last executing test programs:

15m29.788123554s ago: executing program 2 (id=490):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01042900806ce542726637960080000000"], 0x14}, 0x1, 0x0, 0x0, 0x86}, 0x20004040)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(0xffffffffffffffff, 0x1, 0x0)
fchdir(r5)
ioprio_set$pid(0x3, 0x0, 0x0)
r6 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r6, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r6, r6, &(0x7f0000000080)=0x2, 0x7f03)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
sendmsg$TIPC_NL_BEARER_DISABLE(r6, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)={0x2d4, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffff800}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x78}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xbf}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x10001}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xd}]}, @TIPC_NLA_MEDIA={0xd0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe06a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa31f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9b768fa8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf0}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa47}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3e4f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x142853d5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x40}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x16f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xd61d}]}]}, 0x2d4}, 0x1, 0x0, 0x0, 0x4004800}, 0x55)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
clock_gettime(0x0, &(0x7f00000000c0))
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r7, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800})
close_range(r7, 0xffffffffffffffff, 0x0)

15m27.728695579s ago: executing program 2 (id=495):
r0 = getpid()
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r1=>0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x525000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff, {0x1}}, './file0\x00'})
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f00000000c0)={r3, 0xffffffffffffffff, 0x5})
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r5=>r2}, './file0\x00'})
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000140)=0xc0)
ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000180)={0x6, 0x9, 0x2, 0xd, 0x14, "ba38e800473917ec"})
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x12c, 0x12c, 0x4, [@struct={0x5, 0xa, 0x0, 0x4, 0x0, 0xc, [{0xb, 0x5, 0xc125e04}, {0x8, 0x0, 0xd41}, {0x8, 0x2, 0x7f}, {0x10, 0x1, 0x2}, {0xe, 0x4, 0x1}, {0x7, 0x3, 0x280}, {0xa, 0x5, 0xf6c}, {0x6, 0x0, 0x5}, {0xe, 0x0, 0x3}, {0x0, 0x4, 0x6}]}, @int={0x7, 0x0, 0x0, 0x1, 0x0, 0x1c, 0x0, 0x40, 0x2}, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0xc}, {0x4, 0x3}, {0xe}, {0xa, 0x1}, {0xb, 0x3}, {0x9}]}, @enum={0xc, 0x4, 0x0, 0x6, 0x4, [{0x7, 0x2}, {0x7, 0x3}, {0x6, 0x9}, {0x2, 0x101}]}, @type_tag={0x2, 0x0, 0x0, 0x12, 0x3}, @typedef={0xb, 0x0, 0x0, 0x8, 0x1}, @const={0x7, 0x0, 0x0, 0xa, 0x3}, @func={0x8, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x61, 0x0]}}, &(0x7f0000000340)=""/4096, 0x148, 0x1000, 0x0, 0x4, 0x10000, @value=r2}, 0x28)
connect(r5, &(0x7f0000001380)=@rc={0x1f, @none, 0x10}, 0x80)
sched_setscheduler(r0, 0x3, &(0x7f0000001400)=0x1)
read$msr(r3, &(0x7f0000001440)=""/25, 0x19)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000001480), 0x0, 0x0)
r9 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001500)={r2, r3, 0x22, 0x0, @val=@iter={&(0x7f00000014c0)=@task={r0, 0xffffffffffffffff, r5}, 0x10}}, 0x20)
ioctl$FIDEDUPERANGE(r8, 0xc0189436, &(0x7f0000001540)={0x101, 0x1, 0x9, 0x0, 0x0, [{{r9}}, {{r9}, 0xe9c}, {{}, 0x5}, {{r6}, 0xc29}, {{r4}, 0x9}, {{r4}, 0xc2}, {{}, 0x4}, {{r5}}, {{r6}, 0x8000}]})
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f0000001680)={0xe84e, 0xe, [{0xb}, {0x8}, {0x3}, {0xf}, {0x6}, {0xf, 0x1}, {0xb, 0x1}, {0xa}, {0xb, 0x1}, {0xf}, {0xb}, {0xa}, {0x7}, {0xa, 0x1}]})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000016c0), r8)
sendmsg$NFT_MSG_GETTABLE(r7, &(0x7f0000001840)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001800)={&(0x7f0000001740)={0xb8, 0x1, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x8f, 0x6, "d7de9dfd34a7bb0aa77f04ee40a9fd4f29b817a8b364c4e60061a8b342ffa1f162d98c50b6a0dc8039c52b1ae9083ee3ad0afa95772175b172cb858939f58af617d4e66c2d135cd53dfc7694862231e550f264e7487bd013ca29f03b367387b1054cb996184a8bff3163e5f071f6225fd8f3520e32e88e530d4448cf7c2dedce53d1c5b325b0c17e89c642"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x4004844)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000001880))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000018c0)={r2}, 0x4)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000001900)=<r11=>0x0)
timer_create(0x3, &(0x7f0000001940)={0x0, 0x14, 0x2, @tid=r11}, &(0x7f0000001980))
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000019c0)={0xf3b, 0x1000, 0x8200, 0xffff5c4b, 0x800, 0x1000, 0x80, 0x800, <r12=>0x0}, &(0x7f0000001a00)=0x20)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000001a40)={r12, 0x5, 0x20, 0x0, 0x6}, &(0x7f0000001a80)=0x18)
ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000001ac0))
sendmsg$NL80211_CMD_DEAUTHENTICATE(r5, &(0x7f0000001f00)={&(0x7f0000001b00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001ec0)={&(0x7f0000001b40)={0x344, r10, 0x400, 0x70bd29, 0xbd, {{}, {@void, @val={0xc, 0x99, {0x5, 0x7c}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_IE={0x265, 0x2a, [@chsw_timing={0x68, 0x4, {0x7, 0x800}}, @tim={0x5, 0xf7, {0x37, 0x39, 0xfe, "9b7c49338135bfa412a3d93a1e2c924daa41de5a8dc576021805a54736e83f75f66501fdd29e67c1fa8b3219e7806b491b9b9f292ac279fc2cd4bd1ffbbd413e9f960225c25af187664046a65d9bc0ab9cf39adf79c16a8c68ae3436aa976db8667154524bbfddfbb773de7edf067617d3bfe634b1a8c3532181a0debfb4443b485040930a307757ee851fbd9a6cd02ef6cf65540a49eb92efa650e2860e5fc12f32968b778af917088110384c5e29cc5720f40df4fea66fb7fe10b0412e9c6ccd35521bf811ee97fbf2ebe157c018f34051e42ecc16b19c82d161e7750fcb5b0f3b2c7bd9c30367d16c4e5ac07614e5973bf504"}}, @ht={0x2d, 0x1a, {0xc, 0x2, 0x0, 0x0, {0xe1f, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x6e, 0x7}}, @mesh_chsw={0x76, 0x6, {0x81, 0x4, 0x13, 0x200}}, @tim={0x5, 0xcd, {0x0, 0x53, 0x3, "69e4e2c2a4d8dab947be256fb01d0e35660bdcbfba2ff48c873e24fbdc5c1cc485fd883f59a1e62db6921a72b844cf1988144308a29c277b65c6f7989890183046288c398cc107c161e06125e4768010bc581c8bc7afc00ad29ca1decbd200d0fe48855dc2e858b0fbc2ee15de79b705a634db134b12340dba3d2ef96e0e34f3d0752eb8b75315eec3670c6ca9ee4851be327db0c5b19c6fccd6fe799238bdb82f7e82de54d5394b097ab15cc9f9727ea699a08059fc2246385f28fc5380d676a3453e516cf41e066af3"}}, @cf={0x4, 0x6, {0xfe, 0x7, 0x0, 0x7fff}}, @erp={0x2a, 0x1, {0x0, 0x0, 0x1}}, @perr={0x84, 0x62, {0x21, 0x6, [{{}, @device_a, 0x3, @void, 0x30}, {{}, @device_a, 0x4, @void, 0x39}, {{}, @device_b, 0x6, @void, 0x38}, {{0x0, 0x1}, @broadcast, 0x5, @value=@device_b, 0x16}, {{0x0, 0x1}, @broadcast, 0x80000001, @value=@device_b, 0x17}, {{0x0, 0x1}, @device_b, 0x7fff, @value=@broadcast, 0x1e}]}}]}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_IE={0x9d, 0x2a, [@tim={0x5, 0x97, {0x40, 0xd5, 0xc, "463a3f0c8aa300b92d77d79ac99c040459258077a44a43bc3fa6ee1bcc6a1e7be84aa908aaddba1e8005225da25e8fddad3d728184c38c385cbabbdff835c6a7d0c192b16ff1f714311ab6e91447c1275bd21155020976f0685168e27b7b82b921b4e6ec67a900b17c541039ac8355726e41ef10e359c4ce019e96f31be2bd276f3b1dbd91f996cdaf5c9228ae5033e07755b221"}}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x344}, 0x1, 0x0, 0x0, 0x20008000}, 0x20004000)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000002000)={&(0x7f0000001f40)={0x10, 0x0, 0x0, 0x1010000}, 0xc, &(0x7f0000001fc0)={&(0x7f0000001f80)={0x28, 0x1, 0x9, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x5}}]}, 0x28}, 0x1, 0x0, 0x0, 0x48040}, 0x8009)

15m27.548614901s ago: executing program 2 (id=496):
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xca)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0)
write$dsp(r1, &(0x7f00000012c0)="a528768311602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @default, 0xffffffff}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = accept$netrom(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @bcast}, [@bcast, @remote, @rose, @bcast, @default, @remote, @null]}, &(0x7f0000000200)=0x48)
bind$netrom(r3, &(0x7f0000000300)={{0x3, @null, 0x5}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4040041}, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6f67}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

15m26.613891673s ago: executing program 2 (id=497):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
syz_open_dev$radio(0x0, 0x1, 0x2)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x2, &(0x7f0000391000/0x4000)=nil, &(0x7f0000e18000/0x3000)=nil, 0x1000, 0x0, 0x0, 0x20002b5, 0x0, 0x0, 0x0, 0x18})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newtaction={0x14, 0x30, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000881}, 0x2400c808)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x400, 0xa, 0x20002f7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="0000000000000000000078ba927ac62ed70c5290016f000000000000000000000000000086f8aa356a7ceb8d81bdfb290dcbf5cc681d1589aa666326a498cbd72b38e915173a78c1996a16f290c32ab3059c4e814734e2559f2d019ffb2fb57e6dd220bb2e712c5f48383a7e53e8c5b289df38b4c46a6dbcea5658ac78ba372a04358e9ec30cd63ffacd816b45529b4a806116dab1686d0be3836c9a4e2ade04f74ef22392c7d2cb0390b54b46e0feeb4e7d926185f35e69829bf15b14c583b1e10362cad1272a9419376a610951f07499f7f55f9f8aae23d358e6bf194a11856fa278bb51ca21e4990198bd929cf1387dd054a83a2b5ac2712a7f1995642140a58bbb9edc6d70304dc7216146d08c5453d36b7b17aafd9fb8f45de33f472213582152af54f7a7202e4d2c51564607f4f2996c4a15726351c15c007a48bbc3510a301048b0b4a944445eb515f86a9c6f7ef28eaa12f065d5c18f7cc611992def89367b927c14c1fe038d98e461497e7415b4abf3640eb5924eba0d0794b939b44ced22b8da31f49ba98a2fc6449f2ff1a082d39e65b6970c22d26ea4bad0f0eec341dd"], 0x0, 0x7fff, 0x53, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
open(&(0x7f00000001c0)='./file1\x00', 0x14da7e, 0x20)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x10)
sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c005)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x6f5e, 0xa0001)
setresuid(0x0, 0xee00, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x4)

15m24.077548705s ago: executing program 2 (id=508):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
syz_open_dev$radio(0x0, 0x1, 0x2)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x2, &(0x7f0000391000/0x4000)=nil, &(0x7f0000e18000/0x3000)=nil, 0x1000, 0x0, 0x0, 0x20002b5, 0x0, 0x0, 0x0, 0x18})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newtaction={0x14, 0x30, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000881}, 0x2400c808)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x400, 0xa, 0x20002f7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="0000000000000000000078ba927ac62ed70c5290016f000000000000000000000000000086f8aa356a7ceb8d81bdfb290dcbf5cc681d1589aa666326a498cbd72b38e915173a78c1996a16f290c32ab3059c4e814734e2559f2d019ffb2fb57e6dd220bb2e712c5f48383a7e53e8c5b289df38b4c46a6dbcea5658ac78ba372a04358e9ec30cd63ffacd816b45529b4a806116dab1686d0be3836c9a4e2ade04f74ef22392c7d2cb0390b54b46e0feeb4e7d926185f35e69829bf15b14c583b1e10362cad1272a9419376a610951f07499f7f55f9f8aae23d358e6bf194a11856fa278bb51ca21e4990198bd929cf1387dd054a83a2b5ac2712a7f1995642140a58bbb9edc6d70304dc7216146d08c5453d36b7b17aafd9fb8f45de33f472213582152af54f7a7202e4d2c51564607f4f2996c4a15726351c15c007a48bbc3510a301048b0b4a944445eb515f86a9c6f7ef28eaa12f065d5c18f7cc611992def89367b927c14c1fe038d98e461497e7415b4abf3640eb5924eba0d0794b939b44ced22b8da31f49ba98a2fc6449f2ff1a082d39e65b6970c22d26ea4bad0f0eec341dd"], 0x0, 0x7fff, 0x53, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0xff0f, 0x0}, 0x3000c005)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x6f5e, 0xa0001)
setresuid(0x0, 0xee00, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x4)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4009800)
r6 = fanotify_init(0x200, 0x0)
fanotify_mark(r6, 0x1, 0x4800002d, r0, 0x0)

15m21.883470789s ago: executing program 2 (id=510):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000080)={0x10002, 0x10000009}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
unshare(0x60040000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28)
connect$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c)
r5 = fcntl$dupfd(r4, 0x406, r4)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r4, 0x29, 0x37, &(0x7f0000000080)=ANY=[], 0x18)
write$binfmt_elf64(r5, &(0x7f00000004c0)=ANY=[], 0xfffffdcf)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x17, 0x0, 'lblcr\x00', 0xd, 0x38, 0x5d}, 0x2c)
socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)

15m21.299196013s ago: executing program 32 (id=510):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000080)={0x10002, 0x10000009}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
unshare(0x60040000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28)
connect$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c)
r5 = fcntl$dupfd(r4, 0x406, r4)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r4, 0x29, 0x37, &(0x7f0000000080)=ANY=[], 0x18)
write$binfmt_elf64(r5, &(0x7f00000004c0)=ANY=[], 0xfffffdcf)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x17, 0x0, 'lblcr\x00', 0xd, 0x38, 0x5d}, 0x2c)
socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)

21.817568267s ago: executing program 5 (id=3192):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000140))
io_setup(0x3ff, &(0x7f0000000500)=<r0=>0x0)
io_submit(r0, 0x0, &(0x7f0000000300))
io_destroy(r0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304020000110000000000000400", @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800b00010062726964676500000c000280060027000e000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x2, 0x2}]})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00p\x00A\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=r3, @ANYBLOB="0c0001800800010065000200"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000180)=ANY=[], 0x0, 0x3, 0xba, &(0x7f0000000640)=""/186, 0x41000, 0x2b, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$XFS_IOC_GOINGDOWN(0xffffffffffffffff, 0x8004587d, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000000c0)=0x6)
read$dsp(r5, &(0x7f00000011c0)=""/4117, 0x200021d5)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x2)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x15)

19.98547247s ago: executing program 5 (id=3198):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0x0, 0x6}, {0x0, 0x1, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0x2, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x3ef, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000002140)=0x1)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@dstopts_2292={{0xb8, 0x29, 0x4, {0x4, 0x13, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xbf4}, @generic={0x93, 0xd, "e80ee304ecb784ec4655260cec"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x68, 0x29, 0x36, {0x5e, 0xa, '\x00', [@pad1, @pad1, @padn, @calipso={0x7, 0x30, {0x3, 0xa, 0x0, 0xfff, [0x2, 0x966, 0xfffffffffffffff7, 0x1, 0x1]}}, @generic={0x8}, @calipso={0x7, 0x10, {0x3, 0x2, 0x3, 0x7, [0x8000]}}, @generic={0x1}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}], 0x150}}], 0x1, 0x810)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
accept4(r7, 0x0, 0x0, 0x800)
r8 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000680)={@fallback=r8, 0x11, 0x0, 0x4, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

18.485875005s ago: executing program 5 (id=3200):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)=ANY=[], 0xc2)
write$cgroup_devices(r1, &(0x7f0000000280)=ANY=[], 0xffdd)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x2000000000000015, &(0x7f0000000140), 0x48)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
syz_emit_ethernet(0x42, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86d560081200000c2b0000000000000000000000ffff"], 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000500)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe10804000000af8e0e3dc11d875397bdb22d0000b420a1a93e527d3d458d080000000000000000000000000000000000000000004300", "f4bd00000080190000efffca0000000000001a000000ff00", [0x2]}})
preadv2(r3, &(0x7f0000000080)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1, 0x0, 0xe5c1, 0x3)

17.238632482s ago: executing program 3 (id=3204):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000001740)={0x14, 0x1, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4004844) (fail_nth: 1)

16.785781471s ago: executing program 3 (id=3205):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x103001, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8b, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r3, 0x4004f506, &(0x7f0000000180)=0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)

11.00664468s ago: executing program 3 (id=3216):
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r2, 0x0, 0x0, 0x2090)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r2, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
syz_open_procfs$userns(r3, &(0x7f0000000580))
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000021, 0x0, 0x0)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x0, 0x0, &(0x7f0000001180), &(0x7f0000000000), 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f00000005c0)={[&(0x7f0000000ec0)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000180)='\x7f\xbf\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000380)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000080)='\xf6\x98l_\xf5<\x1a_6:', &(0x7f0000000480)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000bc0)='\x7f\xb7\xc3\x7f\xa5a\xd6\xd3\x18\xd0\xe0\xd8R\xf02b\xefA|uiWb\x8f\xee\x1ch\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l\x00\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xe5\x9ez1b\xf1\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C$h|\xcbZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf7\xccMr\xc5\xbdT\x9e\xd4\x84\x06\xcd\x8b\xcd\t\x01\x11\xbc\x86<\x8b\xad\xc4\x80B\xce\x86\x86g\x92\x92w\x89\xfe\xba\xbeeC\x96Ad\t\xc2\xc8\xed\xf3\x1e\x84Ot\x12`=\x98r\x94[\xc8\x91r\xbaG3\xd6a\xca\x05\xd5\xec\xfd\xfa\xaa\xa1\xa7\xcc\x85\xf5D_\xb4$r\xca\x8f\xcf[T\xb9\x0f\xaf\x00\xbc\xa4\xba\xb6=]\x8a\xfb\xaa\xdc+\xbe\a\x06>\r\xe5,i\xa2\xa8\xa2M\xc7\xfb\x11\xd1U\xe5H\xd6\x1b\xf7\xf6B\xcbG\xe4\xe6\xc3{\xf5\xf9_F\x02\x8ah\x15G`+\xf9\xb9\x95V\xa3\xb0\x1b\x0e\xafle%/K\xbb\x9d\x17\xde0\xc2\xa41\x9aS\xe6M\x1e\xb9\xc9\xe8\xf7i\x02e\x8c\xce\xa9\xe7\xc9\x13\xa4\xe8\xf4\x1c\xff\x82\xe13\x89\xeex\xb5\xcf\xce\x108j#\xabH\xc3RU\x00M?\xca\x9c\xefT\xaaJ8*\xe0S\rV\x9c\xaf\xb3yh\x15\xa2\xce>>f\x16\x8d(\xeaot\x83\xe5\x13\xf2bA\xc1O\xbb~\xe5p\x83\xb3\x9d\x1c}\xe7\xd7\x811\x15\x9eP\xea\x00\x00\x00\x00\x00\xfd\x8c\x96\xebw\xdeg\"\xe4\xf6\xfc\x96N\xaf>!\xd9\xaf\x1be\xfa\xedJ\"\xab\x18xK5?\xec\xa0\xc2<\xa8\xdbo\xb1l\nn\xdb#\x97\xbcd\x0e\x93\x9e\xea\xb9\x9d-\xb6u\x7f\xe0\xa6\xef\xb4#\x1b@N\x04\xa0s\xa0\xe1\x90k8\xc3\r\xd0\x1b70b\xda\xe5\xb0\xa8\x01\x14N\xcf\x8dJ\xad\xc69\v\xbc[\xec\x97\xe7\xb2\x90j\xbd\xb1GX\xf2\xed\x15\xceK\xac\x19`a\x1e\x15\x90\x8d\xf4r\xd4Q\xd5\xc19|\xf7\x99\xed\x0e\xaf\xf7\xefR\xa6\xd0:\xe2yB\xfdpG\xf5\xc5\x919\x0f\xfa\xd1R\xc7\x8b\xbc)l\x11\xa8h2V\xe8\x1a\xf7\x8e\x14\xcbF\r\xa7w\xd3\xd3\xb7\xa5\x88\"\xa8\xa4>\xf0*\xbeM\x02\xf0i\x10m(7\xb64\xf5\xa1aZ\x16^\xde\a\xfae\xae\xe7{1\xd0\xa2\t\f\x85\x98\xdaK4]Hi1J\x95\x0e\xa37\x86ch\xcb\xeb\xbfq\xc6\xd3\x98\xd3\x8c_R\xe4oN\xa7\xab\x03\x1c\xc5}\xf1\x92\x82\xe3\xa5~jy<\xf7T\xaf\xabYQ\x82EI\xf0P\x96', 0x0, &(0x7f00000007c0)='\x00', &(0x7f0000000900)='\x01-\x00\xb6\xb7\xe1\x7fl\xd5\xf8G\xfdQ=\xc3\xd4\x02RP\xb2\xbf\x99\xfc\x10\" \x93)\xc5\x93\x98\x11\xe0\xd4\x14\x9a\f#LU\xda\xeb\f\x03\xa4\xf7\x85\xddYL\xf7\xf2\xc4\xff@+\x04^\xcc\xc8\xa1\x9f\xa7p\xd2\xaa\xa2^\xa6\xd1\v\xd1\xdd+o\x91\xc8\x90\xeebUCE\xdc=\x89\x86\x81S\x038', &(0x7f0000000840)='\x10!%{@{+\x00', &(0x7f0000000880)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2>\xb6\xfe\xeaZ~\xa3\x15\x16l\x00', &(0x7f00000008c0)='-\xf3\x00', &(0x7f0000000980)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000780)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2>\xb6\xfe\xeaZ~\xa3\x15\x16l\x00', &(0x7f0000000a80)='::-$[]#:{\x00']}, &(0x7f0000000b80)={[&(0x7f0000000800)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2>\xb6\xfe\xeaZ~\xa3\x15\x16l\x00\x00\x00\x00\x00', &(0x7f00000000c0)='-\xf3\x00']})
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x0, 0x5, 0x1, {0xa, @pix_mp={0x9, 0x81, 0x0, 0x8, 0xa, [{0xd, 0x2}, {0x3, 0x8000}, {0xa64a80ed, 0x7fffffff}, {0x200, 0x3ff}, {0x5, 0x1}, {0x4ce, 0x8}, {0x7ff, 0x9}, {0x6, 0x1}], 0x7, 0xff, 0x6, 0x1, 0x5}}})

10.974284488s ago: executing program 5 (id=3217):
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs$namespace(r1, &(0x7f0000000000)='ns/uts\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x50)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
socket$kcm(0xa, 0x3, 0x3a)
r3 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000140)={0xffff2369, 0x1, 0x2})
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x3a, &(0x7f0000000a40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}, @void, {@ipv6={0x86dd, @generic={0x2, 0x6, 'LKa', 0x4, 0x88, 0xff, @dev={0xfe, 0x80, '\x00', 0x25}, @private0, {[], "d32e0507"}}}}}, 0x0)

9.944138457s ago: executing program 5 (id=3218):
getdents64(0xffffffffffffffff, &(0x7f0000000000)=""/146, 0x92)
open(0x0, 0x1, 0x104)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700"], 0x48)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$sock_timeval(r3, 0x1, 0xa, 0x0, &(0x7f0000000080))
socket$xdp(0x2c, 0x3, 0x0)
syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x6ac000)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r5}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='tvans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00'])
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x33)
io_setup(0x2278, &(0x7f0000000180))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))

8.112375559s ago: executing program 4 (id=3222):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000404000/0x4000)=nil, &(0x7f0000200000/0x2000)=nil, &(0x7f000085e000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f00003f8000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x3d1d, &(0x7f0000000040)={0x0, 0xc89b, 0xc000, 0x20000003, 0x20002ff})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000000)={0x10000, 0x101000})

7.366778191s ago: executing program 4 (id=3224):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x22f, 0x0, &(0x7f0000000000), 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x11, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$kcm(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000280)}, 0x20)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, r2, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x11, &(0x7f00000005c0)={@remote, @random="001a00e100", @void, {@mpls_uc={0x8847, {[], @llc={@llc={0x42, 0xaa, "d4"}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)

7.286850874s ago: executing program 3 (id=3225):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000001280)=ANY=[@ANYBLOB], 0xd0}}, 0x0)
ioperm(0x1, 0x9, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"6538535a2270f2bfb7a7624449262a0d764e59779d15ef996f25c5c3f2c04f8d"})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) (fail_nth: 1)

7.177516604s ago: executing program 4 (id=3226):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x103001, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8b, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r3, 0x4004f506, &(0x7f0000000180)=0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)

6.338031526s ago: executing program 3 (id=3227):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000001280)=ANY=[@ANYBLOB], 0xd0}}, 0x0)
ioperm(0x1, 0x9, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"6538535a2270f2bfb7a7624449262a0d764e59779d15ef996f25c5c3f2c04f8d"})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

5.926054094s ago: executing program 1 (id=3228):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCX25SCUDMATCHLEN(0xffffffffffffffff, 0x89e7, &(0x7f00000000c0)={0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102392, 0x18ff8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001500)=ANY=[@ANYRES32=0x0, @ANYBLOB="000000000004000000000000000000000000000029fc792c206d0880d5c4641ad77725fef3ebfc2ea3578ac4fc3fff2e5087a087a910e723ff0d7ddc43aa197de564cacef9dd933f58ead461738add013cd9c70ae30bc7b0aa4f536babe50bc7", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000300)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f00000003c0)=""/201, 0xc9}, {&(0x7f0000000280)=""/54, 0x36}], 0x3, 0x0, 0x0)

5.74667677s ago: executing program 4 (id=3229):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0x15, &(0x7f0000001fc0)=ANY=[@ANYBLOB="1800000009000000000000000800000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000950000000000000085100000f8ffffff85200000030000007c6518000400000018000000faffffff000000000d000000bf9100000084260f263e7495751b5bb0000000b7020000000000008500000084000000b700000000a5958d34ea5ca5a3a94e7bca81f541a1dd7967089733f984357c1d0bdade7ca1addfc6b12ebf24c4c81f03ceecfd9fb9014e4d1046c8de28e6b3596f7176e0a8bb7e0d000790a483c1d74340e9b5242c59297950348843440b40ce638f7423b0b95b21b24c16e6d9fc8320dbc719e37d830736246f5c83360c46da169c9271186c8aab7b3305a12f289141414a50f0184eff357c3e5f36ef"], &(0x7f0000000280)='GPL\x00', 0x1200000, 0x1000, &(0x7f0000000400)=""/4096, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001400)={0x1, 0x2, 0x80000000, 0x2}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000001440)=[r0, r0, r0, 0xffffffffffffffff, 0x1, r0], &(0x7f0000001480)=[{0x4, 0x2, 0x7, 0x5}, {0x4, 0x2, 0xc, 0x6}, {0x4, 0x1, 0x8, 0x5}, {0x1, 0x1, 0xc, 0x5}, {0x5, 0x3, 0x5, 0x1}, {0x4, 0x4, 0x4, 0x4}, {0x0, 0x5, 0x8, 0x9}, {0x3, 0x3, 0x2, 0xc}, {0x2, 0x1, 0x3, 0x9}], 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000008000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000008500000082000000183000000200"/72], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x780}, 0x94)
eventfd(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = creat(&(0x7f0000000200)='./file0\x00', 0x17e)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18)
connect$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r4, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
r6 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x200400, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])

5.365429452s ago: executing program 0 (id=3230):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_udp_int(r1, 0x11, 0x67, 0x0, 0xfffffffffffffffc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000001070101000000000000001b01000009140007800800014000000006080002", @ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYBLOB="87ac695e57f9e826f99f7e83606b360dbead37716d22083563593b38e337906229ac9885deda00df8a9db7b591ab6518dbe56f126e02fb72b0405eaeab28f598de8c5a38", @ANYRES16=r0, @ANYRES16=r0], 0x28}, 0x1, 0x0, 0x0, 0xc84d}, 0xc080)
read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020}, 0x2020)

4.895106884s ago: executing program 1 (id=3231):
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0xca, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0), 0x8, 0x34, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="1700000007000000c25e00000500000000200000", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=r0, @ANYRES32, @ANYBLOB="010000000500000001"], 0x50)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001400)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=r0, @ANYBLOB="0c00018008000100", @ANYRES32=r0, @ANYBLOB="34000180140002007465616d30000000000000000000000008000100", @ANYRES32=r0, @ANYBLOB="140002006d61637365633000"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x40448a0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000001040)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8d0}, 0x4040800)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000034000000040000000000000014000000000000002900000034000000fdffffff0000000000010000000000002900000004000000041c000000000000fe72f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc00f3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5801409e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad0738000000010c7a0180050000000000000009000000000000000400000000000000060000000000000000040000000000000b0000000000000005020a7e00010005020bf4c910fc0200000000000000000000780e000000000000000000140000000000000029000000340000000000000000000000700100000000000029000000360000005e2a000000000000ff4150d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70000100000100010800000000000000000708000000030000ff0f07100000000002070600ff7f00000000000008c6c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab3030700008000000000000001082bdb86d1ce6a20c2000000000020000000000000002900000037000000730000000000000000010000000000001400000000000000290000000b0000000000000200000000180000000000000029000000390000000000000000000000380000000000000029000000390000003a04027000000000ff010000000000000000000000000001ff020000000000000000000000000001"], 0x340}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000500)='q', 0x1}, {&(0x7f0000000600)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78", 0x69}, {&(0x7f00000006c0)="138b9f8300af1d793c8e", 0xa}, {&(0x7f0000000700)="e59c889c8be9e17c21882a76c6907239d44f6a0efb65359c6a8e5ede789aa995461e", 0x22}, {&(0x7f0000000e80)="0e9129a2bae0d093a9c5091f0926391174e5aff7420b47b0cf1a8bbd7bb239460a6b26eb4f86fa48acdf54294bee3567a8ff0ed4f912a1aa059d62286db3e045dc31db292f5ab26a8f1466d90f0f98ff1a0e2b1018604ef19bc70a", 0x5b}], 0x5}}], 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xd000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x8000000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x1, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x0, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000740)={"373ab6e870bf64ef25ad87deef94c3b7350df627ea76a6efbd6c33a19e5dde0b3718dac0c2b8e833beb9e0347000fc7332c43a3128856f23df4628fb1e54b1745094c19bc88c190192f58dda884b3296f7cd6373842bff61047e0697c9af6e9f62b88fd21621b527902efdae6efd3516c7e5a36f4aaa12cd1b3ac0686db46783f45fe6aa2515ab6996b4807b0d9575a9061a775ef515a40b97c34035e8e412b9200000001000000062a07ab97f50ff5deb8a5978611317016887694245b363252230bbe17ed0f591f935d8e4ae7563eeff2fdfad8a775f0a4b15f63f5c4851df9aef747ace240cec55ce1659c08d38714245835e15291c4973ade3b2006d8870a1d739eb8e7a284e23f660b2061e31a70627be4acb16ecbe8a4edde1c5397c761a2fe0690f5d580ebf35b8640441ddf47d1f67a5e2d892f14a4f88412ce3cc8ec4d0580729c8638502410837253d6ac316ee9c6a24eb5d83463ff9bdf81f31c12b04adec97fe1377d2f29067e5f6f48cc123f2c4c02afe60d224c7d974a63c1aa9b110d2187f18de3753b57c630eab26238e8201501a007da99f1d07f76c4da113859ab55792049a15c5d83051f41ae951912eb81154f2398a729b6d6c51d6850bddcd4b35b24996e4ec707d1a744dff58ea5030fcd6b46a468ac029f86be30c7c3d5708e3871fed2e63b9c3ad265350e87e9fc44696eadeecc1ff67e30b64be27f480180d26218d031380149bcc31bd712063e9c09ed5329a530800000025d79eb9d4491d82d2b7a3d7d0cf9286396fcb8c2ccf1655b3ba420c36c3fb88d788308e947cc15e0957a98a843911c954c2a2feccd60d0000da8330cd1de951bcd767cf211a241c882b8d5e608fc0e796afead2a7b05018b4ae6c034c4c4997868343a5d064838dd0aca0d21b429665a0a1b4fd17cd34e711cee01d2348dc5871cca7ab4e4924f6f4bc29e7dbfae6788549e600000000271cd7ddfabd45803a6d1145734a82b2b9a6a87c8e118629840a027fd3f8e5a6a5dccee1a480d6cd0402a64db2263b1a9de61848b1eb31b51189f4caa2fdf0c3a38275386522137fe573ec27693a337c324952480c9ae476a694010aa22095c6d8bfceb5e024cbc21d6c1d1b17fae63dc627a948c4eca7dfa3f8a5e628531472e00ed28f2d2b7fcf03b5ba1975fcc010482a08c7800b3c87587a9fea37402ffafcc9cabc16a123164765d10dafe323ce33f197af8a3cf57332dbbee3f263a16cb565b61690b5804341630437ad2277be4ff82d1aa32c15b0cf99c88c7bca0ecf47a3be490bf6079f19acdf9a71f636fff612167c849b5c149cb32d8dd98d2aa8bb0606a1214fc1f0da04476cd8c3c056ec88eefca4d331ecbd5416c356466202cb97ddfc320b7594d5ab2e9102d549ffa72300"})
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.769941378s ago: executing program 0 (id=3232):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0xfe, 0x23, 0x0, &(0x7f00000004c0)="3d6ee2e04b91ab10141a9abe86ddf2f3b18397ff189d66b3c6b3970f528bd8d6e8e9ea", 0x0, 0xfeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) (fail_nth: 1)

4.558998328s ago: executing program 1 (id=3233):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCX25SCUDMATCHLEN(0xffffffffffffffff, 0x89e7, &(0x7f00000000c0)={0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102392, 0x18ff8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001500)=ANY=[@ANYRES32=0x0, @ANYBLOB="000000000004000000000000000000000000000029fc792c206d0880d5c4641ad77725fef3ebfc2ea3578ac4fc3fff2e5087a087a910e723ff0d7ddc43aa197de564cacef9dd933f58ead461738add013cd9c70ae30bc7b0aa4f536babe50bc7", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000300)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f00000003c0)=""/201, 0xc9}, {&(0x7f0000000280)=""/54, 0x36}], 0x3, 0x0, 0x0)

4.003715195s ago: executing program 0 (id=3234):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000002c0)=[@in={0x2, 0x4e23, @empty}], 0x10)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r1, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001)
sendmmsg$inet6(r1, &(0x7f0000001e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000200)='\x00', 0x1}], 0x1}}], 0x1, 0x2008000)
sendto$inet6(r1, &(0x7f0000000940)="97389df0630f5f99afd04601c647bfc6d3d393a58c601409c795300bbae5591af5220d3a60765a3494d09668f1b804b60bbc0cae76bd9e579c80e4f0", 0x3c, 0x800, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000), 0x4)
sendto$inet6(r0, &(0x7f00000005c0)='u', 0x1, 0x8081, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x76f}, 0x1c)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x40000001)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_udp_int(r3, 0x11, 0xb, &(0x7f0000000200)=0x6, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000500)={0x0, 0xaee2, 0x0, 0x6, 0xbfdbfdfc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_register$IORING_REGISTER_NAPI(r4, 0x1b, &(0x7f0000000240)={0x2, 0xff}, 0x1)
io_uring_enter(r4, 0x3d51, 0xe475, 0x67, 0x0, 0xc)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f000000c000/0x3000)=nil, &(0x7f000000d000/0x1000)=nil, 0x3000, 0x3})
syz_emit_ethernet(0xbe, &(0x7f0000000300)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff0800450000b00068000000889078ac1414bbe0000002fffe4e24009c90780100000004000000497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42ef7c9d6a98e3903f6892078bb952854743fe4dddd2e7c0ce70a4ac7da851525b16af17fe87acbae2ab0b233d24009c31400000000000000000000400"], 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="380100001a000100feffffff00010000e0000002000000000000000000000000000000000000000000000000000000010001071c4e2300050a0000203a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff070000000000000000000000000001000004d46c000000fc020000000000000000000000000001fe000000000100010000000000000000a39b000000000008ffff0000000000001c250800000000000500000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffeffffffff030000000000008000000005350000020001070000000000000000480003"], 0x138}}, 0x844)

3.864454327s ago: executing program 1 (id=3235):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@newtaction={0x44, 0x30, 0x48b, 0x0, 0x0, {}, [{0x30, 0x1, [@m_nat={0x2c, 0x21, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x20000050)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f0000000000)=<r3=>0x0)
bind$nfc_llcp(r1, &(0x7f0000000140)={0x27, r3, 0xfbffffff, 0x5, 0x2, 0x0, "d32984bd1ca44c066af5160e961701a077609475b78411e89309de050000000000f2170e65e3f503270000000000001200000000001900", 0x3c}, 0x60)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r4, &(0x7f00000000c0)={0x27, r3, 0x1, 0x4, 0x0, 0xff, "bac5115c7dad488702b535116fad55baf63cdd52fc30106310abb622a1c3c01c13c04df6b906288e64e96754059e65c39c5759b069d6e6d9589e5f2348878c", 0x24}, 0x60)
close(r2)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_all\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x3, 0x2000000000003]}})
ioctl$AUTOFS_IOC_READY(r6, 0x9360, 0x2)

3.649703592s ago: executing program 1 (id=3236):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0xca, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0), 0x8, 0x34, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="1700000007000000c25e00000500000000200000", @ANYRES32, @ANYBLOB="02000000000000000000", @ANYRES32=r0, @ANYRES32, @ANYBLOB="010000000500000001"], 0x50)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001400)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000228bd5b000800000017000000040001800c00018008000100", @ANYRES32=r0, @ANYBLOB="0c00018008000100", @ANYRES32=r0, @ANYBLOB="34000180140002007465616d30000000000000000000000008000100", @ANYRES32=r0, @ANYBLOB="140002006d616373656330000000000000000000"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x40448a0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000001040)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8d0}, 0x4040800)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000034000000040000000000000014000000000000002900000034000000fdffffff0000000000010000000000002900000004000000041c000000000000fe72f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc00f3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5801409e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad0738000000010c7a0180050000000000000009000000000000000400000000000000060000000000000000040000000000000b0000000000000005020a7e00010005020bf4c910fc0200000000000000000000780e000000000000000000140000000000000029000000340000000000000000000000700100000000000029000000360000005e2a000000000000ff4150d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70000100000100010800000000000000000708000000030000ff0f07100000000002070600ff7f00000000000008c6c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab3030700008000000000000001082bdb86d1ce6a20c2000000000020000000000000002900000037000000730000000000000000010000000000001400000000000000290000000b0000000000000200000000180000000000000029000000390000000000000000000000380000000000000029000000390000003a04027000000000ff010000000000000000000000000001ff020000000000000000000000000001"], 0x340}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000500)='q', 0x1}, {&(0x7f0000000600)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78", 0x69}, {&(0x7f00000006c0)="138b9f8300af1d793c8e", 0xa}, {&(0x7f0000000700)="e59c889c8be9e17c21882a76c6907239d44f6a0efb65359c6a8e5ede789aa995461e", 0x22}, {&(0x7f0000000e80)="0e9129a2bae0d093a9c5091f0926391174e5aff7420b47b0cf1a8bbd7bb239460a6b26eb4f86fa48acdf54294bee3567a8ff0ed4f912a1aa059d62286db3e045dc31db292f5ab26a8f1466d90f0f98ff1a0e2b1018604ef19bc70a", 0x5b}], 0x5}}], 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.50318152s ago: executing program 0 (id=3237):
socket$packet(0x11, 0x0, 0x300)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f0000000280)=[{&(0x7f0000000080)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10, &(0x7f0000000200)=[{&(0x7f00000000c0)='\x00', 0x1}], 0x1, &(0x7f0000000600)=[@prinfo={0x18, 0x84, 0x5, {0x0, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x7, 0x0, 0x4, 0x2e}}], 0x38, 0x800}], 0x1, 0x4008080)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x189040, 0x2)
finit_module(r2, 0x0, 0x1)
r3 = syz_io_uring_setup(0x1259, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x0, 0xfffffffc}, &(0x7f0000010080), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_PROBE(r3, 0x8, 0xfffffffffffffffe, 0x0)
socket(0xa, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r4}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
close(0x3)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x0, 0x40000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)

3.395486843s ago: executing program 4 (id=3238):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000002200)={0x2020}, 0x2020)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
socketpair(0x1d, 0x2, 0x7, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000170a010100000000bafe000000000200000a0900010073797a4492e8c5727c482c1b3026c312440f93300000"], 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c00000020000100000000000000000002200000000000000000000005001500"], 0x5c}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000b00), r6)
sendmsg$IEEE802154_ADD_IFACE(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x28, r7, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000fd0900008400000005010000", @ANYRES32, @ANYBLOB="00000000ffffffffffce", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r8, 0xc)

1.888532078s ago: executing program 3 (id=3239):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x103001, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8b, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r3, 0x4004f506, &(0x7f0000000180)=0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)

1.854344064s ago: executing program 1 (id=3240):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="008b03c063007e2e060000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
fsopen(&(0x7f0000000000)='ufs\x00', 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x8, &(0x7f00000000c0)=0x20007, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004882)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x3c}}]}}]}, 0x48}}, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r4, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x48, 0x140b, 0x8, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x4}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x408c0}, 0x84)

1.61449637s ago: executing program 5 (id=3241):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0xa7}, 0x1c) (async)
r1 = socket$kcm(0x2, 0xa, 0x2) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r2)
prlimit64(0x0, 0xd, &(0x7f0000000140)={0x8, 0x40000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102400, 0x19000) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r4 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x2b2}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000640)=<r6=>0x0)
io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4) (async)
syz_io_uring_submit(r5, r6, &(0x7f0000000280)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x1}) (async)
r7 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$sock_buf(r7, 0x1, 0x48, 0x0, &(0x7f0000000040)) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0) (async)
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000019300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x800) (async)
r8 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r9 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r9, 0x0)
openat$cgroup_devices(r9, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) (async)
r10 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r10, 0x89e1, &(0x7f0000000100)={r10}) (async)
write$selinux_load(r8, &(0x7f0000000000)=ANY=[], 0xffaf)

1.471270752s ago: executing program 0 (id=3242):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ptrace$ARCH_GET_MAX_TAG_BITS(0x1e, r0, 0x0, 0x4003)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000040)='./file0\x00', 0x84242, 0x1df2a23c5997fad6)
setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f0000000100)={0x6, [0x400, 0x2], 0xe0}, 0x10)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x7, 0x3, 0xfffffffd, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x6000, 0x0, 0x0, 0x0, 0x5, 0x7}}, {0x0, 0x13}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)

327.506741ms ago: executing program 0 (id=3243):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x103001, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8b, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r3, 0x4004f506, &(0x7f0000000180)=0x1)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r5, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r5, 0x60}], 0x1, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=3244):
r0 = socket$kcm(0x10, 0x2, 0x0)
openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380), 0x149842, 0x0)
socket$inet6(0xa, 0x5, 0x9)
write$dsp(r1, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xfa, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe8, 0x3, 0x1, 0x4, 0x10, 0x9, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8, 0x41}, [@processing_unit={0xb, 0x24, 0x7, 0x3, 0x4, 0x7, "2fcfec69"}, @extension_unit={0xa, 0x24, 0x8, 0x6, 0x3, 0xf1, 'Q\fn'}, @extension_unit={0x9, 0x24, 0x8, 0x2, 0xfff9, 0x0, '2\a'}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x402, 0x6, 0x3}, @mixer_unit={0x7, 0x24, 0x4, 0x2, 0x5, "05f2"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x307, 0x6, 0x5, 0xf5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x1a, 0x3c, 0xf8, 0x1, 0x8}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x1, 0x3, 0x40, 0x7d, 'f'}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x8, 0xc, 0x5, "1984"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x7, 0x7, 0x0, 0x26, 0x83}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0xa, 0x4, 0xf8, {0x7, 0x25, 0x1, 0x0, 0x9a, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xb1, 0x6, 0x5}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x8, 0xb9, 0xae, 0xff, 0xdf}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x7, 0x3, 0x40, 0xf5, "fd85dccc6ca9"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0x4eda, 0x8, "ab84b254"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x81, 0xf, 0x2, {0x7, 0x25, 0x1, 0x8, 0x6}}}}}}}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0x7, 0x40, 0x80, 0x8, 0xfc}, 0x5, &(0x7f0000000280)={0x5, 0xf, 0x5}, 0x6, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x843}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x406}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x1004}}, {0x36, &(0x7f00000003c0)=@string={0x36, 0x3, "63cfc44507527023be010b2517a6e69f6b1d1c381c647b7716789b03f1f8ae5c9cc79d4770b0cba6efcef03177fdfa9bc17c054e"}}, {0x88, &(0x7f0000000400)=@string={0x88, 0x3, "d7868fff477827462046f78464b9459a65702a77119c9f804d1b9ec16690a283398aca46b4ed78387910d189e5bb9bbace0adb9494451c4689cd197d9ebe91f39f70155574e66c314c1a9d43df4b0c98b98f6720b4447e5b3746cce4cddb6512b54421f0e87c151fbf9f9c55bbbc4087af007cfe3c2e1c5fa5b49336eb28bddfe1a0163d9516"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xc0a}}]})
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1)

kernel console output (not intermixed with test programs):

ing dummy_hcd
[ 1012.787975][T17348] 9p: Bad value for 'wfdno'
[ 1012.845597][T17347] input: syz0 as /devices/virtual/input/input20
[ 1012.996974][ T5821] usb 4-1: Using ep0 maxpacket: 8
[ 1013.027466][ T5821] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1013.181592][ T5821] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1013.196922][ T5821] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1013.338590][ T5821] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1013.349470][ T5821] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1013.697264][T17355] 9p: Bad value for 'rfdno'
[ 1013.911387][ T5821] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1013.921414][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.088490][T17357] input: syz0 as /devices/virtual/input/input21
[ 1014.162950][ T5821] usb 4-1: usb_control_msg returned -32
[ 1014.173335][ T5821] usbtmc 4-1:16.0: can't read capabilities
[ 1014.265245][T17362] 9p: Bad value for 'wfdno'
[ 1014.846981][  T792] usb 4-1: USB disconnect, device number 25
[ 1015.146169][T17370] blktrace: Concurrent blktraces are not allowed on sg0
[ 1015.192456][T17370] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1015.451890][   T29] audit: type=1400 audit(2000001867.310:2341): avc:  denied  { map } for  pid=17375 comm="syz.4.2898" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1015.550121][T17378] input: syz0 as /devices/virtual/input/input22
[ 1016.717825][T17394] FAULT_INJECTION: forcing a failure.
[ 1016.717825][T17394] name failslab, interval 1, probability 0, space 0, times 0
[ 1016.757487][T17394] CPU: 1 UID: 0 PID: 17394 Comm: syz.3.2903 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1016.757518][T17394] Tainted: [L]=SOFTLOCKUP
[ 1016.757524][T17394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1016.757534][T17394] Call Trace:
[ 1016.757540][T17394]  <TASK>
[ 1016.757546][T17394]  dump_stack_lvl+0x100/0x190
[ 1016.757580][T17394]  should_fail_ex.cold+0x5/0xa
[ 1016.757603][T17394]  should_failslab+0xc2/0x120
[ 1016.757623][T17394]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1016.757647][T17394]  ? vm_area_alloc+0x1f/0x160
[ 1016.757674][T17394]  vm_area_alloc+0x1f/0x160
[ 1016.757695][T17394]  create_init_stack_vma+0x7e/0x700
[ 1016.757726][T17394]  alloc_bprm+0x405/0x710
[ 1016.757755][T17394]  do_execveat_common.isra.0+0x19c/0x580
[ 1016.757783][T17394]  ? do_getname+0x191/0x390
[ 1016.757807][T17394]  __x64_sys_execve+0x93/0xd0
[ 1016.757835][T17394]  do_syscall_64+0x106/0xf80
[ 1016.757858][T17394]  ? clear_bhb_loop+0x40/0x90
[ 1016.757880][T17394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.757897][T17394] RIP: 0033:0x7f07cc79c799
[ 1016.757913][T17394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1016.757929][T17394] RSP: 002b:00007f07cd59f028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[ 1016.757946][T17394] RAX: ffffffffffffffda RBX: 00007f07cca16090 RCX: 00007f07cc79c799
[ 1016.757958][T17394] RDX: 0000200000000b80 RSI: 00002000000005c0 RDI: 0000200000000040
[ 1016.757968][T17394] RBP: 00007f07cd59f090 R08: 0000000000000000 R09: 0000000000000000
[ 1016.757978][T17394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1016.757987][T17394] R13: 00007f07cca16128 R14: 00007f07cca16090 R15: 00007fffd28fd7c8
[ 1016.758011][T17394]  </TASK>
[ 1017.196676][   T29] audit: type=1400 audit(2000001869.060:2342): avc:  denied  { block_suspend } for  pid=17389 comm="syz.5.2902" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1017.731729][   T29] audit: type=1400 audit(2000001869.520:2343): avc:  denied  { create } for  pid=17389 comm="syz.5.2902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1017.773298][T17404] 9p: Bad value for 'wfdno'
[ 1018.977869][ T5822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1018.989166][ T5822] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1018.998435][ T5822] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1019.009002][ T5822] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1019.020669][ T5822] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1019.088808][T17420] lo speed is unknown, defaulting to 1000
[ 1019.172813][T17420] vxcan1 speed is unknown, defaulting to 1000
[ 1019.251895][T17427] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2913'.
[ 1019.280814][T17427] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2913'.
[ 1019.314518][T17425] input: syz0 as /devices/virtual/input/input23
[ 1019.579693][T17441] 9p: Bad value for 'wfdno'
[ 1019.598726][   T29] audit: type=1400 audit(2000001871.390:2344): avc:  denied  { create } for  pid=17432 comm="syz.4.2914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1019.910137][T17420] chnl_net:caif_netlink_parms(): no params data found
[ 1020.002973][T17447] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2916'.
[ 1020.058285][T17447] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2916'.
[ 1020.322331][T17454] nilfs2: Unknown parameter 'barrier@'
[ 1020.779379][   T29] audit: type=1400 audit(2000001872.180:2345): avc:  denied  { mounton } for  pid=17449 comm="syz.3.2917" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 1020.903790][T17420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1020.934805][   T29] audit: type=1400 audit(2000001872.780:2346): avc:  denied  { map } for  pid=17455 comm="syz.4.2919" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1020.960665][T17420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1020.969242][T17420] bridge_slave_0: entered allmulticast mode
[ 1020.982227][T17420] bridge_slave_0: entered promiscuous mode
[ 1020.990940][T17420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1020.998880][T17420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.032759][T17420] bridge_slave_1: entered allmulticast mode
[ 1021.041147][T17420] bridge_slave_1: entered promiscuous mode
[ 1021.284140][ T5822] Bluetooth: hci0: command tx timeout
[ 1021.553737][T17420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1021.613430][T17420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1021.725313][T17466] overlayfs: empty lowerdir
[ 1021.850750][T17420] team0: Port device team_slave_0 added
[ 1021.871243][T17420] team0: Port device team_slave_1 added
[ 1021.986341][T17420] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1021.993876][T17420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1022.077916][T17420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1022.832502][T17420] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1022.839523][T17420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1023.341850][ T5822] Bluetooth: hci0: command tx timeout
[ 1024.014196][T17420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1024.088539][T17420] hsr_slave_0: entered promiscuous mode
[ 1024.096119][T17420] hsr_slave_1: entered promiscuous mode
[ 1024.102834][T17420] debugfs: 'hsr0' already exists in 'hsr'
[ 1024.108677][T17420] Cannot create hsr debugfs directory
[ 1025.249454][T17503] xt_hashlimit: size too large, truncated to 1048576
[ 1025.978858][ T5822] Bluetooth: hci0: command tx timeout
[ 1026.338323][T17420] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1026.584011][T17420] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1026.727784][T17420] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1027.285775][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1027.596621][T17420] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1027.962606][T17525] 9p: Bad value for 'wfdno'
[ 1028.117870][ T5822] Bluetooth: hci0: command tx timeout
[ 1029.099823][T17420] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1029.160413][T17420] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1029.477782][T17420] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1029.655692][T17420] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1029.733388][   T29] audit: type=1400 audit(2000001881.550:2347): avc:  denied  { ioctl } for  pid=17545 comm="syz.3.2938" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1030.214823][T17553] syzkaller0: entered promiscuous mode
[ 1030.220434][T17553] syzkaller0: entered allmulticast mode
[ 1030.667727][   T10] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1030.861677][   T10] usb 5-1: Using ep0 maxpacket: 8
[ 1030.874574][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1030.916510][   T10] usb 5-1: no configurations
[ 1030.951777][   T10] usb 5-1: can't read configurations, error -22
[ 1031.161739][   T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1031.312258][   T10] usb 5-1: Using ep0 maxpacket: 8
[ 1031.319522][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1031.328157][   T10] usb 5-1: no configurations
[ 1031.442966][   T10] usb 5-1: can't read configurations, error -22
[ 1031.449651][   T10] usb usb5-port1: attempt power cycle
[ 1031.616839][   T29] audit: type=1326 audit(2000001883.480:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1031.648657][   T29] audit: type=1326 audit(2000001883.480:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1031.673016][   T29] audit: type=1326 audit(2000001883.510:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1031.704789][   T29] audit: type=1326 audit(2000001883.510:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1031.743660][   T29] audit: type=1326 audit(2000001883.510:2352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1031.774080][   T29] audit: type=1326 audit(2000001883.510:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1031.804485][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1031.837486][   T10] usb 5-1: Using ep0 maxpacket: 8
[ 1031.863388][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1031.871142][   T10] usb 5-1: no configurations
[ 1031.876416][   T10] usb 5-1: can't read configurations, error -22
[ 1032.011054][   T29] audit: type=1326 audit(2000001883.870:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1032.040958][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1032.074547][   T29] audit: type=1326 audit(2000001883.870:2355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17573 comm="syz.1.2943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd34019c799 code=0x7ffc0000
[ 1032.115462][   T10] usb 5-1: Using ep0 maxpacket: 8
[ 1032.143387][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1032.151282][   T10] usb 5-1: no configurations
[ 1032.159247][   T10] usb 5-1: can't read configurations, error -22
[ 1032.173515][   T10] usb usb5-port1: unable to enumerate USB device
[ 1032.671840][T17582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2945'.
[ 1032.938095][T17582] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1034.296049][   T29] audit: type=1400 audit(2000001886.160:2356): avc:  denied  { append } for  pid=17588 comm="syz.3.2946" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1034.472275][ T5824] udevd[5824]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1034.641983][ T6379] udevd[6379]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1035.073007][  T946] kernel read not supported for file /cpu/0/msr (pid: 946 comm: kworker/0:2)
[ 1035.882129][T17612] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2950'.
[ 1035.924047][T17612] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2950'.
[ 1036.628811][T17619] xt_hashlimit: size too large, truncated to 1048576
[ 1038.332651][T17626] xt_hashlimit: size too large, truncated to 1048576
[ 1039.168676][T17631] 9p: Bad value for 'wfdno'
[ 1039.332582][T17420] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1039.408110][T17420] 8021q: adding VLAN 0 to HW filter on device team0
[ 1039.435557][T17634] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2954'.
[ 1039.447701][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1039.454830][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1039.499898][T17420] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1039.521319][T17420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1039.537917][T17638] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2957'.
[ 1039.563996][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1039.571144][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1039.591950][T17645] tmpfs: Unknown parameter 'grpquota'
[ 1039.634893][   T29] audit: type=1400 audit(2000001891.480:2357): avc:  denied  { shutdown } for  pid=17635 comm="syz.4.2958" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1039.663403][T17645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2957'.
[ 1039.698796][T17638] ALSA: mixer_oss: invalid OSS volume 'PHl�6��q
ӆ���ONEOUT'
[ 1039.715887][   T29] audit: type=1400 audit(2000001891.560:2358): avc:  denied  { getopt } for  pid=17637 comm="syz.1.2957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1039.739558][T17638] ALSA: mixer_oss: invalid index 1374389
[ 1040.791585][ T5823] Bluetooth: hci1: command 0x0406 tx timeout
[ 1040.842546][   T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1040.962060][T17420] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1041.153612][   T10] usb 6-1: config index 0 descriptor too short (expected 21361, got 441)
[ 1041.164485][   T10] usb 6-1: config 74 has too many interfaces: 170, using maximum allowed: 32
[ 1041.183056][T17420] veth0_vlan: entered promiscuous mode
[ 1041.201832][   T10] usb 6-1: config 74 has an invalid descriptor of length 0, skipping remainder of the config
[ 1041.212769][T17420] veth1_vlan: entered promiscuous mode
[ 1041.259337][   T10] usb 6-1: config 74 has 0 interfaces, different from the descriptor's value: 170
[ 1041.271085][T17420] veth0_macvtap: entered promiscuous mode
[ 1041.308807][   T10] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1041.340304][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1041.350537][T17420] veth1_macvtap: entered promiscuous mode
[ 1041.430923][T17669] syzkaller0: entered promiscuous mode
[ 1041.495783][T17669] syzkaller0: entered allmulticast mode
[ 1041.535927][T17420] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1041.580982][T17420] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1041.604403][   T10] usb 6-1: string descriptor 0 read error: -71
[ 1041.621956][   T10] usb 6-1: USB disconnect, device number 21
[ 1041.663471][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1041.672463][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1042.101995][   T10] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1042.284365][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1042.302473][   T10] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7
[ 1042.331264][   T10] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7
[ 1042.412371][   T10] usb 6-1: string descriptor 0 read error: -22
[ 1042.431602][   T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[ 1042.451711][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1042.693382][   T10] usb 6-1: Can't get UAC3 power state for id 10
[ 1042.789568][T17684] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2967'.
[ 1042.800215][T17684] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2967'.
[ 1043.050771][T17688] FAULT_INJECTION: forcing a failure.
[ 1043.050771][T17688] name failslab, interval 1, probability 0, space 0, times 0
[ 1043.065041][T17688] CPU: 0 UID: 0 PID: 17688 Comm: syz.1.2968 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1043.065069][T17688] Tainted: [L]=SOFTLOCKUP
[ 1043.065075][T17688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1043.065085][T17688] Call Trace:
[ 1043.065091][T17688]  <TASK>
[ 1043.065097][T17688]  dump_stack_lvl+0x100/0x190
[ 1043.065134][T17688]  should_fail_ex.cold+0x5/0xa
[ 1043.065156][T17688]  should_failslab+0xc2/0x120
[ 1043.065173][T17688]  __kmalloc_cache_node_noprof+0x7d/0x770
[ 1043.065199][T17688]  ? __get_vm_area_node+0x101/0x330
[ 1043.065222][T17688]  ? trace_contention_end.constprop.0+0x15b/0x1b0
[ 1043.065246][T17688]  __get_vm_area_node+0x101/0x330
[ 1043.065268][T17688]  __vmalloc_node_range_noprof+0x213/0x1530
[ 1043.065289][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.065314][T17688]  ? __lock_acquire+0x4a5/0x2630
[ 1043.065333][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.065363][T17688]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1043.065383][T17688]  ? find_held_lock+0x2b/0x80
[ 1043.065404][T17688]  ? avc_has_perm_noaudit+0x11e/0x3b0
[ 1043.065422][T17688]  ? avc_has_perm_noaudit+0x11e/0x3b0
[ 1043.065443][T17688]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1043.065460][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.065483][T17688]  __vmalloc_node_noprof+0xad/0xf0
[ 1043.065503][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.065529][T17688]  __vmalloc_noprof+0xa3/0x120
[ 1043.065548][T17688]  ? __pfx___vmalloc_noprof+0x10/0x10
[ 1043.065570][T17688]  ? rcu_is_watching+0x12/0xc0
[ 1043.065590][T17688]  ? cap_capable+0x107/0x460
[ 1043.065611][T17688]  bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.065633][T17688]  ? security_capable+0x80/0x260
[ 1043.065653][T17688]  bpf_prog_alloc+0x3b/0x200
[ 1043.065674][T17688]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1043.065699][T17688]  bpf_prog_load+0x494/0x2c20
[ 1043.065721][T17688]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1043.065738][T17688]  ? __rcu_read_unlock+0x27f/0x5e0
[ 1043.065766][T17688]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1043.065786][T17688]  ? avc_has_perm+0x135/0x1e0
[ 1043.065814][T17688]  ? selinux_bpf+0xfb/0x150
[ 1043.065836][T17688]  __sys_bpf+0x223a/0x4b90
[ 1043.065853][T17688]  ? irqentry_exit+0x180/0x670
[ 1043.065878][T17688]  ? __pfx___sys_bpf+0x10/0x10
[ 1043.065894][T17688]  ? find_held_lock+0x2b/0x80
[ 1043.065920][T17688]  ? find_held_lock+0x2b/0x80
[ 1043.065939][T17688]  ? ksys_write+0x190/0x250
[ 1043.065969][T17688]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1043.065999][T17688]  ? fput+0x79/0x100
[ 1043.066014][T17688]  ? ksys_write+0x1ac/0x250
[ 1043.066034][T17688]  ? __pfx_ksys_write+0x10/0x10
[ 1043.066058][T17688]  __x64_sys_bpf+0x7b/0xc0
[ 1043.066073][T17688]  ? lockdep_hardirqs_on+0x78/0x100
[ 1043.066090][T17688]  do_syscall_64+0x106/0xf80
[ 1043.066109][T17688]  ? clear_bhb_loop+0x40/0x90
[ 1043.066126][T17688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1043.066140][T17688] RIP: 0033:0x7fd34019c799
[ 1043.066152][T17688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1043.066166][T17688] RSP: 002b:00007fd340fbd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1043.066181][T17688] RAX: ffffffffffffffda RBX: 00007fd340416090 RCX: 00007fd34019c799
[ 1043.066190][T17688] RDX: 000000000000003b RSI: 0000200000000140 RDI: 0000000000000005
[ 1043.066198][T17688] RBP: 00007fd340fbd090 R08: 0000000000000000 R09: 0000000000000000
[ 1043.066206][T17688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1043.066219][T17688] R13: 00007fd340416128 R14: 00007fd340416090 R15: 00007ffd52661748
[ 1043.066237][T17688]  </TASK>
[ 1043.069192][T17688] syz.1.2968: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1043.448189][T17688] CPU: 0 UID: 0 PID: 17688 Comm: syz.1.2968 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1043.448215][T17688] Tainted: [L]=SOFTLOCKUP
[ 1043.448219][T17688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1043.448225][T17688] Call Trace:
[ 1043.448229][T17688]  <TASK>
[ 1043.448233][T17688]  dump_stack_lvl+0x100/0x190
[ 1043.448255][T17688]  warn_alloc.cold+0x95/0x1c1
[ 1043.448275][T17688]  ? __pfx_warn_alloc+0x10/0x10
[ 1043.448294][T17688]  ? __kasan_kmalloc+0x8a/0xb0
[ 1043.448311][T17688]  ? __get_vm_area_node+0x208/0x330
[ 1043.448326][T17688]  __vmalloc_node_range_noprof+0xbf4/0x1530
[ 1043.448345][T17688]  ? __lock_acquire+0x4a5/0x2630
[ 1043.448358][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.448377][T17688]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1043.448392][T17688]  ? find_held_lock+0x2b/0x80
[ 1043.448413][T17688]  ? avc_has_perm_noaudit+0x11e/0x3b0
[ 1043.448429][T17688]  ? avc_has_perm_noaudit+0x11e/0x3b0
[ 1043.448449][T17688]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1043.448464][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.448479][T17688]  __vmalloc_node_noprof+0xad/0xf0
[ 1043.448492][T17688]  ? bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.448509][T17688]  __vmalloc_noprof+0xa3/0x120
[ 1043.448522][T17688]  ? __pfx___vmalloc_noprof+0x10/0x10
[ 1043.448535][T17688]  ? rcu_is_watching+0x12/0xc0
[ 1043.448549][T17688]  ? cap_capable+0x107/0x460
[ 1043.448562][T17688]  bpf_prog_alloc_no_stats+0x59/0x630
[ 1043.448577][T17688]  ? security_capable+0x80/0x260
[ 1043.448591][T17688]  bpf_prog_alloc+0x3b/0x200
[ 1043.448605][T17688]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1043.448621][T17688]  bpf_prog_load+0x494/0x2c20
[ 1043.448635][T17688]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1043.448645][T17688]  ? __rcu_read_unlock+0x27f/0x5e0
[ 1043.448663][T17688]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1043.448676][T17688]  ? avc_has_perm+0x135/0x1e0
[ 1043.448693][T17688]  ? selinux_bpf+0xfb/0x150
[ 1043.448706][T17688]  __sys_bpf+0x223a/0x4b90
[ 1043.448717][T17688]  ? irqentry_exit+0x180/0x670
[ 1043.448734][T17688]  ? __pfx___sys_bpf+0x10/0x10
[ 1043.448746][T17688]  ? find_held_lock+0x2b/0x80
[ 1043.448762][T17688]  ? find_held_lock+0x2b/0x80
[ 1043.448776][T17688]  ? ksys_write+0x190/0x250
[ 1043.448796][T17688]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1043.448819][T17688]  ? fput+0x79/0x100
[ 1043.448832][T17688]  ? ksys_write+0x1ac/0x250
[ 1043.448848][T17688]  ? __pfx_ksys_write+0x10/0x10
[ 1043.448867][T17688]  __x64_sys_bpf+0x7b/0xc0
[ 1043.448879][T17688]  ? lockdep_hardirqs_on+0x78/0x100
[ 1043.448894][T17688]  do_syscall_64+0x106/0xf80
[ 1043.448908][T17688]  ? clear_bhb_loop+0x40/0x90
[ 1043.448921][T17688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1043.448933][T17688] RIP: 0033:0x7fd34019c799
[ 1043.448944][T17688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1043.448954][T17688] RSP: 002b:00007fd340fbd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1043.448969][T17688] RAX: ffffffffffffffda RBX: 00007fd340416090 RCX: 00007fd34019c799
[ 1043.448976][T17688] RDX: 000000000000003b RSI: 0000200000000140 RDI: 0000000000000005
[ 1043.448982][T17688] RBP: 00007fd340fbd090 R08: 0000000000000000 R09: 0000000000000000
[ 1043.448988][T17688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1043.448995][T17688] R13: 00007fd340416128 R14: 00007fd340416090 R15: 00007ffd52661748
[ 1043.449008][T17688]  </TASK>
[ 1043.449039][T17688] Mem-Info:
[ 1043.796474][T17688] active_anon:31419 inactive_anon:0 isolated_anon:0
[ 1043.796474][T17688]  active_file:24282 inactive_file:41648 isolated_file:0
[ 1043.796474][T17688]  unevictable:768 dirty:489 writeback:0
[ 1043.796474][T17688]  slab_reclaimable:13030 slab_unreclaimable:117393
[ 1043.796474][T17688]  mapped:33539 shmem:22166 pagetables:1430
[ 1043.796474][T17688]  sec_pagetables:0 bounce:0
[ 1043.796474][T17688]  kernel_misc_reclaimable:0
[ 1043.796474][T17688]  free:1251273 free_pcp:10818 free_cma:0
[ 1043.842375][T17688] Node 0 active_anon:119696kB inactive_anon:0kB active_file:97128kB inactive_file:166392kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134156kB dirty:1952kB writeback:0kB shmem:81148kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13608kB pagetables:5580kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1043.876545][T17688] Node 1 active_anon:5980kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:7516kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1043.906886][T17688] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1043.936982][T17688] lowmem_reserve[]: 0 2477 2478 2478 2478
[ 1043.942933][T17688] Node 0 DMA32 free:1062492kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:119696kB inactive_anon:0kB active_file:97128kB inactive_file:166392kB unevictable:1536kB writepending:1952kB zspages:0kB present:3129332kB managed:2537136kB mlocked:0kB bounce:0kB free_pcp:33668kB local_pcp:19868kB free_cma:0kB
[ 1043.978492][T17688] lowmem_reserve[]: 0 0 1 1 1
[ 1043.983476][T17688] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1048kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[ 1044.013420][T17688] lowmem_reserve[]: 0 0 0 0 0
[ 1044.018316][T17688] Node 1 Normal free:3927240kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:5980kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:9600kB local_pcp:9452kB free_cma:0kB
[ 1044.050995][T17688] lowmem_reserve[]: 0 0 0 0 0
[ 1044.056048][T17688] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1044.070237][T17688] Node 0 DMA32: 1599*4kB (UME) 2074*8kB (UE) 1227*16kB (UE) 196*32kB (ME) 280*64kB (UME) 328*128kB (UM) 197*256kB (UME) 120*512kB (UM) 106*1024kB (UM) 16*2048kB (UM) 171*4096kB (UM) = 1062396kB
[ 1044.091474][T17688] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1044.103093][T17688] Node 1 Normal: 2*4kB (U) 6*8kB (U) 13*16kB (UM) 6*32kB (UM) 14*64kB (UM) 3*128kB (UM) 4*256kB (UM) 1*512kB (U) 2*1024kB (UM) 3*2048kB (UM) 956*4096kB (M) = 3927240kB
[ 1044.120519][T17688] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1044.130228][T17688] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1044.139667][T17688] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1044.149375][T17688] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1044.158750][T17688] 88092 total pagecache pages
[ 1044.164140][T17688] 0 pages in swap cache
[ 1044.168369][T17688] Free swap  = 124996kB
[ 1044.172612][T17688] Total swap = 124996kB
[ 1044.176839][T17688] 2097051 pages RAM
[ 1044.180691][T17688] 0 pages HighMem/MovableOnly
[ 1044.186756][T17688] 430890 pages reserved
[ 1044.190988][T17688] 0 pages cma reserved
[ 1044.784275][T17663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1044.807376][T17663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1045.239680][   T10] usb 6-1: 2:0: failed to get current value for ch 1 (-71)
[ 1045.453123][   T10] usb 6-1: USB disconnect, device number 22
[ 1045.734042][   T29] audit: type=1400 audit(2000001897.590:2359): avc:  denied  { read } for  pid=17696 comm="syz.5.2970" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1046.541753][   T10] kernel read not supported for file /cpu/0/msr (pid: 10 comm: kworker/0:1)
[ 1046.644356][T17709] vcan0: tx address claim with dlc 1
[ 1046.972374][ T5867] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1047.101687][ T5867] usb 2-1: device descriptor read/64, error -71
[ 1047.402451][ T5867] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1047.552714][ T5867] usb 2-1: device descriptor read/64, error -71
[ 1047.662357][ T5867] usb usb2-port1: attempt power cycle
[ 1047.978445][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.010234][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.081607][ T5867] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1048.094381][T17723] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2976'.
[ 1048.125079][ T5867] usb 2-1: device descriptor read/8, error -71
[ 1048.245592][T17723] netlink: 'syz.4.2976': attribute type 6 has an invalid length.
[ 1048.297336][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1048.363281][ T5867] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1048.380405][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1048.402020][ T5867] usb 2-1: device descriptor read/8, error -71
[ 1048.415722][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1048.429966][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1048.535818][ T5867] usb usb2-port1: unable to enumerate USB device
[ 1048.872340][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1048.881348][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1049.124568][T17732] input: syz0 as /devices/virtual/input/input24
[ 1049.712656][ T5867] kernel read not supported for file /cpu/0/msr (pid: 5867 comm: kworker/1:3)
[ 1050.153664][T17744] 9p: Bad value for 'wfdno'
[ 1050.617831][ T5823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1050.629869][ T5823] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1050.701131][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1050.710557][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1050.751143][T17752] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2982'.
[ 1050.762359][T17752] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2982'.
[ 1050.820400][ T5823] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1051.110178][T17758] 9p: Bad value for 'wfdno'
[ 1051.220935][T17746] lo speed is unknown, defaulting to 1000
[ 1051.272745][T17746] vxcan1 speed is unknown, defaulting to 1000
[ 1051.506625][T17763] syzkaller0: entered promiscuous mode
[ 1051.584193][T17763] syzkaller0: entered allmulticast mode
[ 1052.218185][   T29] audit: type=1400 audit(2000001904.080:2360): avc:  denied  { write } for  pid=17769 comm="syz.4.2987" name="file0" dev="tmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1052.253902][   T29] audit: type=1400 audit(2000001904.080:2361): avc:  denied  { open } for  pid=17769 comm="syz.4.2987" path="/30/file0" dev="tmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1052.506336][   T29] audit: type=1400 audit(2000001904.080:2362): avc:  denied  { ioctl } for  pid=17769 comm="syz.4.2987" path="/30/file0" dev="tmpfs" ino=179 ioctlcmd=0x1261 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1052.932043][ T5823] Bluetooth: hci4: command tx timeout
[ 1053.368959][T17781] netlink: 'syz.4.2990': attribute type 6 has an invalid length.
[ 1053.459926][T17789] CIFS mount error: No usable UNC path provided in device string!
[ 1053.459926][T17789] 
[ 1053.470180][T17789] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1054.276114][   T29] audit: type=1400 audit(2000001906.140:2363): avc:  denied  { create } for  pid=17793 comm="syz.0.2993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[ 1055.001720][ T5823] Bluetooth: hci4: command tx timeout
[ 1055.239241][ T5823] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 1055.263110][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: kworker/u9:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1055.263151][ T5823] Tainted: [L]=SOFTLOCKUP
[ 1055.263157][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1055.263169][ T5823] Workqueue: hci0 hci_rx_work
[ 1055.263196][ T5823] Call Trace:
[ 1055.263201][ T5823]  <TASK>
[ 1055.263209][ T5823]  dump_stack_lvl+0x100/0x190
[ 1055.263241][ T5823]  sysfs_warn_dup.cold+0x1c/0x28
[ 1055.263267][ T5823]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1055.263294][ T5823]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1055.263317][ T5823]  ? find_held_lock+0x2b/0x80
[ 1055.263341][ T5823]  ? kobject_add_internal+0x25f/0x930
[ 1055.263366][ T5823]  ? kobject_add_internal+0x25f/0x930
[ 1055.263394][ T5823]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1055.263413][ T5823]  kobject_add_internal+0x2c8/0x930
[ 1055.263441][ T5823]  kobject_add+0x16a/0x1e0
[ 1055.263463][ T5823]  ? __pfx_kobject_add+0x10/0x10
[ 1055.263484][ T5823]  ? class_to_subsys+0x10f/0x150
[ 1055.263509][ T5823]  ? kobject_put+0xb9/0x640
[ 1055.263532][ T5823]  ? _raw_spin_unlock+0x28/0x50
[ 1055.263557][ T5823]  device_add+0x294/0x1950
[ 1055.263574][ T5823]  ? __pfx_dev_set_name+0x10/0x10
[ 1055.263596][ T5823]  ? __pfx_device_add+0x10/0x10
[ 1055.263613][ T5823]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1055.263641][ T5823]  hci_conn_add_sysfs+0x1a3/0x260
[ 1055.263663][ T5823]  le_conn_complete_evt+0x11cb/0x1f40
[ 1055.263686][ T5823]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1055.263711][ T5823]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1055.263730][ T5823]  ? skb_pull_data+0x15f/0x1e0
[ 1055.263749][ T5823]  hci_le_meta_evt+0x34a/0x5f0
[ 1055.263771][ T5823]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1055.263793][ T5823]  hci_event_packet+0x682/0x11c0
[ 1055.263813][ T5823]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1055.263833][ T5823]  ? __pfx_hci_event_packet+0x10/0x10
[ 1055.263853][ T5823]  ? kcov_remote_start+0x374/0x660
[ 1055.263876][ T5823]  ? lockdep_hardirqs_on+0x78/0x100
[ 1055.263907][ T5823]  hci_rx_work+0x451/0xfc0
[ 1055.263932][ T5823]  process_one_work+0xa23/0x19a0
[ 1055.263963][ T5823]  ? __pfx_process_one_work+0x10/0x10
[ 1055.263990][ T5823]  ? __pfx_hci_rx_work+0x10/0x10
[ 1055.264012][ T5823]  worker_thread+0x5ef/0xe50
[ 1055.264040][ T5823]  ? kthread+0x13a/0x450
[ 1055.264055][ T5823]  ? __pfx_worker_thread+0x10/0x10
[ 1055.264073][ T5823]  kthread+0x370/0x450
[ 1055.264088][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1055.264106][ T5823]  ret_from_fork+0x754/0xd80
[ 1055.264133][ T5823]  ? __pfx_ret_from_fork+0x10/0x10
[ 1055.264154][ T5823]  ? __switch_to+0x7b4/0x1120
[ 1055.264175][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1055.264192][ T5823]  ret_from_fork_asm+0x1a/0x30
[ 1055.264227][ T5823]  </TASK>
[ 1055.264273][ T5823] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1056.453842][ T5823] Bluetooth: hci0: failed to register connection device
[ 1057.081825][ T5822] Bluetooth: hci4: command tx timeout
[ 1057.148653][   T29] audit: type=1400 audit(2000001909.020:2364): avc:  denied  { bind } for  pid=17810 comm="syz.5.2997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1057.206350][   T29] audit: type=1400 audit(2000001909.020:2365): avc:  denied  { listen } for  pid=17810 comm="syz.5.2997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1057.234303][   T29] audit: type=1400 audit(2000001909.020:2366): avc:  denied  { connect } for  pid=17810 comm="syz.5.2997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1057.276847][T17811] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=528 sclass=netlink_route_socket pid=17811 comm=syz.5.2997
[ 1058.205325][T17820] 9p: Bad value for 'wfdno'
[ 1058.214177][  T792] kernel read not supported for file /cpu/0/msr (pid: 792 comm: kworker/1:2)
[ 1059.140676][   T58] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1059.167308][ T5822] Bluetooth: hci4: command tx timeout
[ 1060.695429][T17746] chnl_net:caif_netlink_parms(): no params data found
[ 1061.192430][T17863] 9p: Bad value for 'wfdno'
[ 1061.358553][T17746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.420889][T17746] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1061.433704][T17746] bridge_slave_0: entered allmulticast mode
[ 1061.450569][T17746] bridge_slave_0: entered promiscuous mode
[ 1061.805199][  T946] kernel read not supported for file /cpu/0/msr (pid: 946 comm: kworker/0:2)
[ 1061.861622][T17746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.868721][T17746] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1061.879076][T17746] bridge_slave_1: entered allmulticast mode
[ 1061.892420][T17746] bridge_slave_1: entered promiscuous mode
[ 1061.999503][T17746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1062.064747][T17872] input: syz0 as /devices/virtual/input/input25
[ 1062.148900][T17746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1062.330546][T17876] 9p: Bad value for 'wfdno'
[ 1062.590167][T17746] team0: Port device team_slave_0 added
[ 1062.632481][T17746] team0: Port device team_slave_1 added
[ 1062.850173][T17746] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1062.886955][T17746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1062.958111][T17746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1063.170325][T17746] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1063.179266][T17746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1063.706736][  T946] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[ 1063.729833][T17746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1063.847945][T17746] hsr_slave_0: entered promiscuous mode
[ 1063.893177][  T946] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1063.914869][T17746] hsr_slave_1: entered promiscuous mode
[ 1063.921139][T17746] debugfs: 'hsr0' already exists in 'hsr'
[ 1063.932117][T17746] Cannot create hsr debugfs directory
[ 1063.944970][  T946] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[ 1063.991537][  T946] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1064.007736][  T946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1064.104165][T17888] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1064.111404][T17888] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1064.122638][T17901] blktrace: Concurrent blktraces are not allowed on sg0
[ 1064.155788][T17901] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1064.173786][  T946] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1065.426686][T17904] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3019'.
[ 1065.436105][   T29] audit: type=1400 audit(2000001916.490:2367): avc:  denied  { associate } for  pid=17907 comm="syz.3.3015" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1066.371575][T16226] Bluetooth: hci0: command 0x0406 tx timeout
[ 1066.608330][T17904] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1067.725775][T17746] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1067.766015][  T946] usb 4-1: USB disconnect, device number 26
[ 1068.267701][ T5813] udevd[5813]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1068.282423][ T6379] udevd[6379]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1068.787209][T17925] 9p: Bad value for 'wfdno'
[ 1069.128244][T17746] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1069.205344][ T5822] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[ 1069.457195][T17938] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[ 1069.655955][T17746] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1070.159396][T17746] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1070.326932][ T5822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1070.337086][ T5822] CPU: 0 UID: 0 PID: 5822 Comm: kworker/u9:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1070.337120][ T5822] Tainted: [L]=SOFTLOCKUP
[ 1070.337127][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1070.337140][ T5822] Workqueue: hci5 hci_rx_work
[ 1070.337167][ T5822] Call Trace:
[ 1070.337173][ T5822]  <TASK>
[ 1070.337180][ T5822]  dump_stack_lvl+0x100/0x190
[ 1070.337214][ T5822]  sysfs_warn_dup.cold+0x1c/0x28
[ 1070.337243][ T5822]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1070.337274][ T5822]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1070.337302][ T5822]  ? find_held_lock+0x2b/0x80
[ 1070.337328][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1070.337357][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1070.337390][ T5822]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1070.337416][ T5822]  kobject_add_internal+0x2c8/0x930
[ 1070.337450][ T5822]  kobject_add+0x16a/0x1e0
[ 1070.337478][ T5822]  ? __pfx_kobject_add+0x10/0x10
[ 1070.337504][ T5822]  ? preempt_schedule_thunk+0x16/0x30
[ 1070.337533][ T5822]  ? kobject_put+0xb9/0x640
[ 1070.337559][ T5822]  ? _raw_spin_unlock+0x3e/0x50
[ 1070.337588][ T5822]  device_add+0x294/0x1950
[ 1070.337607][ T5822]  ? __pfx_dev_set_name+0x10/0x10
[ 1070.337631][ T5822]  ? __pfx_device_add+0x10/0x10
[ 1070.337650][ T5822]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1070.337679][ T5822]  hci_conn_add_sysfs+0x1a3/0x260
[ 1070.337706][ T5822]  le_conn_complete_evt+0x11cb/0x1f40
[ 1070.337734][ T5822]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1070.337762][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1070.337783][ T5822]  ? skb_pull_data+0x15f/0x1e0
[ 1070.337804][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1070.337827][ T5822]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1070.337853][ T5822]  hci_event_packet+0x682/0x11c0
[ 1070.337874][ T5822]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1070.337898][ T5822]  ? __pfx_hci_event_packet+0x10/0x10
[ 1070.337925][ T5822]  ? __sanitizer_cov_trace_switch+0x87/0x90
[ 1070.337957][ T5822]  hci_rx_work+0x451/0xfc0
[ 1070.337984][ T5822]  process_one_work+0xa23/0x19a0
[ 1070.338016][ T5822]  ? __pfx_process_one_work+0x10/0x10
[ 1070.338053][ T5822]  ? __pfx_hci_rx_work+0x10/0x10
[ 1070.338076][ T5822]  worker_thread+0x5ef/0xe50
[ 1070.338104][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1070.338125][ T5822]  ? kthread+0x13a/0x450
[ 1070.338142][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1070.338160][ T5822]  kthread+0x370/0x450
[ 1070.338176][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1070.338196][ T5822]  ret_from_fork+0x754/0xd80
[ 1070.338218][ T5822]  ? __pfx_ret_from_fork+0x10/0x10
[ 1070.338239][ T5822]  ? rcu_is_watching+0x12/0xc0
[ 1070.338264][ T5822]  ? __switch_to+0x7b4/0x1120
[ 1070.338288][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1070.338308][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1070.338343][ T5822]  </TASK>
[ 1070.338478][ T5822] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1070.793706][T17945] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[ 1072.161726][ T5822] Bluetooth: hci5: failed to register connection device
[ 1073.309148][T17952] tipc: Started in network mode
[ 1073.316189][T17952] tipc: Node identity 86c8c7441f58, cluster identity 4711
[ 1073.323549][T17952] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1073.333584][T17952] syzkaller0: MTU too low for tipc bearer
[ 1073.339328][T17952] tipc: Disabling bearer <eth:syzkaller0>
[ 1073.370157][   T29] audit: type=1400 audit(2000001925.230:2368): avc:  denied  { setattr } for  pid=17948 comm="syz.5.3028" name="fd" dev="proc" ino=70788 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1073.508591][T17746] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1073.589080][T17746] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1073.598062][T17746] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1073.625572][T17746] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1073.805308][   T29] audit: type=1400 audit(2000001925.670:2369): avc:  denied  { bind } for  pid=17967 comm="syz.3.3031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1073.904860][   T29] audit: type=1400 audit(2000001925.670:2370): avc:  denied  { name_bind } for  pid=17967 comm="syz.3.3031" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1073.975605][T17746] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1074.026792][T17746] 8021q: adding VLAN 0 to HW filter on device team0
[ 1074.057364][   T29] audit: type=1400 audit(2000001925.670:2371): avc:  denied  { node_bind } for  pid=17967 comm="syz.3.3031" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[ 1074.079455][  T128] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1074.087306][  T128] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1074.186341][  T128] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1074.193448][  T128] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1074.921878][T16226] Bluetooth: hci3: command 0x0405 tx timeout
[ 1074.985443][T17746] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1075.066741][T17979] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[ 1075.223226][T17746] veth0_vlan: entered promiscuous mode
[ 1075.317261][T17746] veth1_vlan: entered promiscuous mode
[ 1075.357680][T17746] veth0_macvtap: entered promiscuous mode
[ 1075.371523][T17746] veth1_macvtap: entered promiscuous mode
[ 1075.416800][T17746] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1075.448440][T17746] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1075.474240][  T128] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1075.504808][  T128] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1075.527828][  T128] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1075.726421][T17993] blktrace: Concurrent blktraces are not allowed on sg0
[ 1075.775711][T17992] 9p: Bad value for 'wfdno'
[ 1075.799785][  T128] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1076.009986][T17996] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1076.434752][  T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1076.455851][  T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1076.513055][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1076.533586][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1077.115656][T18009] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1077.225403][  T161] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1077.423795][   T29] audit: type=1400 audit(2000001929.290:2372): avc:  denied  { mount } for  pid=18007 comm="syz.5.3041" name="/" dev="autofs" ino=71024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1077.743789][T18016] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3043'.
[ 1078.617444][ T5823] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1078.628499][T18022] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1078.637986][T18022] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1078.646344][T18022] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1078.654621][T18022] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1079.167237][T18020] lo speed is unknown, defaulting to 1000
[ 1079.192891][T18020] vxcan1 speed is unknown, defaulting to 1000
[ 1079.244508][ T5822] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1079.469756][T18035] 9p: Bad value for 'wfdno'
[ 1080.480314][T18040] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3049'.
[ 1080.659615][T18041] syzkaller0: entered promiscuous mode
[ 1080.671215][T18041] syzkaller0: entered allmulticast mode
[ 1080.763080][T18022] Bluetooth: hci6: command tx timeout
[ 1081.865145][   T29] audit: type=1400 audit(2000001933.680:2373): avc:  denied  { override_creds } for  pid=18029 comm="syz.5.3047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1082.061708][ T5874] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1082.344277][ T5874] usb 2-1: Using ep0 maxpacket: 32
[ 1082.478150][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1082.583678][T18020] chnl_net:caif_netlink_parms(): no params data found
[ 1082.593534][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1082.671860][ T5874] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1082.738202][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1082.762414][ T5874] usb 2-1: config 0 descriptor??
[ 1082.840945][T18022] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[ 1082.842541][ T5822] Bluetooth: hci6: command tx timeout
[ 1082.908218][T18068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3054'.
[ 1083.199102][T18068] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1083.599443][ T5874] ft260 0003:0403:6030.0007: unknown main item tag 0x0
[ 1083.816793][ T5874] ft260 0003:0403:6030.0007: unknown main item tag 0x0
[ 1084.132269][ T5874] ft260 0003:0403:6030.0007: chip code: 0000 0000
[ 1084.310211][ T5874] ft260 0003:0403:6030.0007: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[ 1084.548716][ T5874] ft260 0003:0403:6030.0007: failed to retrieve status: -32, no wakeup
[ 1084.923132][ T5822] Bluetooth: hci6: command tx timeout
[ 1085.064869][T18020] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1085.110685][ T6382] udevd[6382]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1085.149376][ T6379] udevd[6379]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1085.161378][ T5874] ft260 0003:0403:6030.0007: failed to retrieve status: -71
[ 1085.182405][T18020] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1085.189620][T18020] bridge_slave_0: entered allmulticast mode
[ 1085.320182][ T5874] ft260 0003:0403:6030.0007: failed to reset I2C controller: -71
[ 1085.756834][T18020] bridge_slave_0: entered promiscuous mode
[ 1086.151651][T18082] xt_hashlimit: size too large, truncated to 1048576
[ 1086.772392][T18020] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1086.779838][ T5874] usb 2-1: USB disconnect, device number 30
[ 1086.790357][T18020] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1086.882349][T18020] bridge_slave_1: entered allmulticast mode
[ 1086.904622][T18020] bridge_slave_1: entered promiscuous mode
[ 1087.001753][ T5822] Bluetooth: hci6: command tx timeout
[ 1087.032239][T18020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1087.183967][T18088] input: syz0 as /devices/virtual/input/input26
[ 1087.259717][   T29] audit: type=1400 audit(2000001939.120:2374): avc:  denied  { connect } for  pid=18086 comm="syz.1.3058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1087.382699][T18020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1087.416385][   T29] audit: type=1400 audit(2000001939.120:2375): avc:  denied  { setopt } for  pid=18086 comm="syz.1.3058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1087.467956][T18020] team0: Port device team_slave_0 added
[ 1087.489794][T18020] team0: Port device team_slave_1 added
[ 1087.559096][T18020] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1087.584427][T18020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1087.706292][T18020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1087.777690][ T5822] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1088.652218][T18096] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[ 1089.333996][T18020] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1089.401986][T18020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1089.528583][T18020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1090.018903][T18020] hsr_slave_0: entered promiscuous mode
[ 1090.025467][T18020] hsr_slave_1: entered promiscuous mode
[ 1090.041981][T18020] debugfs: 'hsr0' already exists in 'hsr'
[ 1090.047789][T18020] Cannot create hsr debugfs directory
[ 1090.214563][T17946] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1091.895239][T18020] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1092.723584][T18132] xt_hashlimit: size too large, truncated to 1048576
[ 1094.014881][T18020] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.230828][T18020] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.435898][T18020] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1095.983896][T18020] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1096.024715][T18020] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1096.044765][T18020] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1096.080086][T18020] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1096.234505][T18020] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1096.286736][T18020] 8021q: adding VLAN 0 to HW filter on device team0
[ 1096.311176][T17946] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1096.311642][ T5874] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1096.318410][T17946] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1096.348237][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1096.355371][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1096.436005][T18160] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[ 1096.605738][ T5874] usb 1-1: config 4 has an invalid interface number: 42 but max is 0
[ 1097.265030][   T29] audit: type=1400 audit(2000001949.120:2376): avc:  denied  { write } for  pid=18158 comm="syz.4.3070" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1097.271613][ T5874] usb 1-1: config 4 has no interface number 0
[ 1097.302778][ T5874] usb 1-1: config 4 interface 42 altsetting 0 endpoint 0xF has invalid maxpacket 1023, setting to 64
[ 1097.322580][ T5874] usb 1-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=81.51
[ 1097.331966][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1097.933484][   T29] audit: type=1400 audit(2000001949.160:2377): avc:  denied  { open } for  pid=18158 comm="syz.4.3070" path="/47/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1097.978420][ T5874] s2255 1-1:4.42: Could not find bulk-in endpoint
[ 1097.986742][ T5874] Sensoray 2255 driver load failed: 0xfffffff4
[ 1098.002550][ T5874] s2255 1-1:4.42: probe with driver s2255 failed with error -12
[ 1098.244004][T18151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1098.289822][T18151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1098.308129][T18175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3077'.
[ 1098.317173][T18175] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1098.324871][   T29] audit: type=1400 audit(2000001950.170:2378): avc:  denied  { ioctl } for  pid=18174 comm="syz.1.3077" path="socket:[72736]" dev="sockfs" ino=72736 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1098.363216][  T792] usb 1-1: USB disconnect, device number 21
[ 1098.385146][T18175] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1098.514178][T18020] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1098.703583][T18020] veth0_vlan: entered promiscuous mode
[ 1098.753633][T18020] veth1_vlan: entered promiscuous mode
[ 1098.837244][T18020] veth0_macvtap: entered promiscuous mode
[ 1098.895021][T18020] veth1_macvtap: entered promiscuous mode
[ 1098.957791][T18020] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1099.125365][  T946] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1099.129405][T18020] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1099.289784][T17585] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.364458][T17585] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.379673][T17585] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.425156][ T1098] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.443117][  T946] usb 5-1: too many configurations: 9, using maximum allowed: 8
[ 1099.462672][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1099.473693][T18181] 9p: Bad value for 'wfdno'
[ 1099.501163][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1099.519854][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1099.522512][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1099.600225][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1099.627421][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1099.637730][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1099.677355][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1099.717602][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1099.752558][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1099.825417][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1099.857996][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1099.882445][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1099.923919][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1100.021758][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1100.162827][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1100.253694][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1100.347840][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1100.569535][T18192] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3080'.
[ 1100.835396][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1100.858718][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1100.868470][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1100.882659][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1100.902092][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1100.923434][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1101.311505][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1101.332098][  T946] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1101.821704][  T946] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1101.875261][  T946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1101.894669][  T946] usb 5-1: string descriptor 0 read error: -71
[ 1101.921295][  T946] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1102.231791][  T946] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1102.252004][  T946] usb 5-1: config 0 descriptor??
[ 1102.262625][  T946] usb 5-1: can't set config #0, error -71
[ 1102.276730][  T946] usb 5-1: USB disconnect, device number 29
[ 1102.287454][T16226] Bluetooth: hci3: command 0x0405 tx timeout
[ 1102.427637][T18208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3083'.
[ 1102.439782][T18208] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3083'.
[ 1103.542114][ T5915] kernel read not supported for file /cpu/0/msr (pid: 5915 comm: kworker/1:5)
[ 1105.521650][ T5915] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[ 1105.775000][ T5915] usb 6-1: not running at top speed; connect to a high speed hub
[ 1105.841266][   T29] audit: type=1400 audit(2000001957.690:2379): avc:  denied  { connect } for  pid=18239 comm="syz.1.3093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1105.874310][ T5915] usb 6-1: config 11 has an invalid interface number: 95 but max is 0
[ 1106.744523][ T5915] usb 6-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config
[ 1106.776079][ T5915] usb 6-1: config 11 has no interface number 0
[ 1106.913467][  T792] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1107.242980][ T5822] Bluetooth: hci5: command 0x0406 tx timeout
[ 1107.501945][T18248] 9p: Bad value for 'wfdno'
[ 1107.562714][ T5915] usb 6-1: config 11 interface 95 altsetting 64 endpoint 0xD has invalid wMaxPacketSize 0
[ 1107.583505][ T5915] usb 6-1: config 11 interface 95 altsetting 64 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1107.598942][ T5915] usb 6-1: config 11 interface 95 has no altsetting 0
[ 1107.609836][ T5915] usb 6-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=b1.4d
[ 1107.619621][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[ 1107.627747][ T5915] usb 6-1: Manufacturer: syz
[ 1107.693181][  T792] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1107.720666][  T792] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1107.731624][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1107.751866][  T792] usb 2-1: config 0 descriptor??
[ 1108.111811][   T24] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1108.357030][ T5915] usb 6-1: USB disconnect, device number 23
[ 1108.422737][   T24] usb 5-1: Using ep0 maxpacket: 16
[ 1108.433886][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1108.445146][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1108.455155][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1108.471005][   T24] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1108.481390][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1108.494374][   T24] usb 5-1: config 0 descriptor??
[ 1108.681971][    C0] af_packet: tpacket_rcv: packet too big, clamped from 40 to 4294967272. macoff=96
[ 1108.852448][  T792] ath6kl: Failed to submit usb control message: -110
[ 1108.916928][  T792] ath6kl: unable to send the bmi data to the device: -110
[ 1108.926631][  T792] ath6kl: Unable to send get target info: -110
[ 1108.942995][  T792] ath6kl: Failed to init ath6kl core: -110
[ 1108.949910][  T792] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1109.212253][   T24] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0008/input/input27
[ 1110.199230][   T29] audit: type=1400 audit(2000001961.270:2380): avc:  denied  { create } for  pid=18263 comm="syz.5.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[ 1110.298548][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1110.305211][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1110.611995][T18262] usb 2-1: USB disconnect, device number 31
[ 1110.647560][   T24] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[ 1111.156998][T18275] FAULT_INJECTION: forcing a failure.
[ 1111.156998][T18275] name failslab, interval 1, probability 0, space 0, times 0
[ 1111.233290][T18275] CPU: 1 UID: 0 PID: 18275 Comm: syz.3.3100 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1111.233320][T18275] Tainted: [L]=SOFTLOCKUP
[ 1111.233326][T18275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1111.233336][T18275] Call Trace:
[ 1111.233342][T18275]  <TASK>
[ 1111.233349][T18275]  dump_stack_lvl+0x100/0x190
[ 1111.233382][T18275]  should_fail_ex.cold+0x5/0xa
[ 1111.233405][T18275]  should_failslab+0xc2/0x120
[ 1111.233424][T18275]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1111.233446][T18275]  ? ip_set_create+0x342/0x14f0
[ 1111.233473][T18275]  ip_set_create+0x342/0x14f0
[ 1111.233499][T18275]  ? __mutex_lock+0x26a/0x1b90
[ 1111.233524][T18275]  ? __pfx_ip_set_create+0x10/0x10
[ 1111.233562][T18275]  ? find_held_lock+0x2b/0x80
[ 1111.233592][T18275]  nfnetlink_rcv_msg+0x9f4/0x1200
[ 1111.233621][T18275]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1111.233643][T18275]  ? __lock_acquire+0x4a5/0x2630
[ 1111.233683][T18275]  ? avc_has_perm_noaudit+0x145/0x3b0
[ 1111.233709][T18275]  netlink_rcv_skb+0x159/0x420
[ 1111.233733][T18275]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1111.233754][T18275]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1111.233796][T18275]  ? ns_capable+0xd2/0xf0
[ 1111.233823][T18275]  nfnetlink_rcv+0x1b3/0x440
[ 1111.233842][T18275]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1111.233860][T18275]  ? netlink_deliver_tap+0x1ae/0xcc0
[ 1111.233889][T18275]  netlink_unicast+0x5aa/0x870
[ 1111.233917][T18275]  ? __pfx_netlink_unicast+0x10/0x10
[ 1111.233952][T18275]  netlink_sendmsg+0x8b0/0xda0
[ 1111.233983][T18275]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1111.234006][T18275]  ? __might_fault+0x60/0x140
[ 1111.234040][T18275]  ____sys_sendmsg+0x9e1/0xb70
[ 1111.234066][T18275]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1111.234093][T18275]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1111.234133][T18275]  ___sys_sendmsg+0x190/0x1e0
[ 1111.234153][T18275]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1111.234202][T18275]  __sys_sendmsg+0x170/0x220
[ 1111.234225][T18275]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1111.234264][T18275]  do_syscall_64+0x106/0xf80
[ 1111.234287][T18275]  ? clear_bhb_loop+0x40/0x90
[ 1111.234308][T18275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.234326][T18275] RIP: 0033:0x7f0b6479c799
[ 1111.234342][T18275] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1111.234357][T18275] RSP: 002b:00007f0b655d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1111.234375][T18275] RAX: ffffffffffffffda RBX: 00007f0b64a15fa0 RCX: 00007f0b6479c799
[ 1111.234386][T18275] RDX: 0000000020004000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 1111.234396][T18275] RBP: 00007f0b655d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1111.234406][T18275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1111.234416][T18275] R13: 00007f0b64a16038 R14: 00007f0b64a15fa0 R15: 00007ffc03a9dbb8
[ 1111.234440][T18275]  </TASK>
[ 1111.652187][  T792] usb 5-1: reset high-speed USB device number 30 using dummy_hcd
[ 1111.823291][   T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1112.136865][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1112.149498][   T24] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1113.055847][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1113.087663][   T24] usb 1-1: config 0 descriptor??
[ 1113.113853][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[ 1113.320743][T18297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3105'.
[ 1113.354779][T18297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3105'.
[ 1114.001158][   T24] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1114.018002][   T24] pwc: recv_control_msg error -32 req 02 val 2700
[ 1114.101637][   T24] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1114.138082][   T24] pwc: recv_control_msg error -32 req 04 val 1000
[ 1114.158117][   T24] pwc: recv_control_msg error -32 req 04 val 1300
[ 1114.181869][   T24] pwc: recv_control_msg error -32 req 04 val 1400
[ 1114.304876][   T29] audit: type=1400 audit(2000001966.170:2381): avc:  denied  { read } for  pid=18300 comm="syz.3.3106" laddr=::ffff:172.20.20.170 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1114.414478][T18274] netlink: 'syz.0.3099': attribute type 15 has an invalid length.
[ 1114.449323][T18274] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3099'.
[ 1114.975140][T18308] 9p: Bad value for 'rfdno'
[ 1115.250364][ T5874] usb 5-1: USB disconnect, device number 30
[ 1115.916721][   T24] pwc: recv_control_msg error -71 req 02 val 2100
[ 1116.033230][   T24] pwc: recv_control_msg error -71 req 04 val 1500
[ 1116.066686][   T24] pwc: recv_control_msg error -71 req 02 val 2500
[ 1116.096022][   T24] pwc: recv_control_msg error -71 req 02 val 2400
[ 1116.128305][   T24] pwc: recv_control_msg error -71 req 02 val 2600
[ 1116.295922][   T24] pwc: recv_control_msg error -71 req 02 val 2900
[ 1116.307691][   T24] pwc: recv_control_msg error -71 req 02 val 2800
[ 1116.315676][   T24] pwc: recv_control_msg error -71 req 04 val 1100
[ 1116.322572][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[ 1116.345336][   T24] pwc: Registered as video103.
[ 1116.382008][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input28
[ 1116.512304][   T24] usb 1-1: USB disconnect, device number 22
[ 1118.483487][T18338] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[ 1119.257945][T18357] xt_hashlimit: size too large, truncated to 1048576
[ 1120.021854][T18361] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1120.320025][T18368] FAULT_INJECTION: forcing a failure.
[ 1120.320025][T18368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1120.356594][T18368] CPU: 1 UID: 0 PID: 18368 Comm: syz.4.3123 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1120.356627][T18368] Tainted: [L]=SOFTLOCKUP
[ 1120.356634][T18368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1120.356645][T18368] Call Trace:
[ 1120.356652][T18368]  <TASK>
[ 1120.356660][T18368]  dump_stack_lvl+0x100/0x190
[ 1120.356693][T18368]  should_fail_ex.cold+0x5/0xa
[ 1120.356716][T18368]  _copy_from_user+0x2e/0xd0
[ 1120.356735][T18368]  copy_msghdr_from_user+0x9f/0x4f0
[ 1120.356754][T18368]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1120.356781][T18368]  ___sys_sendmsg+0x106/0x1e0
[ 1120.356798][T18368]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1120.356842][T18368]  __sys_sendmsg+0x170/0x220
[ 1120.356865][T18368]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1120.356901][T18368]  do_syscall_64+0x106/0xf80
[ 1120.356921][T18368]  ? clear_bhb_loop+0x40/0x90
[ 1120.356942][T18368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1120.356959][T18368] RIP: 0033:0x7f0ee879c799
[ 1120.356975][T18368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1120.356990][T18368] RSP: 002b:00007f0ee961e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1120.357008][T18368] RAX: ffffffffffffffda RBX: 00007f0ee8a15fa0 RCX: 00007f0ee879c799
[ 1120.357021][T18368] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[ 1120.357031][T18368] RBP: 00007f0ee961e090 R08: 0000000000000000 R09: 0000000000000000
[ 1120.357041][T18368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1120.357051][T18368] R13: 00007f0ee8a16038 R14: 00007f0ee8a15fa0 R15: 00007fff1ed76538
[ 1120.357072][T18368]  </TASK>
[ 1121.064356][T18380] 9p: Bad value for 'wfdno'
[ 1121.352493][ T5867] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1121.390864][ T1163] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1121.573263][ T5867] usb 5-1: Using ep0 maxpacket: 32
[ 1121.592765][ T5867] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 7
[ 1121.629087][ T5867] usb 5-1: New USB device found, idVendor=0582, idProduct=015b, bcdDevice= 0.40
[ 1121.638878][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1121.677656][ T5867] usb 5-1: Product: ж
[ 1121.687801][ T5867] usb 5-1: Manufacturer: 謵ൟɠﴂꐍ靔뿧š䬑겷棨틋鞴讔禪韹㶓虉潬ᣟ퐩⼂㿵㱝浆棧毭ⶸᔡ乤ẋ柲⊎쬩녧믈蘾Ԉ㢇꺝趷瞁ᡣ즸海쬈ᦀ㊂毤蟇∶릫椥ꫤ앓ﻭ뷮尶軘易᭓㴜槙Ꚗ泊怕냔ǿ䚺䈄蹴ᙟ猝ⴚ鬿
[ 1121.792006][ T5867] usb 5-1: SerialNumber: syz
[ 1122.633017][T18381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1122.662014][T18381] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1122.741561][T16226] Bluetooth: hci5: connection err: -111
[ 1122.759564][ T5867] usb 5-1: Audio class v2/v3 interfaces need an interface association
[ 1122.822528][ T5867] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1122.832167][   T24] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1122.859669][ T5867] usb 5-1: USB disconnect, device number 31
[ 1122.883590][ T6379] udevd[6379]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1122.997822][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1123.174450][   T24] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1123.215036][   T24] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1123.237734][   T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1123.253690][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1123.270538][   T24] usb 6-1: Product: syz
[ 1123.279575][   T24] usb 6-1: Manufacturer: syz
[ 1123.303558][   T24] usb 6-1: SerialNumber: syz
[ 1124.373031][T18394] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3128'.
[ 1124.401572][T18394] openvswitch: netlink: Flow key attr not present in new flow.
[ 1124.401812][   T24] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 24 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1124.511387][T16226] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci6/hci6:201'
[ 1124.521580][T16226] CPU: 1 UID: 0 PID: 16226 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1124.521614][T16226] Tainted: [L]=SOFTLOCKUP
[ 1124.521622][T16226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1124.521637][T16226] Workqueue: hci6 hci_rx_work
[ 1124.521663][T16226] Call Trace:
[ 1124.521672][T16226]  <TASK>
[ 1124.521680][T16226]  dump_stack_lvl+0x100/0x190
[ 1124.521715][T16226]  sysfs_warn_dup.cold+0x1c/0x28
[ 1124.521745][T16226]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1124.521775][T16226]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1124.521803][T16226]  ? find_held_lock+0x2b/0x80
[ 1124.521828][T16226]  ? kobject_add_internal+0x25f/0x930
[ 1124.521857][T16226]  ? kobject_add_internal+0x25f/0x930
[ 1124.521888][T16226]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1124.521913][T16226]  kobject_add_internal+0x2c8/0x930
[ 1124.521947][T16226]  kobject_add+0x16a/0x1e0
[ 1124.521976][T16226]  ? __pfx_kobject_add+0x10/0x10
[ 1124.522004][T16226]  ? preempt_schedule_thunk+0x16/0x30
[ 1124.522035][T16226]  ? kobject_put+0xb9/0x640
[ 1124.522061][T16226]  ? _raw_spin_unlock+0x3e/0x50
[ 1124.522091][T16226]  device_add+0x294/0x1950
[ 1124.522112][T16226]  ? __pfx_dev_set_name+0x10/0x10
[ 1124.522136][T16226]  ? __pfx_device_add+0x10/0x10
[ 1124.522156][T16226]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1124.522186][T16226]  hci_conn_add_sysfs+0x1a3/0x260
[ 1124.522212][T16226]  le_conn_complete_evt+0x11cb/0x1f40
[ 1124.522242][T16226]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1124.522271][T16226]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1124.522294][T16226]  ? skb_pull_data+0x15f/0x1e0
[ 1124.522315][T16226]  hci_le_meta_evt+0x34a/0x5f0
[ 1124.522338][T16226]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1124.522364][T16226]  hci_event_packet+0x682/0x11c0
[ 1124.522392][T16226]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1124.522417][T16226]  ? __pfx_hci_event_packet+0x10/0x10
[ 1124.522444][T16226]  ? hci_event_packet+0x1b/0x11c0
[ 1124.522471][T16226]  hci_rx_work+0x451/0xfc0
[ 1124.522497][T16226]  process_one_work+0xa23/0x19a0
[ 1124.522531][T16226]  ? __pfx_process_one_work+0x10/0x10
[ 1124.522561][T16226]  ? __pfx_hci_rx_work+0x10/0x10
[ 1124.522587][T16226]  worker_thread+0x5ef/0xe50
[ 1124.522615][T16226]  ? __pfx_worker_thread+0x10/0x10
[ 1124.522636][T16226]  ? kthread+0x13a/0x450
[ 1124.522653][T16226]  ? __pfx_worker_thread+0x10/0x10
[ 1124.522671][T16226]  kthread+0x370/0x450
[ 1124.522688][T16226]  ? __pfx_kthread+0x10/0x10
[ 1124.522709][T16226]  ret_from_fork+0x754/0xd80
[ 1124.522731][T16226]  ? __pfx_ret_from_fork+0x10/0x10
[ 1124.522751][T16226]  ? rcu_is_watching+0x12/0xc0
[ 1124.522774][T16226]  ? __switch_to+0x7b4/0x1120
[ 1124.522797][T16226]  ? __pfx_kthread+0x10/0x10
[ 1124.522817][T16226]  ret_from_fork_asm+0x1a/0x30
[ 1124.522853][T16226]  </TASK>
[ 1124.522964][T16226] kobject: kobject_add_internal failed for hci6:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1124.810828][T18421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3134'.
[ 1124.846964][ T5822] Bluetooth: hci5: command 0x0406 tx timeout
[ 1124.867800][T16226] Bluetooth: hci6: failed to register connection device
[ 1125.117092][   T24] kernel read not supported for file /cpu/0/msr (pid: 24 comm: kworker/1:0)
[ 1125.288001][T18421] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1126.446566][T17671] usb 6-1: USB disconnect, device number 24
[ 1126.479080][ T6382] udevd[6382]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1126.486740][T17671] usblp0: removed
[ 1126.526389][ T6379] udevd[6379]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1126.627738][T18439] lo speed is unknown, defaulting to 1000
[ 1126.665015][T18439] vxcan1 speed is unknown, defaulting to 1000
[ 1126.781830][   T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1126.913707][   T29] audit: type=1400 audit(2000001978.780:2382): avc:  denied  { mount } for  pid=18456 comm="syz.5.3142" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1126.966774][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1126.978860][   T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1126.997005][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1127.035023][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1127.044682][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1127.093947][   T24] usb 1-1: Product: syz
[ 1127.107379][   T24] usb 1-1: Manufacturer: syz
[ 1127.117501][   T24] usb 1-1: SerialNumber: syz
[ 1127.149040][   T29] audit: type=1400 audit(2000001979.010:2383): avc:  denied  { create } for  pid=18459 comm="syz.5.3143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[ 1127.225660][T18466] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[ 1127.294723][ T5822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci6/hci6:201'
[ 1127.305316][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: kworker/u9:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1127.305348][ T5822] Tainted: [L]=SOFTLOCKUP
[ 1127.305356][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1127.305370][ T5822] Workqueue: hci6 hci_rx_work
[ 1127.305395][ T5822] Call Trace:
[ 1127.305402][ T5822]  <TASK>
[ 1127.305411][ T5822]  dump_stack_lvl+0x100/0x190
[ 1127.305446][ T5822]  sysfs_warn_dup.cold+0x1c/0x28
[ 1127.305474][ T5822]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1127.305505][ T5822]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1127.305532][ T5822]  ? find_held_lock+0x2b/0x80
[ 1127.305562][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1127.305591][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1127.305623][ T5822]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1127.305648][ T5822]  kobject_add_internal+0x2c8/0x930
[ 1127.305682][ T5822]  kobject_add+0x16a/0x1e0
[ 1127.305711][ T5822]  ? __pfx_kobject_add+0x10/0x10
[ 1127.305740][ T5822]  ? preempt_schedule_thunk+0x16/0x30
[ 1127.305770][ T5822]  ? kobject_put+0xb9/0x640
[ 1127.305795][ T5822]  ? _raw_spin_unlock+0x3e/0x50
[ 1127.305824][ T5822]  device_add+0x294/0x1950
[ 1127.305845][ T5822]  ? __pfx_dev_set_name+0x10/0x10
[ 1127.305868][ T5822]  ? __pfx_device_add+0x10/0x10
[ 1127.305889][ T5822]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1127.305918][ T5822]  hci_conn_add_sysfs+0x1a3/0x260
[ 1127.305944][ T5822]  le_conn_complete_evt+0x11cb/0x1f40
[ 1127.305973][ T5822]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1127.306003][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1127.306026][ T5822]  ? skb_pull_data+0x15f/0x1e0
[ 1127.306047][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1127.306071][ T5822]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1127.306097][ T5822]  hci_event_packet+0x682/0x11c0
[ 1127.306118][ T5822]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1127.306143][ T5822]  ? __pfx_hci_event_packet+0x10/0x10
[ 1127.306171][ T5822]  ? hci_rx_work+0x64/0xfc0
[ 1127.306194][ T5822]  hci_rx_work+0x451/0xfc0
[ 1127.306221][ T5822]  process_one_work+0xa23/0x19a0
[ 1127.306254][ T5822]  ? __pfx_process_one_work+0x10/0x10
[ 1127.306283][ T5822]  ? __pfx_hci_rx_work+0x10/0x10
[ 1127.306304][ T5822]  worker_thread+0x5ef/0xe50
[ 1127.306331][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1127.306353][ T5822]  ? kthread+0x13a/0x450
[ 1127.306370][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1127.306388][ T5822]  kthread+0x370/0x450
[ 1127.306405][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1127.306425][ T5822]  ret_from_fork+0x754/0xd80
[ 1127.306446][ T5822]  ? __pfx_ret_from_fork+0x10/0x10
[ 1127.306466][ T5822]  ? rcu_is_watching+0x12/0xc0
[ 1127.306489][ T5822]  ? __switch_to+0x7b4/0x1120
[ 1127.306510][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1127.306530][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1127.306571][ T5822]  </TASK>
[ 1127.306687][ T5822] kobject: kobject_add_internal failed for hci6:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1127.595264][ T5822] Bluetooth: hci6: failed to register connection device
[ 1128.845470][T18443] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3139'.
[ 1128.860146][   T24] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1128.894792][T18443] openvswitch: netlink: Flow key attr not present in new flow.
[ 1129.018474][   T29] audit: type=1400 audit(2000001980.870:2384): avc:  denied  { name_connect } for  pid=18438 comm="syz.1.3138" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 1129.046059][   T24] usb 1-1: USB disconnect, device number 23
[ 1129.074435][   T24] usblp0: removed
[ 1129.749061][T18483] 9p: Bad value for 'rfdno'
[ 1131.391504][ T5874] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1131.571556][ T5874] usb 2-1: Using ep0 maxpacket: 16
[ 1131.588381][ T5874] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1131.620294][ T5874] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1131.658147][ T5874] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1131.670891][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.840367][T18509] input: syz0 as /devices/virtual/input/input29
[ 1132.021531][   T29] audit: type=1400 audit(2000001983.880:2385): avc:  denied  { mount } for  pid=18514 comm="syz.0.3154" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1132.023251][T18515] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1132.315360][T18515] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[ 1132.415143][T18515] overlayfs: failed to look up (tracing) for ino (-66)
[ 1132.424093][T18523] comedi comedi2: dt2814: I/O port conflict (0x6,2)
[ 1132.443842][T18523] FAULT_INJECTION: forcing a failure.
[ 1132.443842][T18523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1132.502430][T18523] CPU: 0 UID: 0 PID: 18523 Comm: syz.4.3155 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1132.502461][T18523] Tainted: [L]=SOFTLOCKUP
[ 1132.502467][T18523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1132.502477][T18523] Call Trace:
[ 1132.502483][T18523]  <TASK>
[ 1132.502490][T18523]  dump_stack_lvl+0x100/0x190
[ 1132.502524][T18523]  should_fail_ex.cold+0x5/0xa
[ 1132.502548][T18523]  _copy_to_user+0x32/0xd0
[ 1132.502568][T18523]  simple_read_from_buffer+0xcb/0x170
[ 1132.502597][T18523]  proc_fail_nth_read+0x1af/0x230
[ 1132.502623][T18523]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1132.502648][T18523]  ? rw_verify_area+0xce/0x6d0
[ 1132.502672][T18523]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1132.502696][T18523]  vfs_read+0x1e4/0xb30
[ 1132.502725][T18523]  ? __pfx_vfs_read+0x10/0x10
[ 1132.502750][T18523]  ? __fget_files+0x215/0x3d0
[ 1132.502774][T18523]  ? __fget_files+0x21f/0x3d0
[ 1132.502799][T18523]  ksys_read+0x12a/0x250
[ 1132.502824][T18523]  ? __pfx_ksys_read+0x10/0x10
[ 1132.502858][T18523]  do_syscall_64+0x106/0xf80
[ 1132.502881][T18523]  ? clear_bhb_loop+0x40/0x90
[ 1132.502902][T18523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1132.502920][T18523] RIP: 0033:0x7f0ee875cfce
[ 1132.502935][T18523] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1132.502951][T18523] RSP: 002b:00007f0ee961dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1132.502968][T18523] RAX: ffffffffffffffda RBX: 00007f0ee961e6c0 RCX: 00007f0ee875cfce
[ 1132.502979][T18523] RDX: 000000000000000f RSI: 00007f0ee961e0a0 RDI: 0000000000000004
[ 1132.502990][T18523] RBP: 00007f0ee961e090 R08: 0000000000000000 R09: 0000000000000000
[ 1132.503000][T18523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1132.503010][T18523] R13: 00007f0ee8a16038 R14: 00007f0ee8a15fa0 R15: 00007fff1ed76538
[ 1132.503035][T18523]  </TASK>
[ 1132.702897][ T5822] Bluetooth: hci6: command 0x0406 tx timeout
[ 1132.813428][   T29] audit: type=1400 audit(2000001984.670:2386): avc:  denied  { unmount } for  pid=17420 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1133.342202][  T946] kernel read not supported for file /cpu/0/msr (pid: 946 comm: kworker/0:2)
[ 1133.563115][ T5874] usbhid 2-1:128.0: can't add hid device: -71
[ 1133.591941][ T5874] usbhid 2-1:128.0: probe with driver usbhid failed with error -71
[ 1134.443357][ T5874] usb 2-1: USB disconnect, device number 32
[ 1135.002349][ T5822] Bluetooth: hci6: command 0x0406 tx timeout
[ 1135.290236][ T5867] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1135.664756][ T5867] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1135.677875][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1135.693119][ T5867] usb 4-1: Product: syz
[ 1135.701071][ T5867] usb 4-1: Manufacturer: syz
[ 1135.711272][ T5867] usb 4-1: SerialNumber: syz
[ 1135.940819][ T5867] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1135.990156][ T5867] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1136.249151][ T5867] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPIPE
[ 1136.267561][ T5867] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1136.319142][ T5867] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1136.376336][ T5867] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[ 1136.626417][ T5867] usb 4-1: USB disconnect, device number 27
[ 1137.002316][ T5867] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[ 1137.144990][T18575] netlink: 3752 bytes leftover after parsing attributes in process `syz.3.3171'.
[ 1137.172958][ T5867] usb 1-1: Using ep0 maxpacket: 32
[ 1137.220679][T18576] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[ 1137.229336][T18576] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[ 1137.237920][T18576] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[ 1137.274543][T18578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3171'.
[ 1137.288139][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1137.323171][T18578] xfrm1: entered promiscuous mode
[ 1137.328306][T18578] xfrm1: entered allmulticast mode
[ 1137.401750][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1137.448463][ T5867] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1137.535296][   T29] audit: type=1400 audit(2000001989.340:2387): avc:  denied  { ioctl } for  pid=18580 comm="syz.5.3172" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 ioctlcmd=0x937d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1137.599850][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1137.734409][ T5867] usb 1-1: config 0 descriptor??
[ 1138.173412][ T5867] hub 1-1:0.0: USB hub found
[ 1138.491128][T18567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1138.699931][T18567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1138.759211][ T5867] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1138.951138][ T5867] usbhid 1-1:0.0: can't add hid device: -71
[ 1138.985092][ T5867] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1139.195322][   T29] audit: type=1400 audit(2000001991.040:2388): avc:  denied  { getopt } for  pid=18574 comm="syz.3.3171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1139.217343][ T5867] usb 1-1: USB disconnect, device number 24
[ 1139.225807][T18591] geneve2: entered promiscuous mode
[ 1141.216503][T18610] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3178'.
[ 1141.229717][T18610] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3178'.
[ 1142.595647][ T5821] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1142.618184][T18630] blktrace: Concurrent blktraces are not allowed on sg0
[ 1143.161791][T16226] Bluetooth: hci0: command 0x0406 tx timeout
[ 1143.521627][T18630] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1143.570589][ T5821] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1143.651462][ T5821] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1143.671814][ T5821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1143.775960][ T5821] usb 6-1: config 0 descriptor??
[ 1144.323684][ T5821] ath6kl: Failed to submit usb control message: -71
[ 1144.501603][ T5821] ath6kl: unable to send the bmi data to the device: -71
[ 1144.567277][ T5821] ath6kl: Unable to send get target info: -71
[ 1144.584651][ T5821] ath6kl: Failed to init ath6kl core: -71
[ 1144.595178][ T5821] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1144.612441][ T5821] usb 6-1: USB disconnect, device number 25
[ 1145.700032][   T29] audit: type=1400 audit(2000001997.560:2389): avc:  denied  { execute } for  pid=18654 comm="syz.1.3191" path="/dev/adsp1" dev="devtmpfs" ino=1300 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[ 1146.340991][T18663] xt_hashlimit: size too large, truncated to 1048576
[ 1146.939361][T18666] bridge2: entered promiscuous mode
[ 1146.945176][T18666] bridge2: entered allmulticast mode
[ 1146.956529][   T29] audit: type=1326 audit(2000001998.820:2390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18659 comm="syz.5.3192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764a39c799 code=0x0
[ 1147.712120][ T5821] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1148.771460][ T5821] usb 4-1: Using ep0 maxpacket: 8
[ 1148.781722][ T5821] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 129, changing to 7
[ 1149.050560][ T5821] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1149.059754][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.068028][ T5821] usb 4-1: Product: င
[ 1149.072529][ T5821] usb 4-1: Manufacturer: І
[ 1149.077067][ T5821] usb 4-1: SerialNumber: 콣䗄切⍰ƾ┋ꘗ鿦ᵫ㠜搜睻砖Λ岮잜䞝끰ꛋ컯ㇰﵷ鯺糁丅
[ 1149.595652][ T5821] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[ 1149.653585][T18694] FAULT_INJECTION: forcing a failure.
[ 1149.653585][T18694] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1149.667540][T18694] CPU: 1 UID: 0 PID: 18694 Comm: syz.4.3201 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1149.667560][T18694] Tainted: [L]=SOFTLOCKUP
[ 1149.667565][T18694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1149.667571][T18694] Call Trace:
[ 1149.667575][T18694]  <TASK>
[ 1149.667579][T18694]  dump_stack_lvl+0x100/0x190
[ 1149.667601][T18694]  should_fail_ex.cold+0x5/0xa
[ 1149.667616][T18694]  _copy_from_user+0x2e/0xd0
[ 1149.667629][T18694]  quota_setquota+0x4f4/0x5f0
[ 1149.667644][T18694]  ? __pfx_quota_setquota+0x10/0x10
[ 1149.667661][T18694]  ? avc_has_perm+0x135/0x1e0
[ 1149.667679][T18694]  ? selinux_quotactl+0x17d/0x300
[ 1149.667695][T18694]  do_quotactl+0xe6a/0x14b0
[ 1149.667710][T18694]  ? __pfx_do_quotactl+0x10/0x10
[ 1149.667727][T18694]  ? __pfx___might_resched+0x10/0x10
[ 1149.667743][T18694]  ? down_read+0x13b/0x460
[ 1149.667760][T18694]  ? __pfx_down_read+0x10/0x10
[ 1149.667777][T18694]  ? mnt_get_write_access+0x1e9/0x2f0
[ 1149.667797][T18694]  __x64_sys_quotactl_fd+0x4ce/0x580
[ 1149.667814][T18694]  do_syscall_64+0x106/0xf80
[ 1149.667829][T18694]  ? clear_bhb_loop+0x40/0x90
[ 1149.667842][T18694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.667854][T18694] RIP: 0033:0x7f0ee879c799
[ 1149.667864][T18694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1149.667875][T18694] RSP: 002b:00007f0ee961e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb
[ 1149.667886][T18694] RAX: ffffffffffffffda RBX: 00007f0ee8a15fa0 RCX: 00007f0ee879c799
[ 1149.667894][T18694] RDX: 0000000000000000 RSI: ffffffff80000800 RDI: 0000000000000003
[ 1149.667901][T18694] RBP: 00007f0ee961e090 R08: 0000000000000000 R09: 0000000000000000
[ 1149.667908][T18694] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[ 1149.667914][T18694] R13: 00007f0ee8a16038 R14: 00007f0ee8a15fa0 R15: 00007fff1ed76538
[ 1149.667929][T18694]  </TASK>
[ 1149.730761][T18696] loop2: detected capacity change from 0 to 7
[ 1149.882758][ T5821] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1149.901526][ T5821] usb 4-1: unit 5 not found!
[ 1149.949752][ T5821] usb 4-1: USB disconnect, device number 28
[ 1149.969338][T18696] Dev loop2: unable to read RDB block 7
[ 1150.001862][T18696]  loop2: unable to read partition table
[ 1150.024512][T18696] loop2: partition table beyond EOD, truncated
[ 1150.122099][T18696] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1150.229420][ T5179] Dev loop2: unable to read RDB block 7
[ 1150.241814][ T5179]  loop2: unable to read partition table
[ 1150.269890][ T5179] loop2: partition table beyond EOD, truncated
[ 1150.580793][T18711] 9p: Bad value for 'wfdno'
[ 1150.585609][T18710] FAULT_INJECTION: forcing a failure.
[ 1150.585609][T18710] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1150.585640][T18710] CPU: 0 UID: 0 PID: 18710 Comm: syz.3.3204 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1150.585663][T18710] Tainted: [L]=SOFTLOCKUP
[ 1150.585670][T18710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1150.585679][T18710] Call Trace:
[ 1150.585686][T18710]  <TASK>
[ 1150.585693][T18710]  dump_stack_lvl+0x100/0x190
[ 1150.585723][T18710]  should_fail_ex.cold+0x5/0xa
[ 1150.585744][T18710]  _copy_from_user+0x2e/0xd0
[ 1150.585760][T18710]  copy_msghdr_from_user+0x9f/0x4f0
[ 1150.585777][T18710]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1150.585802][T18710]  ___sys_sendmsg+0x106/0x1e0
[ 1150.585818][T18710]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1150.585859][T18710]  __sys_sendmsg+0x170/0x220
[ 1150.585878][T18710]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1150.585911][T18710]  do_syscall_64+0x106/0xf80
[ 1150.585934][T18710]  ? clear_bhb_loop+0x40/0x90
[ 1150.585953][T18710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.585969][T18710] RIP: 0033:0x7f0b6479c799
[ 1150.585982][T18710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1150.585998][T18710] RSP: 002b:00007f0b655d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1150.586013][T18710] RAX: ffffffffffffffda RBX: 00007f0b64a15fa0 RCX: 00007f0b6479c799
[ 1150.586024][T18710] RDX: 0000000004004844 RSI: 0000200000001840 RDI: 0000000000000003
[ 1150.586033][T18710] RBP: 00007f0b655d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1150.586042][T18710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1150.586051][T18710] R13: 00007f0b64a16038 R14: 00007f0b64a15fa0 R15: 00007ffc03a9dbb8
[ 1150.586072][T18710]  </TASK>
[ 1150.907247][ T5822] Bluetooth: hci6: Ignoring HCI_Connection_Complete for existing connection
[ 1151.989155][T18719] xt_hashlimit: size too large, truncated to 1048576
[ 1152.644819][T18718] FAULT_INJECTION: forcing a failure.
[ 1152.644819][T18718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1152.658684][T18718] CPU: 1 UID: 0 PID: 18718 Comm: syz.4.3206 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1152.658714][T18718] Tainted: [L]=SOFTLOCKUP
[ 1152.658720][T18718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1152.658729][T18718] Call Trace:
[ 1152.658735][T18718]  <TASK>
[ 1152.658742][T18718]  dump_stack_lvl+0x100/0x190
[ 1152.658775][T18718]  should_fail_ex.cold+0x5/0xa
[ 1152.658798][T18718]  _copy_from_user+0x2e/0xd0
[ 1152.658815][T18718]  do_handle_open+0xeb/0xce0
[ 1152.658836][T18718]  ? __fget_files+0x21f/0x3d0
[ 1152.658855][T18718]  ? __pfx_do_handle_open+0x10/0x10
[ 1152.658880][T18718]  ? ksys_write+0x1ac/0x250
[ 1152.658911][T18718]  ? do_syscall_64+0x106/0xf80
[ 1152.658933][T18718]  do_syscall_64+0x106/0xf80
[ 1152.658955][T18718]  ? clear_bhb_loop+0x40/0x90
[ 1152.658976][T18718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.658992][T18718] RIP: 0033:0x7f0ee879c799
[ 1152.659006][T18718] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1152.659022][T18718] RSP: 002b:00007f0ee961e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 1152.659038][T18718] RAX: ffffffffffffffda RBX: 00007f0ee8a15fa0 RCX: 00007f0ee879c799
[ 1152.659049][T18718] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1152.659059][T18718] RBP: 00007f0ee961e090 R08: 0000000000000000 R09: 0000000000000000
[ 1152.659069][T18718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.659079][T18718] R13: 00007f0ee8a16038 R14: 00007f0ee8a15fa0 R15: 00007fff1ed76538
[ 1152.659102][T18718]  </TASK>
[ 1152.827955][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1153.154935][T18725] FAULT_INJECTION: forcing a failure.
[ 1153.154935][T18725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1153.168674][T18725] CPU: 0 UID: 0 PID: 18725 Comm: syz.4.3209 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1153.168701][T18725] Tainted: [L]=SOFTLOCKUP
[ 1153.168707][T18725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1153.168717][T18725] Call Trace:
[ 1153.168723][T18725]  <TASK>
[ 1153.168729][T18725]  dump_stack_lvl+0x100/0x190
[ 1153.168761][T18725]  should_fail_ex.cold+0x5/0xa
[ 1153.168781][T18725]  _copy_from_user+0x2e/0xd0
[ 1153.168799][T18725]  __sys_bpf+0x243/0x4b90
[ 1153.168819][T18725]  ? __pfx___sys_bpf+0x10/0x10
[ 1153.168834][T18725]  ? proc_fail_nth_write+0x9f/0x220
[ 1153.168857][T18725]  ? find_held_lock+0x2b/0x80
[ 1153.168883][T18725]  ? find_held_lock+0x2b/0x80
[ 1153.168902][T18725]  ? ksys_write+0x190/0x250
[ 1153.168932][T18725]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1153.168955][T18725]  ? __fget_files+0x215/0x3d0
[ 1153.168984][T18725]  ? fput+0x79/0x100
[ 1153.169003][T18725]  ? ksys_write+0x1ac/0x250
[ 1153.169027][T18725]  ? __pfx_ksys_write+0x10/0x10
[ 1153.169056][T18725]  __x64_sys_bpf+0x7b/0xc0
[ 1153.169075][T18725]  ? lockdep_hardirqs_on+0x78/0x100
[ 1153.169098][T18725]  do_syscall_64+0x106/0xf80
[ 1153.169127][T18725]  ? clear_bhb_loop+0x40/0x90
[ 1153.169150][T18725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.169169][T18725] RIP: 0033:0x7f0ee879c799
[ 1153.169185][T18725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1153.169202][T18725] RSP: 002b:00007f0ee95fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1153.169220][T18725] RAX: ffffffffffffffda RBX: 00007f0ee8a16090 RCX: 00007f0ee879c799
[ 1153.169232][T18725] RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005
[ 1153.169243][T18725] RBP: 00007f0ee95fd090 R08: 0000000000000000 R09: 0000000000000000
[ 1153.169254][T18725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1153.169264][T18725] R13: 00007f0ee8a16128 R14: 00007f0ee8a16090 R15: 00007fff1ed76538
[ 1153.169292][T18725]  </TASK>
[ 1154.366760][T18262] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1154.935251][T18262] usb 5-1: Using ep0 maxpacket: 32
[ 1154.955042][T18262] usb 5-1: config 0 has an invalid interface number: 86 but max is 0
[ 1154.964187][T18262] usb 5-1: config 0 has no interface number 0
[ 1154.975699][T18262] usb 5-1: config 0 interface 86 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1155.008491][T18262] usb 5-1: config 0 interface 86 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1155.026213][T18262] usb 5-1: config 0 interface 86 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0
[ 1155.047014][T18262] usb 5-1: config 0 interface 86 has no altsetting 0
[ 1155.104963][T18262] usb 5-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=6a.32
[ 1155.118026][T18262] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.164359][T18262] usb 5-1: Product: syz
[ 1155.168525][T18262] usb 5-1: Manufacturer: syz
[ 1155.173181][T18262] usb 5-1: SerialNumber: syz
[ 1155.186868][T18262] usb 5-1: config 0 descriptor??
[ 1155.196533][T18733] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1156.317196][   T29] audit: type=1400 audit(2000002008.190:2391): avc:  denied  { getopt } for  pid=18743 comm="syz.0.3214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1156.696564][T18262] ljca 5-1:0.86: submit rx urb failed: -90
[ 1156.710939][T18262] ljca 5-1:0.86: probe with driver ljca failed with error -90
[ 1157.375918][T18751] xt_hashlimit: size too large, truncated to 1048576
[ 1157.742223][T18262] usb 5-1: USB disconnect, device number 32
[ 1157.877560][T18761] FAULT_INJECTION: forcing a failure.
[ 1157.877560][T18761] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1157.904497][T18762] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3219'.
[ 1157.936908][T18761] CPU: 0 UID: 0 PID: 18761 Comm: syz.1.3220 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1157.936937][T18761] Tainted: [L]=SOFTLOCKUP
[ 1157.936943][T18761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1157.936953][T18761] Call Trace:
[ 1157.936958][T18761]  <TASK>
[ 1157.936965][T18761]  dump_stack_lvl+0x100/0x190
[ 1157.936996][T18761]  should_fail_ex.cold+0x5/0xa
[ 1157.937011][T18761]  _copy_from_user+0x2e/0xd0
[ 1157.937023][T18761]  do_handle_open+0xeb/0xce0
[ 1157.937039][T18761]  ? __fget_files+0x21f/0x3d0
[ 1157.937052][T18761]  ? __pfx_do_handle_open+0x10/0x10
[ 1157.937069][T18761]  ? ksys_write+0x1ac/0x250
[ 1157.937091][T18761]  ? do_syscall_64+0x106/0xf80
[ 1157.937105][T18761]  do_syscall_64+0x106/0xf80
[ 1157.937119][T18761]  ? clear_bhb_loop+0x40/0x90
[ 1157.937133][T18761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1157.937145][T18761] RIP: 0033:0x7fc82a19c799
[ 1157.937155][T18761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1157.937166][T18761] RSP: 002b:00007fc82b0b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 1157.937178][T18761] RAX: ffffffffffffffda RBX: 00007fc82a415fa0 RCX: 00007fc82a19c799
[ 1157.937185][T18761] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1157.937192][T18761] RBP: 00007fc82b0b2090 R08: 0000000000000000 R09: 0000000000000000
[ 1157.937198][T18761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1157.937204][T18761] R13: 00007fc82a416038 R14: 00007fc82a415fa0 R15: 00007ffe3d4cce98
[ 1157.937219][T18761]  </TASK>
[ 1157.937752][T18762] netlink: 'syz.4.3219': attribute type 6 has an invalid length.
[ 1158.354407][T16226] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[ 1158.366354][T16226] CPU: 1 UID: 0 PID: 16226 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1158.366376][T16226] Tainted: [L]=SOFTLOCKUP
[ 1158.366381][T16226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1158.366390][T16226] Workqueue: hci4 hci_rx_work
[ 1158.366406][T16226] Call Trace:
[ 1158.366411][T16226]  <TASK>
[ 1158.366416][T16226]  dump_stack_lvl+0x100/0x190
[ 1158.366436][T16226]  sysfs_warn_dup.cold+0x1c/0x28
[ 1158.366453][T16226]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1158.366471][T16226]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1158.366487][T16226]  ? find_held_lock+0x2b/0x80
[ 1158.366501][T16226]  ? kobject_add_internal+0x25f/0x930
[ 1158.366519][T16226]  ? kobject_add_internal+0x25f/0x930
[ 1158.366537][T16226]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1158.366552][T16226]  kobject_add_internal+0x2c8/0x930
[ 1158.366572][T16226]  kobject_add+0x16a/0x1e0
[ 1158.366588][T16226]  ? __pfx_kobject_add+0x10/0x10
[ 1158.366604][T16226]  ? class_to_subsys+0x10f/0x150
[ 1158.366618][T16226]  ? kobject_put+0xb9/0x640
[ 1158.366633][T16226]  ? _raw_spin_unlock+0x28/0x50
[ 1158.366650][T16226]  device_add+0x294/0x1950
[ 1158.366661][T16226]  ? __pfx_dev_set_name+0x10/0x10
[ 1158.366675][T16226]  ? __pfx_device_add+0x10/0x10
[ 1158.366686][T16226]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1158.366702][T16226]  hci_conn_add_sysfs+0x1a3/0x260
[ 1158.366717][T16226]  le_conn_complete_evt+0x11cb/0x1f40
[ 1158.366734][T16226]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1158.366750][T16226]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1158.366763][T16226]  ? skb_pull_data+0x15f/0x1e0
[ 1158.366775][T16226]  hci_le_meta_evt+0x34a/0x5f0
[ 1158.366789][T16226]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1158.366804][T16226]  hci_event_packet+0x682/0x11c0
[ 1158.366816][T16226]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1158.366830][T16226]  ? __pfx_hci_event_packet+0x10/0x10
[ 1158.366844][T16226]  ? kcov_remote_start+0x374/0x660
[ 1158.366859][T16226]  ? lockdep_hardirqs_on+0x78/0x100
[ 1158.366877][T16226]  hci_rx_work+0x451/0xfc0
[ 1158.366891][T16226]  process_one_work+0xa23/0x19a0
[ 1158.366909][T16226]  ? __pfx_process_one_work+0x10/0x10
[ 1158.366925][T16226]  ? __pfx_hci_rx_work+0x10/0x10
[ 1158.366939][T16226]  worker_thread+0x5ef/0xe50
[ 1158.366954][T16226]  ? __pfx_worker_thread+0x10/0x10
[ 1158.366966][T16226]  ? kthread+0x13a/0x450
[ 1158.366976][T16226]  ? __pfx_worker_thread+0x10/0x10
[ 1158.366987][T16226]  kthread+0x370/0x450
[ 1158.366997][T16226]  ? __pfx_kthread+0x10/0x10
[ 1158.367008][T16226]  ret_from_fork+0x754/0xd80
[ 1158.367020][T16226]  ? __pfx_ret_from_fork+0x10/0x10
[ 1158.367031][T16226]  ? rcu_is_watching+0x12/0xc0
[ 1158.367044][T16226]  ? __switch_to+0x7b4/0x1120
[ 1158.367061][T16226]  ? __pfx_kthread+0x10/0x10
[ 1158.367072][T16226]  ret_from_fork_asm+0x1a/0x30
[ 1158.367092][T16226]  </TASK>
[ 1158.367106][T16226] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1159.532979][T16226] Bluetooth: hci4: failed to register connection device
[ 1160.396030][T18775] 9p: Bad value for 'wfdno'
[ 1160.665836][T18777] FAULT_INJECTION: forcing a failure.
[ 1160.665836][T18777] name failslab, interval 1, probability 0, space 0, times 0
[ 1160.678786][T18777] CPU: 0 UID: 0 PID: 18777 Comm: syz.3.3225 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1160.678805][T18777] Tainted: [L]=SOFTLOCKUP
[ 1160.678809][T18777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1160.678816][T18777] Call Trace:
[ 1160.678821][T18777]  <TASK>
[ 1160.678826][T18777]  dump_stack_lvl+0x100/0x190
[ 1160.678848][T18777]  should_fail_ex.cold+0x5/0xa
[ 1160.678862][T18777]  should_failslab+0xc2/0x120
[ 1160.678875][T18777]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1160.678891][T18777]  ? vm_area_dup+0x27/0x8e0
[ 1160.678908][T18777]  vm_area_dup+0x27/0x8e0
[ 1160.678923][T18777]  __split_vma+0x18c/0xd90
[ 1160.678940][T18777]  ? __pfx___split_vma+0x10/0x10
[ 1160.678954][T18777]  ? find_held_lock+0x2b/0x80
[ 1160.678972][T18777]  ? up_write+0x290/0x4f0
[ 1160.678986][T18777]  vms_gather_munmap_vmas+0x1c6/0x1500
[ 1160.679005][T18777]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[ 1160.679022][T18777]  ? __lock_acquire+0x4a5/0x2630
[ 1160.679036][T18777]  ? __lock_acquire+0x4a5/0x2630
[ 1160.679048][T18777]  do_vmi_align_munmap+0x287/0x5f0
[ 1160.679065][T18777]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[ 1160.679100][T18777]  do_vmi_munmap+0x1f8/0x3e0
[ 1160.679117][T18777]  do_munmap+0xba/0x100
[ 1160.679129][T18777]  ? __pfx_do_munmap+0x10/0x10
[ 1160.679149][T18777]  mremap_to+0x236/0x450
[ 1160.679165][T18777]  do_mremap+0xd8d/0x2130
[ 1160.679183][T18777]  ? get_pid_task+0x106/0x250
[ 1160.679202][T18777]  ? proc_fail_nth_write+0x9f/0x220
[ 1160.679218][T18777]  ? __pfx_do_mremap+0x10/0x10
[ 1160.679236][T18777]  ? find_held_lock+0x2b/0x80
[ 1160.679249][T18777]  ? ksys_write+0x190/0x250
[ 1160.679267][T18777]  ? ksys_write+0x190/0x250
[ 1160.679294][T18777]  __do_sys_mremap+0x126/0x170
[ 1160.679310][T18777]  ? __pfx___do_sys_mremap+0x10/0x10
[ 1160.679326][T18777]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1160.679357][T18777]  do_syscall_64+0x106/0xf80
[ 1160.679371][T18777]  ? clear_bhb_loop+0x40/0x90
[ 1160.679385][T18777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1160.679397][T18777] RIP: 0033:0x7f0b6479c799
[ 1160.679407][T18777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1160.679418][T18777] RSP: 002b:00007f0b655d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[ 1160.679430][T18777] RAX: ffffffffffffffda RBX: 00007f0b64a15fa0 RCX: 00007f0b6479c799
[ 1160.679437][T18777] RDX: 0000000000200000 RSI: 0000000000600a00 RDI: 0000200000000000
[ 1160.679444][T18777] RBP: 00007f0b655d6090 R08: 0000200000a00000 R09: 0000000000000000
[ 1160.679450][T18777] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[ 1160.679457][T18777] R13: 00007f0b64a16038 R14: 00007f0b64a15fa0 R15: 00007ffc03a9dbb8
[ 1160.679471][T18777]  </TASK>
[ 1161.349229][ T5822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1161.358911][ T5822] CPU: 0 UID: 0 PID: 5822 Comm: kworker/u9:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1161.358932][ T5822] Tainted: [L]=SOFTLOCKUP
[ 1161.358938][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1161.358946][ T5822] Workqueue: hci5 hci_rx_work
[ 1161.358964][ T5822] Call Trace:
[ 1161.358969][ T5822]  <TASK>
[ 1161.358974][ T5822]  dump_stack_lvl+0x100/0x190
[ 1161.358995][ T5822]  sysfs_warn_dup.cold+0x1c/0x28
[ 1161.359012][ T5822]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1161.359031][ T5822]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1161.359048][ T5822]  ? find_held_lock+0x2b/0x80
[ 1161.359062][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1161.359079][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1161.359097][ T5822]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1161.359111][ T5822]  kobject_add_internal+0x2c8/0x930
[ 1161.359130][ T5822]  kobject_add+0x16a/0x1e0
[ 1161.359147][ T5822]  ? __pfx_kobject_add+0x10/0x10
[ 1161.359163][ T5822]  ? class_to_subsys+0x10f/0x150
[ 1161.359178][ T5822]  ? kobject_put+0xb9/0x640
[ 1161.359193][ T5822]  ? _raw_spin_unlock+0x28/0x50
[ 1161.359209][ T5822]  device_add+0x294/0x1950
[ 1161.359221][ T5822]  ? __pfx_dev_set_name+0x10/0x10
[ 1161.359235][ T5822]  ? __pfx_device_add+0x10/0x10
[ 1161.359246][ T5822]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1161.359263][ T5822]  hci_conn_add_sysfs+0x1a3/0x260
[ 1161.359283][ T5822]  le_conn_complete_evt+0x11cb/0x1f40
[ 1161.359300][ T5822]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1161.359324][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1161.359338][ T5822]  ? skb_pull_data+0x15f/0x1e0
[ 1161.359350][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1161.359365][ T5822]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1161.359381][ T5822]  hci_event_packet+0x682/0x11c0
[ 1161.359394][ T5822]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1161.359410][ T5822]  ? __pfx_hci_event_packet+0x10/0x10
[ 1161.359426][ T5822]  ? kcov_remote_start+0x374/0x660
[ 1161.359441][ T5822]  ? lockdep_hardirqs_on+0x78/0x100
[ 1161.359461][ T5822]  hci_rx_work+0x451/0xfc0
[ 1161.359477][ T5822]  process_one_work+0xa23/0x19a0
[ 1161.359496][ T5822]  ? __pfx_process_one_work+0x10/0x10
[ 1161.359512][ T5822]  ? __pfx_hci_rx_work+0x10/0x10
[ 1161.359525][ T5822]  worker_thread+0x5ef/0xe50
[ 1161.359541][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1161.359554][ T5822]  ? kthread+0x13a/0x450
[ 1161.359564][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1161.359574][ T5822]  kthread+0x370/0x450
[ 1161.359584][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1161.359596][ T5822]  ret_from_fork+0x754/0xd80
[ 1161.359608][ T5822]  ? __pfx_ret_from_fork+0x10/0x10
[ 1161.359620][ T5822]  ? rcu_is_watching+0x12/0xc0
[ 1161.359634][ T5822]  ? __switch_to+0x7b4/0x1120
[ 1161.359647][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1161.359659][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1161.359679][ T5822]  </TASK>
[ 1161.359706][ T5822] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1161.649972][ T5822] Bluetooth: hci5: failed to register connection device
[ 1162.443644][T18791] 9p: Bad value for 'rfdno'
[ 1162.896077][T18798] FAULT_INJECTION: forcing a failure.
[ 1162.896077][T18798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1162.910530][T18796] 9p: Bad value for 'wfdno'
[ 1163.071498][T18798] CPU: 1 UID: 0 PID: 18798 Comm: syz.0.3232 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1163.071528][T18798] Tainted: [L]=SOFTLOCKUP
[ 1163.071534][T18798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1163.071545][T18798] Call Trace:
[ 1163.071551][T18798]  <TASK>
[ 1163.071559][T18798]  dump_stack_lvl+0x100/0x190
[ 1163.071592][T18798]  should_fail_ex.cold+0x5/0xa
[ 1163.071614][T18798]  _copy_from_user+0x2e/0xd0
[ 1163.071627][T18798]  __sys_bpf+0x243/0x4b90
[ 1163.071642][T18798]  ? __pfx___sys_bpf+0x10/0x10
[ 1163.071653][T18798]  ? proc_fail_nth_write+0x9f/0x220
[ 1163.071672][T18798]  ? find_held_lock+0x2b/0x80
[ 1163.071690][T18798]  ? find_held_lock+0x2b/0x80
[ 1163.071704][T18798]  ? ksys_write+0x190/0x250
[ 1163.071726][T18798]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1163.071743][T18798]  ? __fget_files+0x215/0x3d0
[ 1163.071762][T18798]  ? fput+0x79/0x100
[ 1163.071774][T18798]  ? ksys_write+0x1ac/0x250
[ 1163.071791][T18798]  ? __pfx_ksys_write+0x10/0x10
[ 1163.071811][T18798]  __x64_sys_bpf+0x7b/0xc0
[ 1163.071823][T18798]  ? lockdep_hardirqs_on+0x78/0x100
[ 1163.071838][T18798]  do_syscall_64+0x106/0xf80
[ 1163.071853][T18798]  ? clear_bhb_loop+0x40/0x90
[ 1163.071867][T18798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1163.071878][T18798] RIP: 0033:0x7f393cb9c799
[ 1163.071889][T18798] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1163.071899][T18798] RSP: 002b:00007f393da6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1163.071911][T18798] RAX: ffffffffffffffda RBX: 00007f393ce15fa0 RCX: 00007f393cb9c799
[ 1163.071918][T18798] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[ 1163.071925][T18798] RBP: 00007f393da6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1163.071931][T18798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1163.071937][T18798] R13: 00007f393ce16038 R14: 00007f393ce15fa0 R15: 00007ffdfe95d768
[ 1163.071952][T18798]  </TASK>
[ 1165.827314][T18825] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3238'.
[ 1165.839988][T18825] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3238'.
[ 1166.441545][ T5822] Bluetooth: hci4: command 0x0406 tx timeout
[ 1167.047942][   T29] audit: type=1800 audit(2000002018.550:2392): pid=18838 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3242" name="file0" dev="overlay" ino=352 res=0 errno=0
[ 1167.657552][ T5822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 1167.667314][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: kworker/u9:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1167.667347][ T5822] Tainted: [L]=SOFTLOCKUP
[ 1167.667354][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1167.667366][ T5822] Workqueue: hci0 hci_rx_work
[ 1167.667388][ T5822] Call Trace:
[ 1167.667393][ T5822]  <TASK>
[ 1167.667399][ T5822]  dump_stack_lvl+0x100/0x190
[ 1167.667428][ T5822]  sysfs_warn_dup.cold+0x1c/0x28
[ 1167.667449][ T5822]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1167.667472][ T5822]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1167.667495][ T5822]  ? find_held_lock+0x2b/0x80
[ 1167.667516][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1167.667538][ T5822]  ? kobject_add_internal+0x25f/0x930
[ 1167.667562][ T5822]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1167.667580][ T5822]  kobject_add_internal+0x2c8/0x930
[ 1167.667604][ T5822]  kobject_add+0x16a/0x1e0
[ 1167.667625][ T5822]  ? __pfx_kobject_add+0x10/0x10
[ 1167.667646][ T5822]  ? class_to_subsys+0x10f/0x150
[ 1167.667665][ T5822]  ? kobject_put+0xb9/0x640
[ 1167.667684][ T5822]  ? _raw_spin_unlock+0x28/0x50
[ 1167.667706][ T5822]  device_add+0x294/0x1950
[ 1167.667720][ T5822]  ? __pfx_dev_set_name+0x10/0x10
[ 1167.667738][ T5822]  ? __pfx_device_add+0x10/0x10
[ 1167.667752][ T5822]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1167.667775][ T5822]  hci_conn_add_sysfs+0x1a3/0x260
[ 1167.667795][ T5822]  le_conn_complete_evt+0x11cb/0x1f40
[ 1167.667816][ T5822]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1167.667838][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1167.667856][ T5822]  ? skb_pull_data+0x15f/0x1e0
[ 1167.667872][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1167.667890][ T5822]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1167.667909][ T5822]  hci_event_packet+0x682/0x11c0
[ 1167.667925][ T5822]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1167.667943][ T5822]  ? __pfx_hci_event_packet+0x10/0x10
[ 1167.667962][ T5822]  ? kcov_remote_start+0x374/0x660
[ 1167.667981][ T5822]  ? lockdep_hardirqs_on+0x78/0x100
[ 1167.668011][ T5822]  hci_rx_work+0x451/0xfc0
[ 1167.668031][ T5822]  process_one_work+0xa23/0x19a0
[ 1167.668058][ T5822]  ? __pfx_process_one_work+0x10/0x10
[ 1167.668081][ T5822]  ? __pfx_hci_rx_work+0x10/0x10
[ 1167.668101][ T5822]  worker_thread+0x5ef/0xe50
[ 1167.668124][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1167.668141][ T5822]  ? kthread+0x13a/0x450
[ 1167.668155][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1167.668170][ T5822]  kthread+0x370/0x450
[ 1167.668184][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1167.668200][ T5822]  ret_from_fork+0x754/0xd80
[ 1167.668216][ T5822]  ? __pfx_ret_from_fork+0x10/0x10
[ 1167.668231][ T5822]  ? rcu_is_watching+0x12/0xc0
[ 1167.668248][ T5822]  ? __switch_to+0x7b4/0x1120
[ 1167.668265][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1167.668282][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1167.668310][ T5822]  </TASK>
[ 1167.668343][ T5822] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1168.851640][ T5822] Bluetooth: hci0: failed to register connection device
[ 1168.880460][ T5822] ==================================================================
[ 1168.888535][ T5822] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xe57/0x1050
[ 1168.896512][ T5822] Read of size 8 at addr ffff88806ef62480 by task kworker/u9:5/5822
[ 1168.904464][ T5822] 
[ 1168.906772][ T5822] CPU: 0 UID: 0 PID: 5822 Comm: kworker/u9:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1168.906788][ T5822] Tainted: [L]=SOFTLOCKUP
[ 1168.906792][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1168.906801][ T5822] Workqueue: hci0 hci_rx_work
[ 1168.906817][ T5822] Call Trace:
[ 1168.906823][ T5822]  <TASK>
[ 1168.906828][ T5822]  dump_stack_lvl+0x100/0x190
[ 1168.906848][ T5822]  print_report+0x156/0x4c9
[ 1168.906865][ T5822]  ? __virt_addr_valid+0x81/0x620
[ 1168.906882][ T5822]  ? __phys_addr+0xe8/0x180
[ 1168.906898][ T5822]  ? l2cap_connect_cfm+0xe57/0x1050
[ 1168.906909][ T5822]  kasan_report+0xdf/0x1e0
[ 1168.906921][ T5822]  ? l2cap_connect_cfm+0xe57/0x1050
[ 1168.906934][ T5822]  l2cap_connect_cfm+0xe57/0x1050
[ 1168.906947][ T5822]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1168.906960][ T5822]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1168.906972][ T5822]  le_conn_complete_evt+0x195c/0x1f40
[ 1168.906986][ T5822]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1168.907000][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1168.907012][ T5822]  ? skb_pull_data+0x15f/0x1e0
[ 1168.907024][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1168.907037][ T5822]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1168.907050][ T5822]  hci_event_packet+0x682/0x11c0
[ 1168.907062][ T5822]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1168.907076][ T5822]  ? __pfx_hci_event_packet+0x10/0x10
[ 1168.907089][ T5822]  ? kcov_remote_start+0x374/0x660
[ 1168.907114][ T5822]  ? lockdep_hardirqs_on+0x78/0x100
[ 1168.907133][ T5822]  hci_rx_work+0x451/0xfc0
[ 1168.907146][ T5822]  process_one_work+0xa23/0x19a0
[ 1168.907163][ T5822]  ? __pfx_process_one_work+0x10/0x10
[ 1168.907177][ T5822]  ? __pfx_hci_rx_work+0x10/0x10
[ 1168.907191][ T5822]  worker_thread+0x5ef/0xe50
[ 1168.907205][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1168.907217][ T5822]  ? kthread+0x13a/0x450
[ 1168.907232][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1168.907243][ T5822]  kthread+0x370/0x450
[ 1168.907252][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1168.907263][ T5822]  ret_from_fork+0x754/0xd80
[ 1168.907275][ T5822]  ? __pfx_ret_from_fork+0x10/0x10
[ 1168.907286][ T5822]  ? rcu_is_watching+0x12/0xc0
[ 1168.907300][ T5822]  ? __switch_to+0x7b4/0x1120
[ 1168.907313][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1168.907324][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1168.907341][ T5822]  </TASK>
[ 1168.907345][ T5822] 
[ 1169.130975][ T5822] Allocated by task 5822:
[ 1169.135280][ T5822]  kasan_save_stack+0x30/0x50
[ 1169.139949][ T5822]  kasan_save_track+0x14/0x30
[ 1169.144610][ T5822]  __kasan_kmalloc+0xaa/0xb0
[ 1169.149187][ T5822]  l2cap_chan_create+0x44/0x940
[ 1169.154027][ T5822]  l2cap_sock_alloc.constprop.0+0xf5/0x1e0
[ 1169.159828][ T5822]  l2cap_sock_new_connection_cb+0x101/0x260
[ 1169.165704][ T5822]  l2cap_connect_cfm+0x4e2/0x1050
[ 1169.170717][ T5822]  le_conn_complete_evt+0x195c/0x1f40
[ 1169.176069][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1169.181596][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1169.186351][ T5822]  hci_event_packet+0x682/0x11c0
[ 1169.191267][ T5822]  hci_rx_work+0x451/0xfc0
[ 1169.195664][ T5822]  process_one_work+0xa23/0x19a0
[ 1169.200588][ T5822]  worker_thread+0x5ef/0xe50
[ 1169.205160][ T5822]  kthread+0x370/0x450
[ 1169.209209][ T5822]  ret_from_fork+0x754/0xd80
[ 1169.213783][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1169.218531][ T5822] 
[ 1169.220833][ T5822] Freed by task 18839:
[ 1169.224875][ T5822]  kasan_save_stack+0x30/0x50
[ 1169.229538][ T5822]  kasan_save_track+0x14/0x30
[ 1169.234202][ T5822]  kasan_save_free_info+0x3b/0x70
[ 1169.239212][ T5822]  __kasan_slab_free+0x5f/0x80
[ 1169.243966][ T5822]  kfree+0x1f6/0x6b0
[ 1169.247846][ T5822]  l2cap_chan_put+0x235/0x300
[ 1169.252508][ T5822]  l2cap_sock_cleanup_listen+0x4d/0x2d0
[ 1169.258037][ T5822]  l2cap_sock_release+0x69/0x280
[ 1169.262957][ T5822]  __sock_release+0xb3/0x260
[ 1169.267530][ T5822]  sock_close+0x1c/0x30
[ 1169.271668][ T5822]  __fput+0x3ff/0xb40
[ 1169.275633][ T5822]  task_work_run+0x150/0x240
[ 1169.280201][ T5822]  exit_to_user_mode_loop+0x100/0x4a0
[ 1169.285553][ T5822]  do_syscall_64+0x67c/0xf80
[ 1169.290126][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.295998][ T5822] 
[ 1169.298300][ T5822] The buggy address belongs to the object at ffff88806ef62000
[ 1169.298300][ T5822]  which belongs to the cache kmalloc-2k of size 2048
[ 1169.312332][ T5822] The buggy address is located 1152 bytes inside of
[ 1169.312332][ T5822]  freed 2048-byte region [ffff88806ef62000, ffff88806ef62800)
[ 1169.326279][ T5822] 
[ 1169.328581][ T5822] The buggy address belongs to the physical page:
[ 1169.334967][ T5822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6ef60
[ 1169.343703][ T5822] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1169.352176][ T5822] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1169.359698][ T5822] page_type: f5(slab)
[ 1169.363659][ T5822] raw: 00fff00000000040 ffff88813fe40000 dead000000000100 dead000000000122
[ 1169.372221][ T5822] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1169.380787][ T5822] head: 00fff00000000040 ffff88813fe40000 dead000000000100 dead000000000122
[ 1169.389436][ T5822] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1169.398087][ T5822] head: 00fff00000000003 ffffea0001bbd801 00000000ffffffff 00000000ffffffff
[ 1169.406738][ T5822] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1169.415388][ T5822] page dumped because: kasan: bad access detected
[ 1169.421776][ T5822] page_owner tracks the page as allocated
[ 1169.427468][ T5822] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 17582, tgid 17580 (syz.1.2945), ts 1032670570282, free_ts 1032651124401
[ 1169.449153][ T5822]  post_alloc_hook+0x153/0x170
[ 1169.453905][ T5822]  get_page_from_freelist+0x111d/0x3140
[ 1169.459434][ T5822]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[ 1169.465310][ T5822]  new_slab+0xa6/0x6b0
[ 1169.469360][ T5822]  refill_objects+0x26b/0x400
[ 1169.474020][ T5822]  __pcs_replace_empty_main+0x1ab/0x660
[ 1169.479549][ T5822]  __kmalloc_noprof+0x688/0x850
[ 1169.484382][ T5822]  sk_prot_alloc+0x10b/0x2a0
[ 1169.488955][ T5822]  sk_alloc+0x36/0xe80
[ 1169.493003][ T5822]  __netlink_create+0x5e/0x2c0
[ 1169.497750][ T5822]  netlink_create+0x293/0x610
[ 1169.502410][ T5822]  __sock_create+0x339/0x860
[ 1169.506987][ T5822]  __sys_socket+0x14d/0x260
[ 1169.511470][ T5822]  __x64_sys_socket+0x72/0xb0
[ 1169.516133][ T5822]  do_syscall_64+0x106/0xf80
[ 1169.520705][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.526581][ T5822] page last free pid 17580 tgid 17580 stack trace:
[ 1169.533056][ T5822]  __free_frozen_pages+0x7e1/0x10d0
[ 1169.538238][ T5822]  qlist_free_all+0x47/0xe0
[ 1169.542731][ T5822]  kasan_quarantine_reduce+0x1a0/0x1f0
[ 1169.548175][ T5822]  __kasan_slab_alloc+0x69/0x90
[ 1169.553012][ T5822]  kmem_cache_alloc_noprof+0x241/0x6e0
[ 1169.558456][ T5822]  vm_area_dup+0x27/0x8e0
[ 1169.562766][ T5822]  __split_vma+0x18c/0xd90
[ 1169.567165][ T5822]  vma_modify+0x197d/0x2250
[ 1169.571651][ T5822]  vma_modify_flags+0x257/0x3d0
[ 1169.576486][ T5822]  mprotect_fixup+0x209/0xb70
[ 1169.581146][ T5822]  do_mprotect_pkey+0x9e1/0xe70
[ 1169.585976][ T5822]  __x64_sys_mprotect+0x78/0xc0
[ 1169.590808][ T5822]  do_syscall_64+0x106/0xf80
[ 1169.595382][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.601258][ T5822] 
[ 1169.603563][ T5822] Memory state around the buggy address:
[ 1169.609170][ T5822]  ffff88806ef62380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.617210][ T5822]  ffff88806ef62400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.625255][ T5822] >ffff88806ef62480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.633293][ T5822]                    ^
[ 1169.637336][ T5822]  ffff88806ef62500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.645376][ T5822]  ffff88806ef62580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.653418][ T5822] ==================================================================
[ 1169.691621][ T5822] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1169.698858][ T5822] CPU: 0 UID: 0 PID: 5822 Comm: kworker/u9:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1169.709888][ T5822] Tainted: [L]=SOFTLOCKUP
[ 1169.714212][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1169.724273][ T5822] Workqueue: hci0 hci_rx_work
[ 1169.728953][ T5822] Call Trace:
[ 1169.732213][ T5822]  <TASK>
[ 1169.735132][ T5822]  dump_stack_lvl+0x100/0x190
[ 1169.739804][ T5822]  vpanic+0x552/0x970
[ 1169.743769][ T5822]  ? __pfx_vpanic+0x10/0x10
[ 1169.748257][ T5822]  ? l2cap_connect_cfm+0xe57/0x1050
[ 1169.753439][ T5822]  panic+0xd1/0xe0
[ 1169.757140][ T5822]  ? __pfx_panic+0x10/0x10
[ 1169.761538][ T5822]  ? l2cap_connect_cfm+0xe57/0x1050
[ 1169.766716][ T5822]  ? preempt_schedule_common+0x42/0xc0
[ 1169.772165][ T5822]  check_panic_on_warn.cold+0x19/0x34
[ 1169.777520][ T5822]  end_report.part.0+0x3a/0x90
[ 1169.782271][ T5822]  kasan_report.cold+0xe/0x18
[ 1169.786937][ T5822]  ? l2cap_connect_cfm+0xe57/0x1050
[ 1169.792121][ T5822]  l2cap_connect_cfm+0xe57/0x1050
[ 1169.797215][ T5822]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1169.802663][ T5822]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1169.808107][ T5822]  le_conn_complete_evt+0x195c/0x1f40
[ 1169.813469][ T5822]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1169.819175][ T5822]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1169.824703][ T5822]  ? skb_pull_data+0x15f/0x1e0
[ 1169.829450][ T5822]  hci_le_meta_evt+0x34a/0x5f0
[ 1169.834198][ T5822]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1169.840250][ T5822]  hci_event_packet+0x682/0x11c0
[ 1169.845168][ T5822]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1169.850436][ T5822]  ? __pfx_hci_event_packet+0x10/0x10
[ 1169.855791][ T5822]  ? kcov_remote_start+0x374/0x660
[ 1169.860903][ T5822]  ? lockdep_hardirqs_on+0x78/0x100
[ 1169.866088][ T5822]  hci_rx_work+0x451/0xfc0
[ 1169.870488][ T5822]  process_one_work+0xa23/0x19a0
[ 1169.875412][ T5822]  ? __pfx_process_one_work+0x10/0x10
[ 1169.880771][ T5822]  ? __pfx_hci_rx_work+0x10/0x10
[ 1169.885691][ T5822]  worker_thread+0x5ef/0xe50
[ 1169.890263][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1169.895353][ T5822]  ? kthread+0x13a/0x450
[ 1169.899576][ T5822]  ? __pfx_worker_thread+0x10/0x10
[ 1169.904666][ T5822]  kthread+0x370/0x450
[ 1169.908720][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1169.913292][ T5822]  ret_from_fork+0x754/0xd80
[ 1169.917865][ T5822]  ? __pfx_ret_from_fork+0x10/0x10
[ 1169.922959][ T5822]  ? rcu_is_watching+0x12/0xc0
[ 1169.927706][ T5822]  ? __switch_to+0x7b4/0x1120
[ 1169.932367][ T5822]  ? __pfx_kthread+0x10/0x10
[ 1169.936937][ T5822]  ret_from_fork_asm+0x1a/0x30
[ 1169.941690][ T5822]  </TASK>
[ 1169.944990][ T5822] Kernel Offset: disabled
[ 1169.949288][ T5822] Rebooting in 86400 seconds..