last executing test programs:

16m35.895009467s ago: executing program 3 (id=1144):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x500, &(0x7f0000001ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000002e00010026bdf000fcdbdf250400000008000c00", @ANYRES32=0x0, @ANYBLOB="5fc15a56094d978e0fbb60cc7ef221d2eb68a16c255e0e441020d3b1b819ccc1c8b799ac4f9ebf7749ce2537ed3cfc97f2976daeab04279f4e09d9b077af24782da5715e"], 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

16m34.77396589s ago: executing program 3 (id=1147):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x20880, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_CLOCK(r4, 0x8030ae7c, &(0x7f0000000240))
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x5, 0xffffffffffffffff, 0x1, 0x109e96, 0xffffffffffffffff, 0x3ffffc, 0x1, 0x0, 0x2, 0xfffffffffffffffd, 0x2, 0x10000, 0x6, 0x2, 0x7fffffffffffffff], 0xc000, 0x1c341})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
io_uring_setup(0x457, &(0x7f00000003c0)={0x0, 0x3, 0x20, 0x0, 0x3c})
fanotify_init(0x8, 0x8000)
pipe2(&(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000140))
fcntl$setpipe(r6, 0x407, 0x0)
r8 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, 0x0)
r9 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
pwrite64(r9, 0x0, 0x0, 0x2)
read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020)
write$FUSE_ENTRY(r6, 0x0, 0x0)
io_setup(0x5, &(0x7f0000000000)=<r10=>0x0)
r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
r12 = inotify_init()
io_submit(r10, 0x2, &(0x7f0000000640)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r12, 0x0}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x8, 0xffff, r11, 0x0, 0x0, 0x3, 0x0, 0x1, r11}])
setsockopt$packet_buf(r11, 0x107, 0xd, &(0x7f0000000000), 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r13 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r13, 0x7a7, &(0x7f0000000040)=0x90000)

16m29.205119605s ago: executing program 3 (id=1157):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000008000000000000000000000000000760211d5a85686a25609e91fa80bf75df3fef8d90660cc48957af13f2e9e5c03c29a22cfdf97afbfb2f499704d21b184c8765eccf8fd7b05a6dfd540023684b1c458f8aad69531003bb6f530a8eb3584d0ec9a03e7ccf22013045dfbfa3f3de786641a262fd09785baeb850c10dc6386c3f81b38dba073bde7c40ca5b7eaa3461dfd27796b3ff042b86786145fcb645c48a5ac2c5a3809225b8bfc213363faa10bcf4153b5337f79cc3bb8b60b55ae7d1ba70cfcd7921b97dc70060d032e2afbf3f9a5f75e1c89718a95a677ba3f5f34021fe88895cbde214be5c8b64d2f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005400e5fa70bd7000ffffffff07000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="01030000e000000200000000000000000000000086"], 0x38}}, 0x40084c0)
sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt(r9, 0x6d6, 0x259d, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020300090800009e3c9745580000000000000000000300060000000e0002000000e00000090000000700000000000000000000000002000000e000000100000000000000002938f58f30432dec534660f4ab6c246a31977916ff6f5e76f9d787"], 0x40}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x1881}, 0x20002000)
setsockopt$packet_int(r5, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r2, @ANYBLOB="0800c3"], 0x30}}, 0x0)

16m26.919111529s ago: executing program 3 (id=1159):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x80000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
open_tree(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r3=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3004de259c2996817bb959ebab028deddeffafde2500", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r4})

16m25.788453907s ago: executing program 3 (id=1163):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18d63142470000000700000000000000f5ffffff94000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1, 0x0, 0x5}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x4, 0x4, 0x0, 0x0, @sint}]})
eventfd2(0x8, 0x1)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = getpid()
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000000080)=0xfff, 0x4)
setsockopt$inet_int(r4, 0x0, 0x13, &(0x7f0000000000)=0xffffff7e, 0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r6)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="6d932bbd70000000000001"], 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r6)

16m24.842237544s ago: executing program 3 (id=1165):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))
open_by_handle_at(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000020000000e000000000000000900000000000000f97d4b8949aea66ba057273e74340caf16430d0b3df804cff9ecc9924b302d4c45bc8588a0d6d8dca0ec59ec3ef4160690d768c0e8cba8f3c94799c8b424e63a0bc21b79188b25604b950bcf50867b4d8a0b3dc62f5c14beff42b8b2ba71d49443499c4dbfe43aaf942e"], 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000007500)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x6, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x2}}}], 0x18}}], 0x1, 0x68034)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x4e22, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x18}, 0xd1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, 0x0, 0x8000004)
io_setup(0x2, &(0x7f0000000040)=<r4=>0x0)
iopl(0x3)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x59, 0x0})
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001400add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000800ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

16m9.443633505s ago: executing program 32 (id=1165):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))
open_by_handle_at(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000020000000e000000000000000900000000000000f97d4b8949aea66ba057273e74340caf16430d0b3df804cff9ecc9924b302d4c45bc8588a0d6d8dca0ec59ec3ef4160690d768c0e8cba8f3c94799c8b424e63a0bc21b79188b25604b950bcf50867b4d8a0b3dc62f5c14beff42b8b2ba71d49443499c4dbfe43aaf942e"], 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000007500)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x6, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x2}}}], 0x18}}], 0x1, 0x68034)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x4e22, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x18}, 0xd1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, 0x0, 0x8000004)
io_setup(0x2, &(0x7f0000000040)=<r4=>0x0)
iopl(0x3)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x59, 0x0})
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001400add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000800ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

2m5.691009965s ago: executing program 1 (id=3335):
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))
open_by_handle_at(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000020000000e000000000000000900000000000000f97d4b8949aea66ba057273e74340caf16430d0b3df804cff9ecc9924b302d4c45bc8588a0d6d8dca0ec59ec3ef4160690d768c0e8cba8f3c94799c8b424e63a0bc21b79188b25604b950bcf50867b4d8a0b3dc62f5c14beff42b8b2ba71d4944349"], 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000007500)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x6, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x2}}}], 0x18}}], 0x1, 0x68034)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x4e22, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x18}, 0xd1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, 0x0, 0x8000004)
io_setup(0x2, &(0x7f0000000040)=<r4=>0x0)
iopl(0x3)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
io_submit(r4, 0x1, &(0x7f00000000c0)=[0x0])
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x59, 0x0})
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001400add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000800ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

2m4.54321542s ago: executing program 1 (id=3339):
r0 = fsopen(&(0x7f0000000300)='debugfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x8, 0x4000)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, 0x0, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0xb, 0x73}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000000), 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = eventfd2(0xe5c, 0x80000)
r10 = eventfd2(0x4001, 0x800)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000300)={r10, 0x40000, 0x2, r10})
r11 = eventfd2(0x8, 0x80001)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000140)={r11, 0x7, 0x2, r9})
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f00000000c0)={r11, 0x0, 0x2, r9})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
pipe2$watch_queue(0x0, 0x80)

2m3.167579571s ago: executing program 1 (id=3344):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x48500, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r2, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, r3, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r5, 0x0, 0x0, 0x200000000})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000100)={0x28, 0x0, r2, r5, 0x0, 0x0, 0x0, 0x23, &(0x7f0000000040)="d5e781ae781db7db68b089ba46610e7131e46ce0290c8bed6f752d1c69d2dab8cb2dc1"})

2m3.089291233s ago: executing program 1 (id=3345):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28000000b8535d5042e5ba00723207a2824b772165950000000000000000000a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x0)
kexec_load(0xff0e, 0x1, &(0x7f0000000900)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000001000000090000000c"], 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x0, 0x88, &(0x7f00000002c0)=[{}], 0x8, 0x10, &(0x7f0000000300), &(0x7f00000003c0), 0x8, 0x6d, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000380)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@uuid_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000002200000000000100009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
times(&(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000a40)={{0x2, 0x0, 0x40, 0x6, 'syz0\x00', 0x10000003}, 0x0, [0x0, 0xfffffffffffffffe, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffffff52, 0x5, 0x1, 0x8000000000000000, 0x8, 0x0, 0x4000000000000, 0xfffffffffffffffe, 0xfffffffffffffff7, 0x0, 0xfffffffffffffff5, 0x0, 0x8000000, 0x3, 0x0, 0x9, 0x9, 0x2, 0x0, 0x7fffffff, 0x85, 0x3, 0x0, 0xb9e4, 0x0, 0x100000000000000, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffb, 0x6, 0x6, 0x0, 0x3, 0x61, 0x9, 0xfffffffffffffc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x200000000000, 0x1, 0xfffffffffffffff8, 0x0, 0x0, 0x4, 0xc000000000000000, 0xfffffffffffffffc, 0x0, 0x0, 0x7, 0x1, 0xcb, 0xfffffffffffffffc, 0x0, 0x200, 0x9, 0x5, 0xffff, 0xfffffffffffffff8, 0x5, 0x0, 0x0, 0x10001, 0xebc, 0x0, 0x4000000000000, 0x74c, 0x6, 0x6, 0x400000000067, 0x7, 0x10000000, 0x7fffffff, 0x401, 0x0, 0x1, 0x76e, 0x0, 0x4, 0x5, 0x4, 0x0, 0x1, 0x1, 0xf32, 0x9, 0x2001, 0x0, 0x0, 0x0, 0xa562, 0x0, 0x80000005, 0xffffffffffffffff, 0x0, 0x5, 0x8, 0x1, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0x6, 0xfffffffffffffffb, 0x0, 0x0, 0x8, 0x0, 0x7, 0x4, 0x1553, 0x40, 0x0, 0x1, 0x0, 0xf65]})
unlink(&(0x7f00000002c0)='./file0\x00')

1m58.808972633s ago: executing program 1 (id=3353):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x0, 0x240, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x5, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x401, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x1, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x3, 0x8, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7d, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x4, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x7fff, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x8000003, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0x9, 0xfd, 0x601, 0x101, 0xdd80, 0x60a2, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0xfffffffa, 0x7, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x6d, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x55, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0x0, 0x8, 0x40f1, 0x2, 0xffffffff, 0x6, 0x80008001, 0x7777, 0x1, 0x20000002, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000440)=[{0xfffffffffffffffd}, {&(0x7f0000000140)="9e43c38e", 0x4}], 0x2, &(0x7f0000000540)=[@ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1000}}, @ip_ttl={{0x14, 0x0, 0x2, 0x55000000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote}}}], 0x80}, 0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x2, 0x14, 0xf0, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x100000000000003, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x10000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m57.977487304s ago: executing program 1 (id=3356):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x2010042, 0x0)
gettid()
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000300)={0x0, 0x7, &(0x7f0000000200)="952bb3e006ae9a"})
ioctl$EVIOCSCLOCKID(r3, 0x400445a0, 0x0)

1m57.702771388s ago: executing program 33 (id=3356):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x2010042, 0x0)
gettid()
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000300)={0x0, 0x7, &(0x7f0000000200)="952bb3e006ae9a"})
ioctl$EVIOCSCLOCKID(r3, 0x400445a0, 0x0)

15.333441594s ago: executing program 0 (id=3650):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xfe2a}]}}]}, 0x3c}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 10)

14.532645495s ago: executing program 0 (id=3652):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
r2 = getpid()
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1800, 0x0)
r4 = syz_open_procfs(r2, &(0x7f0000000100)='net/dev_snmp6\x00')
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = syz_pidfd_open(r2, 0x0)
setns(r5, 0x24020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r1}, 0xc)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000001c0)={0x398, 0x874f})

12.250862006s ago: executing program 4 (id=3657):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x65, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r1 = syz_clone3(&(0x7f0000000340)={0x201180, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
get_robust_list(r1, 0x0, &(0x7f0000000140))
waitid(0x2, r1, 0x0, 0x1, &(0x7f0000000400))
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f00000000c0))
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8060}, 0x4000040)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x21c00c, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r3}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x18, 0x13, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_query, @map_fd={0x18, 0xb}, @jmp={0x5, 0x0, 0x4, 0x9, 0x2, 0x0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x4}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0xe3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x51ad}]}, &(0x7f00000005c0)='GPL\x00', 0x6, 0xbf, &(0x7f0000000680)=""/191, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000007c0)={0x4, 0x5, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000900)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3], &(0x7f0000000a00)=[{0x1, 0x1, 0x0, 0xa}, {0x2, 0x5, 0x8, 0x8}, {0x3, 0x1, 0xf, 0x9}, {0x3, 0x3, 0x0, 0xa}, {0x1, 0x5, 0x7}, {0x5, 0x2, 0xa, 0x4}, {0x5, 0x3, 0x3, 0x2}]}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'bridge0\x00', 0x854e3c20dac5ae9c})
r5 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r5, &(0x7f000001aa40)=""/102400, 0x19000)
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x9, 0x12, r6, 0x9a903000)

11.972365215s ago: executing program 6 (id=3659):
r0 = syz_open_dev$usbfs(0x0, 0x75, 0x341)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x2c, 0x3, 0x0)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r7}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x70, 0xe0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x270)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
write$UHID_INPUT(r9, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb000000002f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d6ced5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed700129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb21fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
recvfrom(r1, 0x0, 0x0, 0x40000000, 0x0, 0x0)

11.458365851s ago: executing program 4 (id=3661):
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR(r4, 0x114, 0x2, &(0x7f00000001c0)={{&(0x7f0000000280)=""/232, 0xe8}, 0x0, 0xb}, 0x20)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)
socket$nl_generic(0x10, 0x3, 0x10)

10.663282073s ago: executing program 6 (id=3663):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0)
socket$rds(0x15, 0x5, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x264, 0xb8, 0x11, 0x148, 0xb8, 0x0, 0x1d0, 0x2a8, 0x2a8, 0x1d0, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr=0x64010102, @multicast2, 0x0, 0xff000000, 'wg1\x00', 'dvmrp0\x00', {}, {0xff}, 0x67, 0x3, 0x2}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x7fffffff, {0x8000}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0xff, 'vlan0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x1}, 0x0, 0xb8, 0x118, 0x0, {}, [@common=@ttl={{0x24}, {0x2, 0x40}}, @inet=@rpfilter={{0x24}, {0x18}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x5, 0x3, 0x0, 0x6, 0x1], 0x1, 0x1}, {0x1, [0x1, 0x0, 0x0, 0x4, 0x1, 0x3], 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2c0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)

10.567475671s ago: executing program 0 (id=3664):
r0 = socket$phonet(0x23, 0x2, 0x1)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0x1}, {&(0x7f0000000040)}], 0x2}, 0x0)
recvmmsg(r5, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/120, 0x78}], 0x1}}], 0x1, 0x0, 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)={0x620440, 0x0, 0x22}, 0x18)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049ce)
openat(r6, &(0x7f0000000000)='./file0\x00', 0x401c2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
acct(&(0x7f0000001000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0xa4)
ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, &(0x7f00000000c0)=0x40)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYRESHEX=r6], 0x0)

10.243266758s ago: executing program 4 (id=3665):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = syz_clone3(0x0, 0x0)
get_robust_list(r0, 0x0, &(0x7f0000000140))
waitid(0x2, r0, &(0x7f00000001c0), 0x1, &(0x7f0000000400))
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f00000000c0))
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8060}, 0x4000040)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x21c00c, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r2}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x18, 0x13, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_query, @map_fd={0x18, 0xb}, @jmp={0x5, 0x0, 0x4, 0x9, 0x2, 0x0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x4}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0xe3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x51ad}]}, &(0x7f00000005c0)='GPL\x00', 0x6, 0xbf, &(0x7f0000000680)=""/191, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000007c0)={0x4, 0x5, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000900)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2], &(0x7f0000000a00)=[{0x1, 0x1, 0x0, 0xa}, {0x2, 0x5, 0x8, 0x8}, {0x3, 0x1, 0xf, 0x9}, {0x3, 0x3, 0x0, 0xa}, {0x1, 0x5, 0x7}, {0x5, 0x2, 0xa, 0x4}, {0x5, 0x3, 0x3, 0x2}]}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'bridge0\x00', 0x854e3c20dac5ae9c})
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f000001aa40)=""/102400, 0x19000)
r5 = syz_open_dev$sndctrl(0x0, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x9, 0x12, r6, 0x9a903000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc4c85513, &(0x7f0000000d80)={{0x8, 0x4, 0xfffffbdb, 0x7, 'syz0\x00', 0xfffff801}, 0x0, [0x9, 0xd, 0x2, 0x10001, 0x8c08, 0x9, 0x10000, 0x202, 0xf0f3, 0xffff, 0x87, 0x4, 0x6c2b, 0xfffffffffffffffe, 0x98f2, 0x4b05, 0x3ff, 0x400000004, 0x6, 0x8000000000000000, 0x800000000000001, 0x8, 0x109, 0x1ff, 0x1, 0x8, 0x6, 0x8, 0x6, 0x5, 0x1, 0xfff, 0x3, 0x4, 0x7, 0x8000000000000000, 0x3, 0x4000000000000000, 0x2, 0x5, 0x800000, 0x0, 0xdb4, 0x5, 0x16, 0x9, 0xe, 0x5, 0xc, 0x6, 0x2, 0x3b7, 0x5, 0x0, 0xfffffffffffffff9, 0x4, 0x7fd, 0x5, 0x0, 0x8000, 0x5, 0x34b, 0x7, 0x7, 0x4, 0x15af, 0xb79, 0x8, 0xfff, 0x81, 0x9, 0x83, 0x7, 0xf8, 0x0, 0x6, 0x4, 0x5, 0xc46b, 0x0, 0xd, 0x3, 0xb, 0x8000000000000001, 0x12, 0x4, 0x2, 0x7, 0x7fffffff, 0x1, 0x4, 0x10000, 0xe72, 0x10000000000003ff, 0x7, 0xc08b, 0x410, 0x80000001, 0x40, 0x1, 0x200000100000000, 0x100000001, 0x42, 0x3, 0x9, 0xc5, 0x0, 0x2, 0x3, 0x33, 0x2f6f, 0x7, 0x5a73, 0xfffffffffffffff9, 0x7fffffff, 0x8, 0xfffffffffffffff8, 0x3, 0xde, 0x6, 0x800000000, 0xfffffffffffffffe, 0x2, 0x105ba93c, 0x4000000000004, 0x7, 0xfffffffffffffff7, 0x10]})

9.438619092s ago: executing program 6 (id=3666):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r5}, 0x18)
open(&(0x7f00000001c0)='./file0\x00', 0x148640, 0x78e22799f4a46f1e)
r6 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}})
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
sendto$packet(r7, &(0x7f0000000000)="09000000e700140000007ef52f55", 0xe, 0x24000801, &(0x7f0000000080)={0x11, 0x88a8, r9, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={r10, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="b9ff038768441a8cb89e14f00800", 0x0, 0x5, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x4, 0x12, 0x50}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)

9.281183765s ago: executing program 5 (id=3667):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18d63142470000000700000000000000f5ffffff94000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1, 0x0, 0x5}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, 0x0)
eventfd2(0x8, 0x1)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = getpid()
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000000080)=0xfff, 0x4)
setsockopt$inet_int(r4, 0x0, 0x13, &(0x7f0000000000)=0xffffff7e, 0x4)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r8)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r8)

8.274237004s ago: executing program 6 (id=3668):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x248)
close(r3)
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40043d0d, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_udp_int(r5, 0x11, 0x66, 0x0, &(0x7f0000000480))
mq_notify(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x36, 0x0, @tid=r2})
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
syz_fuse_handle_req(r3, &(0x7f0000002100)="d775792ca585520f18984d4f3f5ac50c9a22b48f814c2e6ef84c6a9215c40271bd8f991a4884d73be0090ac6ab3c40fee64ceb75e03ce329bd4f8bae1cd2fe7b2bb8d88faf7206b99ae5d30116f002df6fc81cdceb2e542efd36453874d74cc86856364e757a92eb3d1e04dab417b6b070e6d9f40093fba4b20763054ffeed168825c9ae1d3509eecd990ca5cdb610d46db94f259e152765bf79a2c93ff005d33c2760935690c4caceed1cff313359c592590d56b1175c13918950bcb818fa9b796ce45adec7631d658cc3ba16bacba6babe9f5073a7212643133112751545cf9379516d1a1dbb106ee98e8773b1dde940317b039b38614824c52fa8dee96ca6dd618f26f7db7e5a32c25082f74f2168bc6f1f152b9081ac0e8c5e07c006f9ca2b00b89e2137581b7ae32d3db87c96aab5c8da3d7acd375f88158956e6a617e8a73266ebcd63a73c35c849fa77a4d58a146f4afb3c750f82d1b3d507e7f5184f29ec70a06ae3f4f76db795674b06859ceb2566dc6e3622e20fefa1bbe8315ce4818b7a791b6ed6969d9bbdfcd4cc3a830a95a72df42083b023ccbf7a73baa2c9727a84ce1b7fae601324091da18122abcaf3d5429186dc6d25c029d88ca724d5f31677b862d7de0244de618c8365d484dd3adad8d99b7ab6694da46c8b97d08c180814159fff0e879ff329606544e0d7f9a4033e9e8267e397adb294d91ae3dc45448394c9c5777b674b7ab607719d6af5c6c28445d072f1206ab00a46ca01c587c4326e70b64b48eecda6f75c3b0b7b891d387e3f1e94fac32662550afc0b02adf5d00c8138506338ef56a0bf825e1f075d52c9a110f6389695eed1dd948aacff8d9bef808f85271a1f021562ac02b371dd7bf1ec9951ed44d84aab2c4e77422c853faf60457102eb1ab64cf8283042306d015bb6fe9793e6284adaced247653ce22557a0fbd91e96f7ced66a759912928f576ffc6fadab97585d7ef4ee498a0101424bbc24711a8b2a9bddf0435794bccd0a774c5d7b9109a7e4b08b717c5ca9a6e9f70de38a474f76f271239c6b3d46672eb32bc665cd0141bc68516b181dff5a375acf624d36d0b3ade4c732e07636529a34ac25d90805b70732ce020d16d6da20a14ca9eed87de324c7c51171bb832715a61691dc8e5c1fdf1c0da20a9ff4db8a539cfa2f03e451add506e7e64c3328f86b45e2807528689835892b293b8097844aa41f6a28fbe617e521fffc471c1fa3c77f023c93b37927c31b5b762eb3297c9d2945b5cbd071150227c2f82c0b07c2ba7c97a5f91874709cf20f10d7749658cebf5e3bcc5c2f23c27ea45d5cd586de62ccaf7dabd26bffb6cc83c4c2fe022fc153f1671b632dc0a8847a8a35b068ddb081de06810a2ce6830f4c27d820374626e622f4192cc6a3b97cc5f486f151d3dd179193ae140ff0652cc565deb8ca364932d92778f20a5e5eea7316e310d49cc9e0acd073f6fa8c398beb08d38dad0bfd0b8b281de766448b97a386ea51b0b2fa3cc65f57252150b05e959e8ac3973cb4a525197c8285804560ed790443f81928d604ddc6b196e586f0eac32b90b6bdc131bc5ee7c0a31e9fa627951f01421bca1a17118b92abf15eb022c4840b4f8d137ecb4a2a615a7184ff26d6004beca8bbbcbe3f78f233c620ff33c4a522dc1443f2cdfbdde86e142f1f502e1735c760f9deb597d1624a01005608515ce970765ef251d698cbd5806162ce3636a07af31b5ba5dfacf4add8edf7fbbdb7baf0183ef6f2e1f19bc079deac3f8f57452192fd257db5da4177a0728bc42a306917a873d9f1af2aa5e3e55bdac6d7f76d0f3a33b9e084bed15088534d33fe18e4521f59ed52c75b9d92d87c7de380c4a09824575a871c31c4cc16cffc14ff30903aa7c0ddc70dafce1893734ccad3e5f1f14a687a0bf31abe3eeed2b0780a785f7b52e98b233aae7a5e7badb9d061fa7e2bea6ae70ac5639fc8d5eda1b33d6bf922e3687308ef8e6fb773b67022de48ab20f5a4a55b59a74a40767e260ac5cbdbd64045b6ebc123c9a008cd07e57ff7cd1a4759267343244680a49e5b488cafafba11041949de92b87a302200534f6d7c8c38f6602ee58a12f2989bbcd9fdea5f1c171d601071b01d0aaf00afef28c9be7caa95d69becf9650c5d6bedbd1704ee9ef0515b604a110a64391f17e920ffb747797522579d8295a499b1de9e88d5f99cd18e2521fce8eb92f90cced868ae81c102a137f3d3d1888315e8c9a4bba1fce7be0a794fa049f868859394f19af1816418be51717521bebe7ebf39b1a98caf283b7d41a283e5241d9dd845c75b1b4dfc4432955b9630a907980698c2a3eea78a28f6f50f27adcae3536d91289e8e1cac1d202ed36015b0c067d14c0faca2dfe8d49bc9bed7db2dca86d66ba00e09c3f5ff164994b272baaf27f8b7cb1110ae8bdc7915845a03c764204ac5f1678ef1ca842b1c2bd5713daad8e044c4d85abc09a0b6c1ab5846e4837698c293d948d708d8d3dba08863e3e42aae3474944aa5d2c09d62d179d4687a3c7cbc1cd54ccb4e98cf07f232ac5b0b65902768450a702da66bc7f9ef68571606fc8015d4294fedb82d3304cdf095c480f0088c8f229e9900f89319e56f910162c12758fc01c28ee4e3882e2ae1c099db1158bf2104082ad8f1b0019b1b04a419588510a9169cea5bf45ec6605535ad70ea0c44e0406d6d5531845cb734c2818415ea19874386cce1827d1241ec79e1b3508190582ec8c36cfbe83b822e2e4333b49c20f49d932a504fa6bcd9951a1c9c374f76186e8415de8a3a83422dd0355ce1c818c5903b99f5c483dbe8facb9d52c1fe035d61b1d532f8340cb94428b1614802230d837bb2ae46111a53a3875b019da2885eb51e174d8fbf9cc35203ecb23194b46c6265ed2be611a5f6bf550c1897c549cb8406dc53b218e584eb278b2d66e377d6c197a924079aac84025af0b2c3d57dff3446670a193da4b5ebfa45c52fdf31554d9f492fd6947f134b7bee6d507e3f5ceba0b3e03f44d2403446f9b9f2fa78bfd94b82a0fb484d8431c09d55f8f70ee6a3b36e7880165aae4ce82eba3fc274f26202700e8d25582e3fb8d8694dbaa6ba832a45d75bd21d5b3a55fe7447411c82da92e182be6d5e5d41ecac036c6545aca4c5cfa892f22aa2feb2b8f5e2ffab92666ac94874e6d0b4eb34683cf5a36c076d1a638febd3ab88b2dd1f0ae3e99c91790dcef661cb94226a049082ae57aec5ed6c504d7705e9f6816d0d326d3db19222aa1d2e9723710f7e022be46afda5c41aed4166416b6ba9bd247557de882dd7bd4f8b0870dded56c295ff6c722bbbd293cb385fe5b3f3f26985d1887556afc6d73d1f3be6bac50899cf25f4f9a4737cfa1f5fe692a70d547cc5b76b296c548b283a3882e732767f9c3fac89e05a40833007f2ee67f438b5db47c69ad60dcc3836906c9bab85e34b4411681fc3cb529791fc0269a1a60bc7bf401a9a91a6b6a77d120f295f8afcff1bd43010cd0763208b056ad232c0087962e50605897d0f5c498e21c406585380d8ab23a30126dfebffd3bffacdd19d05776db97e260f2bb08d39fce60dfd1597029390708c7442cb5a3c7acade9d4ec250ae38441fce4c4c5917bda0f334de7f119d0a4581e4551f173789a8681b659ee0b35f0cad83c236ffb3e305e91c5366755a773756e1e58f899281833c7c97327f73f7486e95383f4d457a7e7100069679c4876e2afdb464e5ef8baefa837e180b85825689ad10d6e1e84b45f7389ecda989de4f317338d892058deb9bccb661a6286d126d5831021ad92bf98813793a10cbfa896f530c017e9e9b86d8503bce4689d698fef4209f36da2bd8fd21ba5642aead6a19d003a14830f24e6d32ca3046158d230a46c63c6c0da5651b80443a3a003bfefd9763b210b706a1da61069f6807666366751942ed70e14c2025ffddbd50d60638ccc9aedad31057b82a594fec0108d8b1a8f61d5e3bbf39373cfa8faffdb1a5aa657bf01128bf4f921dd7dd32c992ed442c76bc89e07ffd8f39d051d349ef54af1a8a2f506243cfd994a5064495655a20f2735f9c5889e34fd09f013610f6a5a01d5b25ac9e92f1845af7880487f6f4abdb90d70e031d22d16c92fc1a366aec532e712ac4234e8cb063e15bf11fe0bdd85e4bf5271e0dfec8892379f7a694df3e292ac4ce523810ac7b05e2c0e1536fe01e1ae43f9ed982409e58d49e6b7ecf3c72701bbf95c1bd800b76371cfa1ad7d76d5c2bdc80b3d981e3b26670f29e6e7e4bc9f7435efc0c5a53352082019a110bcacf9a437c52b227bdad4ab1d126292eb80daa3eefd983f32bedbf1dd7ea68adef7447c0eafc70e1b42a74241d11d6e015c98122c90ef2f940b65c75b5023b22b9c1c47e32edc6a8e59daf89566d94132418768f49db4ccf2d3e47be8cc71564daca18694c4850cdee2ca79ad505f1cf63becd9c172267809d93efaf6f541673ec69b43d6a3e862663da08250ecc78d801faa70e97ab853e370b72af7943186f166570dea82938a804ca57b66856369ebeedd488a9a24a7b5fbba3eceeef03757668780948d1aa11b3127fa747507d6c9583ffd3ca4cd405beb6645920c2077d4d4851030adbb9f51ed820c0fa494b4a1045ef30696c4ea63745598fdd050cc6af4de3d06f57841fd48e45eb7c8b096518cc4e38df022a02628cf3d4876a241d4f58438569c7d7a4ae81306ecb420439b091bc78b33869a2ace57089b1401c1ca751358fc72f29723e7af15cb1b400d2866cd27b85d4c728ae8406b6efb9d30a2c6605e67095fb72cf0afb989593ffe22d89a5eb79a4017a263e19a8a3adb79ac6801c095b505aa47b2d43ec6114ff7befdc7bdcfdbad0a4fd400cd2b8fc10a44fbe84878e953bbe0e89debb9fcef232fa46b5d3217702cd4e0a0eec1cc37729111d8a2c128cf11b1a61f2b3e3939020d09b15169c3a5505083c16079d3cfc59fd6c9102f0ec1e4098bad19bc40d1636ee770d7452978b1dd77aca3fa0b821aa95056d0d3e6834d8cab13d0023bd4335f0731b35097f040025b64e273feb6b287ffd0bec126143c95b362a5f5257a7978e6b17d9462748e21be59e2a88a31a7195dc6d3d2b8cb94d55135663281fbe67e59e95938bd3897ca85efdf2f6c2c0caa220af4ecd38fb85d5f936d8dd19e78b17d7a4f5c0f489275f8e28d383fd40ee56744a8fe7e985b6a59a6337b9798ecc6348a2e5174d499a5bd7a3f9ef9c37b83db35badc9c362b541adc9623f4c0f35bdc54dcd62db6468fc55486a82b532cdfc12af021c7144f1f9f5a4e3f20d93dae7dfb9a14f7a0d8faf0a116107f9077d8984d87f542261b8df116125d31515fe54a47b29ae762a554b0a6a4bdedc7d2d9b5f56b59d8a4090e72e313295d756df986a8e16b089e394936d9d2bef2633ba9e697d6407b391b812a55d9578bd5800ab7ed0d539e6670180bf904b2159d4f4dfdf6e22b4ff1c66bb3ba69974d3ed2ab7850dd6a97a33f193aea2346935e56eb5c86e04eb10f35e0bee4a797d0028d996f1598f51f83b5d11c8cdbd42023737e45a5c0ebc989838a88ffcf3168737f17f12ecfdc8518c319c15241478d695351e99d76a1440c088154c3454adef6fbd240f2fe08291eb113a4864b91b13573c9bc2acbe635d4d3473f8eeddfe82976057a2fe29a61dec6b30139d4791a9a8595a04e815f1a91e88bdf2f773760774f65a0461d53924c75ef9ece31a21e4ba64bcd82b09bfe93538df2ac6091ad10f77735133772ca0588e9af51b4df60c0168fd2296a0a3a2a4fdf6862081bf80470455b47f199e5cb999f429acfbd17416556d3d81c1c25727ffbb515a5458378fc26cec54c1ba401cf3e0857a4651957e833024924c3fdd52fda2d0aec6f2ad6ad6e1d0fe7784ef11191459158965e929a7d6a1de6bf094c196943b272014ea99c5a2fb34a335057bb31d47ba859730f9ccceec4f188a819ee144f2794d34363d7ad3b32c633e9ebd68e6123f2b176eba12ded45efd187d16c00a702041d2039e6e1440b76cb2ed84adc29bcb71db3e71edd5a231e6122cd39106934a57c11f750ba1fdea00623b447a6060ebe60fadbfb2aab5b22b999cd9090bc24f23673119772909a68de42452328e279549be4c9e0c8a23544fe8719252833ed80d5a89e7e848b6c4e61ab032540707e8287ac7fdd0882e33d43cff1498aa564f8011e6726af9e8673037edad730a259d3831d5642a22c2a1f24cfad0032211b80f1ea87516edbf3b43d52272e66a40fc9eec256709405e35052b15a724bf72ef8e46bdead526a77717515896415524864979e8de78a5111ee8a3516b36eec3e02e59845bb051dbc3f893be73318fe726e2821aa4f24341b8177432fdc856318cbc2c3f4750033863b0f653db2789d82d6343093a83c9714e74044b252d3dbf8fe1f81230f0ffc2a0f9379f5e70a72aa7c22d565493a47967ff4022c359c794b599d67f6be4c1da9634bd85ad13516f7c6b36be6eb53ad5c80aeb3258c52a7d0493cc55adf6ae884cfa6dd5dcc265218669b603e342ed30cbb6903938ef46fe7a5e2fefbe57d5ea046df8035e0e858e707065cc4b2e4225f1261a6c268c9dd02fb709404cd87c553ace93a4896af93d5faf1c1f1072398460dee57a20686d8bc1bb1e3429bdbdbf78d361e4af9b4d6c6ec1025d135712a868396f79575193b078de8009ab4b65fad2d829bf454cbb690a31c3d7088cd5e42802d6e6bb16013ead1890edf186c341b93d06854b12226bbbf2a655e71ef2e2a35444b7ea6f63b1f8424ddccfdc7ffd1483797fff4374f7452612f1dffedd4fda2a7bd580a3622078dcf96bd12747d1dda69efe8baa6c06c0cd07909149b91fd7afb2d345b88472b14f6ed52c82f5f2427af870e01b60f6eee0d23d438298df6e5f274166e255b07947892c0e843fd7302ef1d4b4985031e58a0cefa1690d87169d09d20c6ad1d4b1d8a17e447438e9b2d64b6c9eb5b3321aed04a84cd7fbd0a5234025f60ca9d14bba3903085829fd6a7a8e17ce276f55b33c831c04b2ecf194b4d3767d5af29cec80a874c70d3f7ad89f261dec617730e9aab4e534cd0e07ec1ed3f9c3685e747928d939edf54b1028fd2549cc2657fddd9a3ef7f631e4f847e552aeaa0a8412f902b0902a0dc569faf5acdaf94094e9fa722b2c5574ed9de6b7d5e5b6ee0755259eaa6ea231daa1476ee9ee07108a8903faf69e5e1469ffe851d89bc7e1dbf9c3ec0c4fe195811ccfcd038efbcf90b2d6f459a958f6f3436647c51d9d1ddbf0d8e6f2022e434538d9a6fe85b10e0dfd72a79eddc0b3fea7d67151b52e7b2c05cbbc0977d36343a4bcd322b7e65eda4d3fe7970f337e4a00f49d09a331c932b8c6e643b19efb6047cb12f81de75c2e303b02bd1c45f589f5b3fbb4c6071426eab4e32c4174da9df05e8db8328402e8630d514cf3a30a3231a1f20c4caa8a32a6e8f3ea01bdb02348d680c35c64bca6bd239548e9ab2679acee0d7845b13ab218b9fcce68b5b3f15ccca8c9024af876f3d3fc5fc3e73db62da3696e032c8df00dc87a7cd678ba6ec0760f771b3172571186e975b3fa781502a31e54a505084e37a293e7e7242256233cefd724adea4d97eb6941f46dd47725711485edfe5f8089f424d02886d7f307c7e0c7c56112152016ead8d2010b922063547b7e28132e85da6c126f050784db4e7470dc5f9a82edd2d24d9bc08c831b536fa7686f6ad18b9caebcc49228718d7aec0ee9bf92bf20989824873436dbcea6f2535fff3d0ca778c42fcba185ccba23a5cf685e57460c74c0d2cdaa8262b48e685fc59c55d69a3bafd09168dbf3e408ec5eab015dbd4c94ec9c37d8b980c86c16a5ba690e8ef1775c995042d424e4277d25476d218f65553c18d31aa1a48511a01f475c3c9463737c7126d027b88ecdc9865a65a4bedab77c60b0a486c25bdf49093b8390e6d03a5f2363a846893e00c86720cc5c062bd2e08ade19091a9d088f9e812e32fc47999bf96c02323e711a1def7f2d92487afc1f50269c7475dabf9dc57db368673bbfc1597b03dcacd98e4c43828eb29c3180d00a71836f076d2c260f38bd3b9345d9df212f3142a953e957fda338001ca780f65714ba856cd7d4400aac079a8297078b9b52ca796fb475a577046d0d3b7f4e16a2ef7f9f2da32c755afde48b5d11c87e37a630ed261e87b120462376a31681d2bf0410b3dbe7821190907534168333d89e3a3338014bda64348d16973ecaf43479df46cccad8dfdb432c5c930c4449817d8dadb8910312c9d2a449459fa2b5c06f143102585980da1630e5974ba6cda27e1e60c7cf99dba3a66df82a4d0a668349ce8a22f2784b780e185a7e75c028a0483f910a66e746d291e879a525d043f85ee1aab860e1db88211c0d1e9f11f578f6c9e10b34ebe936b8f7f00b7aee25347454f319de50f8e2f1488bddea3ec468b82f93da92445d044abd220bd27eaf1bd38f03a8671a676e45fc02b88a11cb501edeecad8d33b89b056bbe1dbb9982e05d9c5d5c99d208f0239f179c9315eb6186a8f7047a7b189c52b998667930e4161af833b4097a8e2f1a8fb0f40240c43e96512d814056d490fb4f233454af1b575fd3710e07a83e2dc333cb233eb78e23001a651286ed7daf44a283a2a080051b4f280f0f6c206c728e6efa20dfdb518551d8f024e76146df86188ea2e4df9369d956d7e1903baf815d0f7c861cc567ffd38ca3ae0719f570bf7b3aeae4cbfd407463e1369077876519ee240e09994cb41f2f0862462eab62e387c0cbf9568e55289b50a3661435f3723c88d6dbb44d48981c9a7c57df195f03bea59209bc1f4f46d139ae779ad3fb8679ef1f526b19a988d5c2421a823857ee738e4b3286311c76bb5261884cd17e19b9d326587a5adc5b60780a36281e4b73b252b4cd13e6f5d20917fe71a7a128d510f52bac521006454b3bdd07f2d18cd35290cd9c82361c5251d799581496de3c03eaa6cc5b3ab6a9294de1c27c4db532314106a28dcd311380b992b6b363d7ad292ee1b469ff3dc28015352ef4d18cb8b2e59e3661ad118a618bcc0c6a72d66ffb4ca52518b832a40c8ed92d6aa0e30f74a6bb5010fae0df19586d87e7f5399c1b0f462f2d4c7ace211b7339a2415a0a6234c4b1be5abcc9503161bbc608c293c81f0c72c6f80c748963203c42b7dc616a66d6e142389716223f8df5a25827775e3c1a52315d688fd7db9f95bd6d65e3001f15ef9564788a328d2224f50a5a74fb912d5d28ff27e557c6874c7183897609c44d147dafce304f79575a2e0a1094fe903df3927c9e2565e4a942ceacece5f71bc7aa5b6ee39549f4a2f76f611688d50a1adf67d354fa3eff64cd11b09c49fb21a63f4f3b98530785e6b3ca6d715549cdd41c8dee53d90a84340ece50b5914590a711987f1935f5341fb0bd23eb1b69a7e7defb9f4462b7e2cb22e1fb6e269330a15441701705161b96816b986417da97e572df34fbfb442cdf5b04963adb20beafc734499ca3dd318793a515d0c80583139f0244ac94ba7519c301a68eda216b03eb0630d2634c6bf35cecc314ebddf0829b48420b23bad146a7ea1317a2b24820e54f72d1cb710e6b171d238654080f28af3c4a83a79394d450d057eee134c78b84eb7d28c335fb2c9b8264f5c6fee0a00262c547ebcaccd036748d0dce39909af912e2c26f5e135b4416ca3265d4176d33c404f6b9578c0e2430c64f8a16213da110834a104da087b19e8fc9551d2279209a2b97f9cc11bb0ed216e023a8fe9be80282c05df008f6dbb0f625c686713cfa219fc56571d23b118149f63eac37436a1418f2953a513be0b9bf37721139fcfd8ff71a4152f7dd12ce21ca9559e139723f10477bb4d7e392bfdc43630a017318c6710c1cb913607b6531cd83aea3b9754d13cf0e2086828335d8158a27c7901ca438d5dff225995efcd0d28892984193962821257b28582d9d23b033b1f8774e32ca40f3e6e4470e59772de988cdc0e709f914d3d9f5509a5992eab7004039517cf8f2b22655386e525ec55f2dd4c1e23bf9dc6a2b58c1738e9b056b0b54e3cc567a729a4bfda918b17bad3384ea0702973d8f29477ab0042f8b3a4b1c447e65a03868a2d6d4ecf8342805d31a6b36f7d0695be673246ce919e3abdfb4e5f12e64a0a826419a4bc5879cdb1ce14e1c986805340e5914caaa7298d1cc48c616aa3d691331949e1f4d9056093393b7794c38284b21c739aba8803f7714622efec66193e95100e8e5b1e2756e89f3b1130c98e0a70151d8c31d9f504d372a9581b514927686f0eba9637ea4ffa9bac81bd18cbc3eecfa88a605f660e8ad1f770a21c7922466525b845dc4d7ffd0f261bfac97ce6d1e246e77ed232940326c9c6cc32cb58dce48f3b85140e86d0c22042c3f824f5b3e1d19b125326749a350af700924471c973c7100ab87a63eb7b42b3a323e2846e3a8b615c63b38d0b642ad99434d1ae422bd1bcb805c1e6c6f12a7c86ae3c8fb9e9d036f6f5d2aee04b3ba6e99bd175426b2445be17726b1e5704edf04102710063a9cdf618fba02b0344e81e09d5fbe8c9a6839fb71c222e8ed8667272e877960d11b4fbedc5aab26550dd81377d021183382487dbf60631f12fe17004922f1da5af6c496a8073bf4fa30ab34ab5d4618d48de94566968ff96e6eff96cd0728b0d82ccb6222b61610e3b7c5abc9a6fd91e4d79b7526c1f6428e59ea4a310e0ed83d35ed4339083b09d2657a861da3eb263185eadc1ff1adeed62511bad7fbc3ae55cb76ee2a567295d3b320d178582e4d63b678aef505efdc3b92430732456c98c0949f9dcf37daf0af2c796cfd7f1b2dc7f0c56e3d692158830294a23c61eebe180db6241346d66db04cf84562d57a22f4d672c1cd23891bd9749ca9929a82807e74b7e97d7c92bd3a531a357f83c25b04e3b591dc3ded869a3b51191d2c8805064b6c6886ac0d3e2c6cec085f97295034be1484e6e22dc6918c04a87dd3b7943ca06c61606a3f1805042c7ba1f1483275a5bc4b3284241c4316c91439df6c9f2c9f385bdd3862d7c085183d00e038bc4ff77a5bb82be9a9c75c03fed315c8c4cb8f801bb59dd559708c1f4bde1b600ec123e7d0b8a8912fbbe5721267c4a53dfff5a2892d6d28d78357db264c4d82b499fe2ef59329002d5def85ad8db64428d60abc6f0fdeb20f5446b30a9956acbff444f26474ce08cc526fd8113b6b9d409b3fdde8987e9c8df5f0c5c158ca2f37b2d05ff70c8053f872dd8b7b94be14983ca6fba42917c7dacb497ec0f0af32bef27e1f3f90bb3347e87486595ec5666a1119aaf0c9acf32f34337e9e33024f4620d1cbc887f31b20e5f4d6cfd15b35c753a42d72aed5e6e1800025c2c0d2f96ad89781e388124fb066e4083da3b1f783cf54064b063434586bc4f76674f86c0607659aa91d0020505e28ac47c47a410ad89fb556b664523fb6a0707bcff42dfb47130c3f7c19bde857878d696dcff6ba0585b98fd7f39c8c5f661a1d6faddc7acae83a091fbc66", 0x2000, &(0x7f0000004d80)={&(0x7f0000000540)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x2b, 0x320, 0xffffffff80080200, 0x2, 0xf43b, 0x12b9, 0x0, 0x0, 0x0, 0x80, 0x5bc}}, &(0x7f0000000140)={0x18, 0x0, 0x4, {0x7}}, &(0x7f00000005c0)={0x18, 0x0, 0xdd3, {0x101}}, &(0x7f0000000600)={0x18, 0x0, 0x2}, &(0x7f0000000780)={0x18, 0x0, 0x9, {0x7}}, &(0x7f0000000800)={0x28, 0x0, 0x200, {{0xfffffffffffff67c, 0x7df0, 0x2, r2}}}, &(0x7f0000000880)={0x60, 0x0, 0xf, {{0xfffffffffffff800, 0x2, 0xf, 0x401, 0x0, 0xb, 0x4, 0x8001}}}, &(0x7f0000000900)={0x18, 0x0, 0x80000001}, &(0x7f0000000a80)={0x1a, 0xfffffffffffffff5, 0x7, {'/dev/ptp0\x00'}}, &(0x7f0000000ac0)={0x20, 0x0, 0x0, {0x0, 0x2}}, &(0x7f0000000b00)={0x78, 0x0, 0xc5, {0x9, 0x0, 0x0, {0x3, 0x800, 0x8, 0x3, 0x5, 0x1, 0x4, 0x8001, 0x80, 0xa000, 0x6, 0xee00, 0xee00, 0x1ff, 0xedd3}}}, &(0x7f0000000bc0)={0x90, 0x0, 0x3, {0x2, 0x3, 0x8, 0x3, 0x0, 0x3a2, {0x1, 0x6, 0x9, 0x8, 0x8, 0xad11, 0x8, 0x10001, 0x79, 0x1000, 0xdc, 0x0, 0x0, 0x4, 0x3}}}, &(0x7f0000000c80)={0x58, 0x0, 0x2, [{0x3, 0x7f, 0xd, 0x9, '/proc/mdstat\x00'}, {0x6, 0x8000, 0x1, 0x5, '.'}]}, &(0x7f0000004580)={0x5c0, 0x0, 0x7, [{{0x5, 0x1, 0x6, 0x0, 0x81, 0x6, {0x1, 0x6, 0x5f4b, 0xa9, 0x8ed5, 0x1000, 0x9, 0x2b7, 0x7, 0xc000, 0x4, 0x0, 0x0, 0x1000000, 0x7}}, {0x1, 0xfffffffffffffffb, 0x0, 0x8}}, {{0x6, 0x2, 0x0, 0x1, 0x8, 0x9, {0x1, 0x8, 0x100000000, 0x8, 0x9, 0x400, 0x6, 0x7, 0x4f, 0x4000, 0x6, 0x0, 0x0, 0x100, 0x10}}, {0x1, 0x7f, 0x5, 0xf, '%[(.]'}}, {{0x2, 0x3, 0x1, 0x6, 0x9, 0x9, {0x1, 0x3, 0x8000000000000001, 0x3470, 0x5, 0x0, 0x7, 0x5, 0x8001, 0x8000, 0x6, 0x0, 0x0, 0x6232, 0xa}}, {0x6, 0x0, 0x1, 0xc0000000, '%'}}, {{0x3, 0x1, 0x7, 0x80000000, 0x101, 0x400, {0x3, 0x5, 0x0, 0x7, 0x4, 0x4, 0x9, 0x3, 0x3, 0x6000, 0x7, 0x0, 0xffffffffffffffff, 0xd, 0x6}}, {0x2, 0x10001, 0xa, 0x6, 'syzkaller\x00'}}, {{0x4, 0x3, 0x3, 0x10001, 0x9, 0x6f, {0x5, 0x3, 0x1, 0x1, 0x7, 0xfffffffffffffffd, 0x3, 0x7, 0x8, 0xc000, 0x8085, 0x0, 0x0, 0x10001, 0x4}}, {0x2, 0x689, 0x4, 0x7, 'GPL\x00'}}, {{0x4, 0x1, 0x1, 0x1a6, 0x240, 0x6, {0x1, 0xfffffffffffffff7, 0x0, 0x6, 0x2, 0x0, 0xfffffffa, 0x0, 0x7, 0x1000, 0x401, 0x0, 0xffffffffffffffff, 0x4, 0x3}}, {0x6, 0x6, 0x8, 0x5, '\'^/(^+{.'}}, {{0x3, 0x0, 0x0, 0x7, 0x7, 0x9, {0x2, 0xd, 0x2, 0xffffffffffffffff, 0x4, 0x4cb5, 0x7, 0x10000, 0xfffffff8, 0x4000, 0x7f, 0x0, 0x0, 0xc, 0x3}}, {0x6, 0x7, 0x2, 0x4, '-;'}}, {{0x4, 0x2, 0x6, 0x45d4, 0x4, 0x8f, {0x5, 0xbc, 0x80000001, 0x230, 0x2, 0xd, 0x2, 0x3, 0xbf, 0x1000, 0x6, 0xffffffffffffffff, 0x0, 0x1, 0x1}}, {0x6, 0xffffffffc4924525, 0xa, 0x6, 'syzkaller\x00'}}, {{0x4, 0x3, 0x5, 0x7ff, 0x4c81, 0xd8, {0x1, 0x0, 0x9, 0x1, 0x2, 0xfffffffffffffffe, 0x0, 0x80, 0x8, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x1000}}, {0x3, 0x9, 0xa, 0xb7, '/dev/ptp0\x00'}}]}, &(0x7f0000004b40)={0xa0, 0x0, 0x1, {{0x2, 0x2, 0x4, 0x4b, 0x4, 0x1, {0x6, 0x636c, 0x6, 0xc5ec, 0x9, 0x4ca7, 0x8, 0x0, 0x5, 0x1000, 0x101, 0x0, 0x0, 0xd, 0x5}}, {0x0, 0x2}}}, &(0x7f0000004c00)={0x20, 0x0, 0x7fffffff, {0x7fffffff, 0x0, 0x6, 0x1}}, &(0x7f0000004c40)={0x130, 0x0, 0x1d87, {0x101, 0x7, 0x0, '\x00', {0x1, 0x7f, 0x3, 0x9, 0x0, 0x0, 0x4000, '\x00', 0x2, 0xc0, 0x401, 0x8000000000000001, {0x6, 0x196}, {0x8, 0x9}, {0x7fffffffffffffff, 0x5}, {0x7}, 0xb36d, 0x8, 0x0, 0x8ee}}}})
getsockopt$bt_hci(r6, 0x84, 0x80, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f)
madvise(&(0x7f0000091000/0x1000)=nil, 0x1000, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/mdstat\x00', 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_UNLINKAT={0x24, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)='./file0\x00'})
socket$kcm(0x10, 0x2, 0x0)

7.927911442s ago: executing program 4 (id=3669):
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xe}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x7}, 0x18)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r5, 0x5608)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES8=r2], 0x48)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000840)={0x2, 0x4, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@cswp={0x58, 0x114, 0x7, {{0x88, 0x800}, &(0x7f00000000c0)=0x3b3, 0x0, 0x10001, 0x2, 0x0, 0x4, 0x21, 0x9}}], 0x58, 0x8004}, 0x0)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r7, &(0x7f00000005c0)={0x2, 0x0, {&(0x7f0000000340)=""/185, 0xb9, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg(r7, &(0x7f0000000a00)={0x1, {&(0x7f0000000a80)=""/188, 0xff7b, 0x0, 0x3, 0x1}}, 0x48)
write$vhost_msg_v2(r7, &(0x7f0000001a00)={0x2, 0x0, {&(0x7f0000001940)=""/173, 0xad, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r7, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r7, &(0x7f00000004c0)={0x1, {&(0x7f0000000240)=""/36, 0x24, 0x0, 0x3, 0x3}}, 0x48)
write$vhost_msg_v2(r7, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48)

7.03705728s ago: executing program 5 (id=3670):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x48500, 0x0)
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000100)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000040)="d5e781ae781d"})

6.748336418s ago: executing program 0 (id=3671):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz1\x00', {0xfff7, 0xe, 0x100, 0x81}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x995, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x5, 0x101, 0x6, 0x7, 0x6, 0xff, 0x2, 0xa5f2b87a, 0x409, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0x6, 0xa, 0x2, 0x5, 0x0, 0x3ff, 0x6, 0x7, 0x8000, 0xfffffffd, 0x80, 0x8, 0xfc74, 0x9, 0x7, 0x101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x8, 0x3, 0x8, 0x8, 0x0, 0x8, 0x1, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdab, 0x5, 0x2, 0x76c4, 0xd064, 0x10000005, 0x4, 0x10000, 0xd, 0x0, 0x9, 0x10, 0x4000e, 0x9, 0x87, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x0, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0x3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7b, 0xa, 0x0, 0x1000, 0xf1, 0x5a56, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x6, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x5, 0x5d3a, 0x5, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7e2, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x4, 0x4, 0x200, 0x0, 0x7, 0x4e6, 0x8, 0x40000000, 0x5ef, 0x8000, 0xc, 0x41, 0x400, 0x1, 0x5, 0x0, 0x9a8, 0x99f, 0x231, 0x3ff, 0x8, 0x1, 0xffff0002, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x202, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$KVM_MEMORY_ENCRYPT_REG_REGION(0xffffffffffffffff, 0x8010aebb, &(0x7f00000000c0)={0x1000, 0x8d000})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000001c0)={r6, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r8=>0x0], &(0x7f0000000040), 0x1, r7})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000580)={0x201, 0x1, &(0x7f0000000180)=[r7], 0x0, &(0x7f0000000640)=[r8, r8, r8], &(0x7f0000000340), 0x0, 0xffffffffffffffff})
socket$inet_udp(0x2, 0x2, 0x0)
dup(0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb0100180000001800000002000000000000000000000d0a0000000100000000000085fc3f00"/50], &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0x8}, 0x28)

6.574233798s ago: executing program 5 (id=3672):
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
accept4(r0, 0x0, 0x0, 0x800)
pwritev(r0, &(0x7f0000000580), 0x0, 0x3, 0x3)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.986572683s ago: executing program 2 (id=3673):
r0 = syz_open_dev$usbfs(0x0, 0x75, 0x341)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x2c, 0x3, 0x0)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r7}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x70, 0xe0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x270)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
write$UHID_INPUT(r9, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb000000002f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d6ced5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed700129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb21fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
recvfrom(r1, 0x0, 0x0, 0x40000000, 0x0, 0x0)

5.757839175s ago: executing program 4 (id=3674):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
open(&(0x7f00000001c0)='./file0\x00', 0x148640, 0x78e22799f4a46f1e)
pipe2$9p(&(0x7f0000000140)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
r8 = dup(r7)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}})
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
sendto$packet(r9, &(0x7f0000000000)="09000000e700140000007ef52f55", 0xe, 0x24000801, &(0x7f0000000080)={0x11, 0x88a8, 0x0, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={r10, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="b9ff038768441a8cb89e14f00800", 0x0, 0x5, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x4, 0x12, 0x50}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)

4.116201076s ago: executing program 2 (id=3675):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8937, &(0x7f0000000100)={'veth0_vlan\x00', @random="010000201000"}) (async)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, r2, {0x7, 0x2b, 0x9, 0x50000004, 0x8, 0xffff, 0x10001, 0xf, 0x0, 0x0, 0xa0, 0x6}}, 0x50)

4.005416377s ago: executing program 4 (id=3676):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0)
socket$rds(0x15, 0x5, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x264, 0xb8, 0x11, 0x148, 0xb8, 0x0, 0x1d0, 0x2a8, 0x2a8, 0x1d0, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr=0x64010102, @multicast2, 0x0, 0xff000000, 'wg1\x00', 'dvmrp0\x00', {}, {0xff}, 0x67, 0x3, 0x2}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x7fffffff, {0x8000}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0xff, 'vlan0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x1}, 0x0, 0xb8, 0x118, 0x0, {}, [@common=@ttl={{0x24}, {0x2, 0x40}}, @inet=@rpfilter={{0x24}, {0x18}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x5, 0x3, 0x0, 0x6, 0x1], 0x1, 0x1}, {0x1, [0x1, 0x0, 0x0, 0x4, 0x1, 0x3], 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2c0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)

3.609121752s ago: executing program 2 (id=3677):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000, 0x0, 0x4800}, 0x4000)

3.374325617s ago: executing program 5 (id=3678):
r0 = fsopen(&(0x7f0000000300)='debugfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x8, 0x4000)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, 0x0, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0xb, 0x73}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000000), 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = eventfd2(0xe5c, 0x80000)
r11 = eventfd2(0x4001, 0x800)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000300)={r11, 0x40000, 0x2, r11})
r12 = eventfd2(0x8, 0x80001)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000140)={r12, 0x7, 0x2, r10})
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f00000000c0)={r12, 0x0, 0x2, r10})
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x28, 0x0, 0x0, 0x4, &(0x7f0000000040), 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
pipe2$watch_queue(0x0, 0x80)

2.927613087s ago: executing program 2 (id=3679):
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
r1 = socket$inet6(0xa, 0x5, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
write$yama_ptrace_scope(r0, &(0x7f00000001c0)='0\x00', 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
creat(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x120)
newfstatat(0xffffffffffffff9c, &(0x7f0000000c40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000d40), 0x4000)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x100, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x20048400)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xfff3, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0xe38, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @private=0xa010101}], 0x10)

2.885891693s ago: executing program 6 (id=3680):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18d63142470000000700000000000000f5ffffff94000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1, 0x0, 0x5}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, 0x0)
eventfd2(0x8, 0x1)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = getpid()
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000000080)=0xfff, 0x4)
setsockopt$inet_int(r4, 0x0, 0x13, &(0x7f0000000000)=0xffffff7e, 0x4)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r8)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r8)

2.704816504s ago: executing program 5 (id=3681):
r0 = socket$phonet(0x23, 0x2, 0x1)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0x1}, {&(0x7f0000000040)}], 0x2}, 0x0)
recvmmsg(r5, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/120, 0x78}], 0x1}}], 0x1, 0x0, 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)={0x620440, 0x0, 0x22}, 0x18)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049ce)
openat(r6, &(0x7f0000000000)='./file0\x00', 0x401c2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
acct(&(0x7f0000001000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0xa4)
ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, &(0x7f00000000c0)=0x40)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYRESHEX=r6], 0x0)

1.2970066s ago: executing program 0 (id=3682):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x48500, 0x0)
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000100)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000040)="d5e781ae781d"})

1.207464214s ago: executing program 6 (id=3683):
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x61c0, 0x700)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffe)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(0xffffffffffffffff)
ioctl$TCXONC(r1, 0x540a, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
msgctl$IPC_RMID(0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r8, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r8, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r8, 0x60}], 0x1, 0x0, 0x0, 0x0)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
ioctl$TCFLSH(r6, 0x400455c8, 0x0)

1.080831674s ago: executing program 0 (id=3684):
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x101a00, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000140)={@empty, @broadcast, <r3=>0x0}, &(0x7f00000001c0)=0xc)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x34, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x2}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xf3c4}, @TCA_FQ_CODEL_FLOWS={0xc, 0x5, 0xffffffff}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x6}, @TCA_FQ_CODEL_DROP_BATCH_SIZE={0x8}, @TCA_FQ_CODEL_ECN={0x8}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1e, 0x2, 0x3, 0x9, 0x2, 0xffffffff, 0x3}}, {0x4}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffe3a}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r8, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r8, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x12, r9, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xc}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}]}}]}, 0x3c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000200)={'wg2\x00', <r10=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'ip6gre0\x00', <r11=>0x0, 0x29, 0x2, 0x0, 0x71, 0x10, @empty, @mcast1, 0x20, 0x9b8ba4715a482cf7, 0x9, 0x4}})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd4, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4008000}, 0x20040084)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, 0x0, &(0x7f0000001180))

1.05934197s ago: executing program 2 (id=3685):
r0 = syz_open_dev$usbfs(0x0, 0x75, 0x341)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x2c, 0x3, 0x0)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r7}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x70, 0xe0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x270)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
write$UHID_INPUT(r9, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb000000002f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d6ced5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed700129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb21fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
recvfrom(r1, 0x0, 0x0, 0x40000000, 0x0, 0x0)

89.538828ms ago: executing program 5 (id=3686):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r3=>0x0}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=@newtaction={0x44, 0x30, 0xffff, 0x0, 0x25dfdbfe, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67200000000000150600000fff070067070000200000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004a0000000f75"], 0x0}, 0x94)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x250, [], 0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000100000000000000000000000000000002000000000ffffffff0000000000000000000000000000050000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffff"]}, 0x131) (async)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="01000000000000000000030000004c0001800d0001007564703a73797a300000000038000400140001000a0000007f0000010000000000000000200002000a00000000000000ff01000000000000000000000000000100000000"], 0x60}}, 0x0)
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r1}, 0x18) (async)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b0001000000000904"], 0x0) (async)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {0x0, 0xf0, 0x1}}, 0x18) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000580)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf6700000000000025010000000000003506000002000000170600000ee50000bf050000000000002d350000000000006507000002000000070700004c0001fa0f75000000000000bf54000000000000070400000400f9ff3d3501000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7075402000000a2d23da04d1ffc187fa1a2ba7ba0e2d507b92de00435fd233cc0f0d9b2c3127c46b0f408398d09ee4dc258d72e690098804de235cf020e35245c9f5526d35df627a64ac7efde50fd7f1dd5b17ed764c33b06598bae66ea38541a7cd24bab85e2983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987cc0000f681ff4dab9c694263a75447caec18f217"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1, 0x10, &(0x7f0000000000), 0x19f}, 0x48)

0s ago: executing program 2 (id=3687):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x28, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x50}}, 0x0)

kernel console output (not intermixed with test programs):

 16 bytes leftover after parsing attributes in process `syz.4.2781'.
[ 1243.011064][T16939] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1243.011064][T16939]    program syz.4.2788 not setting count and/or reply_len properly
[ 1243.427988][T16953] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2791'.
[ 1244.071549][T16965] syzkaller0: entered promiscuous mode
[ 1244.913508][T16965] syzkaller0: entered allmulticast mode
[ 1248.072341][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1248.072356][   T30] audit: type=1326 audit(1765683234.223:2462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.167972][   T30] audit: type=1326 audit(1765683234.251:2463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.204340][   T30] audit: type=1326 audit(1765683234.251:2464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.534048][   T30] audit: type=1326 audit(1765683234.251:2465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.634626][   T30] audit: type=1326 audit(1765683234.251:2466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.658643][   T30] audit: type=1326 audit(1765683234.251:2467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.801398][   T30] audit: type=1326 audit(1765683234.261:2468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.851518][   T30] audit: type=1326 audit(1765683234.261:2469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.964323][   T30] audit: type=1326 audit(1765683234.261:2470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc24f38f749 code=0x7ffc0000
[ 1248.993797][   T30] audit: type=1326 audit(1765683234.261:2471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17004 comm="syz.0.2805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc24f38df90 code=0x7ffc0000
[ 1249.082947][T17023] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2808'.
[ 1250.029759][T17035] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2811'.
[ 1251.834206][T17054] 9p: Bad value for 'rfdno'
[ 1252.414655][T17083] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2824'.
[ 1252.562364][T17085] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2825'.
[ 1253.735574][T17099] 9p: Bad value for 'rfdno'
[ 1254.104095][T17101] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2828'.
[ 1256.414915][T17132] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2840'.
[ 1256.873974][T17141] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2841'.
[ 1258.413878][T17153] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2845'.
[ 1259.058030][T17162] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2844'.
[ 1259.670031][ T5829] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1259.680232][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: kworker/u9:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1259.680261][ T5829] Tainted: [L]=SOFTLOCKUP
[ 1259.680269][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1259.680282][ T5829] Workqueue: hci5 hci_rx_work
[ 1259.680314][ T5829] Call Trace:
[ 1259.680321][ T5829]  <TASK>
[ 1259.680330][ T5829]  dump_stack_lvl+0x16c/0x1f0
[ 1259.680351][ T5829]  sysfs_warn_dup+0x7f/0xa0
[ 1259.680373][ T5829]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1259.680393][ T5829]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1259.680415][ T5829]  ? preempt_schedule_thunk+0x16/0x30
[ 1259.680442][ T5829]  kobject_add_internal+0x2c4/0x9d0
[ 1259.680471][ T5829]  kobject_add+0x16e/0x240
[ 1259.680493][ T5829]  ? __pfx_kobject_add+0x10/0x10
[ 1259.680518][ T5829]  ? kobject_put+0xaf/0x6f0
[ 1259.680535][ T5829]  ? _raw_spin_unlock+0x3e/0x50
[ 1259.680567][ T5829]  device_add+0x288/0x1980
[ 1259.680596][ T5829]  ? __pfx_dev_set_name+0x10/0x10
[ 1259.680613][ T5829]  ? __pfx_device_add+0x10/0x10
[ 1259.680640][ T5829]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1259.680674][ T5829]  hci_conn_add_sysfs+0x1a8/0x260
[ 1259.680694][ T5829]  le_conn_complete_evt+0x11ed/0x1fa0
[ 1259.680727][ T5829]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1259.680761][ T5829]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1259.680800][ T5829]  hci_le_meta_evt+0x357/0x610
[ 1259.680817][ T5829]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1259.680847][ T5829]  hci_event_packet+0x685/0x1210
[ 1259.680874][ T5829]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1259.680892][ T5829]  ? __pfx_hci_event_packet+0x10/0x10
[ 1259.680927][ T5829]  ? kcov_remote_start+0x3a9/0x680
[ 1259.680953][ T5829]  hci_rx_work+0x2c9/0x1020
[ 1259.680985][ T5829]  process_one_work+0x9ba/0x1b20
[ 1259.681019][ T5829]  ? __pfx_process_one_work+0x10/0x10
[ 1259.681050][ T5829]  ? assign_work+0x1a0/0x250
[ 1259.681074][ T5829]  worker_thread+0x6c8/0xf10
[ 1259.681108][ T5829]  ? __pfx_worker_thread+0x10/0x10
[ 1259.681130][ T5829]  kthread+0x3c5/0x780
[ 1259.681152][ T5829]  ? __pfx_kthread+0x10/0x10
[ 1259.681175][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1259.681191][ T5829]  ? __pfx_kthread+0x10/0x10
[ 1259.681213][ T5829]  ret_from_fork+0x983/0xb10
[ 1259.681234][ T5829]  ? __pfx_ret_from_fork+0x10/0x10
[ 1259.681256][ T5829]  ? __switch_to+0x7af/0x10d0
[ 1259.681280][ T5829]  ? __pfx_kthread+0x10/0x10
[ 1259.681301][ T5829]  ret_from_fork_asm+0x1a/0x30
[ 1259.681340][ T5829]  </TASK>
[ 1259.791352][ T5829] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1259.938191][ T5829] Bluetooth: hci5: failed to register connection device
[ 1260.117845][T17173] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2850'.
[ 1260.333821][T17182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2852'.
[ 1260.697543][T17187] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2851'.
[ 1263.060150][T17211] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2860'.
[ 1263.941924][T17225] overlayfs: missing 'lowerdir'
[ 1264.636999][T17229] syzkaller0: entered promiscuous mode
[ 1264.642507][T17229] syzkaller0: entered allmulticast mode
[ 1264.945148][T17242] netdevsim netdevsim0: Direct firmware load for p0 failed with error -2
[ 1264.956707][T17242] netdevsim netdevsim0: Falling back to sysfs fallback for: p0
[ 1264.980199][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1264.980231][   T30] audit: type=1400 audit(1765683250.013:2492): avc:  denied  { firmware_load } for  pid=17231 comm="syz.0.2867" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1265.413578][   T30] audit: type=1400 audit(1765683250.087:2493): avc:  denied  { module_load } for  pid=17231 comm="syz.0.2867" path="/sys/power/wakeup_count" dev="sysfs" ino=1410 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[ 1265.572773][T17248] loop2: detected capacity change from 0 to 7
[ 1265.592217][T17248] Dev loop2: unable to read RDB block 7
[ 1265.612787][T17248]  loop2: unable to read partition table
[ 1265.620684][T17248] loop2: partition table beyond EOD, truncated
[ 1265.663007][T17248] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1265.767467][T17248] can: request_module (can-proto-3) failed.
[ 1266.641552][T17261] FAULT_INJECTION: forcing a failure.
[ 1266.641552][T17261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1266.662240][T17261] CPU: 0 UID: 0 PID: 17261 Comm: syz.0.2873 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1266.662271][T17261] Tainted: [L]=SOFTLOCKUP
[ 1266.662277][T17261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1266.662286][T17261] Call Trace:
[ 1266.662292][T17261]  <TASK>
[ 1266.662300][T17261]  dump_stack_lvl+0x16c/0x1f0
[ 1266.662325][T17261]  should_fail_ex+0x512/0x640
[ 1266.662349][T17261]  _copy_from_user+0x2e/0xd0
[ 1266.662372][T17261]  copy_msghdr_from_user+0x98/0x160
[ 1266.662398][T17261]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1266.662424][T17261]  ? __pfx__kstrtoull+0x10/0x10
[ 1266.662455][T17261]  ___sys_sendmsg+0xfe/0x1d0
[ 1266.662479][T17261]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1266.662514][T17261]  ? find_held_lock+0x2b/0x80
[ 1266.662555][T17261]  __sys_sendmmsg+0x200/0x420
[ 1266.662582][T17261]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1266.662615][T17261]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1266.662644][T17261]  ? fput+0x70/0xf0
[ 1266.662671][T17261]  ? ksys_write+0x1ac/0x250
[ 1266.662691][T17261]  ? __pfx_ksys_write+0x10/0x10
[ 1266.662716][T17261]  __x64_sys_sendmmsg+0x9c/0x100
[ 1266.662745][T17261]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1266.662763][T17261]  do_syscall_64+0xcd/0xf80
[ 1266.662782][T17261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1266.662799][T17261] RIP: 0033:0x7fc24f38f749
[ 1266.662813][T17261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1266.662827][T17261] RSP: 002b:00007fc24d5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1266.662843][T17261] RAX: ffffffffffffffda RBX: 00007fc24f5e5fa0 RCX: 00007fc24f38f749
[ 1266.662853][T17261] RDX: 0000000000000002 RSI: 0000200000004740 RDI: 0000000000000003
[ 1266.662862][T17261] RBP: 00007fc24d5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1266.662870][T17261] R10: 0000000000004004 R11: 0000000000000246 R12: 0000000000000001
[ 1266.662879][T17261] R13: 00007fc24f5e6038 R14: 00007fc24f5e5fa0 R15: 00007fffa84264d8
[ 1266.662900][T17261]  </TASK>
[ 1267.151363][T17269] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2872'.
[ 1267.270040][T17272] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2875'.
[ 1271.433037][T17243] syzkaller0: entered promiscuous mode
[ 1271.439306][T17243] syzkaller0: entered allmulticast mode
[ 1271.695916][T17311] syz.5.2883 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1276.017827][T17361] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2898'.
[ 1276.033526][T17361] netlink: 67 bytes leftover after parsing attributes in process `syz.2.2898'.
[ 1277.224012][T17367] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1277.224012][T17367]    program syz.2.2901 not setting count and/or reply_len properly
[ 1279.144392][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1279.568081][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1281.067847][T17408] bond2: option mode: unable to set because the bond device has slaves
[ 1281.644066][T17411] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2910'.
[ 1281.717441][T17413] bond2: (slave macvlan2): Error -98 calling set_mac_address
[ 1283.739421][T17440] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2920'.
[ 1288.249837][ T7016] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1288.399587][ T7016] usb 3-1: device descriptor read/64, error -71
[ 1288.959620][ T7016] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1289.115853][ T7016] usb 3-1: device descriptor read/64, error -71
[ 1289.276849][ T7016] usb usb3-port1: attempt power cycle
[ 1289.514383][T17477] Process accounting resumed
[ 1289.583077][T14696] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1289.594568][T14696] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1289.603983][T14696] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1289.611917][T14696] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1289.621370][T14696] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1290.499143][T17511] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2940'.
[ 1290.932822][T17494] chnl_net:caif_netlink_parms(): no params data found
[ 1291.761389][T17528] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2942'.
[ 1291.799287][T14696] Bluetooth: hci4: command tx timeout
[ 1291.897245][T17494] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1291.912563][T17529] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2936'.
[ 1291.925054][T17494] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1292.434065][T17494] bridge_slave_0: entered allmulticast mode
[ 1292.473234][T17494] bridge_slave_0: entered promiscuous mode
[ 1292.497415][T17494] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1292.522681][T17494] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1292.546206][T17494] bridge_slave_1: entered allmulticast mode
[ 1292.666549][T17494] bridge_slave_1: entered promiscuous mode
[ 1292.965061][T17494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1292.980414][T17494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1293.211844][ T4163] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.291399][T17494] team0: Port device team_slave_0 added
[ 1293.329647][T17494] team0: Port device team_slave_1 added
[ 1293.384943][ T4163] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.557112][ T4163] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.592486][T17494] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1293.724542][T17494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1293.782541][T17494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1293.859717][ T4163] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.902304][T17494] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1294.458108][T14696] Bluetooth: hci4: command tx timeout
[ 1294.485562][T17494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1294.531171][T17494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1294.671842][T17494] hsr_slave_0: entered promiscuous mode
[ 1294.679521][T17494] hsr_slave_1: entered promiscuous mode
[ 1294.688007][T17494] debugfs: 'hsr0' already exists in 'hsr'
[ 1294.694312][T17494] Cannot create hsr debugfs directory
[ 1295.006691][ T4163] bridge_slave_1: left allmulticast mode
[ 1295.030568][ T4163] bridge_slave_1: left promiscuous mode
[ 1295.053630][ T4163] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1295.081766][ T4163] bridge_slave_0: left allmulticast mode
[ 1295.367327][T17554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2948'.
[ 1295.609646][ T4163] bridge_slave_0: left promiscuous mode
[ 1295.617288][ T4163] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1296.002976][T17559] fuse: Bad value for 'fd'
[ 1296.317263][ T4163] bond_slave_0: left promiscuous mode
[ 1296.324558][ T4163] bond_slave_1: left promiscuous mode
[ 1296.588514][ T5857] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1296.686421][T14696] Bluetooth: hci4: command tx timeout
[ 1296.705144][ T4163] bond1 (unregistering): (slave macvlan2): Releasing backup interface
[ 1296.724077][ T4163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1296.735008][ T4163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1296.745523][ T4163] bond0 (unregistering): Released all slaves
[ 1297.143846][ T5857] usb 3-1: device descriptor read/64, error -71
[ 1297.184253][ T4163] bond1 (unregistering): Released all slaves
[ 1297.265462][ T4163] bond2 (unregistering): Released all slaves
[ 1297.423927][ T5857] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1297.563310][ T5857] usb 3-1: device descriptor read/64, error -71
[ 1297.682754][ T5857] usb usb3-port1: attempt power cycle
[ 1298.322944][T17552] Process accounting resumed
[ 1298.373775][ T5857] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1298.551806][T17582] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1298.551806][T17582]    program syz.0.2953 not setting count and/or reply_len properly
[ 1298.760084][ T5857] usb 3-1: device not accepting address 87, error -71
[ 1299.493710][T14696] Bluetooth: hci4: command tx timeout
[ 1301.573822][T17494] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1302.058042][T17494] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1302.103370][T17494] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1302.136193][T17494] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1303.174657][T17629] Process accounting resumed
[ 1303.564405][T17636] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1303.564405][T17636]    program syz.2.2966 not setting count and/or reply_len properly
[ 1303.710391][T17494] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1303.756199][T17494] 8021q: adding VLAN 0 to HW filter on device team0
[ 1303.832104][ T3924] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1303.839281][ T3924] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1303.887382][ T3924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1303.894502][ T3924] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1304.403900][T17642] syzkaller0: entered promiscuous mode
[ 1304.420488][T17642] syzkaller0: entered allmulticast mode
[ 1304.536016][ T4163] hsr_slave_0: left promiscuous mode
[ 1304.543846][ T4163] hsr_slave_1: left promiscuous mode
[ 1304.559718][ T4163] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1304.582833][ T4163] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1304.608093][ T4163] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1304.634149][ T4163] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1304.685848][ T4163] veth1_macvtap: left promiscuous mode
[ 1304.712457][ T4163] veth0_macvtap: left promiscuous mode
[ 1304.738237][ T4163] veth1_vlan: left promiscuous mode
[ 1304.763264][ T4163] veth0_vlan: left promiscuous mode
[ 1307.231770][ T4163] team0 (unregistering): Port device team_slave_1 removed
[ 1307.451716][ T4163] team0 (unregistering): Port device team_slave_0 removed
[ 1310.382493][T17713] overlayfs: failed to clone upperpath
[ 1312.273868][T17732] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2998'.
[ 1313.718823][T17741] overlayfs: failed to clone upperpath
[ 1314.621291][T17494] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1314.993094][T17494] veth0_vlan: entered promiscuous mode
[ 1315.776917][T17494] veth1_vlan: entered promiscuous mode
[ 1315.895793][T17494] veth0_macvtap: entered promiscuous mode
[ 1315.928878][T17494] veth1_macvtap: entered promiscuous mode
[ 1316.257986][T17494] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1316.289985][T17494] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1316.317721][ T8939] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1316.365767][ T8939] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1316.404378][T17785] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3011'.
[ 1316.416889][ T8939] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1316.485096][ T8939] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1317.820019][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1318.240353][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1318.310057][ T4163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1318.331571][ T4163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1318.396621][   T30] audit: type=1400 audit(1765683300.000:2494): avc:  denied  { write } for  pid=17494 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_acl_exec_t:s0"
[ 1318.473129][   T30] audit: type=1400 audit(1765683300.038:2495): avc:  denied  { open } for  pid=17494 comm="syz-executor" path="/syzcgroup/cpu/syz4/cgroup.procs" dev="cgroup" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_acl_exec_t:s0"
[ 1321.761334][T17836] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1321.761334][T17836]    program syz.2.3022 not setting count and/or reply_len properly
[ 1322.267875][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1322.278867][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1322.286978][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1322.299474][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1322.306857][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1322.344699][T17850] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3025'.
[ 1322.615967][T17856] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17856 comm=syz.4.3018
[ 1323.842604][ T3478] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1324.027576][T17847] chnl_net:caif_netlink_parms(): no params data found
[ 1324.566403][ T5829] Bluetooth: hci0: command tx timeout
[ 1324.634121][ T3478] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1324.954059][ T3478] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1325.321731][ T3478] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1325.481294][T17847] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1325.497426][T17847] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1325.504748][T17847] bridge_slave_0: entered allmulticast mode
[ 1325.517079][T17847] bridge_slave_0: entered promiscuous mode
[ 1325.550587][T17847] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1325.565520][T17847] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1325.589980][T17847] bridge_slave_1: entered allmulticast mode
[ 1325.604171][T17847] bridge_slave_1: entered promiscuous mode
[ 1325.962935][T17900] syzkaller0: entered promiscuous mode
[ 1325.985443][T17900] syzkaller0: entered allmulticast mode
[ 1326.160037][T17847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1326.232363][T17847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1326.367858][T17923] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3042'.
[ 1326.400016][   T30] audit: type=1400 audit(1765683307.484:2496): avc:  denied  { setopt } for  pid=17913 comm="syz.0.3041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1326.782882][ T5829] Bluetooth: hci0: command tx timeout
[ 1328.047937][T17934] netlink: 208 bytes leftover after parsing attributes in process `syz.2.3045'.
[ 1328.629542][T17945] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3046'.
[ 1329.003902][ T5829] Bluetooth: hci0: command tx timeout
[ 1329.454370][   T30] audit: type=1400 audit(1765683310.346:2497): avc:  denied  { create } for  pid=17951 comm="syz.0.3050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1330.440582][T17847] team0: Port device team_slave_0 added
[ 1330.475866][T17847] team0: Port device team_slave_1 added
[ 1330.533764][ T3478] bridge_slave_1: left allmulticast mode
[ 1330.539432][ T3478] bridge_slave_1: left promiscuous mode
[ 1330.628619][ T3478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1330.659734][ T3478] bridge_slave_0: left allmulticast mode
[ 1330.687134][ T3478] bridge_slave_0: left promiscuous mode
[ 1330.699275][ T3478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1331.233533][T14696] Bluetooth: hci0: command tx timeout
[ 1331.275331][ T3478] bond_slave_0: left promiscuous mode
[ 1331.283674][T17975] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3055'.
[ 1331.301105][ T3478] bond_slave_1: left promiscuous mode
[ 1332.462764][   T30] audit: type=1400 audit(1765683313.143:2498): avc:  denied  { write } for  pid=17985 comm="syz.4.3058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1332.491397][ T3478] bond2 (unregistering): (slave macvlan1): Removing an active aggregator
[ 1332.504907][ T3478] bond2 (unregistering): (slave macvlan1): Releasing backup interface
[ 1332.521948][ T3478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1332.564389][ T3478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1332.586759][ T3478] bond0 (unregistering): Released all slaves
[ 1332.752703][ T3478] bond1 (unregistering): Released all slaves
[ 1332.825417][T17997] Bluetooth: MGMT ver 1.23
[ 1332.898006][ T3478] bond2 (unregistering): Released all slaves
[ 1332.923768][T17847] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1332.938170][T17847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1332.966476][T17847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1333.031037][T17847] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1333.038932][T17847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1333.069132][T17847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1333.099927][   T30] audit: type=1326 audit(1765683313.760:2499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17998 comm="syz.5.3063" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4fa78f749 code=0x0
[ 1333.714667][T18004] 9p: Bad value for 'rfdno'
[ 1334.568158][T17847] hsr_slave_0: entered promiscuous mode
[ 1334.666584][T17847] hsr_slave_1: entered promiscuous mode
[ 1334.713777][T18016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1334.731835][T18016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1335.364137][T18027] overlayfs: failed to clone upperpath
[ 1335.805598][T18034] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1335.805598][T18034]    program syz.4.3072 not setting count and/or reply_len properly
[ 1336.189677][T18039] veth0_vlan: entered allmulticast mode
[ 1337.123263][T18050] overlayfs: failed to clone lowerpath
[ 1337.178319][T17847] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1337.215111][T18041] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3074'.
[ 1337.288920][T17847] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1337.346526][T17847] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1337.439823][T17847] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1337.873761][   T30] audit: type=1400 audit(1765683318.213:2500): avc:  denied  { map } for  pid=18047 comm="syz.2.3076" path="socket:[71984]" dev="sockfs" ino=71984 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1338.316737][T17847] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1338.678725][T17847] 8021q: adding VLAN 0 to HW filter on device team0
[ 1338.721761][T11695] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1338.728897][T11695] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1338.798986][ T3924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1338.806087][ T3924] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1342.336399][ T3478] hsr_slave_0: left promiscuous mode
[ 1342.353603][ T3478] hsr_slave_1: left promiscuous mode
[ 1342.379205][ T3478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1342.387919][ T3478] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1342.401115][ T3478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1342.414159][ T3478] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1342.465908][ T3478] veth1_macvtap: left promiscuous mode
[ 1342.478133][ T3478] veth0_macvtap: left promiscuous mode
[ 1344.835352][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1344.842002][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1345.568146][ T3478] team0 (unregistering): Port device team_slave_1 removed
[ 1345.641544][ T3478] team0 (unregistering): Port device team_slave_0 removed
[ 1346.825261][T17847] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1347.209191][T17847] veth0_vlan: entered promiscuous mode
[ 1347.962149][T17847] veth1_vlan: entered promiscuous mode
[ 1347.983765][ T3478] IPVS: stop unused estimator thread 0...
[ 1348.284524][   T30] audit: type=1400 audit(1765683327.960:2501): avc:  denied  { ioctl } for  pid=18159 comm="syz.0.3101" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0xae41 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1348.365731][T17847] veth0_macvtap: entered promiscuous mode
[ 1348.472230][T17847] veth1_macvtap: entered promiscuous mode
[ 1348.817922][T17847] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1348.942321][T18167] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1348.942321][T18167]    program syz.0.3103 not setting count and/or reply_len properly
[ 1349.512815][T17847] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1349.554818][ T8366] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1349.625099][ T8366] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1350.533257][ T8366] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1350.570388][ T8366] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1352.217674][ T4357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1352.237303][ T4357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1352.307852][ T3478] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1352.334818][ T3478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1353.589146][T18206] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1353.598304][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1353.606893][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1353.617017][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1353.634830][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1353.767049][T18208] veth0_vlan: entered allmulticast mode
[ 1354.079359][T18213] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3113'.
[ 1354.430018][ T4357] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1354.512897][T18204] chnl_net:caif_netlink_parms(): no params data found
[ 1354.730754][ T4357] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1354.835234][   T10] IPVS: starting estimator thread 0...
[ 1354.939816][T18225] IPVS: using max 83 ests per chain, 199200 per kthread
[ 1354.986498][T18220] can0: slcan on ttyS3.
[ 1355.079688][ T4357] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1356.313877][T14696] Bluetooth: hci1: command tx timeout
[ 1356.382305][T18217] can0 (unregistered): slcan off ttyS3.
[ 1356.446463][ T4357] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1356.509653][T18204] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1356.521483][T18204] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1356.529603][T18204] bridge_slave_0: entered allmulticast mode
[ 1356.552569][T18204] bridge_slave_0: entered promiscuous mode
[ 1356.561028][T18204] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1356.579116][T18204] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1356.599719][T18204] bridge_slave_1: entered allmulticast mode
[ 1356.617584][T18204] bridge_slave_1: entered promiscuous mode
[ 1356.740237][T18204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1356.952328][T18233] Process accounting resumed
[ 1357.355685][T18204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1358.508733][T14696] Bluetooth: hci1: command tx timeout
[ 1358.580502][T18204] team0: Port device team_slave_0 added
[ 1358.620324][T18204] team0: Port device team_slave_1 added
[ 1358.888459][T18204] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1358.918801][T18204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1358.978758][T18204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1359.003458][T18204] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1359.010425][T18204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1359.075053][T18204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1359.109398][T18254] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3117'.
[ 1359.164703][T18255] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3117'.
[ 1359.261909][T18252] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3125'.
[ 1359.278616][ T4357] bridge_slave_1: left allmulticast mode
[ 1359.289232][ T4357] bridge_slave_1: left promiscuous mode
[ 1359.294994][ T4357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1359.350919][ T4357] bridge_slave_0: left allmulticast mode
[ 1359.364318][ T4357] bridge_slave_0: left promiscuous mode
[ 1359.381779][ T4357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1359.454640][ T4357] bond_slave_0: left promiscuous mode
[ 1359.474341][ T4357] bond_slave_1: left promiscuous mode
[ 1359.490290][ T4357] dummy0: left promiscuous mode
[ 1359.628675][T18266] autofs: Unknown parameter '0x0000000000000000'
[ 1359.637147][   T30] audit: type=1400 audit(1765683338.576:2502): avc:  denied  { connect } for  pid=18262 comm="syz.4.3124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1360.469071][   T30] audit: type=1400 audit(1765683338.604:2503): avc:  denied  { write } for  pid=18262 comm="syz.4.3124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1360.571253][ T4357] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[ 1360.581784][ T4357] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 02:d8:2f:3b:59:42 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1360.776501][T14696] Bluetooth: hci1: command tx timeout
[ 1362.289490][ T4357] bond1 (unregistering): (slave macvlan2): Removing an active aggregator
[ 1362.298991][ T4357] bond1 (unregistering): (slave macvlan2): Releasing backup interface
[ 1362.318630][ T4357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1362.330966][ T4357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1362.708050][   T30] audit: type=1326 audit(1765683341.280:2504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.772869][   T30] audit: type=1326 audit(1765683341.280:2505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.820702][   T30] audit: type=1326 audit(1765683341.289:2506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.845178][   T30] audit: type=1326 audit(1765683341.289:2507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.874540][   T30] audit: type=1326 audit(1765683341.289:2508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.912980][   T30] audit: type=1326 audit(1765683341.289:2509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.939636][ T4357] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1362.941084][   T30] audit: type=1326 audit(1765683341.289:2510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.972267][T14696] Bluetooth: hci1: command tx timeout
[ 1362.979187][   T30] audit: type=1326 audit(1765683341.289:2511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18278 comm="syz.5.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4fa78f749 code=0x7ffc0000
[ 1362.982292][ T4357] bond0 (unregistering): Released all slaves
[ 1363.097454][ T4357] bond1 (unregistering): Released all slaves
[ 1364.199806][T18204] hsr_slave_0: entered promiscuous mode
[ 1364.222968][T18298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3134'.
[ 1364.232898][T18204] hsr_slave_1: entered promiscuous mode
[ 1364.249736][T18204] debugfs: 'hsr0' already exists in 'hsr'
[ 1364.258010][T18204] Cannot create hsr debugfs directory
[ 1364.272005][ T4357] tipc: Left network mode
[ 1364.304082][T18298] hsr_slave_0: left promiscuous mode
[ 1364.380831][T18298] hsr_slave_1: left promiscuous mode
[ 1367.161724][T18330] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1367.161724][T18330]    program syz.4.3144 not setting count and/or reply_len properly
[ 1367.571113][T18336] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1367.571113][T18336]    program syz.4.3145 not setting count and/or reply_len properly
[ 1367.694389][T18338] overlayfs: failed to clone upperpath
[ 1368.577470][T18349] Process accounting resumed
[ 1368.687227][T18204] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1368.702852][T18204] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1368.722025][T18204] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1368.739257][ T5865] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1368.748058][T18204] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1368.913534][ T5865] usb 5-1: Using ep0 maxpacket: 16
[ 1369.012952][T18359] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1369.012952][T18359]    program syz.1.3150 not setting count and/or reply_len properly
[ 1369.068464][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1369.079876][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1369.103369][ T5865] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice=e5.00
[ 1369.116689][ T5865] usb 5-1: New USB device strings: Mfr=255, Product=0, SerialNumber=0
[ 1369.130635][ T5865] usb 5-1: Manufacturer: syz
[ 1369.141999][ T5865] usb 5-1: config 0 descriptor??
[ 1369.352975][T18204] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1369.985696][T18204] 8021q: adding VLAN 0 to HW filter on device team0
[ 1370.243573][T11695] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1370.252073][T11695] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1370.397543][ T5865] mcp2221 0003:04D8:00DD.0010: unknown main item tag 0x0
[ 1370.405041][T11695] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1370.412191][T11695] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1370.433384][ T5865] mcp2221 0003:04D8:00DD.0010: unknown main item tag 0x0
[ 1370.450359][ T5865] mcp2221 0003:04D8:00DD.0010: unknown main item tag 0x0
[ 1370.457672][T18365] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3153'.
[ 1370.479212][ T5865] mcp2221 0003:04D8:00DD.0010: unknown main item tag 0x0
[ 1370.490738][ T5865] mcp2221 0003:04D8:00DD.0010: unknown main item tag 0x0
[ 1370.514933][ T5865] mcp2221 0003:04D8:00DD.0010: USB HID v0.05 Device [syz] on usb-dummy_hcd.4-1/input0
[ 1371.375083][T18371] netlink: 'syz.4.3147': attribute type 10 has an invalid length.
[ 1371.449826][T18371] 8021q: adding VLAN 0 to HW filter on device team0
[ 1371.552669][T18371] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1371.561158][T18343] bridge0: entered promiscuous mode
[ 1371.614266][T18343] bridge0: left promiscuous mode
[ 1371.624265][ T5865] usb 5-1: USB disconnect, device number 54
[ 1371.853940][T18204] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1372.163064][T18204] veth0_vlan: entered promiscuous mode
[ 1372.204411][T18204] veth1_vlan: entered promiscuous mode
[ 1372.680478][T18391] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1372.680478][T18391]    program syz.1.3154 not setting count and/or reply_len properly
[ 1372.701924][T18204] veth0_macvtap: entered promiscuous mode
[ 1372.906571][T18204] veth1_macvtap: entered promiscuous mode
[ 1373.236341][T18204] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1373.296037][T18204] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1373.364258][ T1110] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1373.409051][T18405] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1373.429513][ T1110] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1373.444467][ T1110] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1373.479617][ T1110] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1373.944416][ T6171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1373.963365][ T6171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1374.260328][T11695] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1374.283294][T11695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1376.303186][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1376.303220][   T30] audit: type=1400 audit(1765683354.169:2519): avc:  denied  { ioctl } for  pid=18446 comm="syz.1.3170" path="socket:[73520]" dev="sockfs" ino=73520 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1376.482612][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1376.496966][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1376.514162][ T4357] hsr_slave_0: left promiscuous mode
[ 1376.523214][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1376.531010][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1376.539053][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1376.571405][   T30] audit: type=1400 audit(1765683354.169:2520): avc:  denied  { map } for  pid=18441 comm="syz.4.3169" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1376.618287][ T4357] hsr_slave_1: left promiscuous mode
[ 1376.662911][   T30] audit: type=1400 audit(1765683354.169:2521): avc:  denied  { execute } for  pid=18441 comm="syz.4.3169" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1376.704150][ T4357] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1376.741681][ T4357] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1376.794570][ T4357] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1376.831053][ T4357] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1377.579985][ T4357] veth1_macvtap: left promiscuous mode
[ 1377.601804][ T4357] veth0_macvtap: left promiscuous mode
[ 1377.607517][ T4357] veth1_vlan: left promiscuous mode
[ 1377.752117][ T4357] veth0_vlan: left promiscuous mode
[ 1377.945428][   T30] audit: type=1400 audit(1765683355.703:2522): avc:  denied  { ioctl } for  pid=18463 comm="syz.1.3175" path="socket:[73578]" dev="sockfs" ino=73578 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1378.780619][T14696] Bluetooth: hci2: command tx timeout
[ 1379.869124][   T30] audit: type=1400 audit(1765683357.509:2523): avc:  denied  { name_bind } for  pid=18485 comm="syz.5.3176" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[ 1381.032906][T18493] 9p: Bad value for 'rfdno'
[ 1381.395696][T14696] Bluetooth: hci2: command tx timeout
[ 1381.626149][ T4357] team0 (unregistering): Port device team_slave_1 removed
[ 1381.676255][ T4357] team0 (unregistering): Port device team_slave_0 removed
[ 1381.892202][T18502] input: syz1 as /devices/virtual/input/input19
[ 1382.917382][T18514] futex_wake_op: syz.4.3187 tries to shift op by -1; fix this program
[ 1383.390653][T18468] syzkaller1: entered promiscuous mode
[ 1383.401036][T18468] syzkaller1: entered allmulticast mode
[ 1383.567615][T14696] Bluetooth: hci2: command tx timeout
[ 1383.938775][T18524] netlink: 208 bytes leftover after parsing attributes in process `syz.2.3190'.
[ 1384.459739][ T4357] IPVS: stop unused estimator thread 0...
[ 1384.593143][T18452] chnl_net:caif_netlink_parms(): no params data found
[ 1384.794138][T18532] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3192'.
[ 1385.234875][ T6400] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1385.250634][T18452] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1385.278615][T18452] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1385.294122][T18452] bridge_slave_0: entered allmulticast mode
[ 1385.305935][T18452] bridge_slave_0: entered promiscuous mode
[ 1385.368044][T18452] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1385.377503][T18452] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1385.386145][T18452] bridge_slave_1: entered allmulticast mode
[ 1385.392930][T18452] bridge_slave_1: entered promiscuous mode
[ 1385.439618][ T6400] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1385.460369][ T6400] usb 5-1: config 9 has an invalid interface descriptor of length 8, skipping
[ 1385.471923][ T6400] usb 5-1: config 9 has an invalid descriptor of length 64, skipping remainder of the config
[ 1385.482535][ T6400] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[ 1385.505540][ T6400] usb 5-1: New USB device found, idVendor=0572, idProduct=cb00, bcdDevice=1e.21
[ 1385.527195][T18452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1385.539116][ T6400] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1385.547304][ T6400] usb 5-1: Product: syz
[ 1385.554892][T18452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1385.564146][ T6400] usb 5-1: Manufacturer: syz
[ 1385.568925][ T6400] usb 5-1: SerialNumber: syz
[ 1386.366801][T18554] Process accounting resumed
[ 1386.371748][T14696] Bluetooth: hci2: command tx timeout
[ 1386.414840][T18452] team0: Port device team_slave_0 added
[ 1386.451072][T18452] team0: Port device team_slave_1 added
[ 1386.471277][ T6400] usb 5-1: USB disconnect, device number 55
[ 1386.616312][T18452] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1386.646202][   T10] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1386.658187][T18452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1386.718454][T18452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1386.801065][T18452] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1386.812031][T18452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1386.850463][   T10] usb 2-1: device descriptor read/64, error -71
[ 1386.870857][T18452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1386.899076][T18560] overlayfs: failed to clone upperpath
[ 1386.958914][ T1009] bridge_slave_1: left allmulticast mode
[ 1386.981235][ T1009] bridge_slave_1: left promiscuous mode
[ 1387.009219][ T1009] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1387.032099][ T1009] bridge_slave_0: left allmulticast mode
[ 1387.037770][ T1009] bridge_slave_0: left promiscuous mode
[ 1387.063884][ T1009] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1387.169908][   T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1387.383717][   T10] usb 2-1: device descriptor read/64, error -71
[ 1387.473052][ T1009] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[ 1387.481598][ T1009] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 1a:96:85:46:d2:f6 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1387.565896][   T10] usb usb2-port1: attempt power cycle
[ 1388.200156][   T10] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1388.240217][   T10] usb 2-1: device descriptor read/8, error -71
[ 1388.482230][T18576] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1388.482230][T18576]    program syz.2.3205 not setting count and/or reply_len properly
[ 1388.603061][   T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1388.624500][   T10] usb 2-1: device descriptor read/8, error -71
[ 1388.744488][   T10] usb usb2-port1: unable to enumerate USB device
[ 1389.509955][ T1009] bond1 (unregistering): (slave macvlan2): Removing an active aggregator
[ 1389.518152][T18583] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18583 comm=syz.4.3208
[ 1389.519116][ T1009] bond1 (unregistering): (slave macvlan2): Releasing backup interface
[ 1389.578058][ T1009] bond1 (unregistering): (slave macvlan3): Releasing backup interface
[ 1389.620570][ T1009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1389.639008][ T1009] bond_slave_0: left allmulticast mode
[ 1389.657219][ T1009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1389.803049][ T1009] bond_slave_1: left allmulticast mode
[ 1389.824458][ T1009] bond0 (unregistering): Released all slaves
[ 1390.150568][ T1009] bond1 (unregistering): Released all slaves
[ 1393.007112][ T5955] usb 3-1: new full-speed USB device number 89 using dummy_hcd
[ 1393.072373][   T30] audit: type=1400 audit(1765683369.856:2524): avc:  denied  { watch watch_reads } for  pid=18600 comm="syz.1.3214" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1393.111108][T18601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3214'.
[ 1393.180506][T18452] hsr_slave_0: entered promiscuous mode
[ 1393.187273][T18452] hsr_slave_1: entered promiscuous mode
[ 1393.194061][T18452] debugfs: 'hsr0' already exists in 'hsr'
[ 1393.200893][T18452] Cannot create hsr debugfs directory
[ 1393.209424][ T5955] usb 3-1: config 0 has an invalid interface number: 11 but max is 0
[ 1393.226246][ T5955] usb 3-1: config 0 has no interface number 0
[ 1393.237958][ T5955] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[ 1393.275212][ T5955] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[ 1393.310762][ T5955] usb 3-1: config 0 interface 11 has no altsetting 0
[ 1393.345420][ T5955] usb 3-1: New USB device found, idVendor=06cd, idProduct=012a, bcdDevice=d5.1b
[ 1393.360992][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1393.413860][ T5955] usb 3-1: config 0 descriptor??
[ 1393.450354][T18595] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1393.533593][ T5955] keyspan 3-1:0.11: Keyspan 4 port adapter converter detected
[ 1393.612055][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81
[ 1393.674598][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1
[ 1393.803338][ T5955] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[ 1393.984536][T18595] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3211'.
[ 1394.008809][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82
[ 1394.134653][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2
[ 1394.250380][ T5955] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[ 1394.442360][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83
[ 1394.502707][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3
[ 1394.529773][ T5955] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[ 1394.591888][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84
[ 1394.599661][ T5955] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4
[ 1394.639518][ T5955] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[ 1394.650227][   T30] audit: type=1400 audit(1765683371.334:2525): avc:  denied  { setopt } for  pid=18610 comm="syz.4.3217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1394.704434][ T5955] usb 3-1: USB disconnect, device number 89
[ 1394.722181][T18617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3216'.
[ 1394.743200][ T5955] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[ 1394.805400][ T5955] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[ 1394.856892][ T5955] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[ 1394.872814][T18620] bridge1: port 1(veth3) entered blocking state
[ 1394.883801][T18620] bridge1: port 1(veth3) entered disabled state
[ 1394.886935][ T5955] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[ 1394.896757][T18620] veth3: entered allmulticast mode
[ 1394.906873][T18620] veth3: entered promiscuous mode
[ 1394.920071][   T30] audit: type=1400 audit(1765683371.577:2526): avc:  denied  { ioctl } for  pid=18623 comm="syz.4.3220" path="/dev/usbmon2" dev="devtmpfs" ino=722 ioctlcmd=0x9205 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1394.924114][ T5955] keyspan 3-1:0.11: device disconnected
[ 1395.003853][T18617] bridge1: port 2(veth5) entered blocking state
[ 1395.012194][T18617] bridge1: port 2(veth5) entered disabled state
[ 1395.021553][T18617] veth5: entered allmulticast mode
[ 1395.032274][T18617] veth5: entered promiscuous mode
[ 1395.156569][   T30] audit: type=1400 audit(1765683371.764:2527): avc:  denied  { listen } for  pid=18628 comm="syz.4.3222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1395.289530][T18633] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3221'.
[ 1395.975260][T18452] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1396.066779][T18452] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1397.106824][T18452] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1399.107649][T18452] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1400.323311][T18686] overlayfs: failed to clone lowerpath
[ 1400.486450][T18452] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1400.981920][   T90] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1401.035168][T18452] 8021q: adding VLAN 0 to HW filter on device team0
[ 1401.097448][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1401.104621][ T4227] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1401.142678][   T90] usb 3-1: Using ep0 maxpacket: 8
[ 1401.156625][   T90] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1401.174820][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1401.180673][ T3924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1401.193195][ T3924] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1401.195335][   T90] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1401.213419][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1401.227296][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1401.254104][   T90] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1401.263519][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1401.565227][   T90] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1401.566130][T18702] binder_alloc: 18701: binder_alloc_buf, no vma
[ 1401.607450][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1401.630463][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1402.301275][   T90] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1402.329183][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1402.373951][   T90] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1402.411016][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1402.443777][   T90] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1403.965918][   T90] usb 3-1: string descriptor 0 read error: -71
[ 1403.972182][   T90] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1404.040374][   T90] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1404.328047][T18452] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1404.418461][   T90] usb 3-1: can't set config #168, error -71
[ 1404.450188][   T90] usb 3-1: USB disconnect, device number 90
[ 1404.529320][T18727] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3247'.
[ 1405.086858][T18452] veth0_vlan: entered promiscuous mode
[ 1405.113702][T18733] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[ 1405.120623][T18733] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1405.124974][T18452] veth1_vlan: entered promiscuous mode
[ 1405.137097][T18733] vhci_hcd vhci_hcd.0: Device attached
[ 1405.151665][T18734] vhci_hcd: connection closed
[ 1405.155554][T15073] vhci_hcd vhci_hcd.2: stop threads
[ 1405.187036][T15073] vhci_hcd vhci_hcd.2: release socket
[ 1405.201866][ T1009] veth0_vlan: left promiscuous mode
[ 1405.205073][T15073] vhci_hcd vhci_hcd.2: disconnect device
[ 1405.800071][T18738] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1405.800071][T18738]    program syz.4.3251 not setting count and/or reply_len properly
[ 1406.020711][T18745] futex_wake_op: syz.2.3252 tries to shift op by -1; fix this program
[ 1406.755025][   T10] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1406.954440][   T10] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[ 1406.975859][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1406.984948][ T1009] team_slave_1 (unregistering): left allmulticast mode
[ 1406.992143][   T10] usb 5-1: Product: syz
[ 1406.997564][ T1009] team0 (unregistering): Port device team_slave_1 removed
[ 1407.005449][   T10] usb 5-1: Manufacturer: syz
[ 1407.010354][   T10] usb 5-1: SerialNumber: syz
[ 1407.039263][   T10] usb 5-1: config 0 descriptor??
[ 1407.052074][   T10] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 1407.062110][ T1009] team_slave_0 (unregistering): left allmulticast mode
[ 1407.077548][ T1009] team0 (unregistering): Port device team_slave_0 removed
[ 1407.087396][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1407.117805][   T10] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[ 1407.127298][ T5865] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1407.141433][   T10] usb 5-1: media controller created
[ 1407.164822][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1407.245541][   T10] DVB: Unable to find symbol mt352_attach()
[ 1407.275270][T18751] dvb-usb: bulk message failed: -22 (7/0)
[ 1407.326817][ T5865] usb 2-1: Using ep0 maxpacket: 8
[ 1407.409380][ T5865] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1407.460602][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1407.481664][ T5865] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1407.495179][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1407.506769][   T10] DVB: Unable to find symbol nxt6000_attach()
[ 1407.520355][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1407.529165][   T10] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[ 1407.572061][ T5865] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1407.582286][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1407.597736][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input20
[ 1407.611561][ T5865] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1407.629604][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1407.642324][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1407.656664][   T10] dvb-usb: schedule remote query interval to 1000 msecs.
[ 1407.670212][   T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[ 1407.687720][   T10] dvb-usb: bulk message failed: -22 (7/0)
[ 1407.695407][ T5865] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1407.707004][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1407.718932][   T10] dvb-usb: bulk message failed: -22 (7/0)
[ 1407.732834][   T10] usb 5-1: USB disconnect, device number 56
[ 1407.739405][ T5865] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1407.752431][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1407.790195][   T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[ 1407.806115][ T5865] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1407.823038][ T5865] usb 2-1: string descriptor 0 read error: -22
[ 1407.830337][ T5865] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1407.849813][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1407.895866][ T5865] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1408.141907][T18452] veth0_macvtap: entered promiscuous mode
[ 1408.151891][T18756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1408.168296][T18756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1408.177627][T18452] veth1_macvtap: entered promiscuous mode
[ 1408.195688][ T9500] usb 2-1: USB disconnect, device number 41
[ 1408.333232][T18452] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1408.383924][T18452] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1408.428353][ T4809] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1408.459091][ T4809] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1408.488238][ T4809] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1408.650212][ T4809] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1408.991397][T18774] netlink: 'syz.2.3258': attribute type 1 has an invalid length.
[ 1409.736337][T18774] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1410.303568][ T3924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1410.341527][ T3924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1410.366914][T18782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3260'.
[ 1411.134637][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1411.159550][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1411.515848][ T8939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1411.534876][ T8939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1411.644442][T18791] netlink: 'syz.0.3168': attribute type 32 has an invalid length.
[ 1411.697287][   T30] audit: type=1400 audit(1765683387.283:2528): avc:  denied  { execute } for  pid=18790 comm="syz.0.3168" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1413.079434][T18802] futex_wake_op: syz.2.3265 tries to shift op by -1; fix this program
[ 1414.558331][   T30] audit: type=1800 audit(1765683389.948:2529): pid=18822 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.3274" name="nullb0" dev="tmpfs" ino=2506 res=0 errno=0
[ 1414.633365][   T30] audit: type=1800 audit(1765683389.977:2530): pid=18823 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.3274" name="nullb0" dev="tmpfs" ino=2506 res=0 errno=0
[ 1414.815805][ T7363] usb 5-1: new full-speed USB device number 57 using dummy_hcd
[ 1414.866095][T18831] veth0_vlan: entered allmulticast mode
[ 1414.991722][T18833] overlayfs: failed to clone upperpath
[ 1415.139242][T18835] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3278'.
[ 1415.237464][ T7363] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1415.254235][ T7363] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1415.262264][ T7363] usb 5-1: Product: syz
[ 1415.275695][ T7363] usb 5-1: Manufacturer: syz
[ 1415.280851][ T7363] usb 5-1: SerialNumber: syz
[ 1415.312939][ T7363] usb 5-1: config 0 descriptor??
[ 1415.555180][ T7363] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1415.645275][   T90] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1415.863476][   T90] usb 2-1: Using ep0 maxpacket: 8
[ 1415.877409][   T90] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1415.894871][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1417.077476][   T90] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1417.114224][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1417.135611][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1417.169206][   T90] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1417.189070][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1417.210462][   T90] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1417.242637][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1417.264098][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1417.286663][   T90] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1417.294214][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1417.328165][   T90] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1417.351685][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1417.376154][   T90] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1417.407816][   T90] usb 2-1: string descriptor 0 read error: -22
[ 1417.414711][   T90] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1417.571910][   T90] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1417.620529][   T90] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1417.880968][T18858] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1417.880968][T18858]    program syz.0.3285 not setting count and/or reply_len properly
[ 1417.961976][T18841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1417.981751][T18841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1418.005774][   T90] usb 2-1: USB disconnect, device number 42
[ 1418.601640][ T7363] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1418.622779][ T7363] usb 5-1: USB disconnect, device number 57
[ 1418.678433][T18863] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1418.678433][T18863]    program syz.0.3286 not setting count and/or reply_len properly
[ 1418.998466][T18875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3287'.
[ 1423.411712][ T7363] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1423.683469][T14696] Bluetooth: hci4: command 0x0406 tx timeout
[ 1424.622756][T18925] Process accounting resumed
[ 1424.661830][ T7363] usb 3-1: Using ep0 maxpacket: 8
[ 1424.698113][ T7363] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1424.747763][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1424.800862][ T7363] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1424.854257][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1424.896999][   T24] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1424.918471][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1424.991060][ T7363] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1425.018437][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1425.057894][ T7363] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1425.075972][   T24] usb 5-1: device descriptor read/64, error -71
[ 1425.097485][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1425.123340][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1425.147169][ T7363] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1425.843609][   T24] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1426.198164][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1426.227522][ T7363] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1426.266271][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1426.294154][ T7363] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1426.360408][   T24] usb 5-1: device descriptor read/64, error -71
[ 1426.380162][ T7363] usb 3-1: string descriptor 0 read error: -71
[ 1426.393540][ T7363] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1426.438049][ T7363] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1426.480680][   T24] usb usb5-port1: attempt power cycle
[ 1426.499454][ T7363] usb 3-1: can't set config #168, error -71
[ 1426.696340][ T7363] usb 3-1: USB disconnect, device number 91
[ 1426.904568][   T24] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1426.931517][   T24] usb 5-1: device descriptor read/8, error -71
[ 1427.353465][   T30] audit: type=1400 audit(1765683401.912:2531): avc:  denied  { getopt } for  pid=18948 comm="syz.2.3307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1428.607431][T18963] kernel profiling enabled (shift: 17)
[ 1428.626033][T18963] xt_l2tp: v2 tid > 0xffff: 134217728
[ 1428.927619][ T5865] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1429.173403][ T5865] usb 2-1: Using ep0 maxpacket: 32
[ 1429.232458][ T5865] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[ 1429.304856][ T5865] usb 2-1: config 0 has no interface number 0
[ 1429.399392][ T5865] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1429.494000][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1429.554455][ T5865] usb 2-1: Product: syz
[ 1429.591572][ T5865] usb 2-1: Manufacturer: syz
[ 1429.628783][ T5865] usb 2-1: SerialNumber: syz
[ 1429.879567][ T5865] usb 2-1: config 0 descriptor??
[ 1429.951187][ T5865] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1431.425408][ T5865] usb 2-1: qt2_attach - failed to power on unit: -71
[ 1431.451085][ T5865] quatech2 2-1:0.51: probe with driver quatech2 failed with error -71
[ 1431.478141][ T5865] usb 2-1: USB disconnect, device number 43
[ 1434.297777][T19003] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3322'.
[ 1434.308916][T19003] netlink: 67 bytes leftover after parsing attributes in process `syz.5.3322'.
[ 1437.918804][T19041] futex_wake_op: syz.4.3333 tries to shift op by -1; fix this program
[ 1438.778982][T19050] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1438.778982][T19050]    program syz.2.3336 not setting count and/or reply_len properly
[ 1443.341353][T19087] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21432 sclass=netlink_route_socket pid=19087 comm=syz.1.3345
[ 1443.733911][   T30] audit: type=1400 audit(1765683417.225:2532): avc:  denied  { getattr } for  pid=19081 comm="syz.1.3345" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1443.892985][T19092] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1443.894418][T19087] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[ 1444.550291][T19099] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1444.550291][T19099]    program syz.0.3349 not setting count and/or reply_len properly
[ 1444.612363][ T6400] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1444.835329][ T6400] usb 3-1: Using ep0 maxpacket: 32
[ 1444.849811][ T6400] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1444.893576][ T6400] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1444.916765][ T6400] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1444.978149][ T6400] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1444.997681][ T6400] usb 3-1: config 0 descriptor??
[ 1445.316812][T19114] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3354'.
[ 1445.705076][ T6400] logitech 0003:046D:C29C.0011: hidraw0: USB HID vb4.30 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0
[ 1445.893211][ T8939] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1445.895061][ T6400] logitech 0003:046D:C29C.0011: no inputs found
[ 1445.945869][ T6400] usb 3-1: USB disconnect, device number 92
[ 1447.470844][T19131] overlayfs: maximum fs stacking depth exceeded
[ 1447.502382][ T8939] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1447.602468][T19130] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3361'.
[ 1447.685814][T14696] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1447.696827][T14696] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1447.705413][T14696] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1447.713782][T14696] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1447.722206][T14696] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1447.856983][ T8939] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1448.301798][ T8939] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1448.368109][T19137] chnl_net:caif_netlink_parms(): no params data found
[ 1449.937940][ T5829] Bluetooth: hci0: command tx timeout
[ 1450.441914][T19137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1450.470351][T19137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1450.490901][T19137] bridge_slave_0: entered allmulticast mode
[ 1450.743351][T19137] bridge_slave_0: entered promiscuous mode
[ 1450.757716][ T8939] bridge_slave_1: left allmulticast mode
[ 1450.774238][ T8939] bridge_slave_1: left promiscuous mode
[ 1450.784552][T19187] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1450.784552][T19187]    program syz.0.3376 not setting count and/or reply_len properly
[ 1450.803398][ T8939] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1450.844539][ T8939] bridge_slave_0: left allmulticast mode
[ 1450.864488][ T8939] bridge_slave_0: left promiscuous mode
[ 1450.870249][ T8939] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1450.910103][   T30] audit: type=1326 audit(1765683423.960:2533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19192 comm="syz.0.3378" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8f7058f749 code=0x0
[ 1450.973925][ T8939] veth5: left allmulticast mode
[ 1450.989740][ T8939] veth5: left promiscuous mode
[ 1450.995077][ T8939] bridge1: port 2(veth5) entered disabled state
[ 1451.080083][ T8939] veth3: left allmulticast mode
[ 1451.084983][ T8939] veth3: left promiscuous mode
[ 1451.123994][ T8939] bridge1: port 1(veth3) entered disabled state
[ 1452.158049][ T5829] Bluetooth: hci0: command tx timeout
[ 1452.219938][T19201] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3380'.
[ 1452.274146][T19202] netlink: 67 bytes leftover after parsing attributes in process `syz.4.3380'.
[ 1452.677371][   T30] audit: type=1400 audit(1765683425.606:2534): avc:  denied  { create } for  pid=19207 comm="syz.5.3382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[ 1452.773990][T19208] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3382'.
[ 1453.434448][ T8939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1453.444934][ T8939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1453.454820][ T8939] bond0 (unregistering): Released all slaves
[ 1453.467195][T19137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1453.474560][T19137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1453.481825][T19137] bridge_slave_1: entered allmulticast mode
[ 1453.488866][T19137] bridge_slave_1: entered promiscuous mode
[ 1453.541182][T19137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1453.553552][T19137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1453.705427][T19137] team0: Port device team_slave_0 added
[ 1453.723049][T19137] team0: Port device team_slave_1 added
[ 1453.744551][   T30] audit: type=1400 audit(1765683426.607:2535): avc:  denied  { nlmsg_write } for  pid=19223 comm="syz.5.3386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[ 1453.911482][ T9286] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1454.138618][T19137] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1454.155464][T19226] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1454.155464][T19226]    program syz.0.3387 not setting count and/or reply_len properly
[ 1454.178829][T19137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1454.232056][ T9286] usb 5-1: Using ep0 maxpacket: 16
[ 1454.255621][T19137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1454.388097][ T9286] usb 5-1: config 1 has an invalid interface number: 5 but max is 2
[ 1454.392000][ T5829] Bluetooth: hci0: command tx timeout
[ 1454.397022][ T9286] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1454.412167][ T9286] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1454.413145][T19137] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1454.424899][ T9286] usb 5-1: config 1 has no interface number 1
[ 1454.434755][ T9286] usb 5-1: too many endpoints for config 1 interface 5 altsetting 2: 70, using maximum allowed: 30
[ 1454.472685][T19137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1454.479443][ T9286] usb 5-1: config 1 interface 5 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 70
[ 1454.510007][   T10] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1454.513639][ T9286] usb 5-1: config 1 interface 5 has no altsetting 0
[ 1454.528709][T19137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1454.530168][ T9286] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1454.592264][ T8939] hsr_slave_0: left promiscuous mode
[ 1454.604336][ T8939] hsr_slave_1: left promiscuous mode
[ 1454.605590][ T9286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1454.654242][ T9286] usb 5-1: Product: syz
[ 1454.654399][ T8939] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1454.658471][ T9286] usb 5-1: Manufacturer: syz
[ 1454.702478][   T10] usb 3-1: Using ep0 maxpacket: 8
[ 1454.709321][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1454.711463][ T9286] usb 5-1: SerialNumber: syz
[ 1454.755016][ T8939] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1454.763449][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1454.780774][ T8939] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1454.791852][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1454.803271][ T8939] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1454.811961][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1454.842543][ T8939] veth1_macvtap: left promiscuous mode
[ 1454.848211][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1454.857436][ T8939] veth0_macvtap: left promiscuous mode
[ 1454.863418][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1454.873280][ T8939] veth1_vlan: left promiscuous mode
[ 1454.880573][ T8939] veth0_vlan: left promiscuous mode
[ 1455.014015][T19220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1455.048938][T19220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1455.105221][   T10] usb 3-1: GET_CAPABILITIES returned 0
[ 1455.119400][   T10] usbtmc 3-1:16.0: can't read capabilities
[ 1455.327922][   T10] usb 3-1: USB disconnect, device number 93
[ 1456.679075][ T5829] Bluetooth: hci0: command tx timeout
[ 1456.725849][T19255] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3394'.
[ 1456.780472][T19256] netlink: 67 bytes leftover after parsing attributes in process `syz.0.3394'.
[ 1457.507505][ T8939] team0 (unregistering): Port device team_slave_1 removed
[ 1457.566806][ T8939] team0 (unregistering): Port device team_slave_0 removed
[ 1458.418706][ T9286] usb 5-1: 0:2 : does not exist
[ 1458.453684][T19137] hsr_slave_0: entered promiscuous mode
[ 1458.562876][T19137] hsr_slave_1: entered promiscuous mode
[ 1458.579567][ T9286] usb 5-1: USB disconnect, device number 62
[ 1458.603166][T18325] udevd[18325]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1459.441031][   T30] audit: type=1400 audit(1765683431.939:2536): avc:  denied  { bind } for  pid=19268 comm="syz.4.3398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1459.486092][   T30] audit: type=1400 audit(1765683431.976:2537): avc:  denied  { write } for  pid=19268 comm="syz.4.3398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1459.907554][T19137] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1459.926518][T19137] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1459.942686][T19137] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1459.973046][T19137] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1460.696770][T19137] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1460.746663][T19137] 8021q: adding VLAN 0 to HW filter on device team0
[ 1460.773584][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1460.780820][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1460.824182][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1460.831376][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1462.210295][T19137] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1463.642731][T19137] veth0_vlan: entered promiscuous mode
[ 1464.641563][T19137] veth1_vlan: entered promiscuous mode
[ 1464.985414][T19137] veth0_macvtap: entered promiscuous mode
[ 1464.995326][T19137] veth1_macvtap: entered promiscuous mode
[ 1465.017655][T19137] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1465.034973][T19137] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1465.063944][ T1128] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1465.094611][ T7363] usb 3-1: new full-speed USB device number 94 using dummy_hcd
[ 1465.096465][ T1128] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1465.149937][ T1128] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1465.310108][ T1128] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1465.825514][ T7363] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1465.871302][ T7363] usb 3-1: not running at top speed; connect to a high speed hub
[ 1465.914185][ T7363] usb 3-1: config 1 has 3 interfaces, different from the descriptor's value: 16
[ 1465.934385][ T7363] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[ 1465.958388][ T7363] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1466.043947][ T3924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1466.058500][ T7363] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1466.075995][ T7363] usb 3-1: Product: syz
[ 1466.080503][ T7363] usb 3-1: Manufacturer: syz
[ 1466.084056][ T3924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1466.085095][ T7363] usb 3-1: SerialNumber: syz
[ 1466.178355][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1466.194993][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1466.391847][T19345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1466.421086][T19345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1466.703868][ T7363] usb 3-1: unit 5 not found!
[ 1466.752402][ T7363] usb 3-1: USB disconnect, device number 94
[ 1466.873827][T18325] udevd[18325]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1468.670936][   T30] audit: type=1400 audit(1765683439.805:2538): avc:  denied  { read } for  pid=19384 comm="syz.0.3428" path="socket:[80485]" dev="sockfs" ino=80485 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1468.750149][   T90] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1469.798929][   T90] usb 7-1: config 0 has an invalid interface number: 108 but max is 0
[ 1469.808220][   T90] usb 7-1: config 0 has no interface number 0
[ 1469.814290][   T90] usb 7-1: config 0 interface 108 altsetting 253 endpoint 0xE has invalid maxpacket 9216, setting to 1024
[ 1470.675718][   T90] usb 7-1: config 0 interface 108 altsetting 253 bulk endpoint 0xE has invalid maxpacket 1024
[ 1470.718260][ T6401] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1470.739075][   T90] usb 7-1: config 0 interface 108 has no altsetting 0
[ 1470.885469][   T90] usb 7-1: New USB device found, idVendor=05f9, idProduct=ffdf, bcdDevice= e.b7
[ 1470.900597][ T6401] usb 5-1: device descriptor read/64, error -71
[ 1470.918147][   T90] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1471.004983][T19411] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3434'.
[ 1471.119869][T19413] overlayfs: failed to clone upperpath
[ 1471.372689][   T90] usb 7-1: config 0 descriptor??
[ 1471.385802][   T90] usb 7-1: can't set config #0, error -71
[ 1471.408833][   T90] usb 7-1: USB disconnect, device number 2
[ 1471.486853][ T6401] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1471.594569][   T30] audit: type=1400 audit(1765683443.294:2539): avc:  denied  { setattr } for  pid=19417 comm="syz.0.3437" name="ptyq4" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[ 1471.637778][ T6401] usb 5-1: device descriptor read/64, error -71
[ 1471.797217][ T6401] usb usb5-port1: attempt power cycle
[ 1472.470417][   T90] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1472.603804][    C1] raw-gadget.0 gadget.2: ignoring, device is not running
[ 1472.759121][   T90] usb 3-1: device descriptor read/64, error -32
[ 1473.249201][   T90] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1473.464491][   T90] usb 3-1: device descriptor read/64, error -71
[ 1473.625556][   T90] usb usb3-port1: attempt power cycle
[ 1473.909523][T19443] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3447'.
[ 1474.362500][   T90] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1474.540568][T19424] Process accounting resumed
[ 1474.687555][T19447] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3446'.
[ 1475.062392][   T90] usb 3-1: device descriptor read/8, error -71
[ 1476.193055][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1476.201187][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1476.379106][T19460] syzkaller0: entered promiscuous mode
[ 1476.416208][T19465] futex_wake_op: syz.5.3452 tries to shift op by -1; fix this program
[ 1476.430097][T19460] syzkaller0: entered allmulticast mode
[ 1478.477197][   T90] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1478.702203][   T90] usb 3-1: device descriptor read/64, error -71
[ 1478.748077][T19476] hub 6-0:1.0: USB hub found
[ 1478.754193][T19476] hub 6-0:1.0: 1 port detected
[ 1478.970137][   T90] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1479.162826][   T90] usb 3-1: device descriptor read/64, error -71
[ 1479.266482][T19486] FAULT_INJECTION: forcing a failure.
[ 1479.266482][T19486] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1479.298827][   T90] usb usb3-port1: attempt power cycle
[ 1479.327040][T19486] CPU: 1 UID: 0 PID: 19486 Comm: syz.6.3459 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1479.327062][T19486] Tainted: [L]=SOFTLOCKUP
[ 1479.327066][T19486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1479.327073][T19486] Call Trace:
[ 1479.327077][T19486]  <TASK>
[ 1479.327081][T19486]  dump_stack_lvl+0x16c/0x1f0
[ 1479.327098][T19486]  should_fail_ex+0x512/0x640
[ 1479.327116][T19486]  _copy_from_user+0x2e/0xd0
[ 1479.327130][T19486]  kstrtouint_from_user+0xd6/0x1d0
[ 1479.327148][T19486]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1479.327163][T19486]  ? __lock_acquire+0x436/0x2890
[ 1479.327179][T19486]  ? lock_acquire+0x179/0x330
[ 1479.327194][T19486]  proc_fail_nth_write+0x83/0x220
[ 1479.327207][T19486]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1479.327221][T19486]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1479.327231][T19486]  vfs_write+0x2a0/0x11d0
[ 1479.327246][T19486]  ? __pfx___mutex_lock+0x10/0x10
[ 1479.327260][T19486]  ? __pfx_vfs_write+0x10/0x10
[ 1479.327277][T19486]  ? __fget_files+0x20e/0x3c0
[ 1479.327296][T19486]  ksys_write+0x12a/0x250
[ 1479.327309][T19486]  ? __pfx_ksys_write+0x10/0x10
[ 1479.327326][T19486]  do_syscall_64+0xcd/0xf80
[ 1479.327339][T19486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1479.327350][T19486] RIP: 0033:0x7f3fe1b8e1ff
[ 1479.327359][T19486] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1479.327370][T19486] RSP: 002b:00007f3fe29ed030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1479.327382][T19486] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3fe1b8e1ff
[ 1479.327388][T19486] RDX: 0000000000000001 RSI: 00007f3fe29ed0a0 RDI: 0000000000000004
[ 1479.327394][T19486] RBP: 00007f3fe29ed090 R08: 0000000000000000 R09: 0000000000000000
[ 1479.327400][T19486] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1479.327406][T19486] R13: 00007f3fe1de6128 R14: 00007f3fe1de6090 R15: 00007ffc83bc21c8
[ 1479.327420][T19486]  </TASK>
[ 1480.269507][T19496] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3461'.
[ 1485.398103][   T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1485.547838][T19543] overlayfs: failed to clone upperpath
[ 1485.705912][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1485.723013][   T10] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[ 1485.734463][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1485.751768][   T10] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1485.764350][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1485.775844][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1485.790328][   T10] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[ 1485.798806][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1485.810534][   T10] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1485.828494][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1485.840028][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1485.855458][   T10] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[ 1485.863989][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1485.880875][   T10] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1485.893308][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1485.941169][   T10] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1487.391112][   T10] usb 7-1: string descriptor 0 read error: -22
[ 1487.397557][   T10] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1487.406666][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1487.569951][   T10] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1487.682335][   T30] audit: type=1400 audit(1765683458.345:2540): avc:  denied  { read } for  pid=19550 comm="syz.2.3479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1487.718722][T19529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1487.766058][T19561] FAULT_INJECTION: forcing a failure.
[ 1487.766058][T19561] name failslab, interval 1, probability 0, space 0, times 0
[ 1487.777498][T19529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1487.856829][   T10] usb 7-1: USB disconnect, device number 3
[ 1487.861360][T19561] CPU: 1 UID: 0 PID: 19561 Comm: syz.4.3481 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1487.861388][T19561] Tainted: [L]=SOFTLOCKUP
[ 1487.861393][T19561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1487.861402][T19561] Call Trace:
[ 1487.861407][T19561]  <TASK>
[ 1487.861413][T19561]  dump_stack_lvl+0x16c/0x1f0
[ 1487.861434][T19561]  should_fail_ex+0x512/0x640
[ 1487.861454][T19561]  ? fs_reclaim_acquire+0xae/0x150
[ 1487.861476][T19561]  should_failslab+0xc2/0x120
[ 1487.861497][T19561]  __kmalloc_noprof+0xeb/0x910
[ 1487.861519][T19561]  ? tomoyo_encode2+0x100/0x3e0
[ 1487.861541][T19561]  ? tomoyo_encode2+0x100/0x3e0
[ 1487.861556][T19561]  tomoyo_encode2+0x100/0x3e0
[ 1487.861575][T19561]  tomoyo_encode+0x29/0x50
[ 1487.861589][T19561]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1487.861618][T19561]  tomoyo_path_number_perm+0x245/0x580
[ 1487.861640][T19561]  ? tomoyo_path_number_perm+0x237/0x580
[ 1487.861664][T19561]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1487.861708][T19561]  ? find_held_lock+0x2b/0x80
[ 1487.861729][T19561]  ? hook_file_ioctl_common+0x144/0x410
[ 1487.861753][T19561]  ? __fget_files+0x20e/0x3c0
[ 1487.861776][T19561]  security_file_ioctl+0x9b/0x240
[ 1487.861794][T19561]  __x64_sys_ioctl+0xb7/0x210
[ 1487.861812][T19561]  do_syscall_64+0xcd/0xf80
[ 1487.861830][T19561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1487.861844][T19561] RIP: 0033:0x7f6359d8f749
[ 1487.861856][T19561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1487.861870][T19561] RSP: 002b:00007f635ac42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1487.861886][T19561] RAX: ffffffffffffffda RBX: 00007f6359fe5fa0 RCX: 00007f6359d8f749
[ 1487.861895][T19561] RDX: 0000200000000000 RSI: 0000000000005414 RDI: 0000000000000005
[ 1487.861904][T19561] RBP: 00007f635ac42090 R08: 0000000000000000 R09: 0000000000000000
[ 1487.861913][T19561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1487.861922][T19561] R13: 00007f6359fe6038 R14: 00007f6359fe5fa0 R15: 00007ffc7c564778
[ 1487.861944][T19561]  </TASK>
[ 1487.861961][T19561] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1488.773419][   T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1488.866369][T19577] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3484'.
[ 1488.987298][   T10] usb 7-1: Using ep0 maxpacket: 16
[ 1489.010341][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1489.110933][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1489.214946][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1489.248638][   T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1489.279209][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1489.317633][   T10] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1489.334162][   T10] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1489.342712][   T10] usb 7-1: Manufacturer: syz
[ 1489.358829][   T10] usb 7-1: config 0 descriptor??
[ 1489.569993][T19590] overlayfs: failed to resolve './file0': -2
[ 1489.618110][ T5829] Bluetooth: hci1: command 0x0406 tx timeout
[ 1490.270685][    C0] hrtimer: interrupt took 25243 ns
[ 1491.942094][   T10] rc_core: IR keymap rc-hauppauge not found
[ 1493.008114][   T10] Registered IR keymap rc-empty
[ 1493.017620][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.049653][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.107523][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[ 1493.244022][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input21
[ 1493.434701][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.498759][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.538827][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.584660][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.648774][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.712714][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.779036][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.874173][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1493.978275][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1494.121522][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1494.408555][   T10] mceusb 7-1:0.0: Registered 栢瀇蹝첺⊅７뮾糘 with mce emulator interface version 1
[ 1494.490995][   T10] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1494.607733][   T10] usb 7-1: USB disconnect, device number 4
[ 1494.742733][T19633] syzkaller0: entered promiscuous mode
[ 1494.770048][T19633] syzkaller0: entered allmulticast mode
[ 1495.997482][T19647] overlayfs: failed to clone upperpath
[ 1496.246064][T19649] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3498'.
[ 1496.296618][T19649] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3498'.
[ 1498.401339][T19665] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3503'.
[ 1501.206174][T19690] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3510'.
[ 1504.547805][T19680] veth0_vlan: entered allmulticast mode
[ 1504.560576][T19703] syzkaller0: entered promiscuous mode
[ 1504.566282][T19703] syzkaller0: entered allmulticast mode
[ 1504.842327][T19731] FAULT_INJECTION: forcing a failure.
[ 1504.842327][T19731] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1504.885871][T19731] CPU: 0 UID: 0 PID: 19731 Comm: syz.6.3519 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1504.885901][T19731] Tainted: [L]=SOFTLOCKUP
[ 1504.885907][T19731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1504.885916][T19731] Call Trace:
[ 1504.885923][T19731]  <TASK>
[ 1504.885929][T19731]  dump_stack_lvl+0x16c/0x1f0
[ 1504.885951][T19731]  should_fail_ex+0x512/0x640
[ 1504.885974][T19731]  _copy_from_user+0x2e/0xd0
[ 1504.885995][T19731]  ____sys_sendmsg+0x607/0xc30
[ 1504.886018][T19731]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1504.886038][T19731]  ? __pfx__kstrtoull+0x10/0x10
[ 1504.886068][T19731]  ___sys_sendmsg+0x134/0x1d0
[ 1504.886093][T19731]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1504.886127][T19731]  ? find_held_lock+0x2b/0x80
[ 1504.886163][T19731]  __sys_sendmmsg+0x200/0x420
[ 1504.886186][T19731]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1504.886214][T19731]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1504.886241][T19731]  ? fput+0x70/0xf0
[ 1504.886264][T19731]  ? ksys_write+0x1ac/0x250
[ 1504.886287][T19731]  ? __pfx_ksys_write+0x10/0x10
[ 1504.886310][T19731]  __x64_sys_sendmmsg+0x9c/0x100
[ 1504.886332][T19731]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1504.886347][T19731]  do_syscall_64+0xcd/0xf80
[ 1504.886365][T19731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1504.886380][T19731] RIP: 0033:0x7f3fe1b8f749
[ 1504.886395][T19731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1504.886411][T19731] RSP: 002b:00007f3fe2a0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1504.886428][T19731] RAX: ffffffffffffffda RBX: 00007f3fe1de5fa0 RCX: 00007f3fe1b8f749
[ 1504.886439][T19731] RDX: 0000000000000001 RSI: 0000200000004740 RDI: 0000000000000003
[ 1504.886447][T19731] RBP: 00007f3fe2a0e090 R08: 0000000000000000 R09: 0000000000000000
[ 1504.886456][T19731] R10: 0000000000004004 R11: 0000000000000246 R12: 0000000000000001
[ 1504.886465][T19731] R13: 00007f3fe1de6038 R14: 00007f3fe1de5fa0 R15: 00007ffc83bc21c8
[ 1504.886486][T19731]  </TASK>
[ 1505.754573][T19737] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1505.754573][T19737]    program syz.0.3520 not setting count and/or reply_len properly
[ 1506.083905][   T30] audit: type=1400 audit(1765683475.566:2541): avc:  denied  { accept } for  pid=19745 comm="syz.0.3524" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1506.156332][   T30] audit: type=1400 audit(1765683475.594:2542): avc:  denied  { write } for  pid=19745 comm="syz.0.3524" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1507.153596][T19759] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3521'.
[ 1507.537423][T19750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3527'.
[ 1507.548944][   T90] IPVS: starting estimator thread 0...
[ 1507.654108][T19760] IPVS: using max 83 ests per chain, 199200 per kthread
[ 1507.859169][T19751] Process accounting resumed
[ 1508.560710][T19770] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3530'.
[ 1508.656777][T19767] syzkaller0: entered promiscuous mode
[ 1508.668728][T19767] syzkaller0: entered allmulticast mode
[ 1509.213231][T19774] ceph: No mds server is up or the cluster is laggy
[ 1509.220695][ T9286] libceph: connect (1)[c::]:6789 error -101
[ 1509.370532][ T9286] libceph: mon0 (1)[c::]:6789 connect error
[ 1509.456377][T19782] netlink: 'syz.5.3529': attribute type 5 has an invalid length.
[ 1509.492579][T19782] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3529'.
[ 1509.771650][ T6153] usb 5-1: new low-speed USB device number 66 using dummy_hcd
[ 1509.868707][T19792] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1509.868707][T19792]    program syz.0.3534 not setting count and/or reply_len properly
[ 1510.155554][ T6153] usb 5-1: Invalid ep0 maxpacket: 64
[ 1510.488200][T19806] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3537'.
[ 1510.502259][ T6153] usb 5-1: new low-speed USB device number 67 using dummy_hcd
[ 1510.733100][ T6153] usb 5-1: Invalid ep0 maxpacket: 64
[ 1510.851747][   T79] bond0: (slave bond_slave_0): interface is now down
[ 1510.859981][   T79] bond0: (slave bond_slave_1): interface is now down
[ 1510.894055][T19811] netlink: 'syz.5.3540': attribute type 10 has an invalid length.
[ 1511.070166][   T79] bond0: now running without any active interface!
[ 1511.169344][T19811] syz_tun: entered promiscuous mode
[ 1511.175076][ T6153] usb usb5-port1: attempt power cycle
[ 1511.220167][T19811] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1511.239216][   T79] bond0: (slave syz_tun): interface is now down
[ 1511.273365][T19815] futex_wake_op: syz.6.3541 tries to shift op by -1; fix this program
[ 1511.283790][T15083] bond0: (slave syz_tun): interface is now down
[ 1511.292329][T15083] bond0: now running without any active interface!
[ 1511.344559][T14696] Bluetooth: hci2: command 0x0406 tx timeout
[ 1511.544484][ T6153] usb 5-1: new low-speed USB device number 68 using dummy_hcd
[ 1511.600402][ T6153] usb 5-1: Invalid ep0 maxpacket: 64
[ 1511.612548][T19825] 9p: Bad value for 'wfdno'
[ 1511.860901][ T6153] usb 5-1: new low-speed USB device number 69 using dummy_hcd
[ 1511.917255][ T6153] usb 5-1: Invalid ep0 maxpacket: 64
[ 1511.924245][ T6153] usb usb5-port1: unable to enumerate USB device
[ 1512.653704][T19831] netlink: 'syz.5.3545': attribute type 1 has an invalid length.
[ 1513.554952][T19831] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1513.976497][T19842] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1513.976497][T19842]    program syz.4.3548 not setting count and/or reply_len properly
[ 1514.100935][T19846] netlink: 'syz.5.3551': attribute type 1 has an invalid length.
[ 1516.803756][T19863] 9p: Bad value for 'rfdno'
[ 1517.315907][T19871] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1518.496124][T19873] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1518.496124][T19873]    program syz.4.3561 not setting count and/or reply_len properly
[ 1520.454630][ T6153] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1520.642341][ T6153] usb 5-1: device descriptor read/64, error -71
[ 1520.909666][ T6153] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1521.101921][ T6153] usb 5-1: device descriptor read/64, error -71
[ 1521.308061][ T6153] usb usb5-port1: attempt power cycle
[ 1521.743383][ T6153] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1521.787908][ T6153] usb 5-1: device descriptor read/8, error -71
[ 1522.064309][ T6153] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1522.097873][ T6153] usb 5-1: device descriptor read/8, error -71
[ 1522.225661][ T6153] usb usb5-port1: unable to enumerate USB device
[ 1525.761913][T19941] ceph: No mds server is up or the cluster is laggy
[ 1525.788887][ T5926] libceph: connect (1)[c::]:6789 error -101
[ 1525.897248][ T5926] libceph: mon0 (1)[c::]:6789 connect error
[ 1526.811651][T19949] 9p: Bad value for 'wfdno'
[ 1527.937333][ T6400] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1528.350030][ T6400] usb 7-1: Using ep0 maxpacket: 8
[ 1528.377948][ T6400] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1528.394662][ T6400] usb 7-1: config 179 has no interface number 0
[ 1528.402242][ T6400] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1528.537410][ T6400] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1528.608170][ T6400] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1528.656046][ T6400] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1528.660849][T19974] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3581'.
[ 1528.679892][T19974] netlink: 67 bytes leftover after parsing attributes in process `syz.4.3581'.
[ 1528.714614][ T6400] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1528.966089][ T6400] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1529.189360][ T6400] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1529.242033][T19952] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1530.021684][T19987] netlink: 'syz.5.3586': attribute type 1 has an invalid length.
[ 1530.144755][T19987] bond3: entered promiscuous mode
[ 1530.150896][T19987] bond3: entered allmulticast mode
[ 1530.156370][T19987] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1530.895723][T19987] erspan1: entered allmulticast mode
[ 1532.138307][ T9286] usb 7-1: USB disconnect, device number 5
[ 1532.138335][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1532.152426][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1535.352792][   T30] audit: type=1326 audit(1765683502.945:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20041 comm="syz.2.3603" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6ba638f749 code=0x0
[ 1535.431449][T20043] netlink: 'syz.2.3603': attribute type 5 has an invalid length.
[ 1536.838394][T19389] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1537.042038][T19389] usb 7-1: Using ep0 maxpacket: 16
[ 1537.089993][T20075] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1537.089993][T20075]    program syz.4.3611 not setting count and/or reply_len properly
[ 1537.254796][T19389] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1537.283600][T19389] usb 7-1: config 0 has no interfaces?
[ 1537.293200][T19389] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1537.302603][T19389] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1537.323924][T19389] usb 7-1: config 0 descriptor??
[ 1537.426528][T14696] Bluetooth: hci3: command 0x1003 tx timeout
[ 1537.434109][ T5829] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1538.098646][T20088] netlink: 'syz.6.3609': attribute type 10 has an invalid length.
[ 1538.166433][T20088] team0: Port device dummy0 added
[ 1538.617669][T20068] netlink: 'syz.6.3609': attribute type 10 has an invalid length.
[ 1538.631710][T20068] team0: Port device dummy0 removed
[ 1538.642613][T20068] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1538.659568][T20068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1538.670488][T20068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1538.785735][ T5865] usb 7-1: USB disconnect, device number 6
[ 1538.848414][ T6400] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1538.883671][T20093] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1538.883671][T20093]    program syz.2.3617 not setting count and/or reply_len properly
[ 1539.019736][ T6400] usb 5-1: Using ep0 maxpacket: 8
[ 1539.026696][ T6400] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13
[ 1539.046890][ T6400] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[ 1539.057124][ T6400] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1539.065337][ T6400] usb 5-1: Product: syz
[ 1539.070353][ T6400] usb 5-1: Manufacturer: syz
[ 1539.075673][ T6400] usb 5-1: SerialNumber: syz
[ 1539.083884][ T6400] usb 5-1: config 0 descriptor??
[ 1539.094155][ T6400] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[ 1539.318492][T20090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1539.333034][T20090] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1539.400903][T20100] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3619'.
[ 1539.839535][ T6400] gspca_zc3xx: reg_w_i err -110
[ 1540.484722][ T6400] gspca_zc3xx: Unknown sensor - set to TAS5130C
[ 1540.534043][ T6400] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -110
[ 1541.748447][ T6400] usb 5-1: USB disconnect, device number 74
[ 1541.936752][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1541.944888][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1542.103800][   T79] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1542.757351][T20147] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3632'.
[ 1544.268405][T14696] Bluetooth: hci3: command 0x1003 tx timeout
[ 1544.277857][ T5829] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1544.497003][T20167] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3639'.
[ 1544.556324][T20167] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3639'.
[ 1547.207869][T20186] xt_cgroup: xt_cgroup: no path or classid specified
[ 1548.408299][T20202] FAULT_INJECTION: forcing a failure.
[ 1548.408299][T20202] name failslab, interval 1, probability 0, space 0, times 0
[ 1548.470922][T20202] CPU: 0 UID: 0 PID: 20202 Comm: syz.0.3650 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1548.470953][T20202] Tainted: [L]=SOFTLOCKUP
[ 1548.470959][T20202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1548.470968][T20202] Call Trace:
[ 1548.470975][T20202]  <TASK>
[ 1548.470982][T20202]  dump_stack_lvl+0x16c/0x1f0
[ 1548.471005][T20202]  should_fail_ex+0x512/0x640
[ 1548.471025][T20202]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1548.471050][T20202]  should_failslab+0xc2/0x120
[ 1548.471074][T20202]  kmem_cache_alloc_noprof+0x83/0x770
[ 1548.471091][T20202]  ? skb_clone+0x190/0x3f0
[ 1548.471121][T20202]  ? skb_clone+0x190/0x3f0
[ 1548.471143][T20202]  skb_clone+0x190/0x3f0
[ 1548.471167][T20202]  netlink_deliver_tap+0xabd/0xd30
[ 1548.471199][T20202]  netlink_unicast+0x64c/0x870
[ 1548.471221][T20202]  ? __pfx_netlink_unicast+0x10/0x10
[ 1548.471252][T20202]  netlink_sendmsg+0x8c8/0xdd0
[ 1548.471273][T20202]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1548.471300][T20202]  ____sys_sendmsg+0xa5d/0xc30
[ 1548.471325][T20202]  ? copy_msghdr_from_user+0x10a/0x160
[ 1548.471348][T20202]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1548.471371][T20202]  ? __pfx__kstrtoull+0x10/0x10
[ 1548.471403][T20202]  ___sys_sendmsg+0x134/0x1d0
[ 1548.471428][T20202]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1548.471476][T20202]  ? __pfx___might_resched+0x10/0x10
[ 1548.471498][T20202]  __sys_sendmmsg+0x200/0x420
[ 1548.471525][T20202]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1548.471556][T20202]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1548.471582][T20202]  ? fput+0x70/0xf0
[ 1548.471607][T20202]  ? ksys_write+0x1ac/0x250
[ 1548.471625][T20202]  ? __pfx_ksys_write+0x10/0x10
[ 1548.471649][T20202]  __x64_sys_sendmmsg+0x9c/0x100
[ 1548.471673][T20202]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1548.471690][T20202]  do_syscall_64+0xcd/0xf80
[ 1548.471710][T20202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1548.471726][T20202] RIP: 0033:0x7f8f7058f749
[ 1548.471741][T20202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1548.471757][T20202] RSP: 002b:00007f8f71346038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1548.471775][T20202] RAX: ffffffffffffffda RBX: 00007f8f707e5fa0 RCX: 00007f8f7058f749
[ 1548.471787][T20202] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 1548.471797][T20202] RBP: 00007f8f71346090 R08: 0000000000000000 R09: 0000000000000000
[ 1548.471807][T20202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1548.471817][T20202] R13: 00007f8f707e6038 R14: 00007f8f707e5fa0 R15: 00007fff0cfa3188
[ 1548.471842][T20202]  </TASK>
[ 1548.734874][T20202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1548.745216][T20202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1549.155753][   T79] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1549.195537][   T79] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1550.094747][ T6401] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1550.276469][ T6401] usb 3-1: Using ep0 maxpacket: 32
[ 1550.288109][ T6401] usb 3-1: config index 0 descriptor too short (expected 255, got 27)
[ 1550.350510][ T6401] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1550.393608][ T6401] usb 3-1: config 0 has no interfaces?
[ 1550.435479][ T6401] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[ 1550.458371][ T6401] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1550.495773][ T6401] usb 3-1: Product: syz
[ 1550.526684][ T6401] usb 3-1: Manufacturer: syz
[ 1550.531292][ T6401] usb 3-1: SerialNumber: syz
[ 1550.558866][ T6401] usb 3-1: config 0 descriptor??
[ 1550.876957][T20214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1550.910853][T20214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1550.966217][ T6401] usb 3-1: USB disconnect, device number 102
[ 1551.282195][ T5829] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1556.634771][T20258] Process accounting resumed
[ 1557.356630][T20283] atomic_op ffff8880320ed198 conn xmit_atomic 0000000000000000
[ 1560.969243][T20312] veth0_vlan: entered allmulticast mode
[ 1562.856028][T20330] netlink: 'syz.0.3684': attribute type 5 has an invalid length.
[ 1562.880899][T20330] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3684'.
[ 1563.339979][T14696] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 1563.363723][T20321] Process accounting resumed
[ 1563.400149][T14696] CPU: 1 UID: 0 PID: 14696 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1563.400189][T14696] Tainted: [L]=SOFTLOCKUP
[ 1563.400196][T14696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1563.400210][T14696] Workqueue: hci0 hci_rx_work
[ 1563.400250][T14696] Call Trace:
[ 1563.400257][T14696]  <TASK>
[ 1563.400265][T14696]  dump_stack_lvl+0x16c/0x1f0
[ 1563.400287][T14696]  sysfs_warn_dup+0x7f/0xa0
[ 1563.400311][T14696]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1563.400334][T14696]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1563.400360][T14696]  ? kobject_namespace+0x8c/0x1a0
[ 1563.400387][T14696]  kobject_add_internal+0x2c4/0x9d0
[ 1563.400413][T14696]  kobject_add+0x16e/0x240
[ 1563.400435][T14696]  ? __pfx_kobject_add+0x10/0x10
[ 1563.400460][T14696]  ? kobject_put+0xaf/0x6f0
[ 1563.400476][T14696]  ? _raw_spin_unlock+0x3e/0x50
[ 1563.400506][T14696]  device_add+0x288/0x1980
[ 1563.400533][T14696]  ? __pfx_dev_set_name+0x10/0x10
[ 1563.400551][T14696]  ? __pfx_device_add+0x10/0x10
[ 1563.400579][T14696]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1563.400613][T14696]  hci_conn_add_sysfs+0x1a8/0x260
[ 1563.400635][T14696]  le_conn_complete_evt+0x11ed/0x1fa0
[ 1563.400669][T14696]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1563.400703][T14696]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1563.400738][T14696]  hci_le_meta_evt+0x357/0x610
[ 1563.400754][T14696]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1563.400784][T14696]  hci_event_packet+0x685/0x1210
[ 1563.400811][T14696]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1563.400829][T14696]  ? __pfx_hci_event_packet+0x10/0x10
[ 1563.400855][T14696]  ? kfree_skbmem+0x8d/0x1f0
[ 1563.400875][T14696]  ? kfree_skbmem+0xae/0x1f0
[ 1563.400894][T14696]  ? sk_skb_reason_drop+0x136/0x1a0
[ 1563.400928][T14696]  hci_rx_work+0x2c9/0x1020
[ 1563.400959][T14696]  process_one_work+0x9ba/0x1b20
[ 1563.400993][T14696]  ? __pfx_process_one_work+0x10/0x10
[ 1563.401023][T14696]  ? assign_work+0x1a0/0x250
[ 1563.401047][T14696]  worker_thread+0x6c8/0xf10
[ 1563.401078][T14696]  ? __kthread_parkme+0x19e/0x250
[ 1563.401097][T14696]  ? __pfx_worker_thread+0x10/0x10
[ 1563.401119][T14696]  kthread+0x3c5/0x780
[ 1563.401141][T14696]  ? __pfx_kthread+0x10/0x10
[ 1563.401164][T14696]  ? rcu_is_watching+0x12/0xc0
[ 1563.401181][T14696]  ? __pfx_kthread+0x10/0x10
[ 1563.401202][T14696]  ret_from_fork+0x983/0xb10
[ 1563.401224][T14696]  ? __pfx_ret_from_fork+0x10/0x10
[ 1563.401253][T14696]  ? __switch_to+0x7af/0x10d0
[ 1563.401276][T14696]  ? __pfx_kthread+0x10/0x10
[ 1563.401300][T14696]  ret_from_fork_asm+0x1a/0x30
[ 1563.401342][T14696]  </TASK>
[ 1563.658192][T14696] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1563.682653][T18206] Bluetooth: hci3: sending frame failed (-49)
[ 1563.691575][ T5829] Bluetooth: hci3: Opcode 0x1003 failed: -49
[ 1563.728494][T14696] Bluetooth: hci0: failed to register connection device
[ 1563.759083][T14696] ==================================================================
[ 1563.767156][T14696] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xe47/0x1010
[ 1563.775132][T14696] Read of size 8 at addr ffff88804bde0480 by task kworker/u9:0/14696
[ 1563.783180][T14696] 
[ 1563.785499][T14696] CPU: 0 UID: 0 PID: 14696 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1563.785516][T14696] Tainted: [L]=SOFTLOCKUP
[ 1563.785520][T14696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1563.785529][T14696] Workqueue: hci0 hci_rx_work
[ 1563.785551][T14696] Call Trace:
[ 1563.785556][T14696]  <TASK>
[ 1563.785561][T14696]  dump_stack_lvl+0x116/0x1f0
[ 1563.785575][T14696]  print_report+0xcd/0x630
[ 1563.785590][T14696]  ? __virt_addr_valid+0x81/0x610
[ 1563.785601][T14696]  ? __phys_addr+0xe8/0x180
[ 1563.785611][T14696]  ? l2cap_connect_cfm+0xe47/0x1010
[ 1563.785628][T14696]  kasan_report+0xe0/0x110
[ 1563.785642][T14696]  ? l2cap_connect_cfm+0xe47/0x1010
[ 1563.785659][T14696]  l2cap_connect_cfm+0xe47/0x1010
[ 1563.785676][T14696]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1563.785691][T14696]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1563.785705][T14696]  le_conn_complete_evt+0x1991/0x1fa0
[ 1563.785722][T14696]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1563.785739][T14696]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1563.785755][T14696]  hci_le_meta_evt+0x357/0x610
[ 1563.785765][T14696]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1563.785780][T14696]  hci_event_packet+0x685/0x1210
[ 1563.785795][T14696]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1563.785805][T14696]  ? __pfx_hci_event_packet+0x10/0x10
[ 1563.785819][T14696]  ? kfree_skbmem+0x8d/0x1f0
[ 1563.785831][T14696]  ? kfree_skbmem+0xae/0x1f0
[ 1563.785841][T14696]  ? sk_skb_reason_drop+0x136/0x1a0
[ 1563.785857][T14696]  hci_rx_work+0x2c9/0x1020
[ 1563.785872][T14696]  process_one_work+0x9ba/0x1b20
[ 1563.785888][T14696]  ? __pfx_process_one_work+0x10/0x10
[ 1563.785903][T14696]  ? assign_work+0x1a0/0x250
[ 1563.785916][T14696]  worker_thread+0x6c8/0xf10
[ 1563.785931][T14696]  ? __kthread_parkme+0x19e/0x250
[ 1563.785942][T14696]  ? __pfx_worker_thread+0x10/0x10
[ 1563.785954][T14696]  kthread+0x3c5/0x780
[ 1563.785966][T14696]  ? __pfx_kthread+0x10/0x10
[ 1563.785978][T14696]  ? rcu_is_watching+0x12/0xc0
[ 1563.785988][T14696]  ? __pfx_kthread+0x10/0x10
[ 1563.785999][T14696]  ret_from_fork+0x983/0xb10
[ 1563.786011][T14696]  ? __pfx_ret_from_fork+0x10/0x10
[ 1563.786022][T14696]  ? __switch_to+0x7af/0x10d0
[ 1563.786035][T14696]  ? __pfx_kthread+0x10/0x10
[ 1563.786047][T14696]  ret_from_fork_asm+0x1a/0x30
[ 1563.786065][T14696]  </TASK>
[ 1563.786069][T14696] 
[ 1564.013024][T14696] Allocated by task 14696:
[ 1564.017461][T14696]  kasan_save_stack+0x33/0x60
[ 1564.022137][T14696]  kasan_save_track+0x14/0x30
[ 1564.026797][T14696]  __kasan_kmalloc+0xaa/0xb0
[ 1564.031373][T14696]  l2cap_chan_create+0x44/0x930
[ 1564.036209][T14696]  l2cap_sock_alloc.constprop.0+0xf5/0x1d0
[ 1564.042085][T14696]  l2cap_sock_new_connection_cb+0x101/0x240
[ 1564.047982][T14696]  l2cap_connect_cfm+0x4f0/0x1010
[ 1564.052998][T14696]  le_conn_complete_evt+0x1991/0x1fa0
[ 1564.058354][T14696]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1564.063888][T14696]  hci_le_meta_evt+0x357/0x610
[ 1564.068633][T14696]  hci_event_packet+0x685/0x1210
[ 1564.073556][T14696]  hci_rx_work+0x2c9/0x1020
[ 1564.078068][T14696]  process_one_work+0x9ba/0x1b20
[ 1564.082993][T14696]  worker_thread+0x6c8/0xf10
[ 1564.087571][T14696]  kthread+0x3c5/0x780
[ 1564.091641][T14696]  ret_from_fork+0x983/0xb10
[ 1564.096214][T14696]  ret_from_fork_asm+0x1a/0x30
[ 1564.100969][T14696] 
[ 1564.103272][T14696] Freed by task 20333:
[ 1564.107314][T14696]  kasan_save_stack+0x33/0x60
[ 1564.111973][T14696]  kasan_save_track+0x14/0x30
[ 1564.116631][T14696]  kasan_save_free_info+0x3b/0x60
[ 1564.121643][T14696]  __kasan_slab_free+0x5f/0x80
[ 1564.126393][T14696]  kfree+0x2f8/0x6e0
[ 1564.130278][T14696]  l2cap_chan_put+0x1bb/0x310
[ 1564.134958][T14696]  l2cap_sock_cleanup_listen+0x4d/0x2f0
[ 1564.140485][T14696]  l2cap_sock_release+0x69/0x280
[ 1564.145409][T14696]  __sock_release+0xb3/0x270
[ 1564.149987][T14696]  sock_close+0x1c/0x30
[ 1564.154127][T14696]  __fput+0x402/0xb70
[ 1564.158089][T14696]  task_work_run+0x150/0x240
[ 1564.162677][T14696]  exit_to_user_mode_loop+0xfb/0x540
[ 1564.167945][T14696]  do_syscall_64+0x4ee/0xf80
[ 1564.172522][T14696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1564.178395][T14696] 
[ 1564.180703][T14696] The buggy address belongs to the object at ffff88804bde0000
[ 1564.180703][T14696]  which belongs to the cache kmalloc-2k of size 2048
[ 1564.194734][T14696] The buggy address is located 1152 bytes inside of
[ 1564.194734][T14696]  freed 2048-byte region [ffff88804bde0000, ffff88804bde0800)
[ 1564.208695][T14696] 
[ 1564.211003][T14696] The buggy address belongs to the physical page:
[ 1564.217391][T14696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4bde0
[ 1564.226136][T14696] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1564.234610][T14696] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1564.242148][T14696] page_type: f5(slab)
[ 1564.246110][T14696] raw: 00fff00000000040 ffff88813ff27000 ffffea0000bffe00 dead000000000002
[ 1564.254673][T14696] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 1564.263241][T14696] head: 00fff00000000040 ffff88813ff27000 ffffea0000bffe00 dead000000000002
[ 1564.271891][T14696] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 1564.280548][T14696] head: 00fff00000000003 ffffea00012f7801 00000000ffffffff 00000000ffffffff
[ 1564.289206][T14696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1564.297852][T14696] page dumped because: kasan: bad access detected
[ 1564.304241][T14696] page_owner tracks the page as allocated
[ 1564.309933][T14696] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 16020, tgid 16019 (syz.5.2526), ts 1145183787914, free_ts 1145166880248
[ 1564.331628][T14696]  post_alloc_hook+0x1af/0x220
[ 1564.336387][T14696]  get_page_from_freelist+0xd0b/0x31a0
[ 1564.341829][T14696]  __alloc_frozen_pages_noprof+0x25f/0x2430
[ 1564.347715][T14696]  alloc_pages_mpol+0x1fb/0x550
[ 1564.352549][T14696]  new_slab+0x2c3/0x430
[ 1564.356695][T14696]  ___slab_alloc+0xe18/0x1c90
[ 1564.361359][T14696]  __slab_alloc.constprop.0+0x63/0x110
[ 1564.366802][T14696]  __kmalloc_noprof+0x4fc/0x910
[ 1564.371640][T14696]  ops_init+0x77/0x5f0
[ 1564.375692][T14696]  setup_net+0x11d/0x3a0
[ 1564.379917][T14696]  copy_net_ns+0x351/0x7c0
[ 1564.384311][T14696]  create_new_namespaces+0x3ea/0xab0
[ 1564.389580][T14696]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1564.395200][T14696]  ksys_unshare+0x45b/0xa40
[ 1564.399700][T14696]  __x64_sys_unshare+0x31/0x40
[ 1564.404444][T14696]  do_syscall_64+0xcd/0xf80
[ 1564.408926][T14696] page last free pid 5815 tgid 5815 stack trace:
[ 1564.415228][T14696]  __free_frozen_pages+0x7df/0x1170
[ 1564.420502][T14696]  qlist_free_all+0x4c/0xf0
[ 1564.424987][T14696]  kasan_quarantine_reduce+0x195/0x1e0
[ 1564.430428][T14696]  __kasan_slab_alloc+0x69/0x90
[ 1564.435263][T14696]  kmem_cache_alloc_noprof+0x25e/0x770
[ 1564.440703][T14696]  getname_flags.part.0+0x4c/0x550
[ 1564.445804][T14696]  __x64_sys_unlink+0xb0/0x110
[ 1564.450555][T14696]  do_syscall_64+0xcd/0xf80
[ 1564.455044][T14696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1564.460922][T14696] 
[ 1564.463227][T14696] Memory state around the buggy address:
[ 1564.468837][T14696]  ffff88804bde0380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1564.476889][T14696]  ffff88804bde0400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1564.484936][T14696] >ffff88804bde0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1564.492976][T14696]                    ^
[ 1564.497023][T14696]  ffff88804bde0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1564.505064][T14696]  ffff88804bde0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1564.513103][T14696] ==================================================================
[ 1564.590663][T14696] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1564.597893][T14696] CPU: 1 UID: 0 PID: 14696 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1564.609014][T14696] Tainted: [L]=SOFTLOCKUP
[ 1564.613347][T14696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1564.623410][T14696] Workqueue: hci0 hci_rx_work
[ 1564.628113][T14696] Call Trace:
[ 1564.631399][T14696]  <TASK>
[ 1564.634336][T14696]  dump_stack_lvl+0x3d/0x1f0
[ 1564.638931][T14696]  vpanic+0x640/0x6f0
[ 1564.642911][T14696]  panic+0xca/0xd0
[ 1564.646616][T14696]  ? __pfx_panic+0x10/0x10
[ 1564.651036][T14696]  ? l2cap_connect_cfm+0xe47/0x1010
[ 1564.656250][T14696]  ? preempt_schedule_common+0x44/0xc0
[ 1564.661716][T14696]  ? preempt_schedule_thunk+0x16/0x30
[ 1564.667073][T14696]  check_panic_on_warn+0xab/0xb0
[ 1564.672001][T14696]  end_report+0x107/0x160
[ 1564.676315][T14696]  kasan_report+0xee/0x110
[ 1564.680709][T14696]  ? l2cap_connect_cfm+0xe47/0x1010
[ 1564.685904][T14696]  l2cap_connect_cfm+0xe47/0x1010
[ 1564.690917][T14696]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1564.696365][T14696]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1564.701806][T14696]  le_conn_complete_evt+0x1991/0x1fa0
[ 1564.707180][T14696]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1564.712927][T14696]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1564.718470][T14696]  hci_le_meta_evt+0x357/0x610
[ 1564.723298][T14696]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1564.729350][T14696]  hci_event_packet+0x685/0x1210
[ 1564.734268][T14696]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1564.739534][T14696]  ? __pfx_hci_event_packet+0x10/0x10
[ 1564.744909][T14696]  ? kfree_skbmem+0x8d/0x1f0
[ 1564.749492][T14696]  ? kfree_skbmem+0xae/0x1f0
[ 1564.754063][T14696]  ? sk_skb_reason_drop+0x136/0x1a0
[ 1564.759254][T14696]  hci_rx_work+0x2c9/0x1020
[ 1564.763749][T14696]  process_one_work+0x9ba/0x1b20
[ 1564.768673][T14696]  ? __pfx_process_one_work+0x10/0x10
[ 1564.774030][T14696]  ? assign_work+0x1a0/0x250
[ 1564.778609][T14696]  worker_thread+0x6c8/0xf10
[ 1564.783188][T14696]  ? __kthread_parkme+0x19e/0x250
[ 1564.788192][T14696]  ? __pfx_worker_thread+0x10/0x10
[ 1564.793287][T14696]  kthread+0x3c5/0x780
[ 1564.797352][T14696]  ? __pfx_kthread+0x10/0x10
[ 1564.801930][T14696]  ? rcu_is_watching+0x12/0xc0
[ 1564.806665][T14696]  ? __pfx_kthread+0x10/0x10
[ 1564.811239][T14696]  ret_from_fork+0x983/0xb10
[ 1564.815805][T14696]  ? __pfx_ret_from_fork+0x10/0x10
[ 1564.820905][T14696]  ? __switch_to+0x7af/0x10d0
[ 1564.825598][T14696]  ? __pfx_kthread+0x10/0x10
[ 1564.830181][T14696]  ret_from_fork_asm+0x1a/0x30
[ 1564.834941][T14696]  </TASK>
[ 1564.838253][T14696] Kernel Offset: disabled
[ 1564.842558][T14696] Rebooting in 86400 seconds..