last executing test programs:

2m57.459731828s ago: executing program 1 (id=2):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x4, 0x200006, 0x2, 0x4967, 0x9})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r1, 0x80044d05, &(0x7f0000000a40))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0xdad70000)
syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
socket$unix(0x1, 0x1, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000200)={0x0, 0x0, 0x20, 0x0, @vifc_lcl_addr=@empty, @dev}, 0x10)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mmap(&(0x7f0000044000/0x4000)=nil, 0x4000, 0x2, 0x10, r2, 0xce460000)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000860000/0x2000)=nil, 0x2000, 0x1000006, 0x1010, r6, 0xd0b27000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000000)
preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$fscrypt_provisioning(&(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000081"], 0x48, r8)
syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[], 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2m57.17820842s ago: executing program 1 (id=6):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) (async)
bind$netlink(0xffffffffffffffff, 0x0, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/15], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (rerun: 32)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async, rerun: 64)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) (rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async, rerun: 32)
socket$alg(0x26, 0x5, 0x0) (async, rerun: 32)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r9=>0x0})
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
getpeername$packet(r10, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r7, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x24, r8, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r11}]}, 0x24}}, 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r12=>0x0}, 0x0)
setresuid(r12, r12, 0x0)

2m56.506946614s ago: executing program 1 (id=7):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x481, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(r1, 0x80045113, &(0x7f0000000000))
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@remote, 0x0, 0x400, 0x0, 0x0, 0xa, 0x60, 0x0, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, 0x9}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r4, 0x29, 0xd1, &(0x7f0000000000)=0x9, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x1, {}, 0xff}, 0x18)
setsockopt$MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x2, 0x0, 0xa}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sysfs$2(0x4, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x400, 0x0, 0x0, 0xa, 0x60}, {}, {}, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
timer_create(0x7, &(0x7f0000001280)={0x0, 0x3b, 0x1, @thr={0x0, 0x0}}, &(0x7f00000012c0)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000001300)={{0x0, 0x989680}, {0x77359400}}, &(0x7f0000001340))
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {0x0, 0x5}}}, 0xb8}}, 0x4000)
syz_usb_connect(0x3, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x310, 0x2c, 0x93, 0x4c, 0x8, 0x17ef, 0x721e, 0xb46f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xe0, 0xb, 0x50, 0x1, [{{0x9, 0x4, 0xcf, 0x32, 0x0, 0x2, 0x6, 0x0, 0x4}}]}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x5, &(0x7f0000000380)={0x5, 0xf, 0x5}})

2m53.176467077s ago: executing program 1 (id=17):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(&(0x7f00000001c0), 0x0, &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,')
mount$fuse(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRES8, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$9p_rdma(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x3bb8431, &(0x7f0000000440)=ANY=[])
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x38c43)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=<r1=>0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x4008000006)
openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x208002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0xb)
memfd_create(0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x55)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000440)='./file0\x00', &(0x7f0000000340), 0x0, 0x0, 0x2)
r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, 0x0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f00000000c0)={0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000f40), 0x48a41, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000300)={0x0, 0x0, 0x5, 0x0, 0x0, 0x2})
ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0)
pipe(0x0)
iopl(0x3)

2m49.563162473s ago: executing program 1 (id=29):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}}, 0x0)
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
io_setup(0xeb0, &(0x7f0000000140)=<r1=>0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
io_submit(r1, 0x1, &(0x7f0000000000)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
io_cancel(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2, 0x0, r2, 0x0}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {}, {0xe, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000000)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r6, 0x40049366, 0x0)

2m49.345491876s ago: executing program 1 (id=31):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
sendfile(r2, r1, 0x0, 0x3a)
r8 = dup(r0)
io_setup(0x7, &(0x7f0000000040)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000300)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xe000, r8, &(0x7f0000000280)="88", 0x1, 0x7, 0x0, 0x0, r8}])
socket$kcm(0x2, 0xa, 0x2)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x300, 0x0)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @broadcast})

2m33.581080047s ago: executing program 32 (id=31):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
sendfile(r2, r1, 0x0, 0x3a)
r8 = dup(r0)
io_setup(0x7, &(0x7f0000000040)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000300)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xe000, r8, &(0x7f0000000280)="88", 0x1, 0x7, 0x0, 0x0, r8}])
socket$kcm(0x2, 0xa, 0x2)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x300, 0x0)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @broadcast})

1m52.799859831s ago: executing program 2 (id=256):
r0 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, &(0x7f0000000080)=0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYRES8=r6], 0x10)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r6, <r7=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r5}, 0x20)
close(0x3)
close(r7)
socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netlink(r8, 0x10e, 0x5, &(0x7f0000000040)=""/162, &(0x7f0000000100)=0xa2)
gettid()

1m51.237073887s ago: executing program 2 (id=262):
clock_gettime(0x6, &(0x7f00000000c0)={<r0=>0x0, <r1=>0x0})
clock_settime(0x0, &(0x7f0000002c00)={r0, r1+10000000})
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
unshare(0x10080)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r4)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="c5cfc52375ee9f6031c898d0378b91d7e6f1f1a13127845bcfc051f4b64844966b240e00454a57de55cf", @ANYRES16=r5, @ANYBLOB="000827bd7000ffdbdf2531000000050033000100000005003600000000000a0001007770616e300000000500350008000000"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x40844)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x2, 0x0, 0x4}]})
syz_io_uring_setup(0xfb, 0x0, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000340)=0x14)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0406618, &(0x7f0000000340)={@desc={0x1, 0x0, @desc2}})
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r7, 0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000100)=<r8=>0xffffffffffffffff)
ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000300)={0xa30000, 0x9, 0x6, r8, 0x0, &(0x7f00000002c0)={0x3b0345, 0x1, '\x00', @p_u16=&(0x7f0000000280)=0xf}})
close_range(r6, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384-generic\x00'}, 0x58)
r10 = accept4(r9, 0x0, 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r11=>0x0)
ptrace$setregs(0xf, r11, 0x9, &(0x7f0000000040)="5b9542c3ab2126538ba15ce09961a7e23f6a1114dab8c027b3fda5cab2082c2dd06189a4718a27da14d60cf07a97e43caac30e7b24fb42f6be2d6f21359aa1cc5397d4e14c8066139f38e3bc0701f9ae7874e95b22712d0680ac4ab9e98c359a23b60ad00f766169ac")
capget(0x0, 0x0)
syz_emit_ethernet(0x22, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaac7100800450000140000000000849078ac1414bbac14140d30ce64c70b96b81a99f0bdb25f8460a9b59ecf43688f486908564fb643c651054d55617166b95d2c7886cba0f6ed0e00f0c0f0b0a0d79ca29dc1444b6f8edaa7391739d4f0f229068942643f5e536c6a9f0c9b"], 0x0)
recvmmsg$unix(r10, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

1m48.970065869s ago: executing program 2 (id=268):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)}], 0x2)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b0f, &(0x7f0000000000)={'wlan0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'veth1_to_team\x00', <r3=>0x0})
r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_getsetattr(r4, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@dellink={0x20, 0x11, 0x200, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0xa000}}, 0x20}}, 0x0)

1m47.512592507s ago: executing program 2 (id=270):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
pipe(&(0x7f0000000140)) (async, rerun: 32)
close(0xffffffffffffffff) (async, rerun: 64)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6) (async, rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) (async, rerun: 32)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x81)
r3 = openat$dsp(0xffffff9c, &(0x7f0000000280), 0x80000, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(r3, 0x80044dfb, 0x0) (async)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1885000000ba000000950000000000000000000000000000000000000000000041be97b11dc9d90d4aec26a87f31e3fd636c5ff67cf70f5c96e28402de40f8fe1093b44fe8cceb0c6699a2b87b1673822e9c6fcf2d7140772f235a9eea843eda5233cdb8fae3af960d69ccf88efe93bfc68bdc58676aa4fa0feb9865de3b023257e28526bec1aefc121c4fb3817e4dd76b5f5c9bc7b379261866fe18d4ec6caedb3c6c39115dcd5eb475c6973ab575e3312e11bb8addf7981265af021a67c5d77abeccfbcea11affba03b34179fc5c77d4c442ecc6e281bea1b2cf71"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getpid() (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
flistxattr(r4, &(0x7f0000000480)=""/83, 0x53) (async)
r5 = socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) (async)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'sit0\x00', <r6=>0x0}) (rerun: 64)
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r6}) (async, rerun: 32)
r7 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) (rerun: 32)
keyctl$get_persistent(0x16, 0xffffffffffffffff, r7)

1m47.319913731s ago: executing program 2 (id=272):
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
rmdir(&(0x7f0000000180)='./file1/../file0\x00')

1m46.769561639s ago: executing program 2 (id=273):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000280)=<r1=>0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000300)=@assoc_value={0x0, 0x10000}, 0x8)
timer_settime(r1, 0x0, &(0x7f0000000100)={{}, {0x77359400}}, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r3=>0x0, <r4=>0x0})
r5 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
clock_gettime(0x0, &(0x7f00000001c0))
timer_settime(r1, 0x1, &(0x7f0000000200)={{}, {r3, r4+10000000}}, &(0x7f0000000240))
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x2f8, 0x0, 0xa, 0xd0e0000, 0x0, 0x100, 0x260, 0x1d8, 0x1d8, 0x260, 0x1d8, 0x3, 0x0, {[{{@ip={@loopback, @multicast1, 0x0, 0x0, 'ip6tnl0\x00', 'rose0\x00'}, 0x0, 0xc0, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}, @common=@ttl={{0x28}, {0x3, 0x5}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x3202, 0xd8, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x1]}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x358)
kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
timerfd_create(0x0, 0x80000)
clock_gettime(0x0, &(0x7f00000000c0))
clock_gettime(0x0, &(0x7f0000000080))
r7 = timerfd_create(0xe, 0x800)
timerfd_settime(r7, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, &(0x7f0000000140))

1m31.737503429s ago: executing program 33 (id=273):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000280)=<r1=>0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000300)=@assoc_value={0x0, 0x10000}, 0x8)
timer_settime(r1, 0x0, &(0x7f0000000100)={{}, {0x77359400}}, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r3=>0x0, <r4=>0x0})
r5 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
clock_gettime(0x0, &(0x7f00000001c0))
timer_settime(r1, 0x1, &(0x7f0000000200)={{}, {r3, r4+10000000}}, &(0x7f0000000240))
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x2f8, 0x0, 0xa, 0xd0e0000, 0x0, 0x100, 0x260, 0x1d8, 0x1d8, 0x260, 0x1d8, 0x3, 0x0, {[{{@ip={@loopback, @multicast1, 0x0, 0x0, 'ip6tnl0\x00', 'rose0\x00'}, 0x0, 0xc0, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}, @common=@ttl={{0x28}, {0x3, 0x5}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x3202, 0xd8, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x1]}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x358)
kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
timerfd_create(0x0, 0x80000)
clock_gettime(0x0, &(0x7f00000000c0))
clock_gettime(0x0, &(0x7f0000000080))
r7 = timerfd_create(0xe, 0x800)
timerfd_settime(r7, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, &(0x7f0000000140))

1m9.467243308s ago: executing program 3 (id=452):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000380)={0x7, 0x5, 0x9, 0x3, 0x9})
syz_usb_connect(0x2, 0x62, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000095e7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d240601010302000100060006092403050503060581092403060103"], 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$sock_int(r2, 0x1, 0xa, &(0x7f0000000080)=0x4, 0x4)
ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000100))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f00000002c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r6], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0xf1f, 0x3, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x93f}]}, 0x38}}, 0x4000800)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x24, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x4}, {0xfff3, 0xffff}, {0xf, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x44044)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00'})
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r5, 0x84, 0x71, &(0x7f00000003c0)={<r8=>0x0, 0x3}, &(0x7f0000000400)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000480)={r8, 0x6}, &(0x7f0000000540)=0x8)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@o_path={0x0, 0x0, 0x4018, r7}, 0x18)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0xff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48d1}, 0x80)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port0\x00', 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x5})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[], 0x0)

1m7.549023565s ago: executing program 3 (id=466):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f00000000c0))
r5 = eventfd(0x3)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000040)={r5})
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0)

1m6.92923256s ago: executing program 3 (id=468):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000300)=ANY=[@ANYRES32=r1], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x41100, 0x30, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x2600, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000040)="93d90400000300", 0x7}], 0x1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r3, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
faccessat2(0xffffffffffffffff, &(0x7f0000001400)='\x00', 0x0, 0x1100)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYRES64=r2], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r4, 0x5406, &(0x7f0000000340)={0xff00, 0x0, 0x0, 0x9, 0x0, "00000000e100"})
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x8002)
socket$inet6_udp(0xa, 0x2, 0x0)
r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x9800, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000080)='sync\x00', 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000180)={0x0, 0x31, 0x2, '$h'}, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYRES8=0x0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1f, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)

1m5.944612028s ago: executing program 4 (id=473):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x106f)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e000000000000001280000003"], 0x50)
socket(0x2, 0x80805, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0)
getsockname$packet(r6, &(0x7f0000000740)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x1, {0x0, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r8, @ANYBLOB="00010000ac000000140012800b0001fb7c4d106b6e6c00000400028096f477c1af23c032dd9f6e3e78c64f53fb67c16b3af646e6ec5320fa45f070b29b1c08d52a4106"], 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x28)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

1m5.369448359s ago: executing program 4 (id=476):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_open_dev$amidi(0x0, 0x3e0, 0x123c80)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x3a, 0x20000000)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
pwritev(r3, 0x0, 0x0, 0x81, 0x7)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000340)={0x400, 0x0, 0x0, 0x0, {}, 0x0, 0x3c, 0x0, 0x0}, 0x58)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x3, 0x80a00)
ioctl$DRM_IOCTL_GET_MAGIC(0xffffffffffffffff, 0x80046402, 0x0)
r5 = fcntl$dupfd(r3, 0x406, 0xffffffffffffffff)
ioctl$DRM_IOCTL_AUTH_MAGIC(r5, 0x40046411, &(0x7f0000000000)=0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000001000100"])
ioctl$SG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000000000)=0xc)
r6 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, &(0x7f00000003c0)={0xf7ac9150b935f1d1})
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0500000004000000032000000c"], 0x50)
close(0x3)

1m4.166251967s ago: executing program 4 (id=480):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
chdir(0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r2, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x5c2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x348}, &(0x7f0000000480)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x108, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r3, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0), 0x8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a80)='/proc/meminfo\x00', 0x0, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000040)={0x86, 0x3, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xfffffffffffffffc})
preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000000)=""/221, 0x34b}], 0x1, 0x1c0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

1m3.807753678s ago: executing program 6 (id=484):
dup(0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001c40)={0xd, 0x4, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_adj\x00')
write$cgroup_pid(r2, &(0x7f0000003400), 0x12)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="1400000010000100f5ffffff000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174002c000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000014000000110001"], 0x25c}}, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000000b80)={{0x0, 0x13, 0x9, 0x10000, 0x774e0, 0x0, 0xd8d, 0x100006, 0x400, 0x81, 0x1, 0xf, 0x9, 0x0, 0x8}})
prlimit64(0xffffffffffffffff, 0x3, &(0x7f0000000140)={0x8, 0x2}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000080)=0x3)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, 0x0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
splice(r6, 0x0, r5, 0x0, 0x8000, 0x0)

1m2.81304195s ago: executing program 4 (id=487):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000380)=ANY=[@ANYBLOB="fff1ff61000000c5f90000000000000800450000300000000000889078ac1e0001ac1414aa04009078000000004520000500660101a90b0006e0000002ac1414aa"], 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006840)={0x2020, 0x0, <r5=>0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
syz_fuse_handle_req(r4, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x2b, 0x0, 0x0, 0x100, 0x0, 0x8, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x10b}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x8, 0x7fffffff, 0x7, 0x20002, r7, 0x5504c732, '\x00', r3, r7, 0x2, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
capset(&(0x7f0000000000)={0x20080522, r6}, &(0x7f0000000340)={0x4, 0x1, 0x3bf81ba6, 0x6, 0x0, 0x7})
lseek(r7, 0x0, 0x2)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0xfff1, 0xfff1}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @empty}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1m2.616735794s ago: executing program 3 (id=489):
getpid()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) (async)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)=0x5) (async)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) (async)
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000180)="8c8464945635ce3d430178fe2b5b03698e46bc2c5f5b003615667a4ec07a5e8822c0f7a457a1df9f2770264c0889b9fe8b099ced21efc549eb71d3", 0x3b}], 0x1) (async)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000007c0)={0x52})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x9, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r2) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r3, 0x0, 0x5}, 0x18) (async)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x2)
fcntl$notify(r4, 0x402, 0x5) (async)
fcntl$notify(r4, 0x402, 0x8000003d) (async)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000c80)={0x2, 0x0, @pic={0x0, 0x7, 0x2, 0x7d, 0xf9, 0x9, 0x81, 0x9, 0x81, 0x7e, 0x2, 0x9, 0x8, 0x9, 0x2, 0x5}}) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
io_setup(0x3, &(0x7f0000000140)) (async)
gettid() (async)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000800)={'syz1\x00', {0x0, 0x401, 0x2}, 0x2c, [0x0, 0x100, 0x0, 0xfffffffd, 0x6, 0x2, 0xfffffff8, 0x7, 0x0, 0x7fffffff, 0xfffffffe, 0xc0, 0x0, 0x0, 0x8, 0x0, 0x4000, 0x10, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x84fd, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfdfffffc, 0x0, 0xfffffffe, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5f1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x10, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffc, 0x0, 0x0, 0x4, 0x0, 0x7ff, 0x0, 0x0, 0xfffffffe, 0x0, 0x7, 0xe, 0x0, 0x2, 0xfb4f, 0x0, 0xeae2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x3ff, 0x40000000, 0x7fffe, 0x0, 0xfffffffd, 0x0, 0xfffffffc, 0x2, 0x3, 0x7, 0x0, 0x3, 0x80000000, 0xffff], [0x4, 0x20e4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x0, 0x0, 0x0, 0x2, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfff, 0x71f, 0x0, 0x1, 0xffffffff, 0x20, 0x8], [0x40000000, 0x4, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x400, 0x2, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc, 0x80000000, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x462, 0x0, 0xcaa, 0x6, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3, 0x0, 0x7, 0x0, 0x1000000]}, 0x45c)

1m2.408533561s ago: executing program 6 (id=490):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0)
r2 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newlink={0x80, 0x10, 0x437, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, r4, 0x40c89}, [@IFLA_OPERSTATE={0x5, 0x10, 0x5}, @IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x45ea5}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_IKEY={0x8, 0x4, 0x3}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x80}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e24}, @IFLA_GRE_OKEY={0x8, 0x5, 0x6}]}}}, @IFLA_BROADCAST={0xa, 0x2, @remote}]}, 0x80}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, 0x0, &(0x7f0000000040)=0x300)
r6 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0x0, 0x0, 0x52, @empty, @mcast1, 0x1200, 0x8000, 0x101}})
sendmmsg$inet(r6, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(r2, &(0x7f0000000240)='cgroup.stat\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_STATION(r7, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r8, 0x300, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4008081}, 0x80)

1m2.408369641s ago: executing program 3 (id=491):
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
rmdir(&(0x7f0000000180)='./file1/../file0\x00')

1m2.291097463s ago: executing program 4 (id=492):
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x200100, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x7, 0xb23, 0x7fffffff, 0x81, 0x40, 0x5b, 0xa}, 0x9c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x8b101a, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
rmdir(&(0x7f0000000180)='./file1/../file0\x00')

1m2.069799535s ago: executing program 3 (id=493):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000009d80402c0000000000001090224000100000004090400000403000200092100000001220300090581034000ee0000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220300000092"], 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r1, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0)=@ng={0x4, 0x12}, 0x2, 0x0)
close(r1)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
userfaultfd(0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
bind$netlink(r3, &(0x7f0000000300)={0x10, 0x0, 0x25dfdbff, 0x1000}, 0xc)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[], 0x0, 0x2e, 0x0, 0x0, 0x5, 0x10000, @value}, 0x28)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r4, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
syz_usb_connect$cdc_ecm(0x1, 0x59, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x1, 0x1, 0x3, 0x871389d5bf0763e9, 0x21, [{{0x9, 0x4, 0x0, 0xb, 0x2, 0x2, 0x6, 0x0, 0x5, {{0x8, 0x24, 0x6, 0x0, 0x0, "fac1be"}, {0x5, 0x24, 0x0, 0xa3a}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x5, 0x9, 0xe}}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x3f, 0x5, 0x6a}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x2, 0x8, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x6b, 0x5}}}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x7, 0x94, 0x4, 0x10, 0x2}, 0x16, &(0x7f0000000180)={0x5, 0xf, 0x16, 0x3, [@wireless={0xb, 0x10, 0x1, 0x8, 0x60, 0x6, 0x7, 0x1, 0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x1, [{0x41, &(0x7f0000000200)=@string={0x41, 0x3, "4e5b75a9d18e97b333ee1c046ed7943c732b96eaff7df6486ff7cdbe2051724fd8991cec66565937db3b139a1d9b4f44431cd939a5a5112f3d77e28488060a"}}]})
listen(r5, 0xfffffffc)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1m2.048513076s ago: executing program 6 (id=494):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000060000000400000091c6be7a00000000", @ANYRES32, @ANYBLOB="ffea0000000000e56200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000300"/28], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x27, 0x3, 0x80000000)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde}, &(0x7f0000000080)=0x40)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x5452, &(0x7f00000006c0))
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3004c080)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080006000000000000000000000000000000e85b91b850de88a2b00d72f11475bcf7bc879ead1fc0c2f917d5ee04720460f3894ea7f68a1ec2603972b86324b5cd143bf7bdfa9b11fd7135b2a53b9c31ec4c1d7aa38e71430fb8f28487fbb2bac0befc0801d2b4061571d3c422bd70348302419df6433aa1554fa05b8e687ad67bbe24e3d9de30bc19259a3600fdeb355bd4e42005b5833bd3a38b2c9a563c552b1d8a20de47a3fe22d7c69f50f57fc9e1e7ff4734b624e6b86324c34e7053d16e4144b44fb98a0cb3e8b08057ecdf17261d4c819b710172f16d3b1d3a0a", @ANYRES32=r6], 0x34}, 0x1, 0x0, 0x0, 0x24044066}, 0x800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
rt_sigprocmask(0x0, &(0x7f0000000400)={[0xfffff7feffff7ffc]}, 0x0, 0x8)
cachestat(r5, &(0x7f00000000c0)={0x3, 0x6}, &(0x7f0000000340), 0x0)
gettid()
io_setup(0x2, &(0x7f00000001c0))

1m1.931207444s ago: executing program 4 (id=495):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000080)={0x55, 0x6, 0x5, {0xd, 0x7}, {0x2, 0x8000}, @const={0x3, {0x3, 0x3ff, 0x1, 0x9}}})
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000000240)={0xa, 0x4}, 0xc)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)={0xc8, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8001000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xe}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_ADDR={0x8}]}, @TIPC_NLA_BEARER={0x78, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x2, @empty, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x38}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x31}}}, {0x14, 0x2, @in={0x2, 0x4e24, @broadcast}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000020}, 0x4000001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}, @in6={0xa, 0x4e21, 0x7, @local, 0x9}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82187201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYBLOB], 0x36)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a30000000000800044000000000140000001100010000000000000000000000000a"], 0x68}}, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r5], 0x44}}, 0x0)

1m1.091819577s ago: executing program 6 (id=503):
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)

1m1.011910116s ago: executing program 6 (id=504):
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
rmdir(&(0x7f0000000180)='./file1/../file0\x00')

1m1.010208294s ago: executing program 6 (id=505):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="0100000000000000000001000000040004358008000200010000e0"], 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wpan4\x00'})
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0xffffffffffffffd0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYRES32=r0, @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080008c34d09990c485ee000000000000"], 0x6f4}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@gettclass={0x24, 0x2a, 0x10, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x10, 0xfff3}, {0xfff3, 0xfff1}, {0x7, 0xa}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x41)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x22800, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000003e000701feffffff00000000017c0000040042800c00018006000600800a00000c0002800400148004002a80a07daef7f70913431a5a3453d3f3e64f075918e0139f60f9770145a23cb5b6642c04000000000000001d9b6db31dbf"], 0x30}, 0x1, 0x0, 0x0, 0x2400c011}, 0xc000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r10 = accept4(r9, 0x0, 0x0, 0x800)
sendmmsg$alg(r10, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=ANY=[@ANYRESHEX=r1, @ANYRES64=r6, @ANYRES16=r5, @ANYRES32=r11, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x4000000)

51.504760808s ago: executing program 0 (id=534):
socket(0x848000000015, 0x805, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000034000)=""/102400, 0x19000)
r2 = socket(0x18, 0x805, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000000)=0x1e00)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @multicast}, 0x0)
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="01"], 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYRES16=r3], 0x0, 0x400404, 0x0, 0x0, 0x41000, 0x41, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000280)=[{0x0, 0x4, 0x5, 0x6}], 0x10, 0xfffffaf3, @void, @value}, 0x94)
connect$tipc(r4, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000000301050000000000000000000000000a0600124000010000ef7c0caf4e126c5c8fb5de5d7b0a5ccd7cd98750d4cb13e50a64b8126e253f5b35766bdcd027291facbdea46b79528da8002f7ee528c4b476475e5431532191c6c189747c8c52d56ffe7438fb2077110ecfd3449d5ba852895f8b0c388ce7edcd0a6f76853dacc16d9692a9bcc86453e761b2a6b2468c2f967733805", @ANYBLOB="ea310a99d6ef9e545fbf43f5866bcea53655a62f887abe4c11b5d132dbc8e2211e7f279cb8cd684af3e4f851777f21b7167a8704d7949aad5ecbb537e59e1fac755cf4aebea93868fa8e3f79bf5376ca2a55c8ec00cd3dd48bd8b64153891642c1865c26aba347660f4701275d48991c656348caa7bfd5d9e42cbf9abf9f0d847deb5c95306c0461f27c166a6ecab228cfab70ea665b481fefe6020705056a97cb4fa2da3d360621c62a4f414d2793186cf3ca204635b67e92729ffa362af313eebb3dc4cffe9f3efa"], 0x1c}, 0x1, 0x0, 0x0, 0x850}, 0x2400c0c7)
r5 = socket$netlink(0x10, 0x3, 0x2)
sendmsg$netlink(r5, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="180000007a0001276c0040000000000000000000000000003d9382ec365ac796db86f35f9a33e02f68f92e84101debf8707703b2f603da32ef84117ec6520aba0c5a5de774a50f4d7e26c75153d18d6c6a8676053a606834f26e17a74f934a79d9c2c2c727bbadbe671f3d536ec093afab44194a6f1d"], 0x18}], 0x1}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x81, 0x200000})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r7, 0x4b4e, 0x4000020)
bind$802154_raw(r6, 0x0, 0x0)

51.127278713s ago: executing program 0 (id=535):
arch_prctl$ARCH_SHSTK_ENABLE(0x1003, 0xf0ff1f00000000)

51.039257385s ago: executing program 0 (id=537):
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000800))
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x402)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000500), 0x1, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000540)={0x1d2, [0x4, 0x7, 0x1000, 0x58d6, 0xff, 0x4, 0xe98, 0xffff, 0x4371, 0xc14, 0x1, 0x1, 0xe, 0x8d26, 0xffff, 0x40, 0x3, 0x9, 0x7, 0x3, 0x10, 0x6, 0x101, 0xff, 0x7, 0x40, 0x3, 0x2, 0x9, 0x1, 0x2, 0xff, 0x6, 0x1000, 0xf, 0x1, 0x7f, 0x8, 0x13d8, 0x4, 0xc, 0x7, 0x8, 0x1, 0x7f, 0x5, 0x9, 0x6], 0x5})
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x22)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000), 0x4)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x8000, 0x4, 0x5, 0x0, 0x3, 0x3, 0xa, 0xb8, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x5, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x5, 0x84, 0x7, 0x0, 0x50, 0x0, 0x70, 0x4, 0x87}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

50.434497082s ago: executing program 0 (id=538):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f00000002c0)={0x0, 0x3e, 0x8, 0x0})
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x111000)
write$sndseq(r3, &(0x7f0000000080)=[{0x9, 0x9, 0x10, 0x0, @tick=0x7, {0x32, 0x93}, {0x4, 0x1}, @raw32={[0xfffffff9, 0x0, 0x8]}}], 0x1c)

50.401485063s ago: executing program 0 (id=539):
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
rmdir(&(0x7f0000000180)='./file1/../file0\x00')

50.339315456s ago: executing program 0 (id=540):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})
r3 = dup(r1)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r6, 0x2007ffb)
close(r6)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0xc8a02, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4018aee1, &(0x7f0000000040)=ANY=[])
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)

46.864961415s ago: executing program 34 (id=493):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000009d80402c0000000000001090224000100000004090400000403000200092100000001220300090581034000ee0000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220300000092"], 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r1, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000000c0)=@ng={0x4, 0x12}, 0x2, 0x0)
close(r1)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
userfaultfd(0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
bind$netlink(r3, &(0x7f0000000300)={0x10, 0x0, 0x25dfdbff, 0x1000}, 0xc)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[], 0x0, 0x2e, 0x0, 0x0, 0x5, 0x10000, @value}, 0x28)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r4, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
syz_usb_connect$cdc_ecm(0x1, 0x59, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x1, 0x1, 0x3, 0x871389d5bf0763e9, 0x21, [{{0x9, 0x4, 0x0, 0xb, 0x2, 0x2, 0x6, 0x0, 0x5, {{0x8, 0x24, 0x6, 0x0, 0x0, "fac1be"}, {0x5, 0x24, 0x0, 0xa3a}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x5, 0x9, 0xe}}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x3f, 0x5, 0x6a}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x2, 0x8, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x6b, 0x5}}}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x7, 0x94, 0x4, 0x10, 0x2}, 0x16, &(0x7f0000000180)={0x5, 0xf, 0x16, 0x3, [@wireless={0xb, 0x10, 0x1, 0x8, 0x60, 0x6, 0x7, 0x1, 0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x1, [{0x41, &(0x7f0000000200)=@string={0x41, 0x3, "4e5b75a9d18e97b333ee1c046ed7943c732b96eaff7df6486ff7cdbe2051724fd8991cec66565937db3b139a1d9b4f44431cd939a5a5112f3d77e28488060a"}}]})
listen(r5, 0xfffffffc)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

46.82306955s ago: executing program 35 (id=495):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000080)={0x55, 0x6, 0x5, {0xd, 0x7}, {0x2, 0x8000}, @const={0x3, {0x3, 0x3ff, 0x1, 0x9}}})
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000000240)={0xa, 0x4}, 0xc)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)={0xc8, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8001000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xe}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_ADDR={0x8}]}, @TIPC_NLA_BEARER={0x78, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x2, @empty, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x38}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x31}}}, {0x14, 0x2, @in={0x2, 0x4e24, @broadcast}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000020}, 0x4000001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}, @in6={0xa, 0x4e21, 0x7, @local, 0x9}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82187201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYBLOB], 0x36)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a30000000000800044000000000140000001100010000000000000000000000000a"], 0x68}}, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r5], 0x44}}, 0x0)

45.781931662s ago: executing program 36 (id=505):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="0100000000000000000001000000040004358008000200010000e0"], 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wpan4\x00'})
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0xffffffffffffffd0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYRES32=r0, @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080008c34d09990c485ee000000000000"], 0x6f4}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@gettclass={0x24, 0x2a, 0x10, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x10, 0xfff3}, {0xfff3, 0xfff1}, {0x7, 0xa}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x41)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x22800, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000003e000701feffffff00000000017c0000040042800c00018006000600800a00000c0002800400148004002a80a07daef7f70913431a5a3453d3f3e64f075918e0139f60f9770145a23cb5b6642c04000000000000001d9b6db31dbf"], 0x30}, 0x1, 0x0, 0x0, 0x2400c011}, 0xc000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r10 = accept4(r9, 0x0, 0x0, 0x800)
sendmmsg$alg(r10, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=ANY=[@ANYRESHEX=r1, @ANYRES64=r6, @ANYRES16=r5, @ANYRES32=r11, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x4000000)

34.771595205s ago: executing program 37 (id=540):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})
r3 = dup(r1)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r6, 0x2007ffb)
close(r6)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0xc8a02, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4018aee1, &(0x7f0000000040)=ANY=[])
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)

34.62581466s ago: executing program 5 (id=574):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x3, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x30, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x200, 0x0, 0x0, {[@mss={0x2, 0x4, 0xa005}]}}}}}}}, 0x0)
ppoll(&(0x7f00000000c0), 0x2a, 0x0, &(0x7f00000001c0)={[0x2a]}, 0x8)
syz_usb_connect(0x2, 0x36, &(0x7f0000001580)={{0x12, 0x1, 0x0, 0x2, 0x2f, 0xb0, 0x40, 0x4d8, 0xfd08, 0x59b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x8, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb1, 0x9, 0x2, 0xa, 0x5f, 0x92, 0x40, [], [{{0x9, 0x5, 0x8, 0xa, 0x3ff, 0xf7, 0x7, 0x9}}, {{0x9, 0x5, 0x30932787f67e0187, 0x2, 0x40, 0x2, 0x5}}]}}]}}]}}, 0x0)

32.433836607s ago: executing program 5 (id=576):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x52)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) (async)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="02", 0x1}], 0x1, 0x0, 0x0, 0x200488c0}, 0x8845) (async)
ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000080)) (async)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000040))

31.813073515s ago: executing program 7 (id=577):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0xffffffffffffff57)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x800)
gettid()
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f00000005c0)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @default]}, 0x48)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f0000000440)={{0x6, @null, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r2, 0x80)
accept$netrom(r1, 0x0, 0x0)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000100)=0x1, 0x4)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, 0x0, 0x4040000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb4, 0x20, 0x45, 0x10, 0x7c4, 0xa109, 0xdf0a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x58, 0x0, 0x0, 0x93, 0x6b, 0x6}}]}}]}}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

21.230212531s ago: executing program 8 (id=560):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x1, 0xfffffffffffffffc, 0x3, 0xff, 0x5, 0xffffffffffffffff, 0x7}, &(0x7f00000000c0)={0x2, 0xe8, 0x101, 0xe4b5, 0x100, 0x8, 0x71, 0x4}, &(0x7f0000000100)={0x9, 0x10001, 0x4, 0x8, 0x6, 0x6a2c, 0xa, 0xffff}, &(0x7f0000000240)={0x0, 0x989680}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$video4linux(&(0x7f0000001540), 0x6, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r3, 0xc0585604, &(0x7f0000000140)={0x1, 0x0, {0xd, 0xc, 0x201f, 0x8, 0x3, 0x2, 0x6dfd500da6727a8c, 0x6}})
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
socket$inet(0x2, 0x3, 0x8d)
r4 = socket(0xa, 0x1, 0x0)
ioctl(r4, 0x8916, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

18.63441247s ago: executing program 7 (id=578):
mkdir(0x0, 0x0)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x300, 0x1200, 0x0, 0x3)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x0)
fchdir(r2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x1c, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000a5000000000000000004000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000007e5ebaf66400008500000bc4433219e9acf8439b68000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000060005007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f00000001c0))
chdir(&(0x7f0000000080)='./file1\x00')
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff0800044000000081080008400000000320000180"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r3], 0x44}, 0x1, 0x0, 0x0, 0x40048c0}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x48, 0x32, 0x829, 0x70bd2d, 0x0, {0x0, 0x0, 0x2}, [{0x34, 0x1, [@m_simple={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x20000840)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x50, r4, 0x49566000)
mount$bind(0x0, 0x0, 0x0, 0x8b101a, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), r4)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000700), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r8, 0x402c5639, &(0x7f0000000740)={0x80, 0x2, 0x89})
rmdir(&(0x7f0000000180)='./file1/../file0\x00')

18.168666608s ago: executing program 5 (id=579):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000380)={0x7, 0x5, 0x9, 0x3, 0x9})
syz_usb_connect(0x2, 0x62, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000095e7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d240601010302000100060006092403050503060581092403060103"], 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0xf1f, 0x3, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x93f}]}, 0x38}}, 0x4000800)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x24, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x4}, {0xfff3, 0xffff}, {0xf, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x44044)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port1\x00'})
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f00000003c0)={<r6=>0x0, 0x3}, &(0x7f0000000400)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000480)={r6, 0x6}, &(0x7f0000000540)=0x8)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@o_path={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4018, r5}, 0x18)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0xff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48d1}, 0x80)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a85320, &(0x7f00000002c0)={{0x80}, 'port0\x00', 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x5})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[], 0x0)

17.279339315s ago: executing program 9 (id=561):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r0, 0x1) (async)
poll(&(0x7f00000000c0)=[{r0, 0x2000}], 0x1, 0xffffffffffbffff8) (async)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x80010, r0, 0x77da3000)
openat$audio(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async, rerun: 64)
r3 = socket(0x10, 0x3, 0x0) (rerun: 64)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0xffffff, 0x100000}, 0x10) (async)
write(r3, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe20000000000000", 0x1c)
io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])

17.254064821s ago: executing program 7 (id=580):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000004000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x7, 0x6}, {0xffff, 0xfff2}}, [@qdisc_kind_options=@q_atm={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

14.358043852s ago: executing program 7 (id=581):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000060000000400000091c6be7a00000000", @ANYRES32, @ANYBLOB="ffea0000000000e56200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000300"/28], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x27, 0x3, 0x80000000)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde}, &(0x7f0000000080)=0x40)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x5452, &(0x7f00000006c0))
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3004c080)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080006000000000000000000000000000000e85b91b850de88a2b00d72f11475bcf7bc879ead1fc0c2f917d5ee04720460f3894ea7f68a1ec2603972b86324b5cd143bf7bdfa9b11fd7135b2a53b9c31ec4c1d7aa38e71430fb8f28487fbb2bac0befc0801d2b4061571d3c422bd70348302419df6433aa1554fa05b8e687ad67bbe24e3d9de30bc19259a3600fdeb355bd4e42005b5833bd3a38b2c9a563c552b1d8a20de47a3fe22d7c69f50f57fc9e1e7ff4734b624e6b86324c34e7053d16e4144b44fb98a0cb3e8b08057ecdf17261d4c819b710172f16d3b1d3a0a", @ANYRES32=r6], 0x34}, 0x1, 0x0, 0x0, 0x24044066}, 0x800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
rt_sigprocmask(0x0, &(0x7f0000000400)={[0xfffff7feffff7ffc]}, 0x0, 0x8)
cachestat(r5, &(0x7f00000000c0)={0x3, 0x6}, &(0x7f0000000340), 0x0)
io_setup(0x2, &(0x7f00000001c0)=<r8=>0x0)
io_pgetevents(r8, 0x3, 0x3, &(0x7f0000000540)=[{}, {}, {}], &(0x7f0000000140)={0x0, 0x989680}, &(0x7f0000000380)={&(0x7f00000002c0)={[0x2368e8ff]}, 0x8})

13.974629718s ago: executing program 9 (id=582):
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000640)=@generic={0x0, 0x0, 0x4}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078)

11.759311645s ago: executing program 9 (id=583):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
unshare(0x400)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
pselect6(0x40, &(0x7f0000000180)={0xfffffffffffffffd, 0x0, 0x4347, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGDEV(r4, 0x80045432, 0x0)
bind$unix(r2, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
open(&(0x7f0000000400)='./file0\x00', 0x0, 0x188)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000080)=0x80000003)
r6 = dup2(r5, r5)
read$FUSE(r6, &(0x7f00000063c0)={0x2020}, 0x2020)
syz_io_uring_setup(0x186, 0x0, &(0x7f0000000100), &(0x7f0000000240))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {0x4}})
io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
sendmsg$IPVS_CMD_FLUSH(r6, &(0x7f00000003c0)={&(0x7f0000000200), 0xc, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="20002cbd7000fddbdf25110000002400038005000800000000000800010001000000050008004f0000000800010001000000080004000200000020000180140003000a01010000000000000000000000000008000500010000000c000280060002004e22000090000380140002006272696467655f736c6176655f310000080003000200000014000600ff01000000000000000000000000000114000600ff010000000000000000000000000001080001000000000008000300030000000500080007000000060007004e20000014000600ff010000000000000000000000000001140002006e657464657673696d30000000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x80}, 0x14004802)
fstatfs(r4, &(0x7f0000000440)=""/167)
mq_notify(0xffffffffffffffff, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000007040)={'geneve1\x00', 0x0})

11.578439649s ago: executing program 7 (id=584):
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r0, 0xc02064a5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x7c2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x4052, r3, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
io_submit(0x0, 0x0, &(0x7f00000000c0))
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, &(0x7f0000000040))
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000, 0x2, &(0x7f0000002000/0x2000)=nil)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e1a0d0113"], 0x1d)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})

6.941998521s ago: executing program 5 (id=585):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x2000000000000034, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = creat(&(0x7f0000000380)='./file0\x00', 0xecf86c37d53049e1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75706461746520656372797081667320757365723a0053e3bee18044740d67c1459dad22ab56ea0e078ca867a3eabee131ba993d4faf457e5c009518427832435488a4d032cd740d6faaceea6fa2f914bb0793210933b3408436f70cb7b81bcc"], 0x16, 0x0)
arch_prctl$ARCH_SHSTK_ENABLE(0x1003, 0xf0ff1f00000000)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
write$binfmt_elf32(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="7f454c4604030003000000000000000002003e"], 0x58)
close(r0)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
flock(0xffffffffffffffff, 0x3)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r3, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)

6.941342395s ago: executing program 7 (id=586):
socket$nl_crypto(0x10, 0x3, 0x15)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001b00)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r7, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x18, 0x2, {{0x7fffffff, 0x14, 0xfcc, 0x400, 0x9}, 0x81, 0x0, 0xc8c3, 0x40, 0x4, 0x1c, 0x11, 0x9, 0x8, 0xffffffff, {0xfffffff5, 0x4, 0xad8, 0x7, 0x4, 0x4}}}}]}, 0x78}}, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000540)=0x9)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000180)=0x3)
ioctl$TIOCSTI(r8, 0x5412, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000140)={0x1, 0x0, [{0x0, 0x0, 0x0}]})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000780)={0x4, 0x0, [{0x80a0000, 0xe9, &(0x7f00000003c0)=""/233}, {0x3000, 0x0, &(0x7f0000000040)}, {0xeeee0000, 0xe8, &(0x7f0000000580)=""/232}, {0x100000, 0xa2, &(0x7f0000000840)=""/162}]})
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r9}, 0x10)

4.788491014s ago: executing program 38 (id=560):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x1, 0xfffffffffffffffc, 0x3, 0xff, 0x5, 0xffffffffffffffff, 0x7}, &(0x7f00000000c0)={0x2, 0xe8, 0x101, 0xe4b5, 0x100, 0x8, 0x71, 0x4}, &(0x7f0000000100)={0x9, 0x10001, 0x4, 0x8, 0x6, 0x6a2c, 0xa, 0xffff}, &(0x7f0000000240)={0x0, 0x989680}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$video4linux(&(0x7f0000001540), 0x6, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r3, 0xc0585604, &(0x7f0000000140)={0x1, 0x0, {0xd, 0xc, 0x201f, 0x8, 0x3, 0x2, 0x6dfd500da6727a8c, 0x6}})
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
socket$inet(0x2, 0x3, 0x8d)
r4 = socket(0xa, 0x1, 0x0)
ioctl(r4, 0x8916, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

4.735152815s ago: executing program 9 (id=588):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6c3d5", @ANYRESOCT])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000fe00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

3.81633801s ago: executing program 5 (id=589):
syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="120100003a370520810705000500010203010902240001000010000904e602025bbd9700097502020000020000090582020002000000"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x10000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x101400)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000080)={0x48})
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000140)={0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000000e3fef91b000040"])
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vlan1\x00'})
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0xba01, 0x0, 0x10}, 0x0)
r7 = socket(0xa, 0x2, 0x0)
setsockopt$inet_int(r7, 0x0, 0xb, &(0x7f00000000c0)=0x7, 0x4)
sendto$inet(r7, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
recvmsg(r7, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2001)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)

231.422735ms ago: executing program 9 (id=590):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000240), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4})
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @none, 0x6}, 0xe)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4, 0x2}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0xa, 0x100008c}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0xe, 0x4000, @fd_index=0x7, 0xf38, 0x0, 0x0, 0x2, 0x0, {0x3}})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="140000000500000018d088799e19cfee01000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='\x00'/28], 0x50)
r9 = socket$inet(0x2, 0xa, 0x0)
r10 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x14c, 0x24, 0xf0b, 0x70bd27, 0x25dfdc00, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "18e1be056b76fa4ee34878a56ad944e33259f7dd5968560e0f235240c9697e4a42882d8ac9b37eedd80a977dde4052d2cd631fd651eec5492f91dd0c179a8719c581fcde5ee3eac06e4e68b693308213654b24ef201d93a5c2d86ffbe1f1859a41c8a58f73f5460216541c00ab01f28c673cd7f859c2f024e3a0ef4247f5145dda933c4ee24442df2b9bd685722886683d09c8fb2d02e25b5c88b31ae3eebd610bf5d08c1c358a43fd3758c4bfa10a2bdab43e4907cc4f8966699c706f29cd5b9df2b24bff35d9cb53ac37b628c01dc17a5ae830e65a883731999a096ef09d443cc8801c2b4cf4731b4ff78a15bd03d19ddc2824faf760b8a95a2c92b4dbf192"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x5bb4, 0x1000, 0xfff, 0xe, 0xf, 0x4, 0x8}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x58}, 0x4000004)
r12 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r12, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(r12, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e23, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYRES8=r12], 0x10b8}, 0x0)

0s ago: executing program 5 (id=591):
r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x12, r0, 0xc3d33000)

kernel console output (not intermixed with test programs):

Deprecated]: syz.4.186 (pid 6744) Use of struct sctp_assoc_value in delayed_ack socket option.
[  115.131069][ T6744] Use struct sctp_sack_info instead
[  115.173143][   T30] audit: type=1400 audit(1747415404.944:330): avc:  denied  { setopt } for  pid=6739 comm="syz.4.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  115.463829][ T5864] usb 6-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55
[  115.491711][ T5864] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.510555][ T5864] usb 6-1: Product: syz
[  115.523601][ T5864] usb 6-1: Manufacturer: syz
[  115.542558][ T5864] usb 6-1: SerialNumber: syz
[  115.571211][ T5864] usb 6-1: config 0 descriptor??
[  115.597498][ T6749] loop6: detected capacity change from 0 to 7
[  115.729745][ T6753] netlink: 'syz.0.188': attribute type 1 has an invalid length.
[  115.739775][ T5908] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  115.747412][ T6753] netlink: 224 bytes leftover after parsing attributes in process `syz.0.188'.
[  115.942055][ T5864] gspca_main: sonixb-2.14.0 probing 0c45:608f
[  115.948393][ T6749] Dev loop6: unable to read RDB block 7
[  115.954749][ T6749]  loop6: unable to read partition table
[  115.965227][ T6749] loop6: partition table beyond EOD, truncated
[  116.007160][ T6749] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  116.090909][ T5908] usb 5-1: no configurations
[  116.111589][ T5908] usb 5-1: can't read configurations, error -22
[  116.144752][  T971] usb 3-1: USB disconnect, device number 8
[  116.158152][ T5864] input: sonixb as /devices/platform/dummy_hcd.5/usb6/6-1/input/input10
[  116.186768][ T6759] binder: 6758:6759 ioctl c0306201 200000000100 returned -14
[  116.233129][ T6759] binder: 6758:6759 ioctl c0306201 200000000100 returned -14
[  116.270569][ T5908] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  116.356217][ T6733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.396240][ T6733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.420170][   T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  116.450688][ T5864] usb 6-1: USB disconnect, device number 2
[  116.459200][ T5908] usb 5-1: no configurations
[  116.501038][ T5908] usb 5-1: can't read configurations, error -22
[  116.518819][ T5908] usb usb5-port1: attempt power cycle
[  116.987237][   T30] audit: type=1400 audit(1747415406.754:331): avc:  denied  { unlink } for  pid=6760 comm="syz.2.192" name="#1" dev="tmpfs" ino=223 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  117.018778][ T6767] evm: overlay not supported
[  117.074620][   T30] audit: type=1400 audit(1747415406.814:332): avc:  denied  { create } for  pid=6760 comm="syz.2.192" name="#5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  117.105267][   T30] audit: type=1400 audit(1747415406.814:333): avc:  denied  { link } for  pid=6760 comm="syz.2.192" name="#5" dev="tmpfs" ino=227 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  117.108411][   T10] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  117.137544][   T30] audit: type=1400 audit(1747415406.814:334): avc:  denied  { rename } for  pid=6760 comm="syz.2.192" name="#6" dev="tmpfs" ino=227 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  117.172528][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.181606][   T10] usb 1-1: Product: syz
[  117.185767][   T10] usb 1-1: Manufacturer: syz
[  117.191985][   T10] usb 1-1: SerialNumber: syz
[  117.198792][   T10] usb 1-1: config 0 descriptor??
[  117.284076][ T5908] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  117.321418][ T5908] usb 5-1: no configurations
[  117.330255][ T5908] usb 5-1: can't read configurations, error -22
[  117.361046][ T5894] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  117.557419][ T6782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.680795][ T6783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.727752][ T5908] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  117.756333][ T5894] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  117.757011][ T6757] netlink: 20 bytes leftover after parsing attributes in process `syz.0.190'.
[  117.788928][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  117.801203][ T5908] usb 5-1: no configurations
[  117.805866][ T5908] usb 5-1: can't read configurations, error -22
[  117.809559][ T5894] usb 4-1: config 0 has no interface number 0
[  117.819877][ T6780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.843328][ T5894] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  117.843701][ T5863] usb 1-1: USB disconnect, device number 6
[  117.859310][ T5908] usb usb5-port1: unable to enumerate USB device
[  117.868071][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.885615][ T5894] usb 4-1: Product: syz
[  117.906414][ T5894] usb 4-1: Manufacturer: syz
[  117.911329][ T5894] usb 4-1: SerialNumber: syz
[  117.936895][ T5894] usb 4-1: config 0 descriptor??
[  117.961863][ T5894] hub 4-1:0.31: bad descriptor, ignoring hub
[  117.968192][ T5894] hub 4-1:0.31: probe with driver hub failed with error -5
[  117.978139][ T5894] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  117.985111][ T5894] usb 4-1: No valid video chain found.
[  118.235254][ T6792] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=6792 comm=syz.4.198
[  118.251352][ T6775] netlink: 24 bytes leftover after parsing attributes in process `syz.3.194'.
[  118.347351][ T6794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.512344][ T6794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.120153][ T6804] netlink: 'syz.0.200': attribute type 1 has an invalid length.
[  119.121875][ T5894] usb 4-1: USB disconnect, device number 8
[  119.133881][ T6804] netlink: 224 bytes leftover after parsing attributes in process `syz.0.200'.
[  119.468085][ T6808] loop6: detected capacity change from 0 to 7
[  119.488570][ T6808] Dev loop6: unable to read RDB block 7
[  119.513624][ T6808]  loop6: unable to read partition table
[  119.552948][ T6808] loop6: partition table beyond EOD, truncated
[  119.559141][ T6808] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  119.584817][ T6812] netlink: 24 bytes leftover after parsing attributes in process `syz.4.204'.
[  119.728707][   T30] audit: type=1800 audit(1747415409.484:335): pid=6813 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.203" name="bus" dev="overlay" ino=94 res=0 errno=0
[  120.058193][   T30] audit: type=1400 audit(1747415409.714:336): avc:  denied  { read } for  pid=6814 comm="syz.0.205" path="socket:[12371]" dev="sockfs" ino=12371 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  120.499928][   T30] audit: type=1400 audit(1747415409.734:337): avc:  denied  { write } for  pid=6814 comm="syz.0.205" path="socket:[12372]" dev="sockfs" ino=12372 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  120.577547][   T30] audit: type=1400 audit(1747415409.754:338): avc:  denied  { block_suspend } for  pid=6814 comm="syz.0.205" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  120.730276][ T5863] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  121.542408][ T6824] xt_HMARK: proto mask must be zero with L3 mode
[  121.718584][ T5863] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  121.751288][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  121.803926][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  121.854111][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  121.870578][ T5864] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  121.921796][ T5863] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  121.961814][ T5863] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  122.043250][   T10] usb 4-1: Using ep0 maxpacket: 32
[  122.142400][ T5863] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  122.152100][ T5863] usb 5-1: Manufacturer: syz
[  122.157522][ T5864] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  122.168444][ T5864] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.180667][   T10] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.191641][ T5863] usb 5-1: config 0 descriptor??
[  122.204504][   T10] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  122.218691][ T5864] usb 1-1: config 0 has no interface number 0
[  122.245636][ T5864] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  122.255105][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.278159][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  122.296353][ T5864] usb 1-1: Product: syz
[  122.310358][   T10] usb 4-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  122.319584][ T5864] usb 1-1: Manufacturer: syz
[  122.336783][ T5864] usb 1-1: SerialNumber: syz
[  122.341745][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.363672][ T5864] usb 1-1: config 0 descriptor??
[  122.371503][ T5864] hub 1-1:0.31: bad descriptor, ignoring hub
[  122.382108][ T5864] hub 1-1:0.31: probe with driver hub failed with error -5
[  122.408009][   T10] usb 4-1: config 0 descriptor??
[  122.422932][ T5864] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  122.459766][ T5864] usb 1-1: No valid video chain found.
[  122.577938][ T5863] rc_core: IR keymap rc-hauppauge not found
[  122.600031][ T5863] Registered IR keymap rc-empty
[  122.617627][ T6821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.626295][ T6821] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.695313][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  122.709756][   T30] audit: type=1400 audit(1747415412.484:339): avc:  denied  { unmount } for  pid=6858 comm="syz.5.215" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  122.751532][ T6835] netlink: 24 bytes leftover after parsing attributes in process `syz.0.210'.
[  122.823967][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  122.838905][ T6821] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  122.887126][ T5863] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  122.903525][ T5863] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input11
[  122.917088][   T10] aureal 0003:0755:2626.0005: item fetching failed at offset 3/5
[  122.925444][   T10] aureal 0003:0755:2626.0005: probe with driver aureal failed with error -22
[  122.959489][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  122.978597][ T6868] netlink: 24 bytes leftover after parsing attributes in process `syz.5.216'.
[  122.989255][ T6865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.011998][ T6865] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.036440][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.078351][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.100262][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.123529][ T6829] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  123.130050][ T6829] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  123.139058][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.151871][ T6829] vhci_hcd vhci_hcd.0: Device attached
[  123.160402][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.170556][ T5864] usb 4-1: USB disconnect, device number 9
[  123.179167][ T6869] vhci_hcd: connection closed
[  123.185912][   T36] vhci_hcd: stop threads
[  123.205278][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.227784][   T36] vhci_hcd: release socket
[  123.239075][   T36] vhci_hcd: disconnect device
[  123.250258][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.290209][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.408864][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.520196][ T5864] usb 1-1: USB disconnect, device number 7
[  123.520548][ T6880] netlink: 40 bytes leftover after parsing attributes in process `syz.5.218'.
[  123.590429][ T5863] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.648130][ T5863] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  123.659314][ T5863] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  123.676517][ T5863] usb 5-1: USB disconnect, device number 21
[  125.009497][   T30] audit: type=1400 audit(1747415414.784:340): avc:  denied  { mount } for  pid=6892 comm="syz.0.221" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  125.113982][   T30] audit: type=1400 audit(1747415414.894:341): avc:  denied  { listen } for  pid=6897 comm="syz.5.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  125.190199][   T30] audit: type=1326 audit(1747415414.894:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6897 comm="syz.5.223" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc4b5b8e969 code=0x0
[  125.247335][ T6902] overlay: Unknown parameter 'mask'
[  125.252684][ T5863] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  125.260936][   T30] audit: type=1400 audit(1747415414.964:343): avc:  denied  { search } for  pid=5482 comm="dhcpcd" name="netdev:wlan2" dev="debugfs" ino=11454 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  125.284712][   T30] audit: type=1400 audit(1747415415.024:344): avc:  denied  { mount } for  pid=6899 comm="syz.3.225" name="/" dev="hugetlbfs" ino=11567 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  125.460329][   T30] audit: type=1400 audit(1747415415.024:345): avc:  denied  { mounton } for  pid=6899 comm="syz.3.225" path="/52/file0/bus" dev="hugetlbfs" ino=11570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1
[  125.539081][ T5863] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  125.553755][ T5863] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  125.555438][   T30] audit: type=1400 audit(1747415415.094:346): avc:  denied  { listen } for  pid=6899 comm="syz.3.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  125.584739][   T30] audit: type=1400 audit(1747415415.114:347): avc:  denied  { unmount } for  pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  125.631454][   T30] audit: type=1400 audit(1747415415.114:348): avc:  denied  { module_request } for  pid=6894 comm="syz.2.222" kmod="ip6t_" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  125.633519][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.691864][ T5863] usb 1-1: config 0 descriptor??
[  125.697111][ T1220] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  125.697117][   T30] audit: type=1400 audit(1747415415.124:349): avc:  denied  { create } for  pid=6900 comm="syz.4.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  125.699530][ T5863] pwc: Askey VC010 type 2 USB webcam detected.
[  125.900185][ T1220] usb 4-1: Using ep0 maxpacket: 16
[  125.906663][ T1220] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.041233][ T1220] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.493750][ T1220] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  126.506783][ T1220] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  126.516015][ T1220] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.531003][ T1220] usb 4-1: config 0 descriptor??
[  126.605254][ T6919] loop6: detected capacity change from 0 to 7
[  126.619547][ T5811] Dev loop6: unable to read RDB block 7
[  126.632881][ T5811]  loop6: unable to read partition table
[  126.645979][ T5811] loop6: partition table beyond EOD, truncated
[  126.696091][ T6919] Dev loop6: unable to read RDB block 7
[  126.715274][ T6919]  loop6: unable to read partition table
[  126.718584][ T6922] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[6922]
[  126.810361][ T6919] loop6: partition table beyond EOD, truncated
[  126.822404][ T6919] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  127.043686][ T1220] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0006/input/input12
[  127.063071][ T1220] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  127.183261][ T6911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  127.225594][ T6911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  127.243595][ T6930] syz.4.231: attempt to access beyond end of device
[  127.243595][ T6930] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  127.322018][ T1220] usb 4-1: USB disconnect, device number 10
[  127.332968][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.231'.
[  127.566180][ T5863] pwc: send_video_command error -71
[  127.571804][ T5863] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  127.579431][   T30] audit: type=1400 audit(1747415417.354:350): avc:  denied  { unmount } for  pid=5810 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  127.603929][ T5863] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  127.615752][ T5863] usb 1-1: USB disconnect, device number 8
[  127.694893][   T30] audit: type=1400 audit(1747415417.464:351): avc:  denied  { listen } for  pid=6938 comm="syz.0.236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  127.740272][ T1220] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  127.934245][ T1220] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  128.090044][ T1220] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.230159][ T1220] usb 4-1: config 0 has no interface number 0
[  128.256893][ T1220] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  128.341078][ T1220] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.387064][ T1220] usb 4-1: Product: syz
[  128.408646][ T1220] usb 4-1: Manufacturer: syz
[  128.468572][ T1220] usb 4-1: SerialNumber: syz
[  128.480287][ T1220] usb 4-1: config 0 descriptor??
[  128.487905][ T1220] hub 4-1:0.31: bad descriptor, ignoring hub
[  128.500406][ T1220] hub 4-1:0.31: probe with driver hub failed with error -5
[  128.508896][ T1220] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  128.526902][ T1220] usb 4-1: No valid video chain found.
[  128.702980][ T6936] netlink: 24 bytes leftover after parsing attributes in process `syz.3.234'.
[  128.846498][ T6966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.239'.
[  128.939809][ T6960] bridge0: port 3(gretap0) entered blocking state
[  129.044577][ T6960] bridge0: port 3(gretap0) entered disabled state
[  129.123045][   T30] audit: type=1400 audit(1747415418.894:352): avc:  denied  { read } for  pid=6963 comm="syz.2.244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  129.287393][   T30] audit: type=1400 audit(1747415418.984:353): avc:  denied  { name_connect } for  pid=6964 comm="syz.4.243" dest=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  129.316511][ T6960] gretap0: entered allmulticast mode
[  129.336554][ T6973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.339956][ T6973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.354809][ T6960] gretap0: entered promiscuous mode
[  130.361678][ T6960] bridge0: port 3(gretap0) entered blocking state
[  130.368336][ T6960] bridge0: port 3(gretap0) entered forwarding state
[  130.381015][ T6961] gretap0: left allmulticast mode
[  130.386145][ T6961] gretap0: left promiscuous mode
[  130.391722][ T6961] bridge0: port 3(gretap0) entered disabled state
[  130.572811][ T6981] syz.4.246: attempt to access beyond end of device
[  130.572811][ T6981] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  130.598951][ T6981] netlink: 4 bytes leftover after parsing attributes in process `syz.4.246'.
[  130.615956][   T30] audit: type=1400 audit(1747415420.394:354): avc:  denied  { bind } for  pid=6980 comm="syz.0.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  130.652818][ T6979] netlink: 52 bytes leftover after parsing attributes in process `syz.2.245'.
[  130.767644][ T1220] usb 4-1: USB disconnect, device number 11
[  130.928099][ T6995] Bluetooth: MGMT ver 1.23
[  131.030796][ T6999] loop6: detected capacity change from 0 to 7
[  131.092436][ T6999] Dev loop6: unable to read RDB block 7
[  131.098006][ T6999]  loop6: unable to read partition table
[  131.122216][ T6999] loop6: partition table beyond EOD, truncated
[  131.128450][ T6999] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  131.477589][ T7009] syz_tun: entered allmulticast mode
[  131.509296][ T7009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.255'.
[  131.545292][ T7009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.255'.
[  131.646973][ T7009] syz_tun: left allmulticast mode
[  132.542486][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz.0.257'.
[  132.584595][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  133.237133][ T7035] syz.0.261: attempt to access beyond end of device
[  133.237133][ T7035] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  133.264494][   T30] audit: type=1400 audit(1747415422.974:355): avc:  denied  { map } for  pid=7024 comm="syz.3.260" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  133.265783][ T7035] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'.
[  133.365635][ T7037] netlink: 'syz.4.259': attribute type 1 has an invalid length.
[  133.376141][ T7037] netlink: 224 bytes leftover after parsing attributes in process `syz.4.259'.
[  133.687626][   T30] audit: type=1400 audit(1747415422.974:356): avc:  denied  { execute } for  pid=7024 comm="syz.3.260" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  133.980354][ T7046] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=7046 comm=syz.4.264
[  135.326380][   T30] audit: type=1326 audit(1747415425.024:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7041 comm="syz.2.262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed70d8e969 code=0x0
[  135.584240][ T5894] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  135.724819][ T7065] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  136.369899][ T5894] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  136.443782][ T5894] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  136.485415][ T5894] usb 1-1: config 0 has no interface number 0
[  136.546862][ T5894] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  136.583388][   T30] audit: type=1400 audit(1747415426.354:358): avc:  denied  { create } for  pid=7066 comm="syz.2.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  136.604484][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.614127][ T7069] warning: `syz.2.268' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  136.634188][ T5894] usb 1-1: Product: syz
[  136.638441][ T5894] usb 1-1: Manufacturer: syz
[  136.645205][   T30] audit: type=1400 audit(1747415426.394:359): avc:  denied  { ioctl } for  pid=7066 comm="syz.2.268" path="socket:[11851]" dev="sockfs" ino=11851 ioctlcmd=0x8b0f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  136.671442][ T5894] usb 1-1: SerialNumber: syz
[  136.744299][ T5894] usb 1-1: config 0 descriptor??
[  136.849249][ T5894] hub 1-1:0.31: bad descriptor, ignoring hub
[  136.866757][ T5894] hub 1-1:0.31: probe with driver hub failed with error -5
[  136.964783][ T7056] netlink: 24 bytes leftover after parsing attributes in process `syz.0.265'.
[  136.965246][ T5894] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  136.981695][ T5894] usb 1-1: No valid video chain found.
[  137.178773][ T7074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  137.214998][ T7074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.303427][ T7086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.271'.
[  137.680837][ T1220] usb 1-1: USB disconnect, device number 9
[  137.809834][ T7091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.274'.
[  137.810240][ T5823] Bluetooth: hci5: command 0x1003 tx timeout
[  137.819029][ T5814] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  138.012407][   T30] audit: type=1400 audit(1747415427.794:360): avc:  denied  { ioctl } for  pid=7093 comm="syz.4.275" path="socket:[12805]" dev="sockfs" ino=12805 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  138.164918][ T7098] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=7098 comm=syz.5.277
[  138.200465][ T7099] FAULT_INJECTION: forcing a failure.
[  138.200465][ T7099] name failslab, interval 1, probability 0, space 0, times 1
[  138.225859][ T7099] CPU: 0 UID: 0 PID: 7099 Comm: syz.3.276 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  138.225885][ T7099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.225895][ T7099] Call Trace:
[  138.225900][ T7099]  <TASK>
[  138.225907][ T7099]  dump_stack_lvl+0x16c/0x1f0
[  138.225936][ T7099]  should_fail_ex+0x512/0x640
[  138.225958][ T7099]  ? __kmalloc_noprof+0xbf/0x510
[  138.225975][ T7099]  ? constrain_params_by_rules+0x175/0xca0
[  138.225997][ T7099]  should_failslab+0xc2/0x120
[  138.226015][ T7099]  __kmalloc_noprof+0xd2/0x510
[  138.226028][ T7099]  ? unwind_get_return_address+0x59/0xa0
[  138.226045][ T7099]  ? arch_stack_walk+0xa6/0x100
[  138.226061][ T7099]  constrain_params_by_rules+0x175/0xca0
[  138.226080][ T7099]  ? stack_trace_save+0x8e/0xc0
[  138.226096][ T7099]  ? stack_depot_save_flags+0x28/0xa50
[  138.226112][ T7099]  ? __pfx_constrain_params_by_rules+0x10/0x10
[  138.226131][ T7099]  ? __kasan_kmalloc+0xaa/0xb0
[  138.226148][ T7099]  ? snd_pcm_oss_change_params_locked+0x6f4/0x3b40
[  138.226164][ T7099]  ? snd_pcm_oss_make_ready_locked+0xb7/0x130
[  138.226180][ T7099]  ? snd_pcm_oss_read+0x39b/0x760
[  138.226200][ T7099]  ? snd_interval_refine+0x2fa/0x580
[  138.226214][ T7099]  snd_pcm_hw_refine+0x7de/0xad0
[  138.226232][ T7099]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  138.226254][ T7099]  ? snd_interval_refine+0x2fa/0x580
[  138.226267][ T7099]  snd_pcm_oss_change_params_locked+0x2185/0x3b40
[  138.226290][ T7099]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  138.226319][ T7099]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  138.226337][ T7099]  snd_pcm_oss_read+0x39b/0x760
[  138.226353][ T7099]  ? security_file_permission+0x71/0x210
[  138.226372][ T7099]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  138.226390][ T7099]  vfs_read+0x1e1/0xc70
[  138.226410][ T7099]  ? __pfx_vfs_read+0x10/0x10
[  138.226425][ T7099]  ? find_held_lock+0x2b/0x80
[  138.226440][ T7099]  ? __fget_files+0x204/0x3c0
[  138.226452][ T7099]  ? __fget_files+0x20e/0x3c0
[  138.226467][ T7099]  ksys_read+0x12a/0x240
[  138.226483][ T7099]  ? __pfx_ksys_read+0x10/0x10
[  138.226499][ T7099]  ? rcu_is_watching+0x12/0xc0
[  138.226516][ T7099]  do_syscall_64+0xcd/0x260
[  138.226534][ T7099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.226550][ T7099] RIP: 0033:0x7ff2d818e969
[  138.226559][ T7099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.226570][ T7099] RSP: 002b:00007ff2d5ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  138.226581][ T7099] RAX: ffffffffffffffda RBX: 00007ff2d83b6080 RCX: 00007ff2d818e969
[  138.226588][ T7099] RDX: 0000000000002020 RSI: 00002000000063c0 RDI: 0000000000000006
[  138.226595][ T7099] RBP: 00007ff2d5ff6090 R08: 0000000000000000 R09: 0000000000000000
[  138.226601][ T7099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.226608][ T7099] R13: 0000000000000000 R14: 00007ff2d83b6080 R15: 00007ffc76951588
[  138.226621][ T7099]  </TASK>
[  138.546747][ T7103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.580253][   T58] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  138.588424][ T7103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  138.719305][ T7103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.751124][   T58] usb 5-1: config 0 interface 0 altsetting 128 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  138.795093][   T58] usb 5-1: config 0 interface 0 has no altsetting 0
[  138.831022][ T1220] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  138.861015][ T7105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.938585][   T58] usb 5-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00
[  139.030778][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.190442][ T7105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.200199][ T1220] usb 1-1: Using ep0 maxpacket: 16
[  139.203574][ T7105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.208464][ T7103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.234546][ T1220] usb 1-1: config 8 has an invalid interface number: 39 but max is 0
[  139.260311][ T7105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.277922][   T58] usb 5-1: config 0 descriptor??
[  139.283177][ T1220] usb 1-1: config 8 has no interface number 0
[  139.300768][ T1220] usb 1-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  139.327170][ T1220] usb 1-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  139.359516][ T1220] usb 1-1: config 8 interface 39 has no altsetting 0
[  139.372237][ T1220] usb 1-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  139.390159][ T1220] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.398195][ T1220] usb 1-1: Product: syz
[  139.420136][ T1220] usb 1-1: Manufacturer: syz
[  139.424804][ T1220] usb 1-1: SerialNumber: syz
[  139.603470][ T7094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.625904][ T7094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.653259][ T1220] ipheth 1-1:8.39: Unable to find endpoints
[  139.694405][ T1220] usb 1-1: USB disconnect, device number 10
[  139.755400][   T58] usbhid 5-1:0.0: can't add hid device: -71
[  139.770907][   T58] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  139.797536][   T58] usb 5-1: USB disconnect, device number 22
[  139.862093][ T7131] 9pnet_fd: Insufficient options for proto=fd
[  139.947066][ T5864] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  140.100367][ T5864] usb 4-1: Using ep0 maxpacket: 32
[  140.114554][ T5864] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 8
[  140.124629][ T5864] usb 4-1: config 1 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  140.143712][ T5864] usb 4-1: config 1 interface 0 has no altsetting 0
[  140.154721][ T5864] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  140.171821][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.189891][ T5864] usb 4-1: Product: ฮ탭毢�것䩚铥걵䉸腷耬䎟ퟔ줭ꗻ留鷤鸠㾱撨㈌嫞�ㆂ㚘㨯⋺爑⬱䱡懯㤊ꤢ��ﺗ幋切몯紇ᬧ왇륋슟䜱噄巕秮�腎羹蜌ﰭⳳꬥ燀ƒ౫翙༒觬ꑹ쒑궧摫䴽쯶�炞ဃﵻ㾕�⌂꾳�
[  140.218529][ T5864] usb 4-1: Manufacturer: �㈙৘ਖ案쎄⯼�䰾틞抨ア℺~�㚀�墬り曲븠೉䪎꒦ᒮଛ┶쓘勣춭淪츥
[  140.236954][ T5864] usb 4-1: SerialNumber: syz
[  140.256812][ T7123] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  140.510427][ T5863] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  140.595849][ T7169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.286'.
[  141.113150][ T5864] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  141.126765][ T5863] usb 1-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  141.141811][ T5864] usb 4-1: USB disconnect, device number 12
[  141.151944][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.159942][ T5863] usb 1-1: Product: syz
[  141.166744][ T5863] usb 1-1: Manufacturer: syz
[  141.244905][ T5863] usb 1-1: SerialNumber: syz
[  141.251796][ T5863] usb 1-1: config 0 descriptor??
[  141.287119][ T5814] Bluetooth: hci5: urb ffff888033e6b000 submission failed (2)
[  141.474968][ T5862] usb 1-1: USB disconnect, device number 11
[  141.550177][ T5863] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  141.710058][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  141.815857][ T5863] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  141.826271][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.873646][ T5863] usb 5-1: config 0 descriptor??
[  141.900171][ T7181] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  142.143575][   T30] audit: type=1400 audit(1747415431.924:361): avc:  denied  { bind } for  pid=7187 comm="syz.3.291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  142.144517][ T7188] netlink: 24 bytes leftover after parsing attributes in process `syz.3.291'.
[  142.171698][   T30] audit: type=1400 audit(1747415431.924:362): avc:  denied  { node_bind } for  pid=7187 comm="syz.3.291" saddr=::ffff:172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  142.198159][   T30] audit: type=1400 audit(1747415431.974:363): avc:  denied  { create } for  pid=7189 comm="syz.0.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  142.226613][   T30] audit: type=1400 audit(1747415431.974:364): avc:  denied  { setopt } for  pid=7189 comm="syz.0.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  142.569257][ T7196] use of bytesused == 0 is deprecated and will be removed in the future,
[  142.577816][ T7196] use the actual size instead.
[  142.592357][ T5863] usbhid 5-1:0.0: can't add hid device: -71
[  142.598569][ T5863] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  142.614208][ T5862] IPVS: starting estimator thread 0...
[  142.615865][ T5863] usb 5-1: USB disconnect, device number 23
[  142.627699][   T30] audit: type=1400 audit(1747415432.394:365): avc:  denied  { getopt } for  pid=7197 comm="syz.5.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  142.661965][   T30] audit: type=1400 audit(1747415432.434:366): avc:  denied  { setopt } for  pid=7197 comm="syz.5.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  142.684003][   T30] audit: type=1400 audit(1747415432.434:367): avc:  denied  { mount } for  pid=7197 comm="syz.5.294" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  142.770285][ T7205] IPVS: using max 73 ests per chain, 175200 per kthread
[  143.075645][ T7215] bridge1: entered promiscuous mode
[  143.433699][   T30] audit: type=1400 audit(1747415433.004:368): avc:  denied  { connect } for  pid=7211 comm="syz.0.298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  143.819790][ T7232] netlink: 52 bytes leftover after parsing attributes in process `syz.5.301'.
[  145.290057][ T7274] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  145.341385][ T7278] netlink: 40 bytes leftover after parsing attributes in process `syz.4.314'.
[  145.356927][ T7279] netlink: 40 bytes leftover after parsing attributes in process `syz.4.314'.
[  145.594445][ T7283] netlink: 52 bytes leftover after parsing attributes in process `syz.5.317'.
[  145.606890][ T7289] netlink: 'syz.4.319': attribute type 21 has an invalid length.
[  145.622276][ T7289] netlink: 128 bytes leftover after parsing attributes in process `syz.4.319'.
[  145.755122][ T7289] netlink: 'syz.4.319': attribute type 5 has an invalid length.
[  145.963492][   T30] audit: type=1400 audit(1747415435.734:369): avc:  denied  { setopt } for  pid=7288 comm="syz.4.319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  146.027242][ T7299] Cannot find add_set index 0 as target
[  146.062873][ T7289] netlink: 'syz.4.319': attribute type 6 has an invalid length.
[  146.091114][ T7300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.319'.
[  146.111921][ T7289] netlink: 3 bytes leftover after parsing attributes in process `syz.4.319'.
[  146.178137][   T30] audit: type=1400 audit(1747415435.954:370): avc:  denied  { sqpoll } for  pid=7308 comm="syz.5.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  146.346934][ T7312] loop2: detected capacity change from 0 to 7
[  146.388365][ T7312] Dev loop2: unable to read RDB block 7
[  146.400249][ T1220] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  146.409833][ T7312]  loop2: unable to read partition table
[  146.416555][ T7312] loop2: partition table beyond EOD, truncated
[  146.430291][ T7312] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  146.573948][ T1220] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  146.583603][ T1220] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.594910][ T1220] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  146.606297][ T1220] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  146.629599][ T1220] usb 1-1: Manufacturer: syz
[  147.107554][ T1220] usb 1-1: config 0 descriptor??
[  147.255782][ T7332] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  147.310370][ T1220] rc_core: IR keymap rc-hauppauge not found
[  147.346743][ T1220] Registered IR keymap rc-empty
[  147.378917][ T1220] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  147.429992][ T1220] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input13
[  147.482315][ T7335] can0: slcan on ptm0.
[  147.758114][   T58] usb 1-1: USB disconnect, device number 12
[  147.820175][ T5823] Bluetooth: hci1: command 0x0419 tx timeout
[  147.846157][ T7338] lo speed is unknown, defaulting to 1000
[  147.853674][ T7344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=7344 comm=syz.3.331
[  147.879788][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  147.879802][   T30] audit: type=1400 audit(1747415437.654:375): avc:  denied  { read write } for  pid=7343 comm="syz.3.331" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  147.936430][   T30] audit: type=1400 audit(1747415437.694:376): avc:  denied  { open } for  pid=7343 comm="syz.3.331" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  148.002988][   T30] audit: type=1400 audit(1747415437.694:377): avc:  denied  { map } for  pid=7343 comm="syz.3.331" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  148.404319][   T30] audit: type=1400 audit(1747415438.184:378): avc:  denied  { write } for  pid=7349 comm="syz.0.332" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  148.684930][   T30] audit: type=1400 audit(1747415438.464:379): avc:  denied  { write } for  pid=7358 comm="syz.3.334" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  148.906776][ T7365] xt_CT: You must specify a L4 protocol and not use inversions on it
[  149.411542][   T58] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  149.695260][   T30] audit: type=1400 audit(1747415439.474:380): avc:  denied  { read } for  pid=7366 comm="syz.5.336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  149.747796][ T7369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.757566][ T7369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.772147][ T7338] can0 (unregistered): slcan off ptm0.
[  149.780151][   T58] usb 1-1: Using ep0 maxpacket: 32
[  149.818775][   T58] usb 1-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=cd.c6
[  149.846800][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.880188][   T58] usb 1-1: Product: syz
[  149.884375][   T58] usb 1-1: Manufacturer: syz
[  149.888048][   T30] audit: type=1400 audit(1747415439.664:381): avc:  denied  { bind } for  pid=7375 comm="syz.4.338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  149.909455][   T58] usb 1-1: SerialNumber: syz
[  149.919861][ T7376] !€ÿ: renamed from bond_slave_0 (while UP)
[  149.922110][   T58] usb 1-1: config 0 descriptor??
[  149.980246][ T5894] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  150.147397][ T5894] usb 4-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  150.156661][   T30] audit: type=1400 audit(1747415439.914:382): avc:  denied  { mount } for  pid=7379 comm="syz.4.340" name="/" dev="pstore" ino=2909 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  150.166769][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.178890][    C0] vkms_vblank_simulate: vblank timer overrun
[  150.286360][ T5894] usb 4-1: Product: syz
[  150.312643][ T5894] usb 4-1: Manufacturer: syz
[  150.431773][ T7350] netlink: 40 bytes leftover after parsing attributes in process `syz.0.332'.
[  150.442177][ T5864] usb 1-1: USB disconnect, device number 13
[  150.450820][ T5894] usb 4-1: SerialNumber: syz
[  150.469248][ T5894] usb 4-1: config 0 descriptor??
[  150.496915][   T30] audit: type=1400 audit(1747415440.274:383): avc:  denied  { setopt } for  pid=7383 comm="syz.4.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  150.572054][   T30] audit: type=1400 audit(1747415440.304:384): avc:  denied  { nlmsg_read } for  pid=7383 comm="syz.4.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  150.875402][ T7392] fuse: Unknown parameter 'ÿ0x0000000000000007'
[  151.525297][ T5894] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  151.542632][ T5894] asix 4-1:0.0: probe with driver asix failed with error -71
[  151.574326][ T5894] usb 4-1: USB disconnect, device number 13
[  151.629417][ T7396] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=7396 comm=syz.4.345
[  151.754900][ T7398] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=7398 comm=syz.0.346
[  152.117647][ T7403] lo speed is unknown, defaulting to 1000
[  153.728035][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  153.740409][ T5814] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  153.756627][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  153.768531][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  153.781013][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  153.876662][ T7422] lo speed is unknown, defaulting to 1000
[  153.888019][ T7428] netlink: 4 bytes leftover after parsing attributes in process `syz.3.353'.
[  154.008054][ T1110] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.105974][ T7433] loop6: detected capacity change from 0 to 7
[  154.115809][ T7433] Dev loop6: unable to read RDB block 7
[  154.281812][ T7433]  loop6: unable to read partition table
[  154.321884][ T7433] loop6: partition table beyond EOD, truncated
[  154.324346][ T1110] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.479583][ T7433] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  154.561820][   T58] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  154.760502][ T1110] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.938152][ T7450] netlink: 'syz.3.359': attribute type 16 has an invalid length.
[  154.938209][ T7450] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.359'.
[  155.128554][ T7438] lo speed is unknown, defaulting to 1000
[  155.209228][ T1110] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.810284][ T5814] Bluetooth: hci3: command tx timeout
[  156.054666][ T7422] chnl_net:caif_netlink_parms(): no params data found
[  156.286898][   T30] audit: type=1400 audit(1747415446.064:385): avc:  denied  { bind } for  pid=7468 comm="syz.0.364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  156.356252][   T30] audit: type=1400 audit(1747415446.104:386): avc:  denied  { accept } for  pid=7468 comm="syz.0.364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  156.390445][ T1110] bridge_slave_1: left allmulticast mode
[  156.396144][ T1110] bridge_slave_1: left promiscuous mode
[  156.402005][ T1110] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.416654][ T1110] bridge_slave_0: left allmulticast mode
[  156.428018][ T1110] bridge_slave_0: left promiscuous mode
[  156.439834][ T1110] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.570178][ T5863] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  156.720259][ T5863] usb 1-1: Using ep0 maxpacket: 32
[  156.726922][ T5863] usb 1-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00
[  156.736046][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.746621][ T5863] usb 1-1: config 0 descriptor??
[  156.811070][ T1110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.823165][ T1110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.832959][ T1110] bond0 (unregistering): Released all slaves
[  156.872484][ T7422] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.881873][ T7422] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.889338][ T7422] bridge_slave_0: entered allmulticast mode
[  156.898916][ T7422] bridge_slave_0: entered promiscuous mode
[  156.916458][ T7422] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.937841][ T7422] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.949046][ T7422] bridge_slave_1: entered allmulticast mode
[  156.957018][ T7422] bridge_slave_1: entered promiscuous mode
[  157.422420][ T5863] usb 1-1: string descriptor 0 read error: -71
[  157.433199][ T5863] uclogic 0003:256C:006E.0007: failed retrieving string descriptor #200: -71
[  157.442309][ T5863] uclogic 0003:256C:006E.0007: failed retrieving pen parameters: -71
[  157.452212][ T5863] uclogic 0003:256C:006E.0007: failed probing pen v2 parameters: -71
[  157.464435][ T5863] uclogic 0003:256C:006E.0007: failed probing parameters: -71
[  157.484834][ T5863] uclogic 0003:256C:006E.0007: probe with driver uclogic failed with error -71
[  157.527185][ T5863] usb 1-1: USB disconnect, device number 14
[  157.536565][ T7422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.564435][ T7422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.827661][   T30] audit: type=1400 audit(1747415447.604:387): avc:  denied  { append } for  pid=7483 comm="syz.3.369" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  157.850171][    C0] vkms_vblank_simulate: vblank timer overrun
[  157.885832][ T7486] netlink: 40 bytes leftover after parsing attributes in process `syz.5.370'.
[  157.895594][ T5814] Bluetooth: hci3: command tx timeout
[  157.935147][ T7422] team0: Port device team_slave_0 added
[  157.988004][ T7422] team0: Port device team_slave_1 added
[  158.066923][ T7422] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.078378][ T7422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.105036][ T7422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.163467][ T1110] hsr_slave_0: left promiscuous mode
[  158.169836][ T1110] hsr_slave_1: left promiscuous mode
[  158.182443][ T1110] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  158.190512][ T1220] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  158.201342][ T1110] batman_adv: batadv0: Removing interface: batadv_slave_0
[  158.244798][ T1110] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  158.252825][ T1110] batman_adv: batadv0: Removing interface: batadv_slave_1
[  158.372951][ T1220] usb 4-1: config 0 has an invalid interface number: 156 but max is 0
[  158.410625][ T1220] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  158.427959][ T1220] usb 4-1: config 0 has no interface number 0
[  158.443265][ T1110] veth1_macvtap: left promiscuous mode
[  158.451438][ T1220] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  158.464781][ T1110] veth0_macvtap: left promiscuous mode
[  158.471761][ T1110] veth1_vlan: left promiscuous mode
[  158.479800][ T1220] usb 4-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  158.493311][ T1110] veth0_vlan: left promiscuous mode
[  158.506037][ T1220] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  158.572943][ T1220] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.622998][ T1220] usb 4-1: config 0 descriptor??
[  158.652177][ T1220] gspca_main: spca561-2.14.0 probing abcd:cdee
[  158.726695][ T7495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.373'.
[  158.868123][ T7487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.894379][ T7487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.445589][ T7498] netlink: 'syz.0.372': attribute type 1 has an invalid length.
[  159.453292][ T7498] netlink: 224 bytes leftover after parsing attributes in process `syz.0.372'.
[  159.469353][ T1220] spca561 4-1:0.156: probe with driver spca561 failed with error -22
[  159.472409][ T1220] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  159.472446][ T1220] usb 4-1: MIDIStreaming interface descriptor not found
[  159.755069][ T1110] team0 (unregistering): Port device team_slave_1 removed
[  159.798327][ T1110] team0 (unregistering): Port device team_slave_0 removed
[  159.973152][ T5814] Bluetooth: hci3: command tx timeout
[  160.117666][ T7422] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.124770][ T7422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.150628][    C0] vkms_vblank_simulate: vblank timer overrun
[  160.167804][ T7422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.185879][ T7493] pim6reg: entered allmulticast mode
[  160.199214][ T7495] ipvlan2: entered promiscuous mode
[  160.205789][ T7495] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  160.214479][ T7495] team0: Device ipvlan2 is already an upper device of the team interface
[  160.243336][ T7500] lo speed is unknown, defaulting to 1000
[  160.252228][ T7512] netlink: 'syz.5.376': attribute type 2 has an invalid length.
[  160.262633][ T7500] lo speed is unknown, defaulting to 1000
[  160.268717][ T7500] lo speed is unknown, defaulting to 1000
[  160.347067][ T7500] infiniband syz0: set active
[  160.351835][ T7500] infiniband syz0: added lo
[  160.356766][ T7500] syz0: rxe_create_cq: returned err = -12
[  160.362689][ T7500] infiniband syz0: Couldn't create ib_mad CQ
[  160.368738][ T7500] infiniband syz0: Couldn't open port 1
[  160.376627][ T5862] lo speed is unknown, defaulting to 1000
[  160.388635][ T7500] RDS/IB: syz0: added
[  160.392687][ T7500] smc: adding ib device syz0 with port count 1
[  160.398819][ T7500] smc:    ib device syz0 port 1 has pnetid 
[  160.454518][ T7500] lo speed is unknown, defaulting to 1000
[  160.572672][ T1220] lo speed is unknown, defaulting to 1000
[  160.575882][ T7422] hsr_slave_0: entered promiscuous mode
[  160.597230][ T7422] hsr_slave_1: entered promiscuous mode
[  160.613768][ T7422] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.703565][ T7422] Cannot create hsr debugfs directory
[  160.711679][ T7500] lo speed is unknown, defaulting to 1000
[  161.298097][ T7500] lo speed is unknown, defaulting to 1000
[  161.384134][ T7500] lo speed is unknown, defaulting to 1000
[  161.521626][ T7500] lo speed is unknown, defaulting to 1000
[  161.990612][ T5863] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  162.090207][ T5814] Bluetooth: hci3: command tx timeout
[  162.160350][ T5863] usb 5-1: Using ep0 maxpacket: 8
[  162.364326][ T5863] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  162.412518][ T5863] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  162.438926][ T5863] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  162.458421][ T5863] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  162.474090][ T5863] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  162.487045][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.531441][   T10] usb 4-1: USB disconnect, device number 14
[  162.735105][ T1110] IPVS: stop unused estimator thread 0...
[  162.762438][   T30] audit: type=1400 audit(1747415452.524:388): avc:  denied  { relabelfrom } for  pid=7530 comm="syz.4.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  162.782413][ T5863] usb 5-1: GET_CAPABILITIES returned 0
[  162.800314][ T5863] usbtmc 5-1:16.0: can't read capabilities
[  162.822861][ T7422] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  162.857353][   T30] audit: type=1400 audit(1747415452.534:389): avc:  denied  { relabelto } for  pid=7530 comm="syz.4.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  162.881997][ T7422] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  162.907588][ T7422] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  162.914722][   T30] audit: type=1400 audit(1747415452.544:390): avc:  denied  { create } for  pid=7541 comm="syz.5.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  162.941127][ T7422] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  162.961702][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  162.968229][   T30] audit: type=1400 audit(1747415452.544:391): avc:  denied  { write } for  pid=7541 comm="syz.5.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  162.995053][ T7554] SELinux: security policydb version 18 (MLS) not backwards compatible
[  162.997319][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.008182][ T7554] SELinux: failed to load policy
[  163.012855][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.017984][   T30] audit: type=1400 audit(1747415452.774:392): avc:  denied  { load_policy } for  pid=7552 comm="syz.3.388" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  163.026767][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.046561][    C0] vkms_vblank_simulate: vblank timer overrun
[  163.055849][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.066854][ T7553] netlink: 'syz.3.388': attribute type 1 has an invalid length.
[  163.070764][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.094262][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.105531][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.105660][ T7553] 8021q: adding VLAN 0 to HW filter on device bond1
[  163.114560][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.114596][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.139250][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.141275][ T7553] netlink: 32 bytes leftover after parsing attributes in process `syz.3.388'.
[  163.148364][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.158328][ T7553] process 'syz.3.388' launched './file0' with NULL argv: empty string added
[  163.167225][ T5934] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  163.185426][   T30] audit: type=1400 audit(1747415452.964:393): avc:  denied  { execute_no_trans } for  pid=7552 comm="syz.3.388" path="/84/file0" dev="tmpfs" ino=465 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  163.191073][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.217587][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.226649][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.235716][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  163.294555][ T7422] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.318954][ T7422] 8021q: adding VLAN 0 to HW filter on device team0
[  163.339223][ T5862] usb 5-1: USB disconnect, device number 25
[  163.357671][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.358272][ T5934] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  163.364808][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.375807][ T7563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.390'.
[  163.395130][ T5934] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.407805][ T5934] usb 1-1: config 0 has no interface number 0
[  163.418057][ T5934] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  163.436125][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.441426][ T5934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.443269][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.462055][ T5934] usb 1-1: Product: syz
[  163.472901][ T5934] usb 1-1: Manufacturer: syz
[  163.482632][ T5934] usb 1-1: SerialNumber: syz
[  163.504359][ T5934] usb 1-1: config 0 descriptor??
[  163.515027][ T7422] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  163.527922][ T5934] hub 1-1:0.31: bad descriptor, ignoring hub
[  163.535001][ T5934] hub 1-1:0.31: probe with driver hub failed with error -5
[  163.547259][ T5934] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  163.590759][ T5934] uvcvideo 1-1:0.31: Entity type for entity Output 6 was not initialized!
[  163.604445][ T5934] usb 1-1: Failed to create links for entity 6
[  163.611316][ T5934] usb 1-1: Failed to register entities (-22).
[  163.839803][ T7545] netlink: 40 bytes leftover after parsing attributes in process `syz.0.385'.
[  163.995349][ T5934] usb 1-1: USB disconnect, device number 15
[  164.229107][ T7422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  164.467177][ T7584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.395'.
[  164.490180][ T5934] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  164.513409][   T30] audit: type=1400 audit(1747415454.284:394): avc:  denied  { read } for  pid=7583 comm="syz.3.395" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  164.562661][ T7589] netlink: 4 bytes leftover after parsing attributes in process `syz.0.396'.
[  164.578712][   T30] audit: type=1400 audit(1747415454.284:395): avc:  denied  { open } for  pid=7583 comm="syz.3.395" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  164.590911][ T7589] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7589 comm=syz.0.396
[  164.610370][   T30] audit: type=1400 audit(1747415454.284:396): avc:  denied  { ioctl } for  pid=7583 comm="syz.3.395" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 ioctlcmd=0x9405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  164.648176][ T7591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.396'.
[  164.681764][ T7591] bond1: entered allmulticast mode
[  164.697501][ T7591] 8021q: adding VLAN 0 to HW filter on device bond1
[  164.737527][ T5934] usb 5-1: New USB device found, idVendor=0af0, idProduct=7201, bcdDevice=ad.9d
[  164.746749][ T5934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.790315][ T5862] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  164.803366][ T5934] usb 5-1: config 0 descriptor??
[  164.946123][ T7422] veth0_vlan: entered promiscuous mode
[  165.399893][ T7422] veth1_vlan: entered promiscuous mode
[  165.434419][ T5862] usb 4-1: unable to get BOS descriptor or descriptor too short
[  165.443859][ T5862] usb 4-1: not running at top speed; connect to a high speed hub
[  165.446266][ T5908] usb 5-1: USB disconnect, device number 26
[  165.461624][ T5862] usb 4-1: config 9 has an invalid interface number: 76 but max is 0
[  165.469711][ T5862] usb 4-1: config 9 has no interface number 0
[  165.487977][ T5862] usb 4-1: config 9 interface 76 has no altsetting 0
[  165.494639][ T7422] veth0_macvtap: entered promiscuous mode
[  165.503970][ T7422] veth1_macvtap: entered promiscuous mode
[  165.516267][ T5862] usb 4-1: New USB device found, idVendor=16d8, idProduct=6804, bcdDevice=68.d5
[  165.528599][ T5862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.535562][ T7422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.540157][ T5862] usb 4-1: Product: syz
[  165.552261][ T5862] usb 4-1: Manufacturer: syz
[  165.553377][ T7422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.560230][ T5862] usb 4-1: SerialNumber: syz
[  165.575344][ T7422] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.584688][ T7422] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.594168][ T7422] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.603069][ T7422] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.723215][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.734694][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.775960][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.784599][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.816075][   T30] audit: type=1400 audit(1747415455.594:397): avc:  denied  { mounton } for  pid=7422 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  165.850478][ T5864] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  165.982655][ T7608] netlink: 52 bytes leftover after parsing attributes in process `syz.5.401'.
[  165.996548][ T7608] netlink: 8 bytes leftover after parsing attributes in process `syz.5.401'.
[  166.005378][ T7608] netlink: 'syz.5.401': attribute type 5 has an invalid length.
[  166.013033][ T7608] netlink: 28 bytes leftover after parsing attributes in process `syz.5.401'.
[  166.028745][ T7608] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  166.037579][ T7608] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  166.049703][ T7608] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  166.058848][ T7608] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  166.067865][ T7608] geneve2: entered promiscuous mode
[  166.073299][ T7608] geneve2: entered allmulticast mode
[  166.106256][ T5864] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  166.128976][ T5864] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.136256][ T5862] hub 4-1:9.76: bad descriptor, ignoring hub
[  166.145481][ T5862] hub 4-1:9.76: probe with driver hub failed with error -5
[  166.161290][ T5862] option 4-1:9.76: GSM modem (1-port) converter detected
[  166.168642][ T5864] usb 1-1: config 0 has no interface number 0
[  166.178236][ T5864] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  166.198697][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.225850][ T5864] usb 1-1: Product: syz
[  166.235946][ T5864] usb 1-1: Manufacturer: syz
[  166.270379][ T5864] usb 1-1: SerialNumber: syz
[  166.277338][ T5862] usb 4-1: USB disconnect, device number 15
[  166.435283][ T5862] option 4-1:9.76: device disconnected
[  166.590687][ T5864] usb 1-1: config 0 descriptor??
[  166.621065][ T5864] hub 1-1:0.31: bad descriptor, ignoring hub
[  166.636619][ T5864] hub 1-1:0.31: probe with driver hub failed with error -5
[  166.866376][ T7605] netlink: 24 bytes leftover after parsing attributes in process `syz.0.400'.
[  166.937076][ T5864] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  166.985235][ T5864] uvcvideo 1-1:0.31: Entity type for entity Output 6 was not initialized!
[  167.007919][ T5864] usb 1-1: Failed to create links for entity 6
[  167.019162][ T5864] usb 1-1: Failed to register entities (-22).
[  167.195847][ T7621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.218893][ T7621] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.420777][ T5864] usb 1-1: USB disconnect, device number 16
[  167.490336][ T5894] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  167.780553][ T5894] usb 5-1: device descriptor read/64, error -71
[  168.320424][ T7650] 9pnet_fd: Insufficient options for proto=fd
[  168.535613][ T5894] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  168.741395][ T5894] usb 5-1: device descriptor read/64, error -71
[  168.890253][ T5894] usb usb5-port1: attempt power cycle
[  169.049626][ T7662] netlink: 'syz.0.419': attribute type 1 has an invalid length.
[  169.058367][ T7662] netlink: 224 bytes leftover after parsing attributes in process `syz.0.419'.
[  169.271789][ T5863] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  169.280281][ T5894] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  169.332614][ T7664] netlink: 'syz.6.420': attribute type 1 has an invalid length.
[  169.340458][ T7664] netlink: 224 bytes leftover after parsing attributes in process `syz.6.420'.
[  169.365235][ T5894] usb 5-1: device descriptor read/8, error -71
[  169.735375][ T7669] fuse: Unknown parameter '0x0000000000000004'
[  169.762217][ T5863] usb 4-1: Using ep0 maxpacket: 8
[  169.791641][ T5863] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  169.801468][ T5863] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  169.815596][ T5863] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  169.825724][ T5863] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  169.860258][ T5894] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  169.899994][ T5894] usb 5-1: device descriptor read/8, error -71
[  170.011273][ T5863] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  170.011437][ T5862] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  170.020391][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.028879][ T5894] usb usb5-port1: unable to enumerate USB device
[  170.200203][ T5862] usb 7-1: device descriptor read/64, error -71
[  170.306156][ T5863] usb 4-1: GET_CAPABILITIES returned 0
[  170.312863][ T5863] usbtmc 4-1:16.0: can't read capabilities
[  170.513238][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.522339][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.531412][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.540476][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.549536][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.558596][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.567663][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.576730][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.585798][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.595123][ T5862] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  170.626138][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.635238][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.644273][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.653316][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.666098][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.675176][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.684224][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  170.742901][ T5934] usb 4-1: USB disconnect, device number 16
[  170.772177][ T5862] usb 7-1: device descriptor read/64, error -71
[  170.790363][ T5908] usb 5-1: new low-speed USB device number 31 using dummy_hcd
[  170.880597][ T5862] usb usb7-port1: attempt power cycle
[  170.945866][ T5908] usb 5-1: unable to get BOS descriptor or descriptor too short
[  170.956213][ T5908] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.968713][ T5908] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  170.979867][ T5908] usb 5-1: config 1 has no interface number 1
[  170.988079][ T5908] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 131, using maximum allowed: 30
[  170.999599][ T5908] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 16, setting to 0
[  171.014637][ T5908] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 131
[  171.310210][ T5862] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  171.330571][ T5862] usb 7-1: device descriptor read/8, error -71
[  171.437001][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  171.437016][   T30] audit: type=1400 audit(1747415461.214:399): avc:  denied  { write } for  pid=7692 comm="syz.3.430" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  171.522663][ T5863] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  171.532285][   T30] audit: type=1400 audit(1747415461.264:400): avc:  denied  { setopt } for  pid=7692 comm="syz.3.430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  171.564178][   T30] audit: type=1400 audit(1747415461.284:401): avc:  denied  { connect } for  pid=7692 comm="syz.3.430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  171.604485][ T5862] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  171.632722][ T5862] usb 7-1: device descriptor read/8, error -71
[  171.644427][ T7697] ptrace attach of "./syz-executor exec"[6255] was attempted by "./syz-executor exec"[7697]
[  171.682982][ T5863] usb 1-1: Using ep0 maxpacket: 32
[  171.708194][   T30] audit: type=1400 audit(1747415461.474:402): avc:  denied  { append } for  pid=7698 comm="syz.3.432" name="event0" dev="devtmpfs" ino=918 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  171.733123][ T5863] usb 1-1: config 33 has an invalid descriptor of length 0, skipping remainder of the config
[  171.744491][ T5863] usb 1-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[  171.751900][ T5862] usb usb7-port1: unable to enumerate USB device
[  171.805976][ T5863] usb 1-1: string descriptor 0 read error: -71
[  171.824535][ T5863] usb 1-1: New USB device found, idVendor=046d, idProduct=c090, bcdDevice= 0.40
[  171.922572][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.043982][ T5863] usb 1-1: rejected 1 configuration due to insufficient available bus power
[  172.103341][ T5863] usb 1-1: no configuration chosen from 1 choice
[  172.112066][ T5863] usb 1-1: USB disconnect, device number 17
[  172.355387][   T30] audit: type=1400 audit(1747415462.134:403): avc:  denied  { name_connect } for  pid=7721 comm="syz.3.438" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  173.403319][ T5908] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  173.427214][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.491210][ T5908] usb 5-1: can't set config #1, error -71
[  173.527472][ T5908] usb 5-1: USB disconnect, device number 31
[  173.729610][ T7747] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[7747]
[  174.083921][   T30] audit: type=1400 audit(1747415463.794:404): avc:  denied  { kexec_image_load } for  pid=7746 comm="syz.5.445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  174.207387][ T5862] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  174.366749][ T7759] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=7759 comm=syz.4.447
[  174.390483][ T5862] usb 7-1: device descriptor read/64, error -71
[  174.408994][ T7761] netlink: 'syz.5.449': attribute type 1 has an invalid length.
[  174.637538][ T7761] bond1: entered promiscuous mode
[  174.770178][ T5862] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  174.965172][ T7761] 8021q: adding VLAN 0 to HW filter on device bond1
[  175.063611][ T7765] 8021q: adding VLAN 0 to HW filter on device bond1
[  175.092962][ T7765] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  175.103537][ T7765] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  175.120328][ T5862] usb 7-1: device descriptor read/64, error -71
[  175.122186][ T7765] bond1: (slave ip6gre1): making interface the new active one
[  175.396245][ T5862] usb usb7-port1: attempt power cycle
[  175.427130][ T7765] ip6gre1: entered promiscuous mode
[  175.445695][ T7765] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  175.460397][ T5934] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  175.591927][ T7785] Driver unsupported XDP return value 0 on prog  (id 92) dev N/A, expect packet loss!
[  175.657140][ T5934] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  175.667406][ T5934] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.678798][ T5934] usb 4-1: config 0 has no interface number 0
[  175.694559][ T5934] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  175.704872][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.716133][ T5934] usb 4-1: Product: syz
[  175.720735][ T5934] usb 4-1: Manufacturer: syz
[  175.725676][ T5934] usb 4-1: SerialNumber: syz
[  175.752195][ T7792] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[7792]
[  175.755664][ T5934] usb 4-1: config 0 descriptor??
[  175.762360][ T5864] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  175.768656][ T5934] hub 4-1:0.31: bad descriptor, ignoring hub
[  175.781483][ T5862] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  175.836129][ T5934] hub 4-1:0.31: probe with driver hub failed with error -5
[  175.852190][ T5862] usb 7-1: device descriptor read/8, error -71
[  175.909342][ T5934] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  175.938773][ T5934] uvcvideo 4-1:0.31: Entity type for entity Output 6 was not initialized!
[  175.977735][ T5864] usb 1-1: device descriptor read/64, error -71
[  175.978382][ T5934] usb 4-1: Failed to create links for entity 6
[  176.098073][ T7773] netlink: 40 bytes leftover after parsing attributes in process `syz.3.452'.
[  176.134203][ T5862] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  176.141850][ T5934] usb 4-1: Failed to register entities (-22).
[  176.171235][ T5862] usb 7-1: device descriptor read/8, error -71
[  176.188586][ T7796] netlink: 16 bytes leftover after parsing attributes in process `syz.5.462'.
[  176.215512][   T30] audit: type=1400 audit(1747415465.994:405): avc:  denied  { wake_alarm } for  pid=7798 comm="syz.4.461" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  176.254673][ T7797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  176.270274][ T5864] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  176.283372][ T7797] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  176.396279][ T5862] usb usb7-port1: unable to enumerate USB device
[  176.430832][ T5864] usb 1-1: device descriptor read/64, error -71
[  176.500769][ T5908] usb 4-1: USB disconnect, device number 17
[  176.524311][   T30] audit: type=1400 audit(1747415466.294:406): avc:  denied  { create } for  pid=7798 comm="syz.4.461" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  176.567739][ T5864] usb usb1-port1: attempt power cycle
[  176.634114][   T30] audit: type=1400 audit(1747415466.334:407): avc:  denied  { shutdown } for  pid=7805 comm="syz.6.463" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  176.888313][   T30] audit: type=1400 audit(1747415466.664:408): avc:  denied  { mount } for  pid=7812 comm="syz.6.464" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  176.970575][ T5864] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  176.983517][   T30] audit: type=1400 audit(1747415466.664:409): avc:  denied  { remount } for  pid=7812 comm="syz.6.464" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  177.135307][ T7818] 9pnet_fd: Insufficient options for proto=fd
[  177.296949][ T5864] usb 1-1: device descriptor read/8, error -71
[  177.303455][   T30] audit: type=1400 audit(1747415466.694:410): avc:  denied  { unmount } for  pid=7422 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  177.327212][   T30] audit: type=1400 audit(1747415466.764:411): avc:  denied  { read write } for  pid=7814 comm="syz.3.466" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  177.354780][   T30] audit: type=1400 audit(1747415466.764:412): avc:  denied  { open } for  pid=7814 comm="syz.3.466" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  177.442203][   T30] audit: type=1400 audit(1747415466.914:413): avc:  denied  { read } for  pid=7814 comm="syz.3.466" dev="sockfs" ino=15680 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  177.550302][ T5864] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  177.580945][ T5864] usb 1-1: device descriptor read/8, error -71
[  177.618896][ T7830] netlink: 8 bytes leftover after parsing attributes in process `syz.5.469'.
[  177.632842][ T7830] netlink: 16 bytes leftover after parsing attributes in process `syz.5.469'.
[  177.652127][ T7830] gretap0: entered promiscuous mode
[  177.657641][ T7830] macvlan2: entered promiscuous mode
[  177.670215][ T7830] macvlan2: entered allmulticast mode
[  177.675602][ T7830] gretap0: entered allmulticast mode
[  177.690375][ T5864] usb usb1-port1: unable to enumerate USB device
[  177.696796][   T30] audit: type=1400 audit(1747415467.474:414): avc:  denied  { create } for  pid=7829 comm="syz.5.469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  177.761692][   T30] audit: type=1400 audit(1747415467.504:415): avc:  denied  { execmem } for  pid=7829 comm="syz.5.469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  177.821443][ T5934] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  177.990148][ T5934] usb 4-1: Using ep0 maxpacket: 16
[  178.152291][ T5934] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  178.224676][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  178.255271][ T5934] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  178.446640][ T7838] ptrace attach of "./syz-executor exec"[7422] was attempted by "./syz-executor exec"[7838]
[  178.474460][ T7833] netlink: 48 bytes leftover after parsing attributes in process `syz.4.470'.
[  178.493681][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.510630][ T5934] usb 4-1: Product: syz
[  178.528060][ T5934] usb 4-1: Manufacturer: syz
[  178.563807][ T5934] usb 4-1: SerialNumber: syz
[  178.657850][ T5934] usb 4-1: config 0 descriptor??
[  178.703346][ T5934] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  178.735962][ T5934] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  178.772963][ T7847] syz.6.474 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  178.814654][ T7851] netlink: 28 bytes leftover after parsing attributes in process `syz.0.475'.
[  179.998514][ T7860] netlink: 'syz.6.477': attribute type 1 has an invalid length.
[  180.006955][ T7860] netlink: 224 bytes leftover after parsing attributes in process `syz.6.477'.
[  180.359729][ T5934] em28xx 4-1:0.0: chip ID is em2882/3
[  180.376515][ T7859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.478'.
[  180.411281][ T7859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.478'.
[  180.641272][ T5934] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  180.665353][ T5934] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  180.724004][ T5934] em28xx 4-1:0.0: No AC97 audio processor
[  180.983887][ T5934] usb 4-1: USB disconnect, device number 18
[  180.994681][ T5934] em28xx 4-1:0.0: Disconnecting em28xx
[  181.454386][ T5934] em28xx 4-1:0.0: Freeing device
[  181.713885][ T7888] ptrace attach of "./syz-executor exec"[7422] was attempted by "./syz-executor exec"[7888]
[  181.837830][ T7892] netlink: 40 bytes leftover after parsing attributes in process `syz.5.488'.
[  181.857703][ T7892] netlink: 4 bytes leftover after parsing attributes in process `syz.5.488'.
[  181.946018][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  181.946028][   T30] audit: type=1400 audit(1747415471.731:419): avc:  denied  { read write } for  pid=7895 comm="syz.4.487" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  181.995073][   T30] audit: type=1400 audit(1747415471.731:420): avc:  denied  { open } for  pid=7895 comm="syz.4.487" path="/94/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  182.175581][ T7906] netlink: 'syz.6.490': attribute type 1 has an invalid length.
[  182.183673][ T7906] netlink: 224 bytes leftover after parsing attributes in process `syz.6.490'.
[  182.628432][ T7915] netlink: 52 bytes leftover after parsing attributes in process `syz.0.496'.
[  183.279041][ T7932] ptrace attach of "./syz-executor exec"[6255] was attempted by "./syz-executor exec"[7932]
[  185.509011][ T7955] netlink: 24 bytes leftover after parsing attributes in process `syz.5.511'.
[  186.411557][ T7965] ptrace attach of "./syz-executor exec"[5810] was attempted by "./syz-executor exec"[7965]
[  186.563811][ T7969] 9pnet_fd: Insufficient options for proto=fd
[  187.568364][ T7981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.519'.
[  188.242854][   T30] audit: type=1400 audit(1747415478.031:421): avc:  denied  { getopt } for  pid=7984 comm="syz.0.521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  188.620208][ T5864] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  188.771477][ T5864] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  188.779584][ T5864] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  188.791512][ T5864] usb 1-1: config 0 has no interface number 0
[  188.799298][ T5864] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  188.808419][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.816438][ T5864] usb 1-1: Product: syz
[  188.820647][ T5864] usb 1-1: Manufacturer: syz
[  188.825241][ T5864] usb 1-1: SerialNumber: syz
[  188.831596][ T5864] usb 1-1: config 0 descriptor??
[  188.841964][ T5864] hub 1-1:0.31: bad descriptor, ignoring hub
[  188.847939][ T5864] hub 1-1:0.31: probe with driver hub failed with error -5
[  188.856086][ T5864] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  188.862663][ T5864] uvcvideo 1-1:0.31: Entity type for entity Output 6 was not initialized!
[  188.871553][ T5864] usb 1-1: Failed to create links for entity 6
[  188.877699][ T5864] usb 1-1: Failed to register entities (-22).
[  189.042063][ T7987] netlink: 24 bytes leftover after parsing attributes in process `syz.0.522'.
[  189.105625][ T7993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.114847][ T7993] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.271132][   T58] usb 1-1: USB disconnect, device number 22
[  189.440022][ T7999] netlink: 12 bytes leftover after parsing attributes in process `syz.5.525'.
[  190.456568][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.463579][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.470395][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.477177][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.485577][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.492421][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.499207][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.506110][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.512967][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.519795][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.526649][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.533719][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.540647][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.547442][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.554239][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.561054][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.567838][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.574884][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.581696][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.588475][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.595283][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.602086][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.608873][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.615799][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.622670][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.629453][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.636500][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.643321][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.650150][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.656930][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.663735][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.670536][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  190.677310][ T5823] Bluetooth: hci1: unexpected event for opcode 0x0402
[  191.678807][   T30] audit: type=1400 audit(1747415481.461:422): avc:  denied  { write } for  pid=8024 comm="syz.5.532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  191.720251][ T5908] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  191.883670][ T5908] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  191.895558][ T5908] usb 1-1: config 0 interface 0 has no altsetting 0
[  191.907780][ T5908] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  191.917047][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  191.928075][ T5908] usb 1-1: Product: syz
[  191.934041][ T5908] usb 1-1: Manufacturer: syz
[  191.938645][ T5908] usb 1-1: SerialNumber: syz
[  191.947183][ T5908] usb 1-1: config 0 descriptor??
[  191.964298][ T5908] usb 1-1: selecting invalid altsetting 0
[  192.168929][ T5908] usb 1-1: USB disconnect, device number 23
[  193.062404][   T30] audit: type=1400 audit(1747415482.841:423): avc:  denied  { getopt } for  pid=8035 comm="syz.0.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  193.873953][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  195.043396][ T8067] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=8067 comm=syz.5.544
[  195.264159][ T8069] ptrace attach of "./syz-executor exec"[6255] was attempted by "./syz-executor exec"[8069]
[  196.356699][ T8075] xt_CT: You must specify a L4 protocol and not use inversions on it
[  196.767487][   T30] audit: type=1400 audit(1747415486.551:424): avc:  denied  { write } for  pid=8090 comm="syz.5.553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  198.769664][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  198.778449][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  198.786185][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  198.794359][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  198.801910][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  198.845636][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  198.861291][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  198.868808][ T5824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  198.878728][ T5824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  198.886654][ T5824] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  199.057257][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.101941][ T8125] netlink: 24 bytes leftover after parsing attributes in process `syz.5.562'.
[  199.142166][ T8117] lo speed is unknown, defaulting to 1000
[  199.208114][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.256558][ T5824] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  199.265243][ T5824] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  199.275830][ T5824] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  199.284992][ T5824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  199.297207][ T5824] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  199.348357][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.414017][ T8117] lo speed is unknown, defaulting to 1000
[  199.415242][ T8120] lo speed is unknown, defaulting to 1000
[  199.471781][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.682372][   T12] bridge_slave_1: left allmulticast mode
[  199.688044][   T12] bridge_slave_1: left promiscuous mode
[  199.702928][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.724297][   T12] bridge_slave_0: left allmulticast mode
[  199.729941][   T12] bridge_slave_0: left promiscuous mode
[  199.736272][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.769300][ T8132] 9pnet_fd: Insufficient options for proto=fd
[  199.834668][ T8135] netlink: 12 bytes leftover after parsing attributes in process `syz.5.564'.
[  200.089582][   T12] bond0 (unregistering): (slave 
1!€ÿ): Releasing backup interface
[  200.099218][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  200.109072][   T12] bond0 (unregistering): Released all slaves
[  200.127758][ T8120] lo speed is unknown, defaulting to 1000
[  200.130376][ T8126] lo speed is unknown, defaulting to 1000
[  200.151256][ T8135] vlan2: entered promiscuous mode
[  200.156889][ T8135] syz_tun: entered promiscuous mode
[  200.417675][ T8126] lo speed is unknown, defaulting to 1000
[  200.546379][ T8117] chnl_net:caif_netlink_parms(): no params data found
[  200.853665][ T5814] Bluetooth: hci4: command tx timeout
[  200.900589][ T8117] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.907770][ T8117] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.915120][ T8117] bridge_slave_0: entered allmulticast mode
[  200.922431][ T8117] bridge_slave_0: entered promiscuous mode
[  200.930278][ T5814] Bluetooth: hci2: command tx timeout
[  200.939284][   T12] hsr_slave_0: left promiscuous mode
[  200.947904][   T12] hsr_slave_1: left promiscuous mode
[  200.954548][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  200.964755][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  200.974414][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  200.982018][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  200.995498][   T12] veth1_macvtap: left promiscuous mode
[  201.001670][   T12] veth0_macvtap: left promiscuous mode
[  201.007202][   T12] veth1_vlan: left promiscuous mode
[  201.012918][   T12] veth0_vlan: left promiscuous mode
[  201.251116][   T12] team0 (unregistering): Port device team_slave_1 removed
[  201.277026][   T12] team0 (unregistering): Port device team_slave_0 removed
[  201.331409][ T5814] Bluetooth: hci3: command tx timeout
[  201.521774][ T8117] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.528857][ T8117] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.536288][ T8117] bridge_slave_1: entered allmulticast mode
[  201.545944][ T8117] bridge_slave_1: entered promiscuous mode
[  201.626497][ T8117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.638811][ T8117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.684652][ T8120] chnl_net:caif_netlink_parms(): no params data found
[  201.702779][ T8117] team0: Port device team_slave_0 added
[  201.717149][ T8117] team0: Port device team_slave_1 added
[  201.770575][ T8117] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.777508][ T8117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.804322][ T8117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.839437][ T8117] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.846549][ T8117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.872907][ T8117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.930229][ T8120] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.937362][ T8120] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.947716][ T8120] bridge_slave_0: entered allmulticast mode
[  201.955178][ T8120] bridge_slave_0: entered promiscuous mode
[  201.980411][ T8120] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.987528][ T8120] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.994670][ T8120] bridge_slave_1: entered allmulticast mode
[  202.001753][ T8120] bridge_slave_1: entered promiscuous mode
[  202.018094][ T8126] chnl_net:caif_netlink_parms(): no params data found
[  202.039311][ T8117] hsr_slave_0: entered promiscuous mode
[  202.045399][ T8117] hsr_slave_1: entered promiscuous mode
[  202.051381][ T8117] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  202.058913][ T8117] Cannot create hsr debugfs directory
[  202.089882][ T8120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  202.103394][ T8120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.156362][ T8120] team0: Port device team_slave_0 added
[  202.176534][ T8120] team0: Port device team_slave_1 added
[  202.213139][ T8120] batman_adv: batadv0: Adding interface: batadv_slave_0
[  202.220130][ T8120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.247427][ T8120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.278897][ T8120] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.285942][ T8120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.313450][ T8120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.340729][   T12] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.357534][ T8126] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.364665][ T8126] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.372000][ T8126] bridge_slave_0: entered allmulticast mode
[  202.378581][ T8126] bridge_slave_0: entered promiscuous mode
[  202.393449][ T8126] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.400990][ T8126] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.408619][ T8126] bridge_slave_1: entered allmulticast mode
[  202.415454][ T8126] bridge_slave_1: entered promiscuous mode
[  202.450297][   T12] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.482288][ T8126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  202.512592][ T8126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.539857][   T12] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.559416][ T8120] hsr_slave_0: entered promiscuous mode
[  202.566311][ T8120] hsr_slave_1: entered promiscuous mode
[  202.573876][ T8120] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  202.581594][ T8120] Cannot create hsr debugfs directory
[  202.609322][ T8126] team0: Port device team_slave_0 added
[  202.636602][   T12] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.652767][ T8126] team0: Port device team_slave_1 added
[  202.716899][ T8126] batman_adv: batadv0: Adding interface: batadv_slave_0
[  202.724155][ T8126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.750253][ T8126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.774130][ T8126] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.781154][ T8126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.807555][ T8126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.890216][ T8117] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  202.902559][ T8126] hsr_slave_0: entered promiscuous mode
[  202.908562][ T8126] hsr_slave_1: entered promiscuous mode
[  202.914848][ T8126] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  202.924703][ T8126] Cannot create hsr debugfs directory
[  202.935857][ T8117] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  202.940216][ T5814] Bluetooth: hci4: command tx timeout
[  202.978012][ T8117] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  203.010374][ T5814] Bluetooth: hci2: command tx timeout
[  203.027978][ T8117] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  203.076409][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.155318][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.196894][ T8120] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  203.207547][ T8120] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  203.217936][ T8120] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  203.233552][ T8120] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  203.249052][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.317353][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.362175][ T8126] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  203.379284][ T8126] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  203.393540][ T8126] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  203.403703][ T8126] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  203.410633][ T5814] Bluetooth: hci3: command tx timeout
[  203.458097][ T8117] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.492314][ T8120] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.539703][ T8117] 8021q: adding VLAN 0 to HW filter on device team0
[  203.565857][ T8120] 8021q: adding VLAN 0 to HW filter on device team0
[  203.575266][   T12] bridge_slave_1: left allmulticast mode
[  203.581033][   T12] bridge_slave_1: left promiscuous mode
[  203.587021][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.596526][   T12] bridge_slave_0: left allmulticast mode
[  203.602909][   T12] bridge_slave_0: left promiscuous mode
[  203.608538][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.617790][   T12] bridge_slave_1: left allmulticast mode
[  203.623519][   T12] bridge_slave_1: left promiscuous mode
[  203.629149][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.638756][   T12] bridge_slave_0: left allmulticast mode
[  203.644627][   T12] bridge_slave_0: left promiscuous mode
[  203.652010][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.603648][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.615547][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.625106][   T12] bond0 (unregistering): Released all slaves
[  204.697556][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.707489][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.734607][   T12] bond0 (unregistering): Released all slaves
[  204.804329][   T12] bond1 (unregistering): Released all slaves
[  204.822832][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.829942][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.903984][ T3026] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.911149][ T3026] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.928401][ T3026] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.935526][ T3026] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.031878][ T5814] Bluetooth: hci4: command tx timeout
[  205.047050][ T3026] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.054138][ T3026] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.597523][ T5814] Bluetooth: hci2: command tx timeout
[  205.605968][ T5824] Bluetooth: hci3: command tx timeout
[  205.714738][ T8126] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.875241][ T8126] 8021q: adding VLAN 0 to HW filter on device team0
[  205.912556][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.919670][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.995433][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.002629][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.076011][ T8120] 8021q: adding VLAN 0 to HW filter on device batadv0
[  206.208794][ T8117] 8021q: adding VLAN 0 to HW filter on device batadv0
[  206.475499][ T8126] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.091114][ T5814] Bluetooth: hci4: command tx timeout
[  207.257705][ T8120] veth0_vlan: entered promiscuous mode
[  207.414221][ T8120] veth1_vlan: entered promiscuous mode
[  207.446267][ T8120] veth0_macvtap: entered promiscuous mode
[  207.455165][ T8120] veth1_macvtap: entered promiscuous mode
[  207.474145][ T8120] batman_adv: batadv0: Interface activated: batadv_slave_0
[  207.492553][ T8120] batman_adv: batadv0: Interface activated: batadv_slave_1
[  207.537417][   T12] hsr_slave_0: left promiscuous mode
[  207.546886][   T12] hsr_slave_1: left promiscuous mode
[  207.557718][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.569160][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.579122][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  207.590895][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.604991][   T12] hsr_slave_0: left promiscuous mode
[  207.613434][   T12] hsr_slave_1: left promiscuous mode
[  207.619224][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.625980][ T8205] netlink: 40 bytes leftover after parsing attributes in process `syz.5.571'.
[  207.627661][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.644130][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  207.653572][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.660190][ T5824] Bluetooth: hci3: command tx timeout
[  207.662493][ T5814] Bluetooth: hci2: command tx timeout
[  207.685025][   T12] veth1_macvtap: left promiscuous mode
[  207.690819][   T12] veth0_macvtap: left promiscuous mode
[  207.696347][   T12] veth1_vlan: left promiscuous mode
[  207.701795][   T12] veth0_vlan: left promiscuous mode
[  207.707934][   T12] veth1_macvtap: left promiscuous mode
[  207.713525][   T12] veth0_macvtap: left promiscuous mode
[  207.719041][   T12] veth1_vlan: left promiscuous mode
[  207.725815][   T12] veth0_vlan: left promiscuous mode
[  208.062563][   T12] team0 (unregistering): Port device team_slave_1 removed
[  208.091743][   T12] team0 (unregistering): Port device team_slave_0 removed
[  208.545118][   T12] team0 (unregistering): Port device team_slave_1 removed
[  208.573587][   T12] team0 (unregistering): Port device team_slave_0 removed
[  208.816043][ T1131] smc: removing ib device s
z1
[  208.822409][ T8120] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.832837][ T8120] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.841721][ T8120] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.853395][ T8120] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.010596][   T10] lo speed is unknown, defaulting to 1000
[  209.022370][   T10] s
z1: Port: 1 Link DOWN
[  209.198865][ T8117] veth0_vlan: entered promiscuous mode
[  209.228141][ T8117] veth1_vlan: entered promiscuous mode
[  209.328457][ T8126] veth0_vlan: entered promiscuous mode
[  209.338447][ T3026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.367868][ T3026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.371680][ T8126] veth1_vlan: entered promiscuous mode
[  209.417369][ T8117] veth0_macvtap: entered promiscuous mode
[  209.437746][ T8117] veth1_macvtap: entered promiscuous mode
[  209.526495][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.550438][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.597334][ T8126] veth0_macvtap: entered promiscuous mode
[  209.627293][ T8117] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.685103][ T8126] veth1_macvtap: entered promiscuous mode
[  209.699542][ T8117] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.759508][ T8117] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.800209][ T8117] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.808918][ T8117] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.880173][ T8117] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.925266][ T8126] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.115325][ T8126] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.202743][ T8126] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.405366][ T8126] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.455656][ T8126] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.495654][ T8126] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.142409][ T8228] syz.5.576: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz5,mems_allowed=0-1
[  212.174172][   T30] audit: type=1400 audit(1747415501.871:425): avc:  denied  { map } for  pid=8225 comm="syz.7.575" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  212.241870][ T8228] CPU: 1 UID: 0 PID: 8228 Comm: syz.5.576 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  212.241897][ T8228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.241907][ T8228] Call Trace:
[  212.241913][ T8228]  <TASK>
[  212.241920][ T8228]  dump_stack_lvl+0x16c/0x1f0
[  212.241951][ T8228]  warn_alloc+0x248/0x3a0
[  212.241971][ T8228]  ? __pfx_warn_alloc+0x10/0x10
[  212.241987][ T8228]  ? stack_depot_save_flags+0x3e6/0xa50
[  212.242020][ T8228]  ? kasan_save_stack+0x42/0x60
[  212.242036][ T8228]  ? kasan_save_stack+0x33/0x60
[  212.242050][ T8228]  ? kasan_save_track+0x14/0x30
[  212.242066][ T8228]  ? __kasan_kmalloc+0xaa/0xb0
[  212.242089][ T8228]  ? xskq_create+0x52/0x1d0
[  212.242110][ T8228]  ? do_sock_setsockopt+0x221/0x470
[  212.242132][ T8228]  ? __sys_setsockopt+0x1a0/0x230
[  212.242149][ T8228]  ? __x64_sys_setsockopt+0xbd/0x160
[  212.242172][ T8228]  __vmalloc_node_range_noprof+0x10ea/0x1540
[  212.242207][ T8228]  ? xskq_create+0xfb/0x1d0
[  212.242235][ T8228]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  212.242268][ T8228]  ? xskq_create+0xfb/0x1d0
[  212.242290][ T8228]  vmalloc_user_noprof+0x6b/0x90
[  212.242315][ T8228]  ? xskq_create+0xfb/0x1d0
[  212.242335][ T8228]  xskq_create+0xfb/0x1d0
[  212.242359][ T8228]  xsk_setsockopt+0x640/0x840
[  212.242381][ T8228]  ? __pfx_xsk_setsockopt+0x10/0x10
[  212.242406][ T8228]  ? selinux_socket_setsockopt+0x6a/0x80
[  212.242430][ T8228]  ? __pfx_xsk_setsockopt+0x10/0x10
[  212.242451][ T8228]  do_sock_setsockopt+0x221/0x470
[  212.242474][ T8228]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  212.242513][ T8228]  __sys_setsockopt+0x1a0/0x230
[  212.242536][ T8228]  __x64_sys_setsockopt+0xbd/0x160
[  212.242553][ T8228]  ? do_syscall_64+0x91/0x260
[  212.242578][ T8228]  ? lockdep_hardirqs_on+0x7c/0x110
[  212.242601][ T8228]  do_syscall_64+0xcd/0x260
[  212.242628][ T8228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.242655][ T8228] RIP: 0033:0x7fc4b5b8e969
[  212.242669][ T8228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.242686][ T8228] RSP: 002b:00007fc4b6966038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  212.242703][ T8228] RAX: ffffffffffffffda RBX: 00007fc4b5db5fa0 RCX: 00007fc4b5b8e969
[  212.242714][ T8228] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  212.242725][ T8228] RBP: 00007fc4b5c10ab1 R08: 0000000000000052 R09: 0000000000000000
[  212.242735][ T8228] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  212.242745][ T8228] R13: 0000000000000000 R14: 00007fc4b5db5fa0 R15: 00007ffc034bced8
[  212.242770][ T8228]  </TASK>
[  212.242776][ T8228] Mem-Info:
[  212.560214][   T30] audit: type=1400 audit(1747415501.871:426): avc:  denied  { write execute } for  pid=8225 comm="syz.7.575" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  212.601481][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.609294][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.639891][   T30] audit: type=1400 audit(1747415501.931:427): avc:  denied  { setopt } for  pid=8227 comm="syz.5.576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  212.740826][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  214.533328][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  214.541216][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  214.549665][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  214.559148][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  216.621138][ T5824] Bluetooth: hci0: command tx timeout
[  216.812551][ T8228] active_anon:5590 inactive_anon:0 isolated_anon:0
[  216.812551][ T8228]  active_file:14033 inactive_file:40627 isolated_file:0
[  216.812551][ T8228]  unevictable:768 dirty:118 writeback:17
[  216.812551][ T8228]  slab_reclaimable:12081 slab_unreclaimable:112336
[  216.812551][ T8228]  mapped:29942 shmem:1389 pagetables:706
[  216.812551][ T8228]  sec_pagetables:0 bounce:0
[  216.812551][ T8228]  kernel_misc_reclaimable:0
[  216.812551][ T8228]  free:1302952 free_pcp:912 free_cma:0
[  216.925898][   T30] audit: type=1400 audit(1747415506.711:428): avc:  denied  { connect } for  pid=8232 comm="syz.7.577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  217.109928][   T30] audit: type=1400 audit(1747415506.751:429): avc:  denied  { bind } for  pid=8232 comm="syz.7.577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  217.136792][   T30] audit: type=1400 audit(1747415506.751:430): avc:  denied  { listen } for  pid=8232 comm="syz.7.577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  217.162114][ T8228] Node 0 active_anon:22460kB inactive_anon:0kB active_file:56088kB inactive_file:162312kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119724kB dirty:468kB writeback:68kB shmem:4020kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10824kB pagetables:2824kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  217.198785][   T30] audit: type=1400 audit(1747415506.751:431): avc:  denied  { accept } for  pid=8232 comm="syz.7.577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  220.679603][ T5824] Bluetooth: hci0: command tx timeout
[  220.688620][    C1] sched: DL replenish lagged too much
[  220.946435][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.860175][ T5814] Bluetooth: hci0: command tx timeout
[  222.872656][ T8228] Node 1 active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  222.930186][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.947514][ T8228] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  223.002724][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.034003][ T8230] lo speed is unknown, defaulting to 1000
[  223.053644][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.140167][ T8228] lowmem_reserve[]: 0 2484 2486 2486 2486
[  223.161632][ T3026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.181443][ T8228] Node 0 DMA32 free:1281412kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:22460kB inactive_anon:0kB active_file:56088kB inactive_file:160500kB unevictable:1536kB writepending:504kB present:3129332kB managed:2543900kB mlocked:0kB bounce:0kB free_pcp:1528kB local_pcp:596kB free_cma:0kB
[  223.227605][ T3026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.520186][ T8228] lowmem_reserve[]: 0 0 1 1 1
[  225.591814][ T5814] Bluetooth: hci0: command tx timeout
[  225.620621][ T8228] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:24kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[  225.866239][ T8228] lowmem_reserve[]: 0 0 0 0 0
[  225.882319][ T8228] Node 1 Normal free:3907792kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  225.976253][   T30] audit: type=1400 audit(1747415515.761:432): avc:  denied  { mounton } for  pid=8243 comm="syz.7.578" path="/file0" dev="ramfs" ino=19811 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  226.013964][ T8228] lowmem_reserve[]: 0 0 0 0 0
[  226.026271][ T8228] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  226.057022][   T30] audit: type=1400 audit(1747415515.831:433): avc:  denied  { accept } for  pid=8243 comm="syz.7.578" path="socket:[19809]" dev="sockfs" ino=19809 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  226.092515][ T8228] Node 0 DMA32: 278*4kB (UM) 59*8kB (UME) 260*16kB (UME) 848*32kB (UME) 472*64kB (UME) 63*128kB (UME) 48*256kB (ME) 21*512kB (ME) 10*1024kB (UME) 5*2048kB (ME) 283*4096kB (M) = 1273840kB
[  226.114431][ T8228] Node 0 Normal: 1*4kB (M) 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28kB
[  226.128527][ T8228] Node 1 Normal: 236*4kB (UME) 52*8kB (UME) 42*16kB (UE) 199*32kB (UE) 96*64kB (UME) 28*128kB (UME) 16*256kB (UME) 11*512kB (UME) 5*1024kB (UM) 4*2048kB (UE) 944*4096kB (M) = 3907792kB
[  226.153816][ T8228] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  226.169176][ T8228] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  226.179364][ T8228] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  226.192079][ T8228] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  226.202233][ T8228] 59021 total pagecache pages
[  226.207009][ T8228] 0 pages in swap cache
[  226.213686][ T8228] Free swap  = 124996kB
[  226.217914][ T8228] Total swap = 124996kB
[  226.222961][ T8228] 2097051 pages RAM
[  226.226878][ T8228] 0 pages HighMem/MovableOnly
[  226.234531][ T8228] 428970 pages reserved
[  226.238798][ T8228] 0 pages cma reserved
[  226.303865][ T8247] netlink: 24 bytes leftover after parsing attributes in process `syz.5.579'.
[  227.118828][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.171227][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.923315][ T8270] overlayfs: failed to resolve './file1': -2
[  233.040390][ T8230] chnl_net:caif_netlink_parms(): no params data found
[  239.007737][ T8279] pty pty38: ldisc open failed (-12), clearing slot 38
[  239.214611][   T30] audit: type=1400 audit(1747415528.891:434): avc:  denied  { create } for  pid=8282 comm="syz.7.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  240.353304][   T30] audit: type=1400 audit(1747415529.221:435): avc:  denied  { connect } for  pid=8282 comm="syz.7.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  241.028699][ T8291] netlink: 52 bytes leftover after parsing attributes in process `syz.7.586'.
[  241.756769][ T8295] loop6: detected capacity change from 0 to 7
[  241.979733][ T8295] Dev loop6: unable to read RDB block 7
[  242.008517][ T8295]  loop6: unable to read partition table
[  242.331631][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.493579][ T8295] loop6: partition table beyond EOD, truncated
[  242.780151][ T8295] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  244.500388][   T30] audit: type=1400 audit(1747415534.271:436): avc:  denied  { ioctl } for  pid=8298 comm="syz.9.590" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  257.652872][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  386.190016][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  386.190035][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P9/1:b..l P8267/1:b..l
[  386.190610][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=24025, q=934404 ncpus=2)
[  386.190627][    C1] task:kworker/0:10    state:R  running task     stack:28664 pid:8267  tgid:8267  ppid:2      task_flags:0x4208060 flags:0x00004000
[  386.190686][    C1] Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker
[  386.190716][    C1] Call Trace:
[  386.190723][    C1]  <TASK>
[  386.190735][    C1]  __schedule+0x116f/0x5de0
[  386.190765][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  386.190800][    C1]  ? __pfx___schedule+0x10/0x10
[  386.190821][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  386.190853][    C1]  ? mark_held_locks+0x49/0x80
[  386.190882][    C1]  preempt_schedule_irq+0x51/0x90
[  386.190905][    C1]  irqentry_exit+0x36/0x90
[  386.190928][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  386.190947][    C1] RIP: 0010:write_comp_data+0x0/0x90
[  386.190973][    C1] Code: 48 8b 05 7b d0 e8 11 48 8b 80 30 16 00 00 c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <49> 89 d2 49 89 f8 49 89 f1 65 48 8b 15 47 d0 e8 11 65 8b 05 58 d0
[  386.190990][    C1] RSP: 0018:ffffc900039677a0 EFLAGS: 00000286
[  386.191005][    C1] RAX: 0000000000000000 RBX: ffff88801ec8e940 RCX: ffffffff822aafa3
[  386.191017][    C1] RDX: 00000000038604a3 RSI: 0000000000000000 RDI: 0000000000000005
[  386.191028][    C1] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000
[  386.191039][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000038604a3
[  386.191050][    C1] R13: 0000000000000001 R14: ffff88801ec8e948 R15: 0000000000000000
[  386.191069][    C1]  ? __update_page_owner_free_handle.constprop.0+0x153/0x470
[  386.191096][    C1]  __update_page_owner_free_handle.constprop.0+0x153/0x470
[  386.191121][    C1]  __reset_page_owner+0x93/0x1a0
[  386.191141][    C1]  __free_frozen_pages+0x69d/0xff0
[  386.191174][    C1]  __put_partials+0x16d/0x1c0
[  386.191203][    C1]  qlist_free_all+0x4e/0x120
[  386.191231][    C1]  kasan_quarantine_reduce+0x195/0x1e0
[  386.191266][    C1]  __kasan_kmalloc+0x8a/0xb0
[  386.191293][    C1]  wg_noise_handshake_begin_session+0xe5/0xe80
[  386.191313][    C1]  ? wg_packet_send_handshake_response+0x207/0x310
[  386.191340][    C1]  wg_packet_send_handshake_response+0x216/0x310
[  386.191362][    C1]  ? wg_socket_set_peer_endpoint+0x5f6/0xbd0
[  386.191385][    C1]  ? __pfx_wg_packet_send_handshake_response+0x10/0x10
[  386.191424][    C1]  wg_receive_handshake_packet+0x247/0xbf0
[  386.191449][    C1]  ? __pfx_wg_receive_handshake_packet+0x10/0x10
[  386.191473][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  386.191496][    C1]  ? __local_bh_enable_ip+0xa4/0x120
[  386.191521][    C1]  wg_packet_handshake_receive_worker+0x17f/0x3a0
[  386.191553][    C1]  process_one_work+0x9cf/0x1b70
[  386.191581][    C1]  ? __pfx_vmstat_shepherd+0x10/0x10
[  386.191606][    C1]  ? __pfx_process_one_work+0x10/0x10
[  386.191633][    C1]  ? assign_work+0x1a0/0x250
[  386.191654][    C1]  worker_thread+0x6c8/0xf10
[  386.191684][    C1]  ? __pfx_worker_thread+0x10/0x10
[  386.191703][    C1]  kthread+0x3c2/0x780
[  386.191721][    C1]  ? __pfx_kthread+0x10/0x10
[  386.191736][    C1]  ? __pfx_kthread+0x10/0x10
[  386.191751][    C1]  ? __pfx_kthread+0x10/0x10
[  386.191766][    C1]  ? __pfx_kthread+0x10/0x10
[  386.191783][    C1]  ? rcu_is_watching+0x12/0xc0
[  386.191805][    C1]  ? __pfx_kthread+0x10/0x10
[  386.191823][    C1]  ret_from_fork+0x45/0x80
[  386.191840][    C1]  ? __pfx_kthread+0x10/0x10
[  386.191858][    C1]  ret_from_fork_asm+0x1a/0x30
[  386.191893][    C1]  </TASK>
[  386.191900][    C1] task:kworker/0:0     state:R  running task     stack:27400 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00004000
[  386.191957][    C1] Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker
[  386.191981][    C1] Call Trace:
[  386.191987][    C1]  <TASK>
[  386.191997][    C1]  __schedule+0x116f/0x5de0
[  386.192035][    C1]  ? __pfx___schedule+0x10/0x10
[  386.192062][    C1]  ? mark_held_locks+0x49/0x80
[  386.192087][    C1]  ? irqentry_exit+0x3b/0x90
[  386.192109][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  386.192134][    C1]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  386.192153][    C1]  preempt_schedule_notrace+0x62/0xe0
[  386.192177][    C1]  ? unwind_next_frame+0x3f4/0x20a0
[  386.192197][    C1]  preempt_schedule_notrace_thunk+0x16/0x30
[  386.192221][    C1]  rcu_is_watching+0x8e/0xc0
[  386.192241][    C1]  lock_release+0x201/0x2f0
[  386.192280][    C1]  unwind_next_frame+0x3f9/0x20a0
[  386.192300][    C1]  ? __kasan_kmalloc+0x8a/0xb0
[  386.192328][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  386.192352][    C1]  arch_stack_walk+0x94/0x100
[  386.192378][    C1]  ? wg_noise_handshake_begin_session+0xe5/0xe80
[  386.192401][    C1]  stack_trace_save+0x8e/0xc0
[  386.192422][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  386.192445][    C1]  ? __lock_acquire+0x5ca/0x1ba0
[  386.192472][    C1]  ? __lock_acquire+0x5ca/0x1ba0
[  386.192496][    C1]  save_stack+0x160/0x1f0
[  386.192520][    C1]  ? __pfx_save_stack+0x10/0x10
[  386.192544][    C1]  ? __free_frozen_pages+0x69d/0xff0
[  386.192566][    C1]  ? __put_partials+0x16d/0x1c0
[  386.192589][    C1]  ? qlist_free_all+0x4e/0x120
[  386.192611][    C1]  ? kasan_quarantine_reduce+0x195/0x1e0
[  386.192636][    C1]  ? __kasan_kmalloc+0x8a/0xb0
[  386.192667][    C1]  ? page_ext_put+0x3e/0xd0
[  386.192689][    C1]  __reset_page_owner+0x84/0x1a0
[  386.192709][    C1]  __free_frozen_pages+0x69d/0xff0
[  386.192739][    C1]  __put_partials+0x16d/0x1c0
[  386.192766][    C1]  qlist_free_all+0x4e/0x120
[  386.192793][    C1]  kasan_quarantine_reduce+0x195/0x1e0
[  386.192821][    C1]  __kasan_kmalloc+0x8a/0xb0
[  386.192847][    C1]  wg_noise_handshake_begin_session+0xe5/0xe80
[  386.192865][    C1]  ? wg_packet_send_handshake_response+0x207/0x310
[  386.192893][    C1]  wg_packet_send_handshake_response+0x216/0x310
[  386.192915][    C1]  ? wg_socket_set_peer_endpoint+0x5f6/0xbd0
[  386.192939][    C1]  ? __pfx_wg_packet_send_handshake_response+0x10/0x10
[  386.192977][    C1]  wg_receive_handshake_packet+0x247/0xbf0
[  386.193001][    C1]  ? __pfx_wg_receive_handshake_packet+0x10/0x10
[  386.193026][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  386.193049][    C1]  ? __local_bh_enable_ip+0xa4/0x120
[  386.193074][    C1]  wg_packet_handshake_receive_worker+0x17f/0x3a0
[  386.193107][    C1]  process_one_work+0x9cf/0x1b70
[  386.193134][    C1]  ? __pfx_wg_packet_encrypt_worker+0x10/0x10
[  386.193157][    C1]  ? __pfx_process_one_work+0x10/0x10
[  386.193184][    C1]  ? assign_work+0x1a0/0x250
[  386.193204][    C1]  worker_thread+0x6c8/0xf10
[  386.193234][    C1]  ? __pfx_worker_thread+0x10/0x10
[  386.193283][    C1]  kthread+0x3c2/0x780
[  386.193302][    C1]  ? __pfx_kthread+0x10/0x10
[  386.193317][    C1]  ? __pfx_kthread+0x10/0x10
[  386.193333][    C1]  ? __pfx_kthread+0x10/0x10
[  386.193348][    C1]  ? __pfx_kthread+0x10/0x10
[  386.193364][    C1]  ? rcu_is_watching+0x12/0xc0
[  386.193385][    C1]  ? __pfx_kthread+0x10/0x10
[  386.193403][    C1]  ret_from_fork+0x45/0x80
[  386.193419][    C1]  ? __pfx_kthread+0x10/0x10
[  386.193437][    C1]  ret_from_fork_asm+0x1a/0x30
[  386.193472][    C1]  </TASK>
[  386.193480][    C1] rcu: rcu_preempt kthread starved for 9176 jiffies! g24025 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  386.193499][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  386.193506][    C1] rcu: RCU grace-period kthread stack dump:
[  386.193512][    C1] task:rcu_preempt     state:R  running task     stack:27704 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  386.193567][    C1] Call Trace:
[  386.193573][    C1]  <TASK>
[  386.193584][    C1]  __schedule+0x116f/0x5de0
[  386.193612][    C1]  ? __lock_acquire+0x5ca/0x1ba0
[  386.193643][    C1]  ? __pfx___schedule+0x10/0x10
[  386.193669][    C1]  ? find_held_lock+0x2b/0x80
[  386.193690][    C1]  ? schedule+0x2d7/0x3a0
[  386.193715][    C1]  schedule+0xe7/0x3a0
[  386.193737][    C1]  schedule_timeout+0x123/0x290
[  386.193756][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  386.193777][    C1]  ? __pfx_process_timeout+0x10/0x10
[  386.193802][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  386.193825][    C1]  ? prepare_to_swait_event+0xf5/0x480
[  386.193854][    C1]  rcu_gp_fqs_loop+0x1ea/0xb00
[  386.193882][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  386.193911][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[  386.193940][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  386.193966][    C1]  rcu_gp_kthread+0x270/0x380
[  386.193993][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  386.194016][    C1]  ? rcu_is_watching+0x12/0xc0
[  386.194036][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  386.194062][    C1]  ? __kthread_parkme+0x19e/0x250
[  386.194087][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  386.194112][    C1]  kthread+0x3c2/0x780
[  386.194130][    C1]  ? __pfx_kthread+0x10/0x10
[  386.194145][    C1]  ? __pfx_kthread+0x10/0x10
[  386.194161][    C1]  ? __pfx_kthread+0x10/0x10
[  386.194177][    C1]  ? __pfx_kthread+0x10/0x10
[  386.194193][    C1]  ? rcu_is_watching+0x12/0xc0
[  386.194213][    C1]  ? __pfx_kthread+0x10/0x10
[  386.194231][    C1]  ret_from_fork+0x45/0x80
[  386.194248][    C1]  ? __pfx_kthread+0x10/0x10
[  386.194270][    C1]  ret_from_fork_asm+0x1a/0x30
[  386.194310][    C1]  </TASK>
[  386.194317][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  386.194328][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  386.194349][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.194358][    C1] RIP: 0010:lock_release+0x183/0x2f0
[  386.194383][    C1] Code: 0f c1 05 18 2c 0c 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 6d ee 0b 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
[  386.194399][    C1] RSP: 0018:ffffc90000a080f0 EFLAGS: 00000206
[  386.194414][    C1] RAX: c169b0a0a8ff1e00 RBX: ffffffff8e3bfc00 RCX: ffffc90000a080fc
[  386.194425][    C1] RDX: 0000000000000003 RSI: ffffffff8dbbd30b RDI: ffffffff8bf48aa0
[  386.194437][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  386.194447][    C1] R10: 0000000000000003 R11: 000000000008415a R12: ffffffff8169dd54
[  386.194458][    C1] R13: 0000000000000206 R14: ffff88801dada440 R15: 0000000000000004
[  386.194470][    C1] FS:  0000000000000000(0000) GS:ffff888124adf000(0000) knlGS:0000000000000000
[  386.194487][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  386.194498][    C1] CR2: 00007f51ae800218 CR3: 0000000066dab000 CR4: 00000000003526f0
[  386.194508][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  386.194518][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  386.194529][    C1] Call Trace:
[  386.194535][    C1]  <IRQ>
[  386.194547][    C1]  unwind_next_frame+0x3f9/0x20a0
[  386.194567][    C1]  ? kfree_skbmem+0x1a4/0x1f0
[  386.194595][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  386.194618][    C1]  arch_stack_walk+0x94/0x100
[  386.194644][    C1]  ? consume_skb+0xcc/0x100
[  386.194668][    C1]  stack_trace_save+0x8e/0xc0
[  386.194690][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  386.194713][    C1]  ? __lock_acquire+0xaa4/0x1ba0
[  386.194740][    C1]  kasan_save_stack+0x33/0x60
[  386.194754][    C1]  ? kasan_save_stack+0x33/0x60
[  386.194768][    C1]  ? kasan_save_track+0x14/0x30
[  386.194783][    C1]  ? kasan_save_free_info+0x3b/0x60
[  386.194804][    C1]  ? __kasan_slab_free+0x51/0x70
[  386.194819][    C1]  ? kmem_cache_free+0x2d4/0x4d0
[  386.194843][    C1]  ? kfree_skbmem+0x1a4/0x1f0
[  386.194901][    C1]  kasan_save_track+0x14/0x30
[  386.194917][    C1]  kasan_save_free_info+0x3b/0x60
[  386.194939][    C1]  __kasan_slab_free+0x51/0x70
[  386.194956][    C1]  kmem_cache_free+0x2d4/0x4d0
[  386.194981][    C1]  ? kfree_skbmem+0x1a4/0x1f0
[  386.195008][    C1]  kfree_skbmem+0x1a4/0x1f0
[  386.195032][    C1]  consume_skb+0xcc/0x100
[  386.195053][    C1]  nft_synproxy_do_eval+0x943/0xd80
[  386.195080][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  386.195104][    C1]  ? __lock_acquire+0xaa4/0x1ba0
[  386.195132][    C1]  ? __lock_acquire+0xaa4/0x1ba0
[  386.195158][    C1]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  386.195182][    C1]  nft_do_chain+0x2e9/0x1920
[  386.195206][    C1]  ? ip6t_do_table+0xbf0/0x1be0
[  386.195233][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  386.195282][    C1]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  386.195312][    C1]  nft_do_chain_inet+0x18a/0x340
[  386.195333][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  386.195354][    C1]  ? nf_log_dump_packet_common.constprop.0.isra.0+0x1a0/0x330
[  386.195383][    C1]  ? lock_acquire+0x179/0x350
[  386.195412][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  386.195431][    C1]  nf_hook_slow+0xbb/0x200
[  386.195451][    C1]  nf_hook.constprop.0+0x422/0x750
[  386.195475][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  386.195498][    C1]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  386.195524][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  386.195553][    C1]  ip6_input+0xe0/0x2f0
[  386.195575][    C1]  ? __pfx_ip6_input+0x10/0x10
[  386.195596][    C1]  ipv6_rcv+0x265/0x680
[  386.195620][    C1]  ? __pfx_ipv6_rcv+0x10/0x10
[  386.195641][    C1]  __netif_receive_skb_one_core+0x12d/0x1e0
[  386.195659][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  386.195678][    C1]  ? lock_acquire+0x179/0x350
[  386.195709][    C1]  ? process_backlog+0x3f0/0x15e0
[  386.195725][    C1]  __netif_receive_skb+0x1d/0x160
[  386.195741][    C1]  process_backlog+0x442/0x15e0
[  386.195764][    C1]  __napi_poll.constprop.0+0xb7/0x550
[  386.195781][    C1]  ? rcu_is_watching+0x12/0xc0
[  386.195803][    C1]  net_rx_action+0xa97/0x1010
[  386.195829][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  386.195848][    C1]  ? sched_balance_domains+0x283/0xee0
[  386.195892][    C1]  handle_softirqs+0x216/0x8e0
[  386.195917][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  386.195944][    C1]  __irq_exit_rcu+0x109/0x170
[  386.195964][    C1]  irq_exit_rcu+0x9/0x30
[  386.195983][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  386.196005][    C1]  </IRQ>
[  386.196011][    C1]  <TASK>
[  386.196019][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  386.196037][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  386.196059][    C1] Code: e5 61 02 e9 53 fc 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 cf 1c 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  386.196074][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
[  386.196089][    C1] RAX: 0000000001f37427 RBX: 0000000000000001 RCX: ffffffff8b6d2419
[  386.196100][    C1] RDX: 0000000000000000 RSI: ffffffff8dbe291d RDI: ffffffff8bf48aa0
[  386.196111][    C1] RBP: ffffed1003b5b488 R08: 0000000000000001 R09: ffffed10170a65bd
[  386.196122][    C1] R10: ffff8880b8532deb R11: 0000000000000000 R12: 0000000000000001
[  386.196133][    C1] R13: ffff88801dada440 R14: ffffffff90850010 R15: 0000000000000000
[  386.196151][    C1]  ? ct_kernel_exit+0x139/0x190
[  386.196179][    C1]  default_idle+0x13/0x20
[  386.196194][    C1]  default_idle_call+0x6d/0xb0
[  386.196209][    C1]  do_idle+0x391/0x510
[  386.196232][    C1]  ? __pfx_do_idle+0x10/0x10
[  386.196260][    C1]  ? trace_sched_exit_tp+0x31/0x130
[  386.196288][    C1]  cpu_startup_entry+0x4f/0x60
[  386.196310][    C1]  start_secondary+0x21d/0x2b0
[  386.196327][    C1]  ? __pfx_start_secondary+0x10/0x10
[  386.196349][    C1]  common_startup_64+0x13e/0x148
[  386.196381][    C1]  </TASK>
[  407.576421][   T31] INFO: task kworker/u8:6:1110 blocked for more than 143 seconds.
[  407.576452][   T31]       Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0
[  407.576464][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  407.576472][   T31] task:kworker/u8:6    state:D stack:23224 pid:1110  tgid:1110  ppid:2      task_flags:0x4208060 flags:0x00004000
[  407.576531][   T31] Workqueue: events_unbound linkwatch_event
[  407.576563][   T31] Call Trace:
[  407.576571][   T31]  <TASK>
[  407.576583][   T31]  __schedule+0x116f/0x5de0
[  407.576618][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  407.576654][   T31]  ? __pfx___schedule+0x10/0x10
[  407.576684][   T31]  ? find_held_lock+0x2b/0x80
[  407.576708][   T31]  ? schedule+0x2d7/0x3a0
[  407.576736][   T31]  schedule+0xe7/0x3a0
[  407.576760][   T31]  schedule_preempt_disabled+0x13/0x30
[  407.576784][   T31]  __mutex_lock+0x6c7/0xb90
[  407.576814][   T31]  ? linkwatch_event+0x51/0xc0
[  407.576842][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  407.576866][   T31]  ? __lock_acquire+0xaa4/0x1ba0
[  407.576900][   T31]  ? debug_object_deactivate+0x1ec/0x3a0
[  407.576929][   T31]  ? linkwatch_event+0x51/0xc0
[  407.576953][   T31]  ? rtnl_lock+0x9/0x20
[  407.576977][   T31]  linkwatch_event+0x51/0xc0
[  407.577002][   T31]  ? __pfx_linkwatch_event+0x10/0x10
[  407.577029][   T31]  ? rcu_is_watching+0x12/0xc0
[  407.577053][   T31]  process_one_work+0x9cf/0x1b70
[  407.577088][   T31]  ? __pfx_macvlan_process_broadcast+0x10/0x10
[  407.577111][   T31]  ? __pfx_process_one_work+0x10/0x10
[  407.577140][   T31]  ? assign_work+0x1a0/0x250
[  407.577163][   T31]  worker_thread+0x6c8/0xf10
[  407.577195][   T31]  ? __pfx_worker_thread+0x10/0x10
[  407.577216][   T31]  kthread+0x3c2/0x780
[  407.577235][   T31]  ? __pfx_kthread+0x10/0x10
[  407.577252][   T31]  ? __pfx_kthread+0x10/0x10
[  407.577269][   T31]  ? __pfx_kthread+0x10/0x10
[  407.577286][   T31]  ? __pfx_kthread+0x10/0x10
[  407.577303][   T31]  ? rcu_is_watching+0x12/0xc0
[  407.577325][   T31]  ? __pfx_kthread+0x10/0x10
[  407.577345][   T31]  ret_from_fork+0x45/0x80
[  407.577364][   T31]  ? __pfx_kthread+0x10/0x10
[  407.577383][   T31]  ret_from_fork_asm+0x1a/0x30
[  407.577422][   T31]  </TASK>
[  407.577508][   T31] 
[  407.577508][   T31] Showing all locks held in the system:
[  407.577517][   T31] 1 lock held by kthreadd/2:
[  407.577530][   T31] 5 locks held by kworker/0:0/9:
[  407.577540][   T31] 10 locks held by kworker/u8:0/12:
[  407.577551][   T31] 3 locks held by kworker/u8:1/13:
[  407.577562][   T31] 2 locks held by kworker/1:0/24:
[  407.577573][   T31] 1 lock held by khungtaskd/31:
[  407.577583][   T31]  #0: ffffffff8e3bfc00 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  407.577631][   T31] 3 locks held by kworker/u8:2/36:
[  407.577644][   T31] 4 locks held by kworker/u8:3/55:
[  407.577655][   T31] 3 locks held by kworker/1:1/58:
[  407.577666][   T31]  #0: ffff88814dac3d48 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  407.577714][   T31]  #1: ffffc9000124fd18 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  407.577763][   T31]  #2: ffff88805b1bc538 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x42/0xca0
[  407.577818][   T31] 3 locks held by kworker/u8:4/65:
[  407.577834][   T31] 3 locks held by kworker/u8:5/1091:
[  407.577844][   T31] 3 locks held by kworker/u8:6/1110:
[  407.577855][   T31]  #0: ffff88801b481148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  407.577903][   T31]  #1: ffffc90003c47d18 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  407.577950][   T31]  #2: ffffffff90125ca8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  407.578003][   T31] 3 locks held by kworker/u8:7/1131:
[  407.578014][   T31] 3 locks held by kworker/u8:8/1155:
[  407.578026][   T31] 3 locks held by kworker/1:2/1220:
[  407.578037][   T31]  #0: ffff88801b479d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  407.578091][   T31]  #1: ffffc90004087d18 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  407.578138][   T31]  #2: ffffffff90125ca8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x83/0x1170
[  407.578195][   T31] 3 locks held by kworker/u8:9/3026:
[  407.578207][   T31] 6 locks held by kworker/R-bat_e/3396:
[  407.578218][   T31] 3 locks held by kworker/u8:10/4252:
[  407.578229][   T31] 1 lock held by jbd2/sda1-8/5149:
[  407.578240][   T31] 1 lock held by klogd/5176:
[  407.578251][   T31] 3 locks held by udevd/5187:
[  407.578261][   T31] 2 locks held by crond/5556:
[  407.578272][   T31] 2 locks held by getty/5573:
[  407.578282][   T31]  #0: ffff888035f8a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  407.578327][   T31]  #1: ffffc900030062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  407.578380][   T31] 3 locks held by syz-executor/5800:
[  407.578392][   T31] 5 locks held by kworker/1:3/5860:
[  407.578403][   T31] 2 locks held by kworker/1:5/5862:
[  407.578414][   T31] 4 locks held by kworker/1:6/5894:
[  407.578425][   T31]  #0: ffff88805accad48 ((wq_completion)wg-kex-wg0#12){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  407.578480][   T31]  #1: ffffc900054b7d18 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  407.578545][   T31]  #2: ffff888058ab5308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880
[  407.578594][   T31]  #3: ffff888013590338 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880
[  407.578643][   T31] 3 locks held by kworker/1:8/5907:
[  407.578654][   T31] 4 locks held by kworker/1:9/5934:
[  407.578664][   T31]  #0: ffff8880260bb548 ((wq_completion)wg-kex-wg2#12){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  407.578717][   T31]  #1: ffffc9000b5b7d18 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  407.578780][   T31]  #2: ffff88807a199308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880
[  407.578828][   T31]  #3: ffff88804e1eaad8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880
[  407.578877][   T31] 1 lock held by syz-executor/8230:
[  407.578887][   T31] 2 locks held by kworker/0:7/8234:
[  407.578898][   T31] 2 locks held by syz.8.560/8242:
[  407.578909][   T31] 5 locks held by kworker/0:10/8267:
[  407.578920][   T31] 1 lock held by syz.7.586/8288:
[  407.578930][   T31] 2 locks held by syz-executor/8290:
[  407.578941][   T31] 2 locks held by syz.9.590/8298:
[  407.578951][   T31] 8 locks held by syz.9.590/8300:
[  407.578962][   T31] 2 locks held by syz.5.591/8302:
[  407.578972][   T31] 
[  407.578977][   T31] =============================================
[  407.578977][   T31] 
[  407.578985][   T31] NMI backtrace for cpu 1
[  407.578996][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  407.579018][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.579027][   T31] Call Trace:
[  407.579033][   T31]  <TASK>
[  407.579039][   T31]  dump_stack_lvl+0x116/0x1f0
[  407.579070][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  407.579092][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  407.579111][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  407.579134][   T31]  watchdog+0xf70/0x12c0
[  407.579157][   T31]  ? __pfx_watchdog+0x10/0x10
[  407.579173][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  407.579199][   T31]  ? __kthread_parkme+0x19e/0x250
[  407.579226][   T31]  ? __pfx_watchdog+0x10/0x10
[  407.579242][   T31]  kthread+0x3c2/0x780
[  407.579259][   T31]  ? __pfx_kthread+0x10/0x10
[  407.579274][   T31]  ? __pfx_kthread+0x10/0x10
[  407.579290][   T31]  ? __pfx_kthread+0x10/0x10
[  407.579305][   T31]  ? __pfx_kthread+0x10/0x10
[  407.579320][   T31]  ? rcu_is_watching+0x12/0xc0
[  407.579340][   T31]  ? __pfx_kthread+0x10/0x10
[  407.579356][   T31]  ret_from_fork+0x45/0x80
[  407.579372][   T31]  ? __pfx_kthread+0x10/0x10
[  407.579388][   T31]  ret_from_fork_asm+0x1a/0x30
[  407.579424][   T31]  </TASK>
[  407.579431][   T31] Sending NMI from CPU 1 to CPUs 0:
[  407.579454][    C0] NMI backtrace for cpu 0
[  407.579465][    C0] CPU: 0 UID: 0 PID: 3396 Comm: kworker/R-bat_e Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  407.579481][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.579490][    C0] Workqueue: bat_events batadv_tt_purge
[  407.579507][    C0] RIP: 0010:unwind_get_return_address+0x26/0xa0
[  407.579524][    C0] Code: 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 c1 ea 03 53 48 89 fb 0f b6 04 02 84 c0 74 04 3c 03 7e 59 <8b> 03 85 c0 75 09 31 c0 5b 5d c3 cc cc cc cc 48 b8 00 00 00 00 00
[  407.579536][    C0] RSP: 0018:ffffc900000071b0 EFLAGS: 00000246
[  407.579546][    C0] RAX: 0000000000000000 RBX: ffffc900000071c8 RCX: ffffc9000000711c
[  407.579555][    C0] RDX: 1ffff92000000e39 RSI: ffffffff8dbbd30b RDI: ffffc900000071c8
[  407.579564][    C0] RBP: ffffc90000007258 R08: 0000000000000001 R09: 0000000000000000
[  407.579572][    C0] R10: 0000000000000004 R11: 000000000008d428 R12: ffffffff81a70900
[  407.579581][    C0] R13: ffffc90000007288 R14: 0000000000000000 R15: ffff8880323f4880
[  407.579589][    C0] FS:  0000000000000000(0000) GS:ffff8881249df000(0000) knlGS:0000000000000000
[  407.579603][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  407.579612][    C0] CR2: 00007f51b313b79d CR3: 000000002abb9000 CR4: 00000000003526f0
[  407.579621][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  407.579629][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  407.579637][    C0] Call Trace:
[  407.579642][    C0]  <IRQ>
[  407.579646][    C0]  arch_stack_walk+0xa6/0x100
[  407.579665][    C0]  ? __netif_receive_skb_one_core+0x197/0x1e0
[  407.579680][    C0]  stack_trace_save+0x8e/0xc0
[  407.579697][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  407.579714][    C0]  ? __lock_acquire+0xaa4/0x1ba0
[  407.579733][    C0]  kasan_save_stack+0x33/0x60
[  407.579748][    C0]  ? kasan_save_stack+0x33/0x60
[  407.579759][    C0]  ? kasan_record_aux_stack+0xb8/0xd0
[  407.579775][    C0]  ? __call_rcu_common.constprop.0+0x9a/0x9f0
[  407.579788][    C0]  ? dst_release+0x266/0x340
[  407.579799][    C0]  ? skb_release_head_state+0x234/0x290
[  407.579813][    C0]  ? consume_skb+0x85/0x100
[  407.579827][    C0]  ? nft_synproxy_do_eval+0xa6b/0xd80
[  407.579844][    C0]  ? nft_do_chain+0x2e9/0x1920
[  407.579860][    C0]  ? nft_do_chain_inet+0x18a/0x340
[  407.579875][    C0]  ? nf_hook_slow+0xbb/0x200
[  407.579886][    C0]  ? nf_hook.constprop.0+0x422/0x750
[  407.579899][    C0]  ? ip_local_deliver+0x169/0x1f0
[  407.579911][    C0]  ? ip_rcv+0x2c3/0x5d0
[  407.579935][    C0]  ? __pfx_dst_destroy_rcu+0x10/0x10
[  407.579947][    C0]  kasan_record_aux_stack+0xb8/0xd0
[  407.579964][    C0]  __call_rcu_common.constprop.0+0x9a/0x9f0
[  407.579976][    C0]  ? percpu_counter_add_batch+0xb8/0x1f0
[  407.579994][    C0]  dst_release+0x266/0x340
[  407.580007][    C0]  skb_release_head_state+0x234/0x290
[  407.580022][    C0]  consume_skb+0x85/0x100
[  407.580038][    C0]  nft_synproxy_do_eval+0xa6b/0xd80
[  407.580060][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  407.580080][    C0]  ? ip_vs_conn_out_get+0x67f/0xb20
[  407.580103][    C0]  ? ip_vs_service_find+0x19d/0x1020
[  407.580127][    C0]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  407.580148][    C0]  nft_do_chain+0x2e9/0x1920
[  407.580172][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  407.580197][    C0]  ? ip_vs_in_hook+0xe10/0x27a0
[  407.580212][    C0]  ? ip_vs_in_hook+0x329/0x27a0
[  407.580237][    C0]  nft_do_chain_inet+0x18a/0x340
[  407.580255][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  407.580278][    C0]  ? nf_nat_ipv4_local_in+0x181/0x720
[  407.580304][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  407.580328][    C0]  nf_hook_slow+0xbb/0x200
[  407.580344][    C0]  nf_hook.constprop.0+0x422/0x750
[  407.580360][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  407.580376][    C0]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  407.580391][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  407.580408][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  407.580429][    C0]  ip_local_deliver+0x169/0x1f0
[  407.580444][    C0]  ? __pfx_ip_local_deliver+0x10/0x10
[  407.580460][    C0]  ip_rcv+0x2c3/0x5d0
[  407.580475][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  407.580490][    C0]  __netif_receive_skb_one_core+0x197/0x1e0
[  407.580506][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  407.580523][    C0]  ? lock_acquire+0x179/0x350
[  407.580550][    C0]  ? process_backlog+0x3f0/0x15e0
[  407.580564][    C0]  __netif_receive_skb+0x1d/0x160
[  407.580580][    C0]  process_backlog+0x442/0x15e0
[  407.580599][    C0]  __napi_poll.constprop.0+0xb7/0x550
[  407.580616][    C0]  net_rx_action+0xa97/0x1010
[  407.580637][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  407.580651][    C0]  ? mark_held_locks+0x49/0x80
[  407.580675][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  407.580697][    C0]  ? tmigr_handle_remote+0x132/0x380
[  407.580720][    C0]  ? run_timer_base+0x121/0x190
[  407.580740][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  407.580769][    C0]  handle_softirqs+0x216/0x8e0
[  407.580791][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  407.580812][    C0]  ? batadv_tt_local_purge+0x21c/0x3c0
[  407.580831][    C0]  do_softirq+0xb2/0xf0
[  407.580849][    C0]  </IRQ>
[  407.580854][    C0]  <TASK>
[  407.580860][    C0]  __local_bh_enable_ip+0x100/0x120
[  407.580879][    C0]  batadv_tt_local_purge+0x21c/0x3c0
[  407.580897][    C0]  ? look_up_lock_class+0x59/0x150
[  407.580921][    C0]  ? __pfx_batadv_tt_local_purge+0x10/0x10
[  407.580942][    C0]  batadv_tt_purge+0x8b/0xb80
[  407.580961][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  407.580981][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  407.580998][    C0]  ? __pfx_batadv_tt_purge+0x10/0x10
[  407.581020][    C0]  ? rcu_is_watching+0x12/0xc0
[  407.581040][    C0]  process_one_work+0x9cf/0x1b70
[  407.581061][    C0]  ? __pfx_process_one_work+0x10/0x10
[  407.581081][    C0]  ? assign_work+0x1a0/0x250
[  407.581098][    C0]  rescuer_thread+0x620/0xea0
[  407.581119][    C0]  ? rcu_is_watching+0x12/0xc0
[  407.581137][    C0]  ? __pfx_rescuer_thread+0x10/0x10
[  407.581154][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  407.581175][    C0]  ? __kthread_parkme+0x19e/0x250
[  407.581198][    C0]  ? __pfx_rescuer_thread+0x10/0x10
[  407.581215][    C0]  kthread+0x3c2/0x780
[  407.581230][    C0]  ? __pfx_kthread+0x10/0x10
[  407.581245][    C0]  ? __pfx_kthread+0x10/0x10
[  407.581259][    C0]  ? __pfx_kthread+0x10/0x10
[  407.581273][    C0]  ? __pfx_kthread+0x10/0x10
[  407.581288][    C0]  ? rcu_is_watching+0x12/0xc0
[  407.581306][    C0]  ? __pfx_kthread+0x10/0x10
[  407.581327][    C0]  ret_from_fork+0x45/0x80
[  407.581342][    C0]  ? __pfx_kthread+0x10/0x10
[  407.581358][    C0]  ret_from_fork_asm+0x1a/0x30
[  407.581385][    C0]  </TASK>
[  510.010553][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  510.013495][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  510.016314][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  510.163915][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  510.198707][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  510.198729][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  510.198760][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  510.198770][   T31] Call Trace:
[  510.198777][   T31]  <TASK>
[  510.198786][   T31]  dump_stack_lvl+0x3d/0x1f0
[  510.198818][   T31]  panic+0x71c/0x800
[  510.198852][   T31]  ? __pfx_panic+0x10/0x10
[  510.198879][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  510.198902][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  510.198920][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  510.198939][   T31]  ? watchdog+0xdda/0x12c0
[  510.198957][   T31]  ? watchdog+0xdcd/0x12c0
[  510.198978][   T31]  watchdog+0xdeb/0x12c0
[  510.199000][   T31]  ? __pfx_watchdog+0x10/0x10
[  510.199017][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  510.199043][   T31]  ? __kthread_parkme+0x19e/0x250
[  510.199071][   T31]  ? __pfx_watchdog+0x10/0x10
[  510.199089][   T31]  kthread+0x3c2/0x780
[  510.199108][   T31]  ? __pfx_kthread+0x10/0x10
[  510.199124][   T31]  ? __pfx_kthread+0x10/0x10
[  510.199141][   T31]  ? __pfx_kthread+0x10/0x10
[  510.199157][   T31]  ? __pfx_kthread+0x10/0x10
[  510.199173][   T31]  ? rcu_is_watching+0x12/0xc0
[  510.199196][   T31]  ? __pfx_kthread+0x10/0x10
[  510.199214][   T31]  ret_from_fork+0x45/0x80
[  510.199231][   T31]  ? __pfx_kthread+0x10/0x10
[  510.199248][   T31]  ret_from_fork_asm+0x1a/0x30
[  510.199284][   T31]  </TASK>
[  510.199475][   T31] Kernel Offset: disabled