250
[   66.650739][ T6155]  security_inode_alloc+0x3b/0x2c0
[   66.650752][ T6155]  inode_init_always_gfp+0xced/0x1040
[   66.650768][ T6155]  alloc_inode+0x8e/0x250
[   66.650784][ T6155]  sock_alloc+0x44/0x280
[   66.650799][ T6155]  ? security_socket_create+0x7f/0x250
[   66.650812][ T6155]  __sock_create+0xc2/0x860
[   66.650822][ T6155]  ? find_held_lock+0x2b/0x80
[   66.650835][ T6155]  mptcp_subflow_create_socket+0xec/0xa30
[   66.650848][ T6155]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[   66.650858][ T6155]  ? avc_has_perm_noaudit+0x145/0x3b0
[   66.650876][ T6155]  ? look_up_lock_class+0x55/0x120
[   66.650894][ T6155]  __mptcp_nmpc_sk+0x17f/0x870
[   66.650906][ T6155]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[   66.650918][ T6155]  ? __lock_acquire+0x4a5/0x2630
[   66.650936][ T6155]  mptcp_connect+0x7e/0xad0
[   66.650949][ T6155]  __inet_stream_connect+0x208/0xfa0
[   66.650964][ T6155]  ? __pfx___inet_stream_connect+0x10/0x10
[   66.650976][ T6155]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   66.650994][ T6155]  ? __pfx_inet_stream_connect+0x10/0x10
[   66.651006][ T6155]  ? __local_bh_enable_ip+0x9e/0x120
[   66.651020][ T6155]  ? __pfx_inet_stream_connect+0x10/0x10
[   66.651030][ T6155]  inet_stream_connect+0x57/0xa0
[   66.651042][ T6155]  __sys_connect_file+0x141/0x1a0
[   66.651056][ T6155]  __sys_connect+0x141/0x170
[   66.651068][ T6155]  ? __pfx___sys_connect+0x10/0x10
[   66.651079][ T6155]  ? __fget_files+0x21f/0x3d0
[   66.651100][ T6155]  ? __pfx_ksys_write+0x10/0x10
[   66.651111][ T6155]  ? fput+0x79/0x100
[   66.651126][ T6155]  __x64_sys_connect+0x72/0xb0
[   66.651138][ T6155]  ? lockdep_hardirqs_on+0x78/0x100
[   66.651153][ T6155]  do_syscall_64+0x106/0xf80
[   66.651168][ T6155]  ? clear_bhb_loop+0x40/0x90
[   66.651181][ T6155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.651192][ T6155] RIP: 0033:0x7fb26af9bf79
[   66.651201][ T6155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   66.651212][ T6155] RSP: 002b:00007fb26bdb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   66.651223][ T6155] RAX: ffffffffffffffda RBX: 00007fb26b216090 RCX: 00007fb26af9bf79
[   66.651230][ T6155] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000006
[   66.651236][ T6155] RBP: 00007fb26bdb6090 R08: 0000000000000000 R09: 0000000000000000
[   66.651242][ T6155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.651248][ T6155] R13: 00007fb26b216128 R14: 00007fb26b216090 R15: 00007ffe10259cd8
[   66.651261][ T6155]  </TASK>
[   66.651278][ T6155] socket: no more sockets
[   66.727966][ T6159] netlink: 'syz.1.54': attribute type 4 has an invalid length.
[   66.802038][ T5967] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   66.805445][ T5967] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 8
[   66.812497][ T5967] usb 7-1: string descriptor 0 read error: -22
[   66.814639][ T5967] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   66.817562][ T5967] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.823665][ T6125] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   66.831240][ T5967] usb 7-1: selecting invalid altsetting 1
[   66.947834][ T6167] input: syz0 as /devices/virtual/input/input6
[   66.951784][ T6167] input: failed to attach handler leds to device input6, error: -6
[   66.981956][ T6169] ptrace attach of "/syz-executor exec"[5924] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b\x0a��\x0c  !��      \x07
  �����     �      �   �   �       �       ?�j}6ٱ����Ğ� ����Dl����\x0a���9:���$�V�Q���\x09<Y�k^Ο6�\x0d
\x0cPwڀ��,� �l�HJA[v�a�Ou$\x1b\x07.�  -uY:(  �>d�'�Z���bW�zr‘�Q������``V�\x5c4fL\x0a�6\x0az^k`q0ȟ�
[   67.007645][ T6172] =======================================================
[   67.007645][ T6172] WARNING: The mand mount option has been deprecated and
[   67.007645][ T6172]          and is ignored by this kernel. Remove the mand
[   67.007645][ T6172]          option from the mount to silence this warning.
[   67.007645][ T6172] =======================================================
[   67.029438][ T6125] netlink: 'syz.2.42': attribute type 15 has an invalid length.
[   67.069829][ T6174] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   67.073423][ T6174] block device autoloading is deprecated and will be removed.
[   67.113186][ T6172] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   67.347918][ T5927] Bluetooth: hci0: command tx timeout
[   67.349660][ T5934] Bluetooth: hci2: command tx timeout
[   67.377081][ T6178] x_tables: duplicate underflow at hook 2
[   67.410169][ T5927] Bluetooth: hci1: command tx timeout
[   67.417941][ T6180] capability: warning: `syz.3.62' uses 32-bit capabilities (legacy support in use)
[   67.625876][ T6180] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[   67.823809][ T6202] hfs: can't find a HFS filesystem on dev sr0
[   67.850648][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   68.001113][    T9] usb 6-1: Using ep0 maxpacket: 16
[   68.004749][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   68.008071][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[   68.013684][    T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   68.017495][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.020870][    T9] usb 6-1: Product: syz
[   68.022171][    T9] usb 6-1: Manufacturer: syz
[   68.023728][    T9] usb 6-1: SerialNumber: syz
[   68.080144][ T6053] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   68.182402][ T6207] netlink: 'syz.3.69': attribute type 1 has an invalid length.
[   68.186290][ T6208] warning: `syz.3.69' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.199456][ T6208] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[   68.236161][    T9] usb 6-1: 0:2 : does not exist
[   68.238098][    T9] usb 6-1: unit 0 not found!
[   68.242465][ T6053] usb 5-1: Using ep0 maxpacket: 16
[   68.247256][ T6053] usb 5-1: config 1 has an invalid interface number: 110 but max is 1
[   68.247834][ T6210] netlink: 'syz.3.70': attribute type 3 has an invalid length.
[   68.250964][ T6053] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[   68.253198][ T6210] netlink: 'syz.3.70': attribute type 1 has an invalid length.
[   68.258973][ T6053] usb 5-1: config 1 has an invalid interface number: 187 but max is 1
[   68.258988][ T6053] usb 5-1: config 1 has no interface number 0
[   68.258996][ T6053] usb 5-1: config 1 has no interface number 1
[   68.259027][ T6053] usb 5-1: config 1 interface 110 altsetting 7 endpoint 0xA has invalid maxpacket 1007, setting to 64
[   68.259041][ T6053] usb 5-1: config 1 interface 110 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[   68.259054][ T6053] usb 5-1: config 1 interface 110 altsetting 7 endpoint 0xE has invalid wMaxPacketSize 0
[   68.259066][ T6053] usb 5-1: config 1 interface 110 altsetting 7 endpoint 0xC has invalid maxpacket 1023, setting to 64
[   68.259079][ T6053] usb 5-1: config 1 interface 110 altsetting 7 endpoint 0x5 has invalid wMaxPacketSize 0
[   68.259090][ T6053] usb 5-1: config 1 interface 110 altsetting 7 endpoint 0xF has invalid maxpacket 72, setting to 64
[   68.259657][    T9] usb 6-1: USB disconnect, device number 2
[   68.276223][ T6091] udevd[6091]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   68.279325][ T6053] usb 5-1: config 1 interface 110 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[   68.300173][ T6053] usb 5-1: config 1 interface 110 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[   68.300189][ T6053] usb 5-1: config 1 interface 110 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 1023
[   68.300208][ T6053] usb 5-1: config 1 interface 110 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[   68.300222][ T6053] usb 5-1: config 1 interface 110 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[   68.300232][ T6053] usb 5-1: config 1 interface 110 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[   68.300242][ T6053] usb 5-1: config 1 interface 110 altsetting 7 has a duplicate endpoint with address 0xF, skipping
[   68.300264][ T6053] usb 5-1: config 1 interface 187 altsetting 0 endpoint 0x9 has invalid maxpacket 528, setting to 64
[   68.300282][ T6053] usb 5-1: config 1 interface 187 altsetting 0 has a duplicate endpoint with address 0xF, skipping
[   68.300294][ T6053] usb 5-1: config 1 interface 187 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   68.300305][ T6053] usb 5-1: config 1 interface 187 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[   68.300316][ T6053] usb 5-1: config 1 interface 187 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   68.300326][ T6053] usb 5-1: config 1 interface 187 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[   68.300338][ T6053] usb 5-1: config 1 interface 187 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[   68.300349][ T6053] usb 5-1: config 1 interface 110 has no altsetting 0
[   68.301916][ T6053] usb 5-1: New USB device found, idVendor=07ca, idProduct=815a, bcdDevice=fb.5a
[   68.355399][ T6053] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.355415][ T6053] usb 5-1: Product: syz
[   68.355423][ T6053] usb 5-1: Manufacturer: ф
[   68.355431][ T6053] usb 5-1: SerialNumber: syz
[   68.366483][ T6202] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[   68.579374][ T6053] usb 5-1: USB disconnect, device number 2
[   68.765100][ T6221] comedi comedi4: bad chanlist[0]=0x000000ae chan=174 range length=2
[   68.904255][ T6228] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7
[   69.089379][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   69.290408][ T1334] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[   69.313426][ T6250] 9p: Bad value for 'wfdno'
[   69.359723][ T5967] cdc_ncm 7-1:1.0: bind() failure
[   69.374866][ T5967] usb 7-1: USB disconnect, device number 2
[   69.411754][ T5927] Bluetooth: hci2: command tx timeout
[   69.411881][ T5934] Bluetooth: hci0: command tx timeout
[   69.452326][ T1334] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 8
[   69.456216][ T1334] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt
[   69.459882][ T1334] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt
[   69.466585][ T1334] usb 6-1: string descriptor 0 read error: -22
[   69.468828][ T1334] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   69.472101][ T1334] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.476728][ T6239] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   69.500195][ T5934] Bluetooth: hci1: command tx timeout
[   69.625649][ T6271] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.640667][    T9] hid-generic 0000:0000:0000.0003: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   69.711771][ T1334] cdc_ncm 6-1:1.0: bind() failure
[   69.720704][ T1334] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[   69.727575][ T1334] cdc_ncm 6-1:1.1: bind() failure
[   69.743752][ T1334] usb 6-1: USB disconnect, device number 3
[   69.870915][ T6287] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.99'.
[   69.946087][ T6301] netlink: 60 bytes leftover after parsing attributes in process `syz.0.102'.
[   69.949277][ T6301] netlink: 60 bytes leftover after parsing attributes in process `syz.0.102'.
[   70.082183][ T6308] process 'syz.3.105' launched './file0' with NULL argv: empty string added
[   70.088674][ T6303] tmpfs: Bad value for 'mpol'
[   70.136021][ T6310] input: syz1 as /devices/virtual/input/input8
[   70.680231][ T6334] FAULT_INJECTION: forcing a failure.
[   70.680231][ T6334] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   70.685774][ T6334] CPU: 3 UID: 0 PID: 6334 Comm: syz.1.114 Not tainted syzkaller #0 PREEMPT(full) 
[   70.685789][ T6334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   70.685796][ T6334] Call Trace:
[   70.685800][ T6334]  <TASK>
[   70.685805][ T6334]  dump_stack_lvl+0x100/0x190
[   70.685824][ T6334]  should_fail_ex.cold+0x5/0xa
[   70.685839][ T6334]  _copy_from_user+0x2e/0xd0
[   70.685858][ T6334]  kstrtouint_from_user+0xd6/0x1d0
[   70.685872][ T6334]  ? __pfx_kstrtouint_from_user+0x10/0x10
[   70.685885][ T6334]  ? __lock_acquire+0x4a5/0x2630
[   70.685902][ T6334]  ? lock_acquire+0x17c/0x330
[   70.685919][ T6334]  proc_fail_nth_write+0x83/0x220
[   70.685934][ T6334]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   70.685953][ T6334]  vfs_write+0x2aa/0x1070
[   70.685964][ T6334]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   70.685980][ T6334]  ? __pfx_vfs_write+0x10/0x10
[   70.685989][ T6334]  ? __fget_files+0x215/0x3d0
[   70.686004][ T6334]  ? __fget_files+0x21f/0x3d0
[   70.686020][ T6334]  ksys_write+0x12a/0x250
[   70.686030][ T6334]  ? __pfx_ksys_write+0x10/0x10
[   70.686041][ T6334]  ? rcu_is_watching+0x12/0xc0
[   70.686054][ T6334]  do_syscall_64+0x106/0xf80
[   70.686069][ T6334]  ? clear_bhb_loop+0x40/0x90
[   70.686082][ T6334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.686094][ T6334] RIP: 0033:0x7f159cb5c84e
[   70.686103][ T6334] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   70.686113][ T6334] RSP: 002b:00007f159d9a3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.686124][ T6334] RAX: ffffffffffffffda RBX: 00007f159d9a46c0 RCX: 00007f159cb5c84e
[   70.686131][ T6334] RDX: 0000000000000001 RSI: 00007f159d9a40a0 RDI: 0000000000000004
[   70.686137][ T6334] RBP: 00007f159d9a4090 R08: 0000000000000000 R09: 0000000000000000
[   70.686143][ T6334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.686149][ T6334] R13: 00007f159ce16038 R14: 00007f159ce15fa0 R15: 00007ffd5ad460f8
[   70.686162][ T6334]  </TASK>
[   70.793123][ T6342] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[   70.952852][ T2305] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   70.962149][ T6365] netlink: 16 bytes leftover after parsing attributes in process `syz.1.128'.
[   70.962273][ T6361] netlink: 'syz.2.126': attribute type 1 has an invalid length.
[   70.964911][ T6365] netlink: 92 bytes leftover after parsing attributes in process `syz.1.128'.
[   70.972121][ T6361] netlink: 'syz.2.126': attribute type 1 has an invalid length.
[   70.982330][ T6361] vlan0: entered promiscuous mode
[   71.096612][   T40] kauditd_printk_skb: 68 callbacks suppressed
[   71.096633][   T40] audit: type=1400 audit(1770924602.141:267): avc:  denied  { watch_mount watch_reads } for  pid=6368 comm="syz.1.130" path="/38" dev="tmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   71.120062][ T2305] usb 5-1: Using ep0 maxpacket: 8
[   71.123171][ T2305] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   71.126189][ T2305] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   71.129956][ T2305] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   71.133899][ T2305] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   71.137793][ T2305] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   71.142905][ T2305] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   71.146430][ T2305] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.154495][ T2305] usbtmc 5-1:16.0: bulk endpoints not found
[   71.260158][   T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   71.403093][   T24] usb 7-1: device descriptor read/64, error -71
[   71.442515][   T40] audit: type=1400 audit(1770924602.491:268): avc:  denied  { connect } for  pid=6380 comm="syz.3.134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   71.451223][   T40] audit: type=1400 audit(1770924602.491:269): avc:  denied  { name_connect } for  pid=6380 comm="syz.3.134" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   71.460071][   T40] audit: type=1400 audit(1770924602.491:270): avc:  denied  { accept } for  pid=6380 comm="syz.3.134" lport=34472 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   71.470448][   T40] audit: type=1400 audit(1770924602.491:271): avc:  denied  { setopt } for  pid=6380 comm="syz.3.134" lport=34472 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[   71.479703][   T40] audit: type=1400 audit(1770924602.491:272): avc:  denied  { getopt } for  pid=6380 comm="syz.3.134" lport=34472 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[   71.532094][ T6383] netlink: 'syz.3.135': attribute type 5 has an invalid length.
[   71.532797][   T40] audit: type=1400 audit(1770924602.581:273): avc:  denied  { search } for  pid=5636 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   71.541971][   T40] audit: type=1400 audit(1770924602.591:274): avc:  denied  { search } for  pid=5636 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   71.548649][   T40] audit: type=1400 audit(1770924602.591:275): avc:  denied  { search } for  pid=5636 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   71.624110][   T40] audit: type=1400 audit(1770924602.671:276): avc:  denied  { read open } for  pid=6387 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1907 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   71.640227][   T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   71.770092][   T24] usb 7-1: device descriptor read/64, error -71
[   71.840294][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   71.863864][ T6405] Bluetooth: MGMT ver 1.23
[   71.880990][   T24] usb usb7-port1: attempt power cycle
[   71.940120][ T6407] random: crng reseeded on system resumption
[   72.240536][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   72.242924][   T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   72.270464][   T24] usb 7-1: device descriptor read/8, error -71
[   72.510314][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   72.530555][   T24] usb 7-1: device descriptor read/8, error -71
[   72.641387][   T24] usb usb7-port1: unable to enumerate USB device
[   72.769907][ T6423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.772695][ T6423] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.775865][ T6423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.778299][ T6423] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.145785][ T6429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.147'.
[   73.239162][ T6434] netlink: 16 bytes leftover after parsing attributes in process `syz.3.149'.
[   73.440127][  T827] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   73.600055][  T827] usb 6-1: Using ep0 maxpacket: 8
[   73.604747][  T827] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   73.608925][  T827] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[   73.613857][  T827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[   73.618389][  T827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[   73.623120][  T827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[   73.627159][  T827] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   73.634644][  T827] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[   73.638493][  T827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.641983][  T827] usb 6-1: Product: syz
[   73.643696][  T827] usb 6-1: Manufacturer: syz
[   73.645679][  T827] usb 6-1: SerialNumber: syz
[   73.650097][  T827] usb 6-1: config 0 descriptor??
[   73.653749][ T6432] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[   73.658924][  T827] ati_remote 6-1:0.0: ati_remote_probe: Unexpected endpoint_out
[   73.709888][  T827] usb 5-1: USB disconnect, device number 3
[   73.870220][ T1326] usb 6-1: USB disconnect, device number 4
[   74.062999][ T6452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.154'.
[   74.277848][ T6471] netlink: 36 bytes leftover after parsing attributes in process `syz.1.160'.
[   74.340580][ T2305] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[   74.364217][ T6475] netlink: 40 bytes leftover after parsing attributes in process `syz.1.161'.
[   74.698340][ T6501] hfsplus: unable to find HFS+ superblock
[   76.304736][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[   76.307689][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[   81.807114][   T40] kauditd_printk_skb: 48 callbacks suppressed
[   81.807130][   T40] audit: type=1400 audit(1770924612.851:325): avc:  denied  { create } for  pid=6518 comm="syz.0.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   81.812535][ T6519] nbd: must specify a device to reconfigure
[   81.820087][   T40] audit: type=1400 audit(1770924612.861:326): avc:  denied  { watch watch_reads } for  pid=6522 comm="syz.3.169" path="/50" dev="tmpfs" ino=271 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   81.826950][   T40] audit: type=1400 audit(1770924612.861:327): avc:  denied  { write } for  pid=6518 comm="syz.0.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   81.832876][   T40] audit: type=1400 audit(1770924612.861:328): avc:  denied  { setopt } for  pid=6518 comm="syz.0.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   81.885266][ T6528] __nla_validate_parse: 1 callbacks suppressed
[   81.885277][ T6528] netlink: 40 bytes leftover after parsing attributes in process `syz.2.170'.
[   81.944653][   T40] audit: type=1400 audit(1770924612.991:329): avc:  denied  { shutdown } for  pid=6535 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   81.956400][   T40] audit: type=1400 audit(1770924612.991:330): avc:  denied  { watch watch_reads } for  pid=6536 comm="syz.3.174" path="/proc/136" dev="proc" ino=11080 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   81.967369][   T40] audit: type=1400 audit(1770924613.001:331): avc:  denied  { create } for  pid=6535 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   82.011243][   T40] audit: type=1400 audit(1770924613.061:332): avc:  denied  { map_create } for  pid=6532 comm="syz.2.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   82.018499][   T40] audit: type=1400 audit(1770924613.061:333): avc:  denied  { map_read map_write } for  pid=6532 comm="syz.2.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   82.034368][ T6542] netlink: 'syz.0.176': attribute type 25 has an invalid length.
[   82.037510][ T6542] netlink: 20 bytes leftover after parsing attributes in process `syz.0.176'.
[   82.041233][   T40] audit: type=1400 audit(1770924613.081:334): avc:  denied  { read write } for  pid=6532 comm="syz.2.173" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   82.054040][ T6542] netlink: 44 bytes leftover after parsing attributes in process `syz.0.176'.
[   82.078125][ T6542] netlink: 40 bytes leftover after parsing attributes in process `syz.0.176'.
[   82.085130][ T6542] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.094357][ T5934] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11
[   82.095025][ T6542] netlink: 24 bytes leftover after parsing attributes in process `syz.0.176'.
[   82.125475][ T6542] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6542 comm=syz.0.176
[   82.175137][ T6549] netlink: 28 bytes leftover after parsing attributes in process `syz.0.177'.
[   82.181701][ T6550] netlink: 28 bytes leftover after parsing attributes in process `syz.0.177'.
[   82.200162][ T1334] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   82.373157][ T1334] usb 8-1: Using ep0 maxpacket: 8
[   82.377419][ T1334] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[   82.381352][ T1334] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   82.385485][ T1334] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   82.389630][ T1334] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   82.394075][ T1334] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   82.399475][ T1334] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   82.403571][ T1334] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.613797][ T1334] usb 8-1: usb_control_msg returned -32
[   82.620105][ T1334] usbtmc 8-1:16.0: can't read capabilities
[   82.636968][ T6566] team0 (unregistering): Port device team_slave_0 removed
[   82.643699][ T6566] team0 (unregistering): Port device team_slave_1 removed
[   82.923308][ T6578] netlink: 24 bytes leftover after parsing attributes in process `syz.2.185'.
[   82.989837][ T6578] binder: 6577:6578 ioctl c0306201 2000000001c0 returned -22
[   83.083090][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   83.086492][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   83.089699][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   83.125131][ T1334] hid_parser_main: 4087 callbacks suppressed
[   83.125144][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.131249][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.135827][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.139132][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.142710][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.145589][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.148759][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.152832][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.155746][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.158685][ T1334] hid-generic 00A0:0086:0003.0004: unknown main item tag 0x0
[   83.169712][ T1334] hid-generic 00A0:0086:0003.0004: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[   83.390324][ T6590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.174'.
[   83.390612][ T6589] usbtmc 8-1:16.0: usb_control_msg returned -32
[   83.394312][ T6579] tmpfs: Bad value for 'mpol'
[   83.490232][    T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   83.553915][   T59] usb 8-1: USB disconnect, device number 3
[   83.570184][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   83.650143][    T9] usb 7-1: Using ep0 maxpacket: 32
[   83.651396][ T6594] ------------[ cut here ]------------
[   83.653426][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.653701][ T6594] i != fen6_info->nsiblings
[   83.657361][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.657361][ T6594] WARNING: drivers/net/netdevsim/fib.c:831 at nsim_fib_event_nb+0xbc1/0xe40, CPU#2: syz.1.189/6594
[   83.658818][    T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   83.658831][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.660541][    T9] usb 7-1: config 0 descriptor??
[   83.662013][ T6594] Modules linked in:
[   83.673756][ T6594] CPU: 2 UID: 0 PID: 6594 Comm: syz.1.189 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[   83.677103][ T6594] Tainted: [L]=SOFTLOCKUP
[   83.678478][ T6594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.681746][ T6594] RIP: 0010:nsim_fib_event_nb+0xbc1/0xe40
[   83.683559][ T6594] Code: 20 48 8b 6c 24 28 e8 4e 66 d7 fa e8 49 66 d7 fa 44 89 fe 44 89 ef e8 2e 60 d7 fa 45 39 fd 0f 84 6a fd ff ff e8 30 66 d7 fa 90 <0f> 0b 90 e9 5c fd ff ff e8 22 66 d7 fa 48 c7 c7 20 9e 7c 8c e8 e6
[   83.689616][ T6594] RSP: 0018:ffffc9000cc2f120 EFLAGS: 00010283
[   83.691661][ T6594] RAX: 0000000000000945 RBX: ffffc9000cc2f260 RCX: ffffc90007741000
[   83.694152][ T6594] RDX: 0000000000080000 RSI: ffffffff872fa810 RDI: ffff888038f3a418
[   83.696662][ T6594] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   83.699385][ T6594] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880425b6000
[   83.702105][ T6594] R13: 0000000000000001 R14: ffff88805756bd80 R15: ffff888038f3a400
[   83.704600][ T6594] FS:  00007f159d9a46c0(0000) GS:ffff8880d659d000(0000) knlGS:0000000000000000
[   83.707393][ T6594] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   83.709488][ T6594] CR2: 00007f159cc4e661 CR3: 000000006119b000 CR4: 0000000000352ef0
[   83.712148][ T6594] Call Trace:
[   83.713245][ T6594]  <TASK>
[   83.714192][ T6594]  notifier_call_chain+0x99/0x3b0
[   83.715799][ T6594]  atomic_notifier_call_chain+0x71/0x1c0
[   83.717611][ T6594]  call_fib_notifiers+0x33/0x70
[   83.719138][ T6594]  call_fib6_multipath_entry_notifiers+0x112/0x170
[   83.721290][ T6594]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   83.723483][ T6594]  ? find_held_lock+0x2b/0x80
[   83.725000][ T6594]  ? ip6_route_multipath_add+0x11e2/0x1ba0
[   83.726840][ T6594]  ? ip6_route_multipath_add+0x11e2/0x1ba0
[   83.728734][ T6594]  ip6_route_multipath_add+0x128f/0x1ba0
[   83.730642][ T6594]  ? __pfx_ip6_route_multipath_add+0x10/0x10
[   83.732568][ T6594]  ? avc_has_perm_noaudit+0x11e/0x3b0
[   83.734282][ T6594]  ? inet6_rtm_newroute+0xf5/0x160
[   83.735919][ T6594]  inet6_rtm_newroute+0xf5/0x160
[   83.737515][ T6594]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   83.739260][ T6594]  ? __lock_acquire+0x4a5/0x2630
[   83.740942][ T6594]  ? find_held_lock+0x2b/0x80
[   83.742441][ T6594]  ? rtnetlink_rcv_msg+0x93a/0xe90
[   83.744081][ T6594]  ? rtnetlink_rcv_msg+0x93a/0xe90
[   83.745787][ T6594]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   83.747571][ T6594]  rtnetlink_rcv_msg+0x95e/0xe90
[   83.749186][ T6594]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   83.750993][ T6594]  ? ref_tracker_free+0x37e/0x6c0
[   83.752603][ T6594]  netlink_rcv_skb+0x159/0x420
[   83.754125][ T6594]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   83.755835][ T6594]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   83.757988][ T6594]  ? netlink_deliver_tap+0x1ae/0xcc0
[   83.760290][ T6594]  netlink_unicast+0x5aa/0x870
[   83.762287][ T6594]  ? __pfx_netlink_unicast+0x10/0x10
[   83.764517][ T6594]  netlink_sendmsg+0x8b0/0xda0
[   83.766505][ T6594]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.768724][ T6594]  ? __might_fault+0x10/0x140
[   83.770798][ T6594]  ____sys_sendmsg+0xa54/0xc30
[   83.772612][ T6594]  ? __pfx_____sys_sendmsg+0x10/0x10
[   83.774288][ T6594]  ? __pfx_futex_wake_mark+0x10/0x10
[   83.775984][ T6594]  ___sys_sendmsg+0x190/0x1e0
[   83.777511][ T6594]  ? __pfx____sys_sendmsg+0x10/0x10
[   83.779168][ T6594]  __sys_sendmsg+0x170/0x220
[   83.780742][ T6594]  ? __pfx___sys_sendmsg+0x10/0x10
[   83.782402][ T6594]  ? __x64_sys_futex+0x34f/0x4d0
[   83.784005][ T6594]  do_syscall_64+0x106/0xf80
[   83.785478][ T6594]  ? clear_bhb_loop+0x40/0x90
[   83.786974][ T6594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.788873][ T6594] RIP: 0033:0x7f159cb9bf79
[   83.790362][ T6594] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.796362][ T6594] RSP: 002b:00007f159d9a4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.799055][ T6594] RAX: ffffffffffffffda RBX: 00007f159ce15fa0 RCX: 00007f159cb9bf79
[   83.801911][ T6594] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000007
[   83.804415][ T6594] RBP: 00007f159cc327e0 R08: 0000000000000000 R09: 0000000000000000
[   83.806882][ T6594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.809386][ T6594] R13: 00007f159ce16038 R14: 00007f159ce15fa0 R15: 00007ffd5ad460f8
[   83.812179][ T6594]  </TASK>
[   83.813223][ T6594] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   83.815484][ T6594] CPU: 2 UID: 0 PID: 6594 Comm: syz.1.189 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[   83.818805][ T6594] Tainted: [L]=SOFTLOCKUP
[   83.820221][ T6594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.823408][ T6594] Call Trace:
[   83.824514][ T6594]  <TASK>
[   83.825486][ T6594]  dump_stack_lvl+0x100/0x190
[   83.826988][ T6594]  vpanic+0x20d/0x630
[   83.828314][ T6594]  panic+0xd1/0xd1
[   83.829516][ T6594]  ? __pfx_panic+0x10/0x10
[   83.830940][ T6594]  check_panic_on_warn.cold+0x19/0x34
[   83.832640][ T6594]  ? nsim_fib_event_nb+0xbc1/0xe40
[   83.834247][ T6594]  __warn.cold+0x191/0x2f8
[   83.835659][ T6594]  __report_bug+0x296/0x3d0
[   83.837114][ T6594]  ? nsim_fib_event_nb+0xbc1/0xe40
[   83.838749][ T6594]  ? __pfx___report_bug+0x10/0x10
[   83.840382][ T6594]  ? nsim_fib_event_nb+0xbc1/0xe40
[   83.842001][ T6594]  report_bug+0xb2/0x220
[   83.843347][ T6594]  ? nsim_fib_event_nb+0xbc1/0xe40
[   83.844921][ T6594]  handle_bug+0x166/0x2a0
[   83.846235][ T6594]  exc_invalid_op+0x17/0x50
[   83.847643][ T6594]  asm_exc_invalid_op+0x1a/0x20
[   83.849201][ T6594] RIP: 0010:nsim_fib_event_nb+0xbc1/0xe40
[   83.850985][ T6594] Code: 20 48 8b 6c 24 28 e8 4e 66 d7 fa e8 49 66 d7 fa 44 89 fe 44 89 ef e8 2e 60 d7 fa 45 39 fd 0f 84 6a fd ff ff e8 30 66 d7 fa 90 <0f> 0b 90 e9 5c fd ff ff e8 22 66 d7 fa 48 c7 c7 20 9e 7c 8c e8 e6
[   83.856977][ T6594] RSP: 0018:ffffc9000cc2f120 EFLAGS: 00010283
[   83.858928][ T6594] RAX: 0000000000000945 RBX: ffffc9000cc2f260 RCX: ffffc90007741000
[   83.861438][ T6594] RDX: 0000000000080000 RSI: ffffffff872fa810 RDI: ffff888038f3a418
[   83.863915][ T6594] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   83.866370][ T6594] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880425b6000
[   83.868873][ T6594] R13: 0000000000000001 R14: ffff88805756bd80 R15: ffff888038f3a400
[   83.871339][ T6594]  ? nsim_fib_event_nb+0xbc0/0xe40
[   83.872986][ T6594]  notifier_call_chain+0x99/0x3b0
[   83.874597][ T6594]  atomic_notifier_call_chain+0x71/0x1c0
[   83.876386][ T6594]  call_fib_notifiers+0x33/0x70
[   83.877957][ T6594]  call_fib6_multipath_entry_notifiers+0x112/0x170
[   83.880026][ T6594]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   83.882207][ T6594]  ? find_held_lock+0x2b/0x80
[   83.883706][ T6594]  ? ip6_route_multipath_add+0x11e2/0x1ba0
[   83.885556][ T6594]  ? ip6_route_multipath_add+0x11e2/0x1ba0
[   83.887423][ T6594]  ip6_route_multipath_add+0x128f/0x1ba0
[   83.889222][ T6594]  ? __pfx_ip6_route_multipath_add+0x10/0x10
[   83.891117][ T6594]  ? avc_has_perm_noaudit+0x11e/0x3b0
[   83.892837][ T6594]  ? inet6_rtm_newroute+0xf5/0x160
[   83.894460][ T6594]  inet6_rtm_newroute+0xf5/0x160
[   83.896052][ T6594]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   83.897822][ T6594]  ? __lock_acquire+0x4a5/0x2630
[   83.899396][ T6594]  ? find_held_lock+0x2b/0x80
[   83.900924][ T6594]  ? rtnetlink_rcv_msg+0x93a/0xe90
[   83.902538][ T6594]  ? rtnetlink_rcv_msg+0x93a/0xe90
[   83.904184][ T6594]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   83.905930][ T6594]  rtnetlink_rcv_msg+0x95e/0xe90
[   83.907549][ T6594]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   83.909292][ T6594]  ? ref_tracker_free+0x37e/0x6c0
[   83.910886][ T6594]  netlink_rcv_skb+0x159/0x420
[   83.912434][ T6594]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   83.914160][ T6594]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   83.915833][ T6594]  ? netlink_deliver_tap+0x1ae/0xcc0
[   83.917550][ T6594]  netlink_unicast+0x5aa/0x870
[   83.919079][ T6594]  ? __pfx_netlink_unicast+0x10/0x10
[   83.920778][ T6594]  netlink_sendmsg+0x8b0/0xda0
[   83.922299][ T6594]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.923984][ T6594]  ? __might_fault+0x10/0x140
[   83.925515][ T6594]  ____sys_sendmsg+0xa54/0xc30
[   83.927024][ T6594]  ? __pfx_____sys_sendmsg+0x10/0x10
[   83.928735][ T6594]  ? __pfx_futex_wake_mark+0x10/0x10
[   83.930403][ T6594]  ___sys_sendmsg+0x190/0x1e0
[   83.931901][ T6594]  ? __pfx____sys_sendmsg+0x10/0x10
[   83.933553][ T6594]  __sys_sendmsg+0x170/0x220
[   83.935019][ T6594]  ? __pfx___sys_sendmsg+0x10/0x10
[   83.936650][ T6594]  ? __x64_sys_futex+0x34f/0x4d0
[   83.938251][ T6594]  do_syscall_64+0x106/0xf80
[   83.939728][ T6594]  ? clear_bhb_loop+0x40/0x90
[   83.941244][ T6594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.943104][ T6594] RIP: 0033:0x7f159cb9bf79
[   83.944543][ T6594] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.950529][ T6594] RSP: 002b:00007f159d9a4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.953138][ T6594] RAX: ffffffffffffffda RBX: 00007f159ce15fa0 RCX: 00007f159cb9bf79
[   83.955592][ T6594] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000007
[   83.958108][ T6594] RBP: 00007f159cc327e0 R08: 0000000000000000 R09: 0000000000000000
[   83.960596][ T6594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.963056][ T6594] R13: 00007f159ce16038 R14: 00007f159ce15fa0 R15: 00007ffd5ad460f8
[   83.965541][ T6594]  </TASK>
[   83.967402][ T6594] Kernel Offset: disabled
[   83.968785][ T6594] Rebooting in 86400 seconds..