last executing test programs:

28m21.581168952s ago: executing program 0 (id=231):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x101}, 0x18)
write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x9, 0x0, 0x700, 0x0, 0x14, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x2}]}}}}}}, 0x46)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0x5, {0x12, 0x4, 0x0, 0x9, 0xfffe, 0x68, 0x0, 0x6, 0x32, 0x5, @local, @rand_addr=0x64010102, {[@rr={0x7, 0xb, 0xb3, [@local, @private=0xa010101]}, @timestamp={0x44, 0x8, 0xc2, 0x0, 0x9, [0x240]}, @generic={0x88, 0xa, "d3a2c8ea2e588eb7"}, @timestamp_addr={0x44, 0x14, 0xc1, 0x1, 0x1, [{@local, 0x8}, {@multicast2, 0x8}]}]}}}}}}}, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f", 0xcd}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

28m20.967712807s ago: executing program 0 (id=236):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newsa={0x140, 0x10, 0x1, 0x8000000, 0x0, {{@in=@private=0xa010100, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in6=@loopback, 0x0, 0x33}, @in=@local, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000, 0x0, 0x100000000}, {0x10, 0x9, 0x2}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffffe}]}, 0x140}}, 0x0)

28m19.100178192s ago: executing program 0 (id=240):
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f0000000880), 0x0, 0x700}, 0x20)
socket(0x11, 0x2, 0x10001)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, &(0x7f00000006c0)={0xa3, 0x0, 0x0})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(0xffffffffffffffff, 0xc008aec1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000400), 0x0)

28m17.540268568s ago: executing program 0 (id=242):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
preadv(r2, &(0x7f0000001840)=[{&(0x7f0000001640)=""/16, 0x10}], 0x1, 0x2, 0x5)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x448000, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

28m14.397548171s ago: executing program 0 (id=252):
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f0000000880), 0x0, 0x700}, 0x20)
socket(0x11, 0x2, 0x10001)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, &(0x7f00000006c0)={0xa3, 0x0, 0x0})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(0xffffffffffffffff, 0xc008aec1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000400), 0x0)

28m13.087320317s ago: executing program 0 (id=255):
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080)={0x2, 'bridge0\x00', {0x5}, 0x600})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

27m57.360880525s ago: executing program 32 (id=255):
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080)={0x2, 'bridge0\x00', {0x5}, 0x600})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

16m46.224123437s ago: executing program 3 (id=2868):
openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2842, 0x0)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x7c1c, 0x8)
socket$inet(0x2, 0xa, 0x7ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x20}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xac800000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

16m42.148456749s ago: executing program 3 (id=2872):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xac800000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

16m37.856101449s ago: executing program 3 (id=2875):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
tkill(r4, 0x6)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x1f, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800fcffffff0000000034000000000085000000a800001f9e00cb9efcfe00009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000000000000850000007300000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)

16m36.618846448s ago: executing program 3 (id=2879):
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="fc0000001900e1f6ddedabc4ac5c000000000000000000000000000000000001", @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000100000006000000000000000000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c000000020000000a0101020000000000000000000000000600000004"], 0xfc}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f00000029c0)='/dev/comedi4\x00', 0x600, 0x0)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x36, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x0)

16m31.21889573s ago: executing program 3 (id=2888):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
tkill(r4, 0x6)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x1f, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800fcffffff0000000034000000000085000000a800001f9e00cb9efcfe00009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000000000000850000007300000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)

16m29.940721474s ago: executing program 3 (id=2890):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f00000000c0)={@remote, @private0, @empty, 0x40003, 0x40, 0x5, 0x100, 0x0, 0x590043})

16m14.500956139s ago: executing program 33 (id=2890):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f00000000c0)={@remote, @private0, @empty, 0x40003, 0x40, 0x5, 0x100, 0x0, 0x590043})

49.965802243s ago: executing program 2 (id=5690):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x1d, 0x2, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x3c0580, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000080040000000000000000000018010000756c070000000000000020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000000850000000600000095d552b05af24afe2c0cfcc087e047d9105f8835fbe9314a44273080f8f49431e14e75f8d5a565fe761a011f67386f25cfce6412d42572f0af7005c61846aee3f6f0f72d360c59c2e7d3a5a0dacff211f0df6e6623834afc1df76c0c33225aa289a69b79ba496729e637cbb89e51a89cb2030d5131c903522f17d97a5437a4"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r5, 0x0, 0x14, 0x0, 0x0)
r6 = socket(0x11, 0x3, 0x2006)
write(r6, &(0x7f0000000100), 0x0)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="02c90012000e09000014060a000a3d6e55ea9f19371334f90d188573ce04073f6775572b1da863bde97ec6ddc649b0a75162e5a39fe753653044004b2666f2ffcfeddd552d3bbd"], 0x17)
recvmmsg(r6, 0x0, 0x0, 0x10122, 0x0)
sendto$inet6(r6, &(0x7f0000000240), 0x0, 0x20008801, &(0x7f00000001c0)={0xa, 0x4e20, 0x7fff, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4f2b}, 0x1c)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r7, 0x104, 0x6, 0x0, &(0x7f0000000140))
ioctl$sock_bt_bnep_BNEPCONNADD(r6, 0x400442c8, &(0x7f00000004c0)=ANY=[@ANYRES32=r6, @ANYBLOB="07000000f9ffa2d69fbd3dc48f2fcb535263ea962922330ac0a0768465334f7da38e81049cb1d7fd9a94b70b1e189aab6611adb1ad496cab6eb69659bcc9f0c8218c60c5002bf2014133906b88890c5e87be58a1eebc6b9738622fba2eccb3834cef512723fcda9cff7e0bc3c7c47d9731302ca5247841a59c4bfc328da3447f4da60feb44dbc550fcd522825f30307d8bfe82916588a6f4113d10f8601a11733d1dc99e0a6757ba08e58a7c6fc8489d94d44da5437d1cfa3de193d2507531ccb3df810f958037aa283b9a336ba0881a10ef2ae3109775d4fccd12a0b40bf60d492955a4e7c98ad01d0ada62df4d03b7025bea0e206021921c239bb1202a99e3ddcb7728009f2b066fba106e787ae16eef"])
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r8, 0x4)
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, 0x0, 0x2, {0x3}}, 0x18)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0x1c}}, 0x0)
recvfrom$inet_nvme(r8, 0x0, 0x0, 0x41, &(0x7f0000000680)=@nfc={0x27, 0x0, 0x0, 0x1}, 0x80)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})

48.961647638s ago: executing program 2 (id=5692):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syzkaller1\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0xa1300)
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r2}, @IFLA_HSR_SLAVE1={0x8, 0x1, r1}, @IFLA_HSR_PROTOCOL={0x5}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0)
ioctl$IOMMU_IOAS_MAP(r9, 0x3b85, &(0x7f0000000300)={0x28, 0xb, 0x0, 0x0, 0x0, 0x0, 0x5})
write$vhost_msg_v2(r8, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/185, 0xb9, 0x0, 0x2, 0x2}}, 0x48)
syz_emit_ethernet(0x11, &(0x7f0000000600)=ANY=[@ANYBLOB="0000b976071b0d9486b8a4a4aa489c0ce62ad2219c641919f302034f821900f672944e09f8ab7ceb498f1a51c015549098dadfb51fce4d9d11bff1cebb0aa09008c352410df7aafb53a83caf0942f7196ac67f8aed8c238dd724f3df14bc2088459c47a2dad6cf5c8423d4c2dc27c40a52b610ae639ebbbe53d4498d7a430b23c67135004128fad94e6c4cd8ff7a0a468d2d"], 0x0)
write$vhost_msg(r8, &(0x7f0000000100)={0x1, {&(0x7f00000007c0)=""/194, 0xc2, 0x0, 0x3, 0x2}}, 0x48)

31.518273078s ago: executing program 2 (id=5693):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000180)={0x0, 0x4af, 0x1})
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
write$UHID_CREATE2(r1, &(0x7f00000001c0)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x3, 0x2, 0xa, 0x1, 0x8dd5}}, 0x118)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

17.955606045s ago: executing program 2 (id=5693):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000180)={0x0, 0x4af, 0x1})
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
write$UHID_CREATE2(r1, &(0x7f00000001c0)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x3, 0x2, 0xa, 0x1, 0x8dd5}}, 0x118)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

15.415489718s ago: executing program 4 (id=5787):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, 0x0, 0x0)
fsync(0xffffffffffffffff)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x0, 0x800, 0x2, 0x14, 0x602, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x111240, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7c, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = syz_open_procfs(0x0, &(0x7f0000002480)='net/raw6\x00')
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
r4 = socket$xdp(0x2c, 0x3, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
syz_emit_ethernet(0x0, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)}])
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000024c0), 0xffffffffffffa19a, 0x0)
read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$NFT_MSG_GETTABLE(r3, 0x0, 0x4091)
getsockopt$XDP_STATISTICS(r4, 0x11b, 0x8, &(0x7f0000000040), &(0x7f0000000000)=0x30)

11.764394835s ago: executing program 6 (id=5794):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='comm\x00')
write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYBLOB="5d580000000000001c001a8018000a8014000700000000000000000000000f0000000001140003006970766c616e310000800000000000fe924691800b0001006970766c616e00008b"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xb, &(0x7f0000000000)=0x205, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc1400000b4788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r3)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000008c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9259}, [@IFLA_IFNAME={0x14, 0x3, 'macvtap0\x00'}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x8044)
chdir(&(0x7f00000000c0)='./bus\x00')
r5 = syz_clone(0x81130400, &(0x7f00000001c0)="61d207c37874fcbfe4aaa425f72e12156da46b936d", 0x15, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000540)="d0f426bf4c36a1e47b577824ba32c7604f1488313d4159403288da858015e186f3ff3d1f9f4fcf70b4f4e5b725abdbf266e02d58e75aa9777ea547c21c33408a4ac4fad122118e2c0e7fa516a7a711a85d1fc569018ccd3230f40e0d358d26d7ce1d1e4c93a0c3e1217c3810c533a6f1e6b9f6dafed7829e2d47f7a7a55b4f3c1d4873ffc12341c1edb298497602812911be45b369e4caae8382db3f8f007ddba409750a413de6f27f8141d5c6c41992f99d4e6187c4d25c4a1daf86fb2ac2112a4298d9cceaeeb83695ed48e70448")
sched_setaffinity(r5, 0x8, &(0x7f0000000300)=0xfffffffffffffffd)
r6 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
wait4(0x0, 0x0, 0x1000000, 0x0)
open_by_handle_at(r6, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000fb00000000fb"], 0x830600)

11.677959408s ago: executing program 6 (id=5796):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xfffffffffffffeb5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80))
connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000080))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r5, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000001040)={0x6, 0x118, 0xfa00, {{0x7, 0x57f8, "669c45f4ec60bff12e4890888348296a0a1e79424ddda61b15bedab068d4ea1bb7bef7630c4a8e9755efff90f85c12750a5c4382919d84bfb58ed40af09511a3ec419547f797e60d32f10039f2db430d25f4fea3d1e0897c2b3334a3c9f727c945624aea27468fdde417e1e04fa3543c78d48a143d6af22a0c0268d1945a52ed7674e8623452f77b4796af87978f3b3b932f01ec257b2b25b1351d303e2b1abc2ace4b273a65553c1d237f736aaf4e8bf19a7bf47aaeab957c75fe6567b10ddbedb89eb8ef4bd839198b4cc36c21cef7bb472031fd7a7c689e1e80b4855bf525b0cd689f3e6cf9c921da8a855fa8efbf4bbc5c82491fd490489e5b07a288b5d8", 0xfc, 0x8, 0x80, 0x80, 0x21, 0x6, 0x0, 0x1}, r5}}, 0x120)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

11.671082883s ago: executing program 4 (id=5797):
socket$unix(0x1, 0x2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, 0x0, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2, 0x0, 0xbabd}, 0x1c)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100008ac75220cf106380d2d10102030109022400010000100009048800023e3f5c0009050a02200002"], 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x1, 0x40, 0x3fc, 0x4, 0x50}, 0x9c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="010226bd7000feffffff030026f807000400ac14143114000600736974300000000000000000000000001400070000000000000000000000ffff7f000001080005"], 0x4c}, 0x8, 0x3000000000002}, 0x844)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4)
sendmsg$NLBL_MGMT_C_ADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r5, 0x511, 0x0, 0xfffffffe, {0x5}}, 0x21}}, 0xa000000)

10.340608875s ago: executing program 6 (id=5799):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_emit_ethernet(0x36, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa7e3100001cf886dd6a7abd5900006701fc000000000000000000000000000000ff0200000000000000000000000000018c49b1917b6672e0e71fd020ab954f7c3e91a6f6095ed9be2fdf82597c05cf4acabd25cd04"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xf)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f000028a000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="ba4100ed0f5db80000f20fd6d0ba4200b008ee0f01c2660f3882757cb89c0c8ed80f017c000f799e09002e3665640f01c9", 0x31}], 0x1, 0x48, &(0x7f00000001c0), 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4)
r6 = socket(0x1e, 0x1, 0x0)
connect$tipc(r6, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r6, &(0x7f0000000080), 0x2000011a)
sendmsg$TIPC_NL_NET_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fedbdf250f0000000c000780080002002afc"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x620, 0xe0, 0x428, 0x338, 0x338, 0x338, 0x550, 0x550, 0x550, 0x550, 0x550, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe0, 0x0, {0x7a00000010000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x2, 0x1}, {0xffffffffffffffff, 0x45, 0x1}, {0xffffffffffffffff, 0x4}, 0x6, 0x7ff}}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0xa}, [0x0, 0x0, 0x0, 0xffffff00], [0x0, 0x0, 0xffffffff, 0xff], 'macvlan0\x00', 'veth1_vlan\x00', {}, {}, 0x6, 0x1, 0x4}, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@eui64={{0x28}}, @common=@eui64={{0x28}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffff}, {}, {0x87, 0x0, 0x7}}}}, {{@uncond, 0x0, 0x100, 0x128, 0x48000000, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @common=@srh={{0x30}, {0x33, 0x66, 0xf8, 0xa6, 0x9, 0x440, 0x502}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010100, @ipv4=@loopback}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}, {0x62, 0x8, 0x7, 0xb, 0x30ba, 0x222}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @HL={0x28, 'HL\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x680)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = creat(0x0, 0x58)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x8031, 0xffffffffffffffff, 0x8cefe000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
creat(0x0, 0xc9028ba210c11f88)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_MCAST_MSFILTER(r8, 0x29, 0x30, &(0x7f00000002c0)={0x1, {{0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0xc}, 0x3}}, 0x1, 0x3, [{{0xa, 0x4e22, 0xffffffc0, @mcast2, 0xffff}}, {{0xa, 0x4e20, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}, {{0xa, 0x4e22, 0x4, @empty, 0x2}}]}, 0x210)

9.537158492s ago: executing program 5 (id=5800):
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x6f, 0x48014)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r3 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffe, 0x8, @remote, 0xffffefff}}}, 0x108)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb03000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
sendto$inet6(r4, &(0x7f0000000340), 0x0, 0x10, 0x0, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)
close(r2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x2, 0x1, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r5, 0xc0585611, 0x0)
ioctl$vim2m_VIDIOC_DQBUF(r5, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x1, 0x0, {}, {0x4, 0x0, 0xfd}, 0xfffffffe, 0x1, {}, 0x6})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x23)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)

8.281459346s ago: executing program 5 (id=5802):
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000400))
sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000005c80)={&(0x7f0000005c00)={0x68, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x2, @media='eth\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x4848}, 0x20000000)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, 0x0, 0x800)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000500)={0x0, 0x0, {0x2, 0x9, 0x1009, 0x2, 0x1, 0x4, 0x2, 0x7}})
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ftruncate(r0, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0)

8.229982724s ago: executing program 6 (id=5803):
r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_getaffinity(0x0, 0x8, &(0x7f0000000040))
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x2)
fcntl$getown(r0, 0x9)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xd, 0x0, 0x6, {0x8002, 0x1004, 0x4, 0x86f}})

7.99818055s ago: executing program 4 (id=5805):
syz_io_uring_complete(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
syz_emit_ethernet(0x4a, &(0x7f0000000680)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x10, 0x0, 0x0, 0x4, {[@md5sig={0x13, 0x12, "623eebe039a1f617fd02722e3486ebd9"}]}}}}}}}, 0x0)
r1 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000100)=@ethernet={0x50c, @remote}, 0x80, &(0x7f00000001c0)}, 0x8000)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x348cf000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000001300)='ns/net\x00')
socket$nl_sock_diag(0x10, 0x3, 0x4)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@host})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b1, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x1f22})

7.28610163s ago: executing program 6 (id=5806):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xfffffffffffffeb5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80))
connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000080))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r5, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000001040)={0x6, 0x118, 0xfa00, {{0x7, 0x57f8, "669c45f4ec60bff12e4890888348296a0a1e79424ddda61b15bedab068d4ea1bb7bef7630c4a8e9755efff90f85c12750a5c4382919d84bfb58ed40af09511a3ec419547f797e60d32f10039f2db430d25f4fea3d1e0897c2b3334a3c9f727c945624aea27468fdde417e1e04fa3543c78d48a143d6af22a0c0268d1945a52ed7674e8623452f77b4796af87978f3b3b932f01ec257b2b25b1351d303e2b1abc2ace4b273a65553c1d237f736aaf4e8bf19a7bf47aaeab957c75fe6567b10ddbedb89eb8ef4bd839198b4cc36c21cef7bb472031fd7a7c689e1e80b4855bf525b0cd689f3e6cf9c921da8a855fa8efbf4bbc5c82491fd490489e5b07a288b5d8", 0xfc, 0x8, 0x80, 0x80, 0x21, 0x6, 0x0, 0x1}, r5}}, 0x120)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

6.536153375s ago: executing program 5 (id=5808):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x101}, 0x18)
write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xa, 0x0, 0x700, 0x0, 0x14, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x5, "d58838"}]}}}}}}, 0x4a)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0x5, {0x12, 0x4, 0x0, 0x9, 0xfffe, 0x68, 0x0, 0x6, 0x32, 0x5, @local, @rand_addr=0x64010102, {[@rr={0x7, 0xb, 0xb3, [@local, @private=0xa010101]}, @timestamp={0x44, 0x8, 0xc2, 0x0, 0x9, [0x240]}, @generic={0x88, 0xa, "d3a2c8ea2e588eb7"}, @timestamp_addr={0x44, 0x14, 0xc1, 0x1, 0x1, [{@local, 0x8}, {@multicast2, 0x8}]}]}}}}}}}, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

6.448607145s ago: executing program 5 (id=5809):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002040), 0x8889, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
epoll_create1(0x0)
r2 = syz_io_uring_setup(0x106, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0x121}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x320}, 0x1, {0x0, r5}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000002540)={&(0x7f0000004200)={0x50, 0x0, 0x3, {0x7, 0x2b, 0x9, 0x40802140, 0xa, 0x8, 0x7, 0xcdd, 0x0, 0x0, 0x80, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

6.35034536s ago: executing program 1 (id=5810):
r0 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$inet6_mreq(r0, 0x88, 0x68, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

6.275371568s ago: executing program 6 (id=5811):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000700000000000000000000009500000000000000bf12b8597264200d94ffcbf25ca9e908a0b8637c8de86387a644f81ac675d597069be32b2b9471a9b9a3af84180c1b1293a52684ed01be5d91aad2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
socket(0x2d, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)

5.356114857s ago: executing program 1 (id=5812):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
tkill(r4, 0x6)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x1f, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800fcffffff0000000034000000000085000000a800001f9e00cb9efcfe00009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000000000000850000007300000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)

4.96393741s ago: executing program 2 (id=5693):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000180)={0x0, 0x4af, 0x1})
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
write$UHID_CREATE2(r1, &(0x7f00000001c0)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x3, 0x2, 0xa, 0x1, 0x8dd5}}, 0x118)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

3.783617015s ago: executing program 1 (id=5814):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_emit_ethernet(0x36, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa7e3100001cf886dd6a7abd5900006701fc000000000000000000000000000000ff0200000000000000000000000000018c49b1917b6672e0e71fd020ab954f7c3e91a6f6095ed9be2fdf82597c05cf4acabd25cd04"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xf)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f000028a000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="ba4100ed0f5db80000f20fd6d0ba4200b008ee0f01c2660f3882757cb89c0c8ed80f017c000f799e09002e3665640f01c9", 0x31}], 0x1, 0x48, &(0x7f00000001c0), 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4)
r6 = socket(0x1e, 0x1, 0x0)
connect$tipc(r6, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r6, &(0x7f0000000080), 0x2000011a)
sendmsg$TIPC_NL_NET_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fedbdf250f0000000c000780080002002afc"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x620, 0xe0, 0x428, 0x338, 0x338, 0x338, 0x550, 0x550, 0x550, 0x550, 0x550, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe0, 0x0, {0x7a00000010000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x2, 0x1}, {0xffffffffffffffff, 0x45, 0x1}, {0xffffffffffffffff, 0x4}, 0x6, 0x7ff}}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0xa}, [0x0, 0x0, 0x0, 0xffffff00], [0x0, 0x0, 0xffffffff, 0xff], 'macvlan0\x00', 'veth1_vlan\x00', {}, {}, 0x6, 0x1, 0x4}, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@eui64={{0x28}}, @common=@eui64={{0x28}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffff}, {}, {0x87, 0x0, 0x7}}}}, {{@uncond, 0x0, 0x100, 0x128, 0x48000000, {}, [@inet=@rpfilter={{0x28}, {0xd}}, @common=@srh={{0x30}, {0x33, 0x66, 0xf8, 0xa6, 0x9, 0x440, 0x502}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010100, @ipv4=@loopback}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}, {0x62, 0x8, 0x7, 0xb, 0x30ba, 0x222}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @HL={0x28, 'HL\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x680)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = creat(0x0, 0x58)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x8031, 0xffffffffffffffff, 0x8cefe000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
creat(0x0, 0xc9028ba210c11f88)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_MCAST_MSFILTER(r8, 0x29, 0x30, &(0x7f00000002c0)={0x1, {{0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0xc}, 0x3}}, 0x1, 0x3, [{{0xa, 0x4e22, 0xffffffc0, @mcast2, 0xffff}}, {{0xa, 0x4e20, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}, {{0xa, 0x4e22, 0x4, @empty, 0x2}}]}, 0x210)

3.124206405s ago: executing program 5 (id=5815):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='xdp_exception\x00', r5, 0x0, 0x159}, 0x18)
r6 = dup(r1)
write$binfmt_elf32(r6, 0x0, 0x64)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfb}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0x24, &(0x7f0000000200)=0x7, 0x4)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r7, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3, 0x28, 0x0, 0x0, 0x53, 0x6, 0x0, @remote, @local}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x7, 0x0, 0xfffd}}}}}}, 0x0)

2.808584239s ago: executing program 4 (id=5816):
r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_getaffinity(0x0, 0x8, &(0x7f0000000040))
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x2)
fcntl$getown(r0, 0x9)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xd, 0x0, 0x6, {0x8002, 0x1004, 0x4, 0x86f}})

2.057006689s ago: executing program 1 (id=5817):
syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x18, 0x6, 0x0, @private0={0xfc, 0x0, '\x00', 0x10}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x4, {[@generic={0x1, 0x2}]}}}}}}}}, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$FS_IOC_GETVERSION(r1, 0x80087601, &(0x7f0000000140))
read(r0, &(0x7f0000000300)=""/245, 0xf5)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x40402)
sendmsg$nl_xfrm(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={0x0}, 0x1, 0x0, 0x0, 0x40040d0}, 0x4000040)
setsockopt$packet_buf(r2, 0x107, 0x2, &(0x7f0000000000)="b118a29d897d2438ae5603443c30122d05f787dd96a5e52d8739d79ee6f3f5ec6620fdd698d556b217ba8d3e08a36dde135fe1c89653ee374d4a0ba94265fc0e06a594af0546b465e6280ebae30147a04bb0b198e31aaa1d14e13692de4680eda5c89709012532b69b8f307d9d865d459203f4008a0617a1511b7a487a3ff6b263042b0d7468acdb789cddc6057f032968cd4ad8240d20ed5141f80f83e077ce9e305a8325475897ef1d2be22c80964ec600b6458c5e64", 0xb7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
syz_open_procfs$namespace(r3, &(0x7f0000000180)='ns/net\x00')
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
userfaultfd(0x0)

1.899564202s ago: executing program 2 (id=5693):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000180)={0x0, 0x4af, 0x1})
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
write$UHID_CREATE2(r1, &(0x7f00000001c0)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x3, 0x2, 0xa, 0x1, 0x8dd5}}, 0x118)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

1.304544919s ago: executing program 5 (id=5818):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x0, 0x4, 0x10, 0x0, @vifc_lcl_addr=@empty, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1d, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005100000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x8, 0x0, 0x0}}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0xfffffffd, 0x25dfdbfc, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{}, {}, {}, {}, {}, {0x448eade7, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x9}, {0x2}, {}, {}, {0x0, 0x20000000, 0x0, 0x40000000, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {0xfffffffc, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0xd5, 0x7}, {0x0, 0x0, 0x0, 0x83, 0x0, 0xfffffffd}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {0x0, 0x10}, {0x80000000, 0x0, 0x81, 0x0, 0x0, 0x3}, {0x8eb9, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x4, 0x0, 0x7ee}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x4}, {0x9}, {}, {}, {0x7}, {}, {0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffb}, {}, {0x0, 0x9, 0xfffffffc, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {0xd5a0}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x2}, {}, {}, {}, {}, {}, {0x10000}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x7}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x1, 0x1}, {}, {}, {}, {}, {0x2}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='net/ip_mr_vif\x00')
preadv(r6, &(0x7f0000001400)=[{&(0x7f0000000500)=""/205, 0xcd}], 0x1, 0x47, 0x3)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYRES16=r7, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1.258477172s ago: executing program 4 (id=5819):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x101}, 0x18)
write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xa, 0x0, 0x700, 0x0, 0x14, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x5, "d58838"}]}}}}}}, 0x4a)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0x5, {0x12, 0x4, 0x0, 0x9, 0xfffe, 0x68, 0x0, 0x6, 0x32, 0x5, @local, @rand_addr=0x64010102, {[@rr={0x7, 0xb, 0xb3, [@local, @private=0xa010101]}, @timestamp={0x44, 0x8, 0xc2, 0x0, 0x9, [0x240]}, @generic={0x88, 0xa, "d3a2c8ea2e588eb7"}, @timestamp_addr={0x44, 0x14, 0xc1, 0x1, 0x1, [{@local, 0x8}, {@multicast2, 0x8}]}]}}}}}}}, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

419.48698ms ago: executing program 1 (id=5820):
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000400))
sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000005c80)={&(0x7f0000005c00)={0x68, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x2, @media='eth\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x4848}, 0x20000000)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, 0x0, 0x800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000500)={0x0, 0x0, {0x2, 0x9, 0x1009, 0x2, 0x1, 0x4, 0x2, 0x7}})
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ftruncate(r0, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0)

261.911968ms ago: executing program 1 (id=5821):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x8}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x115080, 0x6)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$evdev(&(0x7f0000000340), 0x2, 0x10000)
unshare(0x2040400)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0xff, 0x5, 0x7f, 0x1, 0x1}, 0x50)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r5, 0x3b86, &(0x7f0000000040)={0x18, r6, 0xfe})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x17)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r7, 0x0, &(0x7f00000000c0)=""/66}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000180)={'syztnl0\x00', <r8=>0x0, 0x4, 0x1, 0x5, 0x4, 0x57, @private1, @dev={0xfe, 0x80, '\x00', 0x9}, 0x20, 0x1, 0x8, 0x7}})
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x4, 0x4, 0x1}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r10, 0x58, &(0x7f0000000080)={0x0, <r11=>0x0}}, 0x10)
r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={r11, 0x0, 0x10}, 0xc)
bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000000)={r12, 0x0, 0x0}, 0x10)
preadv(r9, &(0x7f0000000100)=[{&(0x7f0000000280)=""/35, 0x23}], 0x1, 0x38, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="04000000030000bb000100"/29], 0x50)

0s ago: executing program 4 (id=5822):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syzkaller1\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0xa1300)
close_range(r6, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r2}, @IFLA_HSR_SLAVE1={0x8, 0x1, r1}, @IFLA_HSR_PROTOCOL={0x5}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000000)=0x200000000)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0)
write$vhost_msg_v2(r7, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/185, 0xb9, 0x0, 0x2, 0x2}}, 0x48)
syz_emit_ethernet(0x11, &(0x7f0000000600)=ANY=[@ANYBLOB="0000b976071b0d9486b8a4a4aa489c0ce62ad2219c641919f302034f821900f672944e09f8ab7ceb498f1a51c015549098dadfb51fce4d9d11bff1cebb0aa09008c352410df7aafb53a83caf0942f7196ac67f8aed8c238dd724f3df14bc2088459c47a2dad6cf5c8423d4c2dc27c40a52b610ae639ebbbe53d4498d7a430b23c67135004128fad94e6c4cd8ff7a0a468d2d"], 0x0)
write$vhost_msg(r7, &(0x7f0000000100)={0x1, {&(0x7f00000007c0)=""/194, 0xc2, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r7, &(0x7f0000001a00)={0x2, 0x0, {&(0x7f0000001940)=""/173, 0xad, 0x0, 0x2, 0x2}}, 0x48)

kernel console output (not intermixed with test programs):

bytes leftover after parsing attributes in process `syz.4.4996'.
[ 1583.713416][T23196] fuse: Bad value for 'fd'
[ 1583.735149][ T5876] usb 3-1: device descriptor read/64, error -71
[ 1584.001352][T23209] devpts: Bad value for 'max'
[ 1584.009460][T23209] input: syz0 as /devices/virtual/input/input62
[ 1584.023852][ T5876] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1584.303834][ T5876] usb 3-1: device descriptor read/64, error -71
[ 1584.416713][ T5876] usb usb3-port1: attempt power cycle
[ 1584.863202][T23225] kvm: user requested TSC rate below hardware speed
[ 1585.143853][ T9050] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[ 1585.403882][ T9050] usb 5-1: Using ep0 maxpacket: 8
[ 1585.428657][ T9050] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1585.469965][ T9050] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1585.483937][T19893] usb 6-1: new full-speed USB device number 115 using dummy_hcd
[ 1585.501967][ T9050] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1585.541309][ T9050] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1585.593338][ T9050] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1585.707821][T19893] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1585.717997][T19893] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1585.734933][T19893] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1586.156306][T19893] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1586.167018][T19893] usb 6-1: Product: syz
[ 1586.171735][T19893] usb 6-1: Manufacturer: syz
[ 1586.389507][T19893] usb 6-1: SerialNumber: syz
[ 1586.532020][T19893] usb 6-1: config 0 descriptor??
[ 1586.716787][T19893] usb 6-1: selecting invalid altsetting 0
[ 1587.261367][T23238] tipc: Started in network mode
[ 1587.336247][T23238] tipc: Node identity fc2a, cluster identity 4711
[ 1587.442405][T23238] tipc: Node number set to 64554
[ 1587.553548][ T9050] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1587.744035][T19893] usb 6-1: USB disconnect, device number 115
[ 1587.884663][T23250] netlink: 'syz.2.5009': attribute type 1 has an invalid length.
[ 1588.203878][T23252] bond1: (slave geneve2): Opening slave failed
[ 1588.246376][ T9050] usb 5-1: can't set config #16, error -71
[ 1588.253338][ T9050] usb 5-1: USB disconnect, device number 101
[ 1588.529487][T23259] netlink: 'syz.1.5011': attribute type 32 has an invalid length.
[ 1588.570108][T23258] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5012'.
[ 1589.044569][T23267] devpts: Bad value for 'max'
[ 1589.063404][T23267] input: syz0 as /devices/virtual/input/input63
[ 1589.163927][T19893] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1589.517043][T19893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1589.527207][T19893] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1589.536766][T19893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1589.710546][   T30] audit: type=1326 audit(1765560084.355:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23275 comm="syz.5.5018" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4938f749 code=0x0
[ 1589.991436][T19893] usb 3-1: config 0 descriptor??
[ 1590.057471][T19893] pwc: Askey VC010 type 2 USB webcam detected.
[ 1590.473235][T19893] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1590.514815][T19893] pwc: recv_control_msg error -32 req 02 val 2700
[ 1590.571395][T19893] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1590.658830][T19893] pwc: recv_control_msg error -32 req 04 val 1000
[ 1590.739637][T19893] pwc: recv_control_msg error -32 req 04 val 1300
[ 1590.780183][T19893] pwc: recv_control_msg error -32 req 04 val 1400
[ 1590.836355][T19893] pwc: recv_control_msg error -32 req 02 val 2000
[ 1590.885232][T19893] pwc: recv_control_msg error -32 req 02 val 2100
[ 1590.931168][T19893] pwc: recv_control_msg error -32 req 04 val 1500
[ 1590.991989][T19893] pwc: recv_control_msg error -32 req 02 val 2500
[ 1591.049385][T19893] pwc: recv_control_msg error -32 req 02 val 2400
[ 1591.240153][T19893] pwc: recv_control_msg error -32 req 02 val 2600
[ 1591.287012][T19893] pwc: recv_control_msg error -32 req 02 val 2900
[ 1591.966131][T23265] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5014'.
[ 1592.267330][T23305] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1592.278189][T23305] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1592.288835][T23305] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1592.333064][T23305] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 1592.444815][T19893] pwc: recv_control_msg error -71 req 04 val 1100
[ 1592.452139][T19893] pwc: recv_control_msg error -71 req 04 val 1200
[ 1592.557174][T19893] pwc: Registered as video103.
[ 1592.771498][T19893] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input64
[ 1593.121910][T19893] usb 3-1: USB disconnect, device number 88
[ 1593.278700][T23316] loop8: detected capacity change from 0 to 1
[ 1593.301093][T23316] Dev loop8: unable to read RDB block 1
[ 1593.501468][T23316]  loop8: unable to read partition table
[ 1593.514639][T23316] loop8: partition table beyond EOD, truncated
[ 1593.523854][T23316] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[ 1593.826033][   T30] audit: type=1326 audit(1765560088.365:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23319 comm="syz.2.5031" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f082898f749 code=0x0
[ 1594.077839][ T7124] usb 6-1: new full-speed USB device number 116 using dummy_hcd
[ 1594.454848][ T7124] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1594.618265][T23334] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1594.626609][ T7124] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1594.674046][ T7124] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1594.816453][ T7124] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1594.849263][ T7124] usb 6-1: Product: syz
[ 1594.907586][ T7124] usb 6-1: Manufacturer: syz
[ 1594.920480][ T7124] usb 6-1: SerialNumber: syz
[ 1594.941075][ T7124] usb 6-1: config 0 descriptor??
[ 1594.953860][  T117] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1595.082291][ T7124] usb 6-1: selecting invalid altsetting 0
[ 1595.419909][ T7124] usb 6-1: USB disconnect, device number 116
[ 1595.449258][T23345] fuse: Invalid rootmode
[ 1595.587157][  T117] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1595.596568][  T117] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1595.633935][  T117] usb 3-1: config 0 descriptor??
[ 1595.960407][  T117] kaweth 3-1:0.0: Firmware present in device.
[ 1596.080502][T23353] openvswitch: netlink: Tunnel attr 3 has unexpected len 4 expected 1
[ 1596.158602][  T117] kaweth 3-1:0.0: Error reading configuration (-32), no net device created
[ 1596.168003][  T117] kaweth 3-1:0.0: probe with driver kaweth failed with error -5
[ 1597.776960][   T30] audit: type=1326 audit(1765560092.435:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23362 comm="syz.4.5042" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc079f8f749 code=0x0
[ 1597.893485][T19893] usb 3-1: USB disconnect, device number 89
[ 1598.358797][   T30] audit: type=1326 audit(1765560092.975:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23371 comm="syz.6.5046" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbd5b8f749 code=0x0
[ 1601.177879][   T30] audit: type=1326 audit(1765560095.535:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23414 comm="syz.4.5057" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc079f8f749 code=0x0
[ 1601.883915][ T6136] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[ 1602.819665][ T6136] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1602.835269][ T6136] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1602.870158][ T6136] usb 6-1: config 0 descriptor??
[ 1603.113688][ T6136] kaweth 6-1:0.0: Firmware present in device.
[ 1603.213925][T19893] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1603.306718][ T6136] kaweth 6-1:0.0: Error reading configuration (-32), no net device created
[ 1603.353264][ T6136] kaweth 6-1:0.0: probe with driver kaweth failed with error -5
[ 1603.394019][T19893] usb 2-1: Using ep0 maxpacket: 16
[ 1603.405747][T19893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1603.439896][T19893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1603.462270][T19893] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1603.482050][T19893] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1603.491465][T19893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1603.499883][T15073] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1603.518387][T19893] usb 2-1: config 0 descriptor??
[ 1603.623653][T23455] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[ 1603.649770][T23455] FAULT_INJECTION: forcing a failure.
[ 1603.649770][T23455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1603.663189][T23455] CPU: 0 UID: 0 PID: 23455 Comm: syz.4.5066 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1603.663215][T23455] Tainted: [L]=SOFTLOCKUP
[ 1603.663219][T23455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1603.663226][T23455] Call Trace:
[ 1603.663232][T23455]  <TASK>
[ 1603.663238][T23455]  dump_stack_lvl+0x16c/0x1f0
[ 1603.663256][T23455]  should_fail_ex+0x512/0x640
[ 1603.663273][T23455]  _copy_to_user+0x32/0xd0
[ 1603.663288][T23455]  simple_read_from_buffer+0xcb/0x170
[ 1603.663306][T23455]  proc_fail_nth_read+0x197/0x240
[ 1603.663319][T23455]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1603.663331][T23455]  ? rw_verify_area+0xcf/0x6c0
[ 1603.663343][T23455]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1603.663354][T23455]  vfs_read+0x1e4/0xcf0
[ 1603.663368][T23455]  ? __pfx___mutex_lock+0x10/0x10
[ 1603.663382][T23455]  ? __pfx_vfs_read+0x10/0x10
[ 1603.663399][T23455]  ? __fget_files+0x20e/0x3c0
[ 1603.663419][T23455]  ksys_read+0x12a/0x250
[ 1603.663432][T23455]  ? __pfx_ksys_read+0x10/0x10
[ 1603.663450][T23455]  do_syscall_64+0xcd/0xf80
[ 1603.663463][T23455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1603.663475][T23455] RIP: 0033:0x7fc079f8e15c
[ 1603.663485][T23455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1603.663496][T23455] RSP: 002b:00007fc07adfd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1603.663507][T23455] RAX: ffffffffffffffda RBX: 00007fc07a1e6090 RCX: 00007fc079f8e15c
[ 1603.663515][T23455] RDX: 000000000000000f RSI: 00007fc07adfd0a0 RDI: 0000000000000004
[ 1603.663522][T23455] RBP: 00007fc07adfd090 R08: 0000000000000000 R09: 0000000000000000
[ 1603.663528][T23455] R10: 0000200000001280 R11: 0000000000000246 R12: 0000000000000001
[ 1603.663535][T23455] R13: 00007fc07a1e6128 R14: 00007fc07a1e6090 R15: 00007fff949f6918
[ 1603.663551][T23455]  </TASK>
[ 1604.058922][T15073] usb 7-1: config 6 has an invalid interface number: 241 but max is 2
[ 1604.067194][T15073] usb 7-1: config 6 has an invalid interface number: 206 but max is 2
[ 1604.076054][T15073] usb 7-1: config 6 has an invalid interface number: 170 but max is 2
[ 1604.084638][T15073] usb 7-1: config 6 has no interface number 0
[ 1604.090765][T15073] usb 7-1: config 6 has no interface number 1
[ 1604.113077][T15073] usb 7-1: config 6 has no interface number 2
[ 1604.158738][T15073] usb 7-1: config 6 interface 241 altsetting 64 endpoint 0xA has invalid maxpacket 1024, setting to 64
[ 1604.230970][T15073] usb 7-1: config 6 interface 206 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1604.274711][T23462] input: syz1 as /devices/virtual/input/input65
[ 1604.362179][T15073] usb 7-1: config 6 interface 170 altsetting 32 has a duplicate endpoint with address 0x8, skipping
[ 1604.388181][T15073] usb 7-1: config 6 interface 170 altsetting 32 has a duplicate endpoint with address 0x8, skipping
[ 1604.453430][T23442] random: crng reseeded on system resumption
[ 1604.514295][   T30] audit: type=1400 audit(1765560099.095:957): avc:  denied  { write } for  pid=23438 comm="syz.1.5061" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1604.558411][T15073] usb 7-1: config 6 interface 241 has no altsetting 0
[ 1604.631149][T15073] usb 7-1: config 6 interface 206 has no altsetting 0
[ 1604.668886][T15073] usb 7-1: config 6 interface 170 has no altsetting 0
[ 1604.716875][   T30] audit: type=1400 audit(1765560099.105:958): avc:  denied  { ioctl } for  pid=23438 comm="syz.1.5061" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1604.777709][T15073] usb 7-1: New USB device found, idVendor=19d2, idProduct=1104, bcdDevice=31.bd
[ 1604.792567][T19893] input: HID 0955:7214 Haptics as /devices/virtual/input/input66
[ 1604.840393][T15073] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1604.890021][T15073] usb 7-1: Product: syz
[ 1604.907257][T15073] usb 7-1: Manufacturer: syz
[ 1604.928082][T19893] shield 0003:0955:7214.0053: Registered Thunderstrike controller
[ 1604.940762][T15073] usb 7-1: SerialNumber: syz
[ 1604.967525][T19893] shield 0003:0955:7214.0053: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0
[ 1605.072523][ T5876] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1605.153180][ T5876] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1605.193592][T19893] usb 2-1: USB disconnect, device number 91
[ 1605.241900][T15073] option 7-1:6.241: GSM modem (1-port) converter detected
[ 1605.268618][ T5876] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1605.348901][ T5876] shield 0003:0955:7214.0053: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1605.699111][T15073] usb 7-1: USB disconnect, device number 45
[ 1606.056158][T15073] option 7-1:6.241: device disconnected
[ 1606.104153][  T117] usb 6-1: USB disconnect, device number 117
[ 1606.281299][   T30] audit: type=1326 audit(1765560100.905:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23468 comm="syz.6.5070" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbd5b8f749 code=0x0
[ 1607.518388][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1609.148652][T23498] tipc: Started in network mode
[ 1609.153542][T23498] tipc: Node identity fc2a, cluster identity 4711
[ 1609.160070][T23498] tipc: Node number set to 64554
[ 1609.261678][T23509] FAULT_INJECTION: forcing a failure.
[ 1609.261678][T23509] name failslab, interval 1, probability 0, space 0, times 0
[ 1609.476537][T23509] CPU: 1 UID: 0 PID: 23509 Comm: syz.1.5081 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1609.476574][T23509] Tainted: [L]=SOFTLOCKUP
[ 1609.476581][T23509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1609.476593][T23509] Call Trace:
[ 1609.476600][T23509]  <TASK>
[ 1609.476607][T23509]  dump_stack_lvl+0x16c/0x1f0
[ 1609.476632][T23509]  should_fail_ex+0x512/0x640
[ 1609.476654][T23509]  ? fs_reclaim_acquire+0xae/0x150
[ 1609.476682][T23509]  should_failslab+0xc2/0x120
[ 1609.476706][T23509]  __kmalloc_noprof+0xeb/0x910
[ 1609.476732][T23509]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1609.476760][T23509]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1609.476781][T23509]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1609.476805][T23509]  ? tomoyo_profile+0x47/0x60
[ 1609.476828][T23509]  tomoyo_path_number_perm+0x245/0x580
[ 1609.476847][T23509]  ? tomoyo_path_number_perm+0x237/0x580
[ 1609.476867][T23509]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1609.476896][T23509]  ? find_held_lock+0x2b/0x80
[ 1609.476949][T23509]  ? find_held_lock+0x2b/0x80
[ 1609.476973][T23509]  ? hook_file_ioctl_common+0x144/0x410
[ 1609.477004][T23509]  ? __fget_files+0x20e/0x3c0
[ 1609.477034][T23509]  security_file_ioctl+0x9b/0x240
[ 1609.477058][T23509]  __x64_sys_ioctl+0xb7/0x210
[ 1609.477082][T23509]  do_syscall_64+0xcd/0xf80
[ 1609.477104][T23509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1609.477123][T23509] RIP: 0033:0x7f02a778f749
[ 1609.477139][T23509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1609.477157][T23509] RSP: 002b:00007f02a8583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1609.477177][T23509] RAX: ffffffffffffffda RBX: 00007f02a79e5fa0 RCX: 00007f02a778f749
[ 1609.477190][T23509] RDX: 0000000000000000 RSI: 00000000000007a6 RDI: 0000000000000003
[ 1609.477202][T23509] RBP: 00007f02a8583090 R08: 0000000000000000 R09: 0000000000000000
[ 1609.477213][T23509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1609.477224][T23509] R13: 00007f02a79e6038 R14: 00007f02a79e5fa0 R15: 00007ffed11abf98
[ 1609.477254][T23509]  </TASK>
[ 1609.724236][T23509] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1610.507340][   T30] audit: type=1326 audit(1765560105.155:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23518 comm="syz.1.5085" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02a778f749 code=0x0
[ 1611.278604][   T30] audit: type=1326 audit(1765560105.735:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23516 comm="syz.6.5084" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbd5b8f749 code=0x0
[ 1612.670413][T23562] FAULT_INJECTION: forcing a failure.
[ 1612.670413][T23562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1612.692600][T23562] CPU: 0 UID: 0 PID: 23562 Comm: syz.2.5093 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1612.692633][T23562] Tainted: [L]=SOFTLOCKUP
[ 1612.692640][T23562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1612.692651][T23562] Call Trace:
[ 1612.692657][T23562]  <TASK>
[ 1612.692665][T23562]  dump_stack_lvl+0x16c/0x1f0
[ 1612.692690][T23562]  should_fail_ex+0x512/0x640
[ 1612.692718][T23562]  _copy_to_user+0x32/0xd0
[ 1612.692744][T23562]  simple_read_from_buffer+0xcb/0x170
[ 1612.692772][T23562]  proc_fail_nth_read+0x197/0x240
[ 1612.692794][T23562]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1612.692816][T23562]  ? rw_verify_area+0xcf/0x6c0
[ 1612.692836][T23562]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1612.692856][T23562]  vfs_read+0x1e4/0xcf0
[ 1612.692879][T23562]  ? __pfx___mutex_lock+0x10/0x10
[ 1612.692903][T23562]  ? __pfx_vfs_read+0x10/0x10
[ 1612.692932][T23562]  ? __fget_files+0x20e/0x3c0
[ 1612.692965][T23562]  ksys_read+0x12a/0x250
[ 1612.692987][T23562]  ? __pfx_ksys_read+0x10/0x10
[ 1612.693017][T23562]  do_syscall_64+0xcd/0xf80
[ 1612.693038][T23562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1612.693058][T23562] RIP: 0033:0x7f082898e15c
[ 1612.693074][T23562] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1612.693091][T23562] RSP: 002b:00007f08298ad030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1612.693109][T23562] RAX: ffffffffffffffda RBX: 00007f0828be6180 RCX: 00007f082898e15c
[ 1612.693122][T23562] RDX: 000000000000000f RSI: 00007f08298ad0a0 RDI: 0000000000000005
[ 1612.693134][T23562] RBP: 00007f08298ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1612.693145][T23562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1612.693156][T23562] R13: 00007f0828be6218 R14: 00007f0828be6180 R15: 00007fffc16bd1c8
[ 1612.693185][T23562]  </TASK>
[ 1613.102574][T23567] overlayfs: failed to resolve './file0': -2
[ 1614.704350][   T30] audit: type=1326 audit(1765560109.345:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23578 comm="syz.1.5100" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02a778f749 code=0x0
[ 1620.020008][T23645] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5120'.
[ 1621.843814][  T117] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[ 1622.014316][  T117] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1622.033184][  T117] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1622.042257][  T117] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[ 1622.051776][  T117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1622.110907][  T117] usb 5-1: config 0 descriptor??
[ 1622.359501][T23672] vcan0: tx address claim with dest, not broadcast
[ 1622.389635][T23685] trusted_key: syz.5.5135 sent an empty control message without MSG_MORE.
[ 1622.709608][ T7124] usb 6-1: new high-speed USB device number 118 using dummy_hcd
[ 1623.225888][  T117] Bluetooth: Can't get version to change to load ram patch err
[ 1623.301213][  T117] Bluetooth: Loading patch file failed
[ 1623.306796][  T117] ath3k 5-1:0.0: probe with driver ath3k failed with error -71
[ 1623.316530][ T7124] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1623.329600][  T117] usb 5-1: USB disconnect, device number 102
[ 1623.335898][ T7124] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1623.476818][ T7124] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1623.572927][ T7124] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1623.723577][T23685] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1623.790296][ T7124] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1624.906855][   T30] audit: type=1400 audit(1765560119.565:963): avc:  denied  { mount } for  pid=23701 comm="syz.1.5139" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1625.057913][T23702] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1625.251715][T23711] lo speed is unknown, defaulting to 1000
[ 1625.257684][T23711] lo speed is unknown, defaulting to 1000
[ 1625.265774][T23711] lo speed is unknown, defaulting to 1000
[ 1625.358845][T23711] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -2
[ 1626.023676][ T5876] usb 6-1: USB disconnect, device number 118
[ 1626.048458][T23711] lo speed is unknown, defaulting to 1000
[ 1626.055836][T23711] lo speed is unknown, defaulting to 1000
[ 1626.063088][T23711] lo speed is unknown, defaulting to 1000
[ 1626.070344][T23711] lo speed is unknown, defaulting to 1000
[ 1626.077665][T23711] lo speed is unknown, defaulting to 1000
[ 1626.268044][   T30] audit: type=1400 audit(1765560120.925:964): avc:  denied  { unmount } for  pid=16316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1627.439278][ T5876] usb 6-1: new high-speed USB device number 119 using dummy_hcd
[ 1628.606187][ T5876] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1628.624359][ T5876] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1628.634248][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1628.644907][ T5876] usb 6-1: config 0 descriptor??
[ 1629.082467][T23750] FAULT_INJECTION: forcing a failure.
[ 1629.082467][T23750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1629.213202][T23750] CPU: 0 UID: 0 PID: 23750 Comm: syz.1.5151 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1629.213235][T23750] Tainted: [L]=SOFTLOCKUP
[ 1629.213243][T23750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1629.213254][T23750] Call Trace:
[ 1629.213261][T23750]  <TASK>
[ 1629.213270][T23750]  dump_stack_lvl+0x16c/0x1f0
[ 1629.213294][T23750]  should_fail_ex+0x512/0x640
[ 1629.213319][T23750]  _copy_to_user+0x32/0xd0
[ 1629.213343][T23750]  simple_read_from_buffer+0xcb/0x170
[ 1629.213369][T23750]  proc_fail_nth_read+0x197/0x240
[ 1629.213392][T23750]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1629.213414][T23750]  ? rw_verify_area+0xcf/0x6c0
[ 1629.213433][T23750]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1629.213451][T23750]  vfs_read+0x1e4/0xcf0
[ 1629.213473][T23750]  ? __pfx___mutex_lock+0x10/0x10
[ 1629.213496][T23750]  ? __pfx_vfs_read+0x10/0x10
[ 1629.213524][T23750]  ? __fget_files+0x20e/0x3c0
[ 1629.213551][T23750]  ksys_read+0x12a/0x250
[ 1629.213572][T23750]  ? __pfx_ksys_read+0x10/0x10
[ 1629.213600][T23750]  do_syscall_64+0xcd/0xf80
[ 1629.213620][T23750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1629.213636][T23750] RIP: 0033:0x7f02a778e15c
[ 1629.213650][T23750] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1629.213667][T23750] RSP: 002b:00007f02a8562030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1629.213682][T23750] RAX: ffffffffffffffda RBX: 00007f02a79e6090 RCX: 00007f02a778e15c
[ 1629.213693][T23750] RDX: 000000000000000f RSI: 00007f02a85620a0 RDI: 0000000000000005
[ 1629.213703][T23750] RBP: 00007f02a8562090 R08: 0000000000000000 R09: 0000000000000000
[ 1629.213713][T23750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1629.213722][T23750] R13: 00007f02a79e6128 R14: 00007f02a79e6090 R15: 00007ffed11abf98
[ 1629.213750][T23750]  </TASK>
[ 1629.957007][T23756] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5153'.
[ 1630.033256][T23756] Failed to initialize the IGMP autojoin socket (err -2)
[ 1630.269786][ T7124] usb 6-1: USB disconnect, device number 119
[ 1630.278101][   T30] audit: type=1400 audit(1765560124.615:965): avc:  denied  { write } for  pid=23749 comm="syz.2.5153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1631.103846][ T5876] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[ 1631.823889][ T5876] usb 5-1: Using ep0 maxpacket: 16
[ 1631.831800][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1631.842578][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1631.857996][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1631.872257][ T5876] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1631.918003][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1632.123194][ T5876] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1632.138775][ T5876] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1632.157054][ T5876] usb 5-1: Manufacturer: syz
[ 1632.162941][ T5876] usb 5-1: config 0 descriptor??
[ 1632.967562][T23787] kvm: user requested TSC rate below hardware speed
[ 1633.114705][ T5876] rc_core: IR keymap rc-hauppauge not found
[ 1633.130955][ T5876] Registered IR keymap rc-empty
[ 1633.149053][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.203879][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.313811][T19893] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 1633.446044][ T5876] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 1633.482917][ T5876] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input67
[ 1633.520110][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.546915][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.573945][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.613903][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.623800][T19893] usb 6-1: Using ep0 maxpacket: 8
[ 1633.639349][T19893] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1633.664234][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.700207][T19893] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1633.743896][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.837105][T19893] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1633.873950][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1633.891624][T19893] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1633.933970][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1634.003594][T23794] FAULT_INJECTION: forcing a failure.
[ 1634.003594][T23794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1634.037595][T23794] CPU: 1 UID: 0 PID: 23794 Comm: syz.1.5163 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1634.037628][T23794] Tainted: [L]=SOFTLOCKUP
[ 1634.037632][T23794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1634.037641][T23794] Call Trace:
[ 1634.037648][T23794]  <TASK>
[ 1634.037656][T23794]  dump_stack_lvl+0x16c/0x1f0
[ 1634.037681][T23794]  should_fail_ex+0x512/0x640
[ 1634.037709][T23794]  _copy_from_iter+0x2a4/0x16c0
[ 1634.037730][T23794]  ? __alloc_skb+0x220/0x410
[ 1634.037744][T23794]  ? __alloc_skb+0x35d/0x410
[ 1634.037757][T23794]  ? __pfx__copy_from_iter+0x10/0x10
[ 1634.037771][T23794]  ? netlink_autobind.isra.0+0x158/0x370
[ 1634.037793][T23794]  netlink_sendmsg+0x820/0xdd0
[ 1634.037817][T23794]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1634.037848][T23794]  ____sys_sendmsg+0xa5d/0xc30
[ 1634.037869][T23794]  ? copy_msghdr_from_user+0x10a/0x160
[ 1634.037885][T23794]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1634.037903][T23794]  ___sys_sendmsg+0x134/0x1d0
[ 1634.037920][T23794]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1634.037974][T23794]  __sys_sendmsg+0x16d/0x220
[ 1634.038000][T23794]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1634.038029][T23794]  do_syscall_64+0xcd/0xf80
[ 1634.038042][T23794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1634.038057][T23794] RIP: 0033:0x7f02a778f749
[ 1634.038067][T23794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1634.038080][T23794] RSP: 002b:00007f02a8583038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1634.038102][T23794] RAX: ffffffffffffffda RBX: 00007f02a79e5fa0 RCX: 00007f02a778f749
[ 1634.038115][T23794] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000004
[ 1634.038127][T23794] RBP: 00007f02a8583090 R08: 0000000000000000 R09: 0000000000000000
[ 1634.038139][T23794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1634.038151][T23794] R13: 00007f02a79e6038 R14: 00007f02a79e5fa0 R15: 00007ffed11abf98
[ 1634.038172][T23794]  </TASK>
[ 1634.054000][T19893] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1634.246592][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1634.254649][T19893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1634.273944][ T5876] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1634.349142][ T5876] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1634.366141][ T5876] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1634.658365][T18387] usb 5-1: USB disconnect, device number 103
[ 1634.893482][T19893] usb 6-1: GET_CAPABILITIES returned 0
[ 1635.038195][T19893] usbtmc 6-1:16.0: can't read capabilities
[ 1635.526715][T23787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1635.567277][T23787] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1635.698790][T23787] bridge5: entered promiscuous mode
[ 1636.864192][T23825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5169'.
[ 1636.888965][   T30] audit: type=1400 audit(1765560131.515:966): avc:  denied  { mount } for  pid=23816 comm="syz.1.5169" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1636.917507][   T30] audit: type=1400 audit(1765560131.535:967): avc:  denied  { mounton } for  pid=23816 comm="syz.1.5169" path="/418/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[ 1637.144646][T19893] usb 6-1: USB disconnect, device number 120
[ 1639.773707][T23848] fuse: Unknown parameter '0x0000000000000005'
[ 1640.371339][   T30] audit: type=1400 audit(1765560135.025:968): avc:  denied  { unmount } for  pid=16316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1640.518407][   T30] audit: type=1400 audit(1765560135.145:969): avc:  denied  { shutdown } for  pid=23852 comm="syz.6.5180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1644.391424][ T5876] usb 6-1: new full-speed USB device number 121 using dummy_hcd
[ 1644.633923][ T5876] usb 6-1: device descriptor read/64, error -71
[ 1644.903919][ T5876] usb 6-1: new full-speed USB device number 122 using dummy_hcd
[ 1645.063878][ T5876] usb 6-1: device descriptor read/64, error -71
[ 1646.114529][ T5876] usb usb6-port1: attempt power cycle
[ 1648.219266][   T30] audit: type=1326 audit(1765560142.855:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23907 comm="syz.1.5192" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02a778f749 code=0x0
[ 1649.763806][ T9050] usb 6-1: new high-speed USB device number 124 using dummy_hcd
[ 1650.413805][ T9050] usb 6-1: Using ep0 maxpacket: 32
[ 1650.422707][ T9050] usb 6-1: config 0 has an invalid interface number: 136 but max is 0
[ 1650.431187][ T9050] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1650.518109][ T9050] usb 6-1: config 0 has no interface number 0
[ 1650.646677][ T9050] usb 6-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1650.676060][ T9050] usb 6-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1650.711833][ T9050] usb 6-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1650.827317][ T9050] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1651.067565][ T9050] usb 6-1: Product: syz
[ 1651.077623][ T9050] usb 6-1: Manufacturer: syz
[ 1651.092198][ T9050] usb 6-1: SerialNumber: syz
[ 1651.184797][ T9050] usb 6-1: config 0 descriptor??
[ 1651.246325][T23922] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1651.556252][ T9050] vmk80xx 6-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1653.116341][ T7508] usb 6-1: USB disconnect, device number 124
[ 1653.385209][T23957] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5194'.
[ 1654.307789][   T30] audit: type=1400 audit(1765560148.965:971): avc:  denied  { ioctl } for  pid=23945 comm="syz.1.5201" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1655.244706][T23958] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1655.806790][T23958] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1655.817652][   T30] audit: type=1400 audit(1765560150.465:972): avc:  denied  { bind } for  pid=23980 comm="syz.2.5208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1655.995763][   T30] audit: type=1400 audit(1765560150.655:973): avc:  denied  { connect } for  pid=23980 comm="syz.2.5208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1656.159589][T23958] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1657.224643][T23958] team0: Port device netdevsim0 removed
[ 1657.429838][T23958] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1657.669433][   T48] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1657.692797][   T48] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1657.739898][   T48] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1657.774227][   T10] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[ 1658.777814][   T48] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1658.933909][   T10] usb 5-1: Using ep0 maxpacket: 32
[ 1658.957101][   T10] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1658.993985][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1659.051427][   T10] usb 5-1: config 0 has no interface number 0
[ 1659.074392][   T10] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1660.113903][   T10] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1660.181480][   T10] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1660.314550][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1660.322698][   T10] usb 5-1: Product: syz
[ 1660.328443][   T10] usb 5-1: Manufacturer: syz
[ 1660.333122][   T10] usb 5-1: SerialNumber: syz
[ 1660.501913][   T10] usb 5-1: config 0 descriptor??
[ 1660.511824][T24001] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1660.528718][   T10] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1660.559626][   T10] usb 5-1: USB disconnect, device number 104
[ 1665.326265][T24076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5235'.
[ 1665.573327][   T30] audit: type=1400 audit(1765560160.225:974): avc:  denied  { write } for  pid=24075 comm="syz.6.5234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1665.633808][   T10] usb 5-1: new full-speed USB device number 105 using dummy_hcd
[ 1665.650424][   T30] audit: type=1400 audit(1765560160.295:975): avc:  denied  { ioctl } for  pid=24075 comm="syz.6.5234" path="socket:[98968]" dev="sockfs" ino=98968 ioctlcmd=0x9376 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1665.783888][   T10] usb 5-1: device descriptor read/64, error -71
[ 1666.159483][   T10] usb 5-1: new full-speed USB device number 106 using dummy_hcd
[ 1666.293836][   T10] usb 5-1: device descriptor read/64, error -71
[ 1666.431525][   T10] usb usb5-port1: attempt power cycle
[ 1666.446583][T24102] netlink: 'syz.6.5240': attribute type 1 has an invalid length.
[ 1666.772824][T24108] macsec1: entered promiscuous mode
[ 1666.778132][T24108] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[ 1666.785283][T24108] macsec1: entered allmulticast mode
[ 1666.790547][T24108] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[ 1666.803962][   T10] usb 5-1: new full-speed USB device number 107 using dummy_hcd
[ 1666.826728][T24110] mmap: syz.2.5243 (24110) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1666.853907][   T10] usb 5-1: device descriptor read/8, error -71
[ 1666.909260][T24112] netlink: 'syz.6.5244': attribute type 11 has an invalid length.
[ 1666.920388][T24112] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5244'.
[ 1667.048552][T24112] netlink: 'syz.6.5244': attribute type 11 has an invalid length.
[ 1667.063833][T24112] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5244'.
[ 1667.083494][T24112] netlink: 'syz.6.5244': attribute type 11 has an invalid length.
[ 1667.101078][T24112] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5244'.
[ 1667.165065][   T30] audit: type=1400 audit(1765560161.815:976): avc:  denied  { setattr } for  pid=24109 comm="syz.2.5243" name="PACKET" dev="sockfs" ino=99572 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1667.256795][T24119] netlink: 'syz.6.5246': attribute type 11 has an invalid length.
[ 1667.279401][T24119] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5246'.
[ 1667.363980][   T10] usb 5-1: new full-speed USB device number 108 using dummy_hcd
[ 1667.384050][T24123] netlink: 'syz.6.5246': attribute type 11 has an invalid length.
[ 1667.393658][T24123] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5246'.
[ 1667.404268][   T10] usb 5-1: device descriptor read/8, error -71
[ 1667.410922][T24123] netlink: 'syz.6.5246': attribute type 11 has an invalid length.
[ 1667.424928][T24123] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5246'.
[ 1667.525460][   T10] usb usb5-port1: unable to enumerate USB device
[ 1668.540590][T24134] siw: device registration error -23
[ 1668.810681][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.212724][T24140] netlink: 'syz.1.5252': attribute type 1 has an invalid length.
[ 1669.322031][T24143] netlink: 'syz.2.5253': attribute type 9 has an invalid length.
[ 1669.352930][T24143] netlink: 'syz.2.5253': attribute type 11 has an invalid length.
[ 1669.386676][T24143] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.5253'.
[ 1669.589681][T24145] overlay: Unknown parameter '/dev/cpu/#/msr'
[ 1670.773955][ T5876] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1670.912820][T24150] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1671.594015][ T5876] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF4, changing to 0x84
[ 1671.608320][ T5876] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1023
[ 1671.627378][ T5876] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 1671.639511][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1671.651584][ T5876] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1671.664025][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1671.672035][ T5876] usb 3-1: Product: syz
[ 1671.676410][ T5876] usb 3-1: Manufacturer: syz
[ 1671.681014][ T5876] usb 3-1: SerialNumber: syz
[ 1671.704684][ T5876] usb 3-1: config 0 descriptor??
[ 1671.721526][T24163] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1671.734865][ T5876] usb 3-1: ucan: probing device on interface #0
[ 1671.748951][ T5876] usb 3-1: ucan: invalid endpoint configuration
[ 1671.764600][ T5876] usb 3-1: ucan: probe failed; try to update the device firmware
[ 1672.875286][T24163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1672.960686][T24163] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1672.974054][T24189] fuse: Unknown parameter '0x0000000000000004'
[ 1673.281660][   T30] audit: type=1400 audit(1765560167.935:977): avc:  denied  { create } for  pid=24162 comm="syz.2.5259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[ 1674.858397][T24207] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ�
[ 1674.933836][ T5876] usb 6-1: new high-speed USB device number 125 using dummy_hcd
[ 1675.176995][T24217] SET target dimension over the limit!
[ 1675.323804][ T5876] usb 6-1: Using ep0 maxpacket: 16
[ 1675.337727][ T5876] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1675.348169][ T5876] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1675.365226][ T5876] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1675.374603][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1675.382689][ T5876] usb 6-1: Product: syz
[ 1675.387178][ T5876] usb 6-1: Manufacturer: syz
[ 1675.391839][ T5876] usb 6-1: SerialNumber: syz
[ 1675.445785][ T7508] usb 3-1: USB disconnect, device number 90
[ 1675.563502][T24225] validate_nla: 1 callbacks suppressed
[ 1675.563519][T24225] netlink: 'syz.1.5276': attribute type 1 has an invalid length.
[ 1676.207800][ T5876] usb 6-1: 0:2 : does not exist
[ 1676.841923][T24209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1676.902701][T24209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1677.056359][T24209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1677.065169][T24209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1677.086855][T24239] 9pnet_virtio: no channels available for device ./cgroup
[ 1677.097300][ T5876] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1677.151779][ T5875] libceph: connect (1)[c::]:6789 error -101
[ 1677.158073][ T5875] libceph: mon0 (1)[c::]:6789 connect error
[ 1677.164434][ T5876] usb 6-1: USB disconnect, device number 125
[ 1677.184084][T24245] netlink: 'syz.1.5281': attribute type 1 has an invalid length.
[ 1677.193422][T24245] netlink: 'syz.1.5281': attribute type 4 has an invalid length.
[ 1677.230645][T24245] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.5281'.
[ 1677.279758][T24241] ceph: No mds server is up or the cluster is laggy
[ 1677.621827][T24262] siw: device registration error -23
[ 1678.124131][T24267] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5286'.
[ 1678.338994][T24263] mmap: syz.4.5285 (24263): VmData 21082112 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[ 1678.994899][T24276] SET target dimension over the limit!
[ 1679.199540][T24278] netlink: 'syz.6.5289': attribute type 1 has an invalid length.
[ 1679.874411][T24291] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1681.163369][   T30] audit: type=1400 audit(1765560175.815:978): avc:  denied  { read } for  pid=24281 comm="syz.5.5290" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1681.803792][ T5876] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 1682.328439][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1682.339423][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1682.349205][ T5876] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1682.358498][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1682.370104][ T5876] usb 5-1: config 0 descriptor??
[ 1682.754625][T24328] siw: device registration error -23
[ 1683.266383][ T5876] cm6533_jd 0003:0D8C:0022.0054: unknown main item tag 0x0
[ 1683.273698][ T5876] cm6533_jd 0003:0D8C:0022.0054: unknown main item tag 0x0
[ 1683.292805][ T5876] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0054/input/input68
[ 1683.395735][T24330] FAULT_INJECTION: forcing a failure.
[ 1683.395735][T24330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1683.411431][T24330] CPU: 1 UID: 0 PID: 24330 Comm: syz.1.5303 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1683.411464][T24330] Tainted: [L]=SOFTLOCKUP
[ 1683.411471][T24330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1683.411483][T24330] Call Trace:
[ 1683.411490][T24330]  <TASK>
[ 1683.411498][T24330]  dump_stack_lvl+0x16c/0x1f0
[ 1683.411523][T24330]  should_fail_ex+0x512/0x640
[ 1683.411551][T24330]  _copy_from_user+0x2e/0xd0
[ 1683.411576][T24330]  wext_handle_ioctl+0xc2/0x2a0
[ 1683.411598][T24330]  ? __pfx_wext_handle_ioctl+0x10/0x10
[ 1683.411624][T24330]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1683.411647][T24330]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1683.411675][T24330]  sock_ioctl+0x3a1/0x6b0
[ 1683.411698][T24330]  ? __pfx_sock_ioctl+0x10/0x10
[ 1683.411717][T24330]  ? hook_file_ioctl_common+0x144/0x410
[ 1683.411749][T24330]  ? selinux_file_ioctl+0x180/0x270
[ 1683.411768][T24330]  ? selinux_file_ioctl+0xb4/0x270
[ 1683.411790][T24330]  ? __pfx_sock_ioctl+0x10/0x10
[ 1683.411812][T24330]  __x64_sys_ioctl+0x18e/0x210
[ 1683.411836][T24330]  do_syscall_64+0xcd/0xf80
[ 1683.411858][T24330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1683.411878][T24330] RIP: 0033:0x7f02a778f749
[ 1683.411894][T24330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1683.411913][T24330] RSP: 002b:00007f02a8583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1683.411931][T24330] RAX: ffffffffffffffda RBX: 00007f02a79e5fa0 RCX: 00007f02a778f749
[ 1683.411945][T24330] RDX: 00002000000000c0 RSI: 0000000000008b05 RDI: 0000000000000003
[ 1683.411957][T24330] RBP: 00007f02a8583090 R08: 0000000000000000 R09: 0000000000000000
[ 1683.411968][T24330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1683.411980][T24330] R13: 00007f02a79e6038 R14: 00007f02a79e5fa0 R15: 00007ffed11abf98
[ 1683.412009][T24330]  </TASK>
[ 1683.700162][ T5876] cm6533_jd 0003:0D8C:0022.0054: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[ 1683.746188][ T5876] usb 5-1: USB disconnect, device number 109
[ 1683.902027][T24334] netlink: 'syz.1.5305': attribute type 1 has an invalid length.
[ 1684.257237][T24343] overlay: ./file0 is not a directory
[ 1687.297181][T24367] siw: device registration error -23
[ 1687.538362][   T30] audit: type=1326 audit(1765560182.195:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24370 comm="syz.4.5316" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc079f8f749 code=0x0
[ 1687.781873][T24376] netlink: 'syz.1.5318': attribute type 4 has an invalid length.
[ 1688.533908][T24376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5318'.
[ 1688.611801][T24376] netlink: 'syz.1.5318': attribute type 4 has an invalid length.
[ 1688.619771][T24376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5318'.
[ 1689.101820][T24393] FAULT_INJECTION: forcing a failure.
[ 1689.101820][T24393] name failslab, interval 1, probability 0, space 0, times 0
[ 1689.205709][T24393] CPU: 1 UID: 0 PID: 24393 Comm: syz.1.5322 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1689.205747][T24393] Tainted: [L]=SOFTLOCKUP
[ 1689.205751][T24393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1689.205758][T24393] Call Trace:
[ 1689.205763][T24393]  <TASK>
[ 1689.205768][T24393]  dump_stack_lvl+0x16c/0x1f0
[ 1689.205786][T24393]  should_fail_ex+0x512/0x640
[ 1689.205801][T24393]  ? fs_reclaim_acquire+0xae/0x150
[ 1689.205819][T24393]  should_failslab+0xc2/0x120
[ 1689.205834][T24393]  __kmalloc_noprof+0xeb/0x910
[ 1689.205852][T24393]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1689.205868][T24393]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1689.205880][T24393]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1689.205895][T24393]  ? tomoyo_profile+0x47/0x60
[ 1689.205910][T24393]  tomoyo_path_number_perm+0x245/0x580
[ 1689.205920][T24393]  ? tomoyo_path_number_perm+0x237/0x580
[ 1689.205932][T24393]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1689.205950][T24393]  ? find_held_lock+0x2b/0x80
[ 1689.205981][T24393]  ? find_held_lock+0x2b/0x80
[ 1689.205996][T24393]  ? hook_file_ioctl_common+0x144/0x410
[ 1689.206014][T24393]  ? __fget_files+0x20e/0x3c0
[ 1689.206037][T24393]  security_file_ioctl+0x9b/0x240
[ 1689.206051][T24393]  __x64_sys_ioctl+0xb7/0x210
[ 1689.206065][T24393]  do_syscall_64+0xcd/0xf80
[ 1689.206078][T24393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1689.206089][T24393] RIP: 0033:0x7f02a778f749
[ 1689.206098][T24393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1689.206110][T24393] RSP: 002b:00007f02a8583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1689.206121][T24393] RAX: ffffffffffffffda RBX: 00007f02a79e5fa0 RCX: 00007f02a778f749
[ 1689.206129][T24393] RDX: 0000000000000000 RSI: 00000000000089e3 RDI: 0000000000000004
[ 1689.206135][T24393] RBP: 00007f02a8583090 R08: 0000000000000000 R09: 0000000000000000
[ 1689.206142][T24393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1689.206148][T24393] R13: 00007f02a79e6038 R14: 00007f02a79e5fa0 R15: 00007ffed11abf98
[ 1689.206164][T24393]  </TASK>
[ 1689.206169][T24393] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1691.995957][T24420] fuse: Unknown parameter '0x0000000000000004'
[ 1693.426798][T24429] siw: device registration error -23
[ 1693.604324][ T7508] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[ 1693.773790][ T7508] usb 2-1: Using ep0 maxpacket: 32
[ 1693.781839][ T7508] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[ 1693.804869][ T7508] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1693.833800][ T7508] usb 2-1: config 0 has no interface number 0
[ 1693.852398][ T7508] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1693.870313][ T7508] usb 2-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1693.905498][ T7508] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1693.914930][ T7508] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1693.929530][ T7508] usb 2-1: Product: syz
[ 1693.938186][ T7508] usb 2-1: Manufacturer: syz
[ 1693.950526][ T7508] usb 2-1: SerialNumber: syz
[ 1693.968541][ T7508] usb 2-1: config 0 descriptor??
[ 1693.991156][T24428] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1694.037562][ T7508] vmk80xx 2-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1694.536312][T24437] 9p: Bad value for 'wfdno'
[ 1696.630540][ T7508] usb 2-1: USB disconnect, device number 92
[ 1697.444735][T24471] fuse: Unknown parameter '0x0000000000000004'
[ 1697.635401][T24470] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1698.743610][   T30] audit: type=1326 audit(1765560193.225:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24477 comm="syz.4.5346" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc079f8f749 code=0x0
[ 1698.840110][T24489] siw: device registration error -23
[ 1699.939410][   T30] audit: type=1326 audit(1765560194.465:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24490 comm="syz.2.5345" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f082898f749 code=0x0
[ 1699.992057][T24503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5351'.
[ 1700.054540][   T30] audit: type=1400 audit(1765560194.665:982): avc:  denied  { getopt } for  pid=24499 comm="syz.1.5351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1700.715154][T24511] fuse: Unknown parameter 'fd0x0000000000000004'
[ 1701.696003][T24530] siw: device registration error -23
[ 1702.376666][T24536] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1702.802603][   T30] audit: type=1326 audit(1765560197.225:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24531 comm="syz.4.5361" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc079f8f749 code=0x0
[ 1703.723967][T24546] 9pnet: p9_errstr2errno: server reported unknown error 0x00000
[ 1703.743596][T24549] binder: 24544:24549 ioctl c0306201 200000000180 returned -14
[ 1704.202579][   T30] audit: type=1326 audit(1765560198.575:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24547 comm="syz.2.5365" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f082898f749 code=0x0
[ 1704.247779][T24546] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5364'.
[ 1704.321900][T24557] fuse: Unknown parameter 'fd0x0000000000000004'
[ 1704.637347][T24566] mkiss: ax0: crc mode is auto.
[ 1706.123827][ T5876] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1706.171058][T24588] FAULT_INJECTION: forcing a failure.
[ 1706.171058][T24588] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1706.185793][T24588] CPU: 0 UID: 0 PID: 24588 Comm: syz.1.5378 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1706.185813][T24588] Tainted: [L]=SOFTLOCKUP
[ 1706.185817][T24588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1706.185824][T24588] Call Trace:
[ 1706.185828][T24588]  <TASK>
[ 1706.185833][T24588]  dump_stack_lvl+0x16c/0x1f0
[ 1706.185849][T24588]  should_fail_ex+0x512/0x640
[ 1706.185867][T24588]  should_fail_alloc_page+0xe7/0x130
[ 1706.185884][T24588]  prepare_alloc_pages+0x401/0x670
[ 1706.185902][T24588]  __alloc_frozen_pages_noprof+0x18b/0x2430
[ 1706.185915][T24588]  ? stack_trace_save+0x8e/0xc0
[ 1706.185928][T24588]  ? __pfx_stack_trace_save+0x10/0x10
[ 1706.185940][T24588]  ? stack_depot_save_flags+0x29/0x9b0
[ 1706.185954][T24588]  ? bpf_ksym_find+0x127/0x1c0
[ 1706.185971][T24588]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1706.185982][T24588]  ? __kasan_kmalloc+0xaa/0xb0
[ 1706.185994][T24588]  ? copy_splice_read+0x1a8/0xc20
[ 1706.186009][T24588]  ? splice_direct_to_actor+0x2a1/0xa30
[ 1706.186023][T24588]  ? do_splice_direct+0x174/0x240
[ 1706.186037][T24588]  ? do_sendfile+0xb06/0xe50
[ 1706.186049][T24588]  ? __x64_sys_sendfile64+0x1d8/0x220
[ 1706.186064][T24588]  ? do_syscall_64+0xcd/0xf80
[ 1706.186074][T24588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1706.186096][T24588]  alloc_pages_bulk_noprof+0x77a/0x1410
[ 1706.186113][T24588]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 1706.186129][T24588]  ? copy_splice_read+0x1a8/0xc20
[ 1706.186154][T24588]  copy_splice_read+0x1e1/0xc20
[ 1706.186183][T24588]  ? __pfx_copy_splice_read+0x10/0x10
[ 1706.186209][T24588]  ? look_up_lock_class+0x59/0x130
[ 1706.186232][T24588]  ? lockdep_init_map_type+0x5c/0x270
[ 1706.186255][T24588]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[ 1706.186272][T24588]  ? __pfx_copy_splice_read+0x10/0x10
[ 1706.186287][T24588]  do_splice_read+0x285/0x370
[ 1706.186303][T24588]  splice_direct_to_actor+0x2a1/0xa30
[ 1706.186320][T24588]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1706.186338][T24588]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1706.186353][T24588]  ? get_pid_task+0xfc/0x250
[ 1706.186370][T24588]  do_splice_direct+0x174/0x240
[ 1706.186386][T24588]  ? __pfx_do_splice_direct+0x10/0x10
[ 1706.186401][T24588]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1706.186419][T24588]  ? rw_verify_area+0xcf/0x6c0
[ 1706.186434][T24588]  do_sendfile+0xb06/0xe50
[ 1706.186449][T24588]  ? __pfx_do_sendfile+0x10/0x10
[ 1706.186462][T24588]  ? __fget_files+0x20e/0x3c0
[ 1706.186481][T24588]  __x64_sys_sendfile64+0x1d8/0x220
[ 1706.186497][T24588]  ? ksys_write+0x1ac/0x250
[ 1706.186509][T24588]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1706.186529][T24588]  do_syscall_64+0xcd/0xf80
[ 1706.186541][T24588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1706.186552][T24588] RIP: 0033:0x7f02a778f749
[ 1706.186562][T24588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1706.186572][T24588] RSP: 002b:00007f02a8583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1706.186584][T24588] RAX: ffffffffffffffda RBX: 00007f02a79e5fa0 RCX: 00007f02a778f749
[ 1706.186592][T24588] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1706.186598][T24588] RBP: 00007f02a8583090 R08: 0000000000000000 R09: 0000000000000000
[ 1706.186605][T24588] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[ 1706.186611][T24588] R13: 00007f02a79e6038 R14: 00007f02a79e5fa0 R15: 00007ffed11abf98
[ 1706.186626][T24588]  </TASK>
[ 1706.522217][T14380] usb 5-1: new full-speed USB device number 110 using dummy_hcd
[ 1706.594367][ T5876] usb 3-1: Using ep0 maxpacket: 32
[ 1706.602656][ T5876] usb 3-1: config 0 has an invalid interface number: 136 but max is 0
[ 1706.612295][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1706.622585][ T5876] usb 3-1: config 0 has no interface number 0
[ 1706.628926][ T5876] usb 3-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1706.639020][ T5876] usb 3-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1706.667350][ T5876] usb 3-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1706.676692][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1706.693479][ T5876] usb 3-1: Product: syz
[ 1706.697725][ T5876] usb 3-1: Manufacturer: syz
[ 1706.702335][ T5876] usb 3-1: SerialNumber: syz
[ 1706.709756][T14380] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1706.724246][T14380] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1706.743764][T14380] usb 5-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[ 1706.752878][T14380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1706.773480][T14380] usb 5-1: config 0 descriptor??
[ 1706.847286][ T5876] usb 3-1: config 0 descriptor??
[ 1706.857389][T24582] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1706.912681][ T5876] vmk80xx 3-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1707.459335][T24586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1707.525328][T24586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1707.561649][ T9050] usb 3-1: USB disconnect, device number 91
[ 1707.580445][T14380] dragonrise 0003:0079:0006.0055: hidraw0: USB HID v0.00 Device [HID 0079:0006] on usb-dummy_hcd.4-1/input0
[ 1707.597150][T24598] fuse: Unknown parameter 'fd0x0000000000000004'
[ 1707.613912][T14380] dragonrise 0003:0079:0006.0055: no inputs found
[ 1707.620409][T14380] dragonrise 0003:0079:0006.0055: force feedback init failed
[ 1708.773964][  T117] usb 5-1: USB disconnect, device number 110
[ 1709.740115][T24622] FAULT_INJECTION: forcing a failure.
[ 1709.740115][T24622] name failslab, interval 1, probability 0, space 0, times 0
[ 1709.824135][T24622] CPU: 0 UID: 0 PID: 24622 Comm: syz.2.5388 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1709.824167][T24622] Tainted: [L]=SOFTLOCKUP
[ 1709.824173][T24622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1709.824185][T24622] Call Trace:
[ 1709.824191][T24622]  <TASK>
[ 1709.824199][T24622]  dump_stack_lvl+0x16c/0x1f0
[ 1709.824223][T24622]  should_fail_ex+0x512/0x640
[ 1709.824244][T24622]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1709.824274][T24622]  should_failslab+0xc2/0x120
[ 1709.824296][T24622]  __kmalloc_cache_noprof+0x80/0x800
[ 1709.824323][T24622]  ? snd_pcm_oss_change_params_locked+0x86d/0x3ab0
[ 1709.824347][T24622]  ? _snd_pcm_hw_param_min+0x259/0x630
[ 1709.824369][T24622]  ? snd_pcm_oss_change_params_locked+0x86d/0x3ab0
[ 1709.824391][T24622]  snd_pcm_oss_change_params_locked+0x86d/0x3ab0
[ 1709.824420][T24622]  ? __mutex_lock+0x27b/0x1ca0
[ 1709.824443][T24622]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1709.824468][T24622]  ? __pfx___mutex_lock+0x10/0x10
[ 1709.824499][T24622]  ? get_pid_task+0xfc/0x250
[ 1709.824523][T24622]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[ 1709.824547][T24622]  snd_pcm_oss_read+0x39a/0x760
[ 1709.824569][T24622]  ? security_file_permission+0x71/0x210
[ 1709.824594][T24622]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[ 1709.824616][T24622]  vfs_read+0x1e4/0xcf0
[ 1709.824645][T24622]  ? __pfx_vfs_read+0x10/0x10
[ 1709.824663][T24622]  ? find_held_lock+0x2b/0x80
[ 1709.824690][T24622]  ? __fget_files+0x204/0x3c0
[ 1709.824718][T24622]  ? __fget_files+0x20e/0x3c0
[ 1709.824749][T24622]  ksys_read+0x12a/0x250
[ 1709.824770][T24622]  ? __pfx_ksys_read+0x10/0x10
[ 1709.824789][T24622]  ? fput+0x70/0xf0
[ 1709.824813][T24622]  ? __x64_sys_dup2+0x8a/0x460
[ 1709.824842][T24622]  do_syscall_64+0xcd/0xf80
[ 1709.824861][T24622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1709.824880][T24622] RIP: 0033:0x7f082898f749
[ 1709.824894][T24622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1709.824909][T24622] RSP: 002b:00007f08298ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1709.824926][T24622] RAX: ffffffffffffffda RBX: 00007f0828be5fa0 RCX: 00007f082898f749
[ 1709.824937][T24622] RDX: 0000000000002020 RSI: 00002000000063c0 RDI: 0000000000000003
[ 1709.824947][T24622] RBP: 00007f08298ef090 R08: 0000000000000000 R09: 0000000000000000
[ 1709.824958][T24622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1709.824968][T24622] R13: 00007f0828be6038 R14: 00007f0828be5fa0 R15: 00007fffc16bd1c8
[ 1709.824996][T24622]  </TASK>
[ 1710.216364][  T117] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 1710.532123][  T117] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1710.560194][  T117] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1710.613800][  T117] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1710.639540][  T117] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1710.651085][  T117] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1710.692807][  T117] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1710.820189][  T117] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1710.828458][  T117] usb 5-1: Product: syz
[ 1710.836309][  T117] usb 5-1: Manufacturer: syz
[ 1710.845600][  T117] cdc_wdm 5-1:1.0: skipping garbage
[ 1710.850900][  T117] cdc_wdm 5-1:1.0: skipping garbage
[ 1711.008860][  T117] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 1711.016662][  T117] cdc_wdm 5-1:1.0: Unknown control protocol
[ 1711.726825][  T117] usb 5-1: USB disconnect, device number 111
[ 1711.946421][T14380] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1712.213962][T14380] usb 3-1: Using ep0 maxpacket: 32
[ 1712.261595][T14380] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[ 1712.289417][T14380] usb 3-1: config 0 has no interface number 0
[ 1712.335226][T14380] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1712.404286][T14380] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1712.436278][T14380] usb 3-1: Product: syz
[ 1712.452071][T14380] usb 3-1: Manufacturer: syz
[ 1712.471337][T14380] usb 3-1: SerialNumber: syz
[ 1712.580447][T14380] usb 3-1: config 0 descriptor??
[ 1712.625467][T14380] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1712.844897][T14380] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1712.856500][T14380] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1715.323475][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1715.395065][ T7124] usb 3-1: USB disconnect, device number 92
[ 1715.435046][ T7124] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1715.454852][ T7124] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1715.478141][ T7124] quatech2 3-1:0.51: device disconnected
[ 1716.777726][T24692] fuse: Unknown parameter 'ÿ00000000000000000004'
[ 1717.986472][T24690] netlink: 'syz.1.5405': attribute type 27 has an invalid length.
[ 1719.733495][T24733] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5420'.
[ 1722.694184][   T24] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 1722.853777][   T24] usb 2-1: Using ep0 maxpacket: 16
[ 1722.876665][   T24] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[ 1722.984242][   T24] usb 2-1: config 0 has no interface number 0
[ 1722.994821][   T24] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1723.172053][   T24] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1723.204181][   T24] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1723.220640][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1723.247200][   T24] usb 2-1: Product: syz
[ 1723.255864][   T24] usb 2-1: Manufacturer: syz
[ 1723.289497][   T24] usb 2-1: SerialNumber: syz
[ 1723.300837][   T24] usb 2-1: config 0 descriptor??
[ 1723.312744][T24754] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1723.321465][T24754] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1723.589327][T24772] siw: device registration error -23
[ 1724.009983][T24754] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1724.020171][T24754] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1725.628278][   T24] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1725.660432][   T24] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[ 1725.670609][   T24] asix 2-1:0.251: probe with driver asix failed with error -5
[ 1725.743187][   T24] usb 2-1: USB disconnect, device number 93
[ 1727.085024][ T6136] usb 6-1: new high-speed USB device number 126 using dummy_hcd
[ 1727.254692][ T6136] usb 6-1: Using ep0 maxpacket: 16
[ 1727.294215][ T6136] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 255
[ 1727.363051][ T6136] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 1727.395140][ T6136] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1727.604177][ T6136] usb 6-1: Product: syz
[ 1727.608546][ T6136] usb 6-1: Manufacturer: syz
[ 1727.613140][ T6136] usb 6-1: SerialNumber: syz
[ 1727.845799][ T6136] usb 6-1: config 0 descriptor??
[ 1727.851596][T24782] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1727.876408][ T6136] mcba_usb 6-1:0.0: Microchip CAN BUS Analyzer connected
[ 1728.879998][    C1] mcba_usb 6-1:0.0 can0: Tx URB aborted (-71)
[ 1728.886203][    C1] mcba_usb 6-1:0.0 can0: Tx URB aborted (-71)
[ 1728.933906][T14380] usb 6-1: USB disconnect, device number 126
[ 1728.944413][T14380] mcba_usb 6-1:0.0 can0: device disconnected
[ 1730.238331][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.371685][T24824] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1731.949605][T24841] FAULT_INJECTION: forcing a failure.
[ 1731.949605][T24841] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1731.962897][T24841] CPU: 1 UID: 0 PID: 24841 Comm: syz.4.5446 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1731.962930][T24841] Tainted: [L]=SOFTLOCKUP
[ 1731.962937][T24841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1731.962948][T24841] Call Trace:
[ 1731.962955][T24841]  <TASK>
[ 1731.962963][T24841]  dump_stack_lvl+0x16c/0x1f0
[ 1731.962990][T24841]  should_fail_ex+0x512/0x640
[ 1731.963018][T24841]  _copy_to_user+0x32/0xd0
[ 1731.963044][T24841]  simple_read_from_buffer+0xcb/0x170
[ 1731.963073][T24841]  proc_fail_nth_read+0x197/0x240
[ 1731.963095][T24841]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1731.963118][T24841]  ? rw_verify_area+0xcf/0x6c0
[ 1731.963140][T24841]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1731.963160][T24841]  vfs_read+0x1e4/0xcf0
[ 1731.963185][T24841]  ? __pfx___mutex_lock+0x10/0x10
[ 1731.963208][T24841]  ? __pfx_vfs_read+0x10/0x10
[ 1731.963239][T24841]  ? __fget_files+0x20e/0x3c0
[ 1731.963273][T24841]  ksys_read+0x12a/0x250
[ 1731.963295][T24841]  ? __pfx_ksys_read+0x10/0x10
[ 1731.963316][T24841]  ? rcu_is_watching+0x12/0xc0
[ 1731.963344][T24841]  do_syscall_64+0xcd/0xf80
[ 1731.963367][T24841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1731.963387][T24841] RIP: 0033:0x7fc079f8e15c
[ 1731.963404][T24841] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1731.963423][T24841] RSP: 002b:00007fc07addc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1731.963442][T24841] RAX: ffffffffffffffda RBX: 00007fc07a1e6180 RCX: 00007fc079f8e15c
[ 1731.963455][T24841] RDX: 000000000000000f RSI: 00007fc07addc0a0 RDI: 0000000000000006
[ 1731.963468][T24841] RBP: 00007fc07addc090 R08: 0000000000000000 R09: 0000000000000000
[ 1731.963480][T24841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1731.963498][T24841] R13: 00007fc07a1e6218 R14: 00007fc07a1e6180 R15: 00007fff949f6918
[ 1731.963529][T24841]  </TASK>
[ 1732.440891][T24843] fuse: Unknown parameter 'ÿ00000000000000000004'
[ 1732.903859][T24850] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5449'.
[ 1733.267472][T24850] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5449'.
[ 1733.551736][T24850] netlink: 'syz.6.5449': attribute type 19 has an invalid length.
[ 1735.010037][T24871] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1737.644586][T14380] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[ 1737.803880][T14380] usb 5-1: Using ep0 maxpacket: 32
[ 1737.815021][T14380] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1737.825155][T14380] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1737.947000][T14380] usb 5-1: config 0 has no interface number 0
[ 1737.953500][T14380] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1737.976875][T14380] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1738.008143][T14380] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1738.020253][T14380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1738.032026][T14380] usb 5-1: Product: syz
[ 1738.036783][T14380] usb 5-1: Manufacturer: syz
[ 1738.042163][T14380] usb 5-1: SerialNumber: syz
[ 1738.122080][T14380] usb 5-1: config 0 descriptor??
[ 1738.128555][T24890] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1738.170439][T14380] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1738.361563][   T30] audit: type=1400 audit(1765560233.015:985): avc:  denied  { read } for  pid=24897 comm="syz.5.5462" path="socket:[102701]" dev="sockfs" ino=102701 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1738.685676][T24909] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5465'.
[ 1738.703879][T24905] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5464'.
[ 1738.713170][T24905] nbd: couldn't find a device at index -1
[ 1738.947418][T24916] netlink: 'syz.2.5468': attribute type 1 has an invalid length.
[ 1738.994044][T24918] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1738.996199][T24916] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1739.017289][T24919] bond2: entered allmulticast mode
[ 1739.349204][T24927] siw: device registration error -23
[ 1740.908299][   T10] usb 5-1: USB disconnect, device number 112
[ 1741.624773][T24943] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5476'.
[ 1743.282881][   T30] audit: type=1400 audit(1765560237.935:986): avc:  denied  { nlmsg_write } for  pid=24966 comm="syz.2.5482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[ 1744.433795][ T9051] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1744.594985][ T9051] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1744.613800][ T9051] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1744.625750][ T9051] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[ 1744.643801][   T10] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[ 1744.643801][   T24] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[ 1744.645161][ T9051] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1744.694649][ T9051] usb 3-1: config 0 descriptor??
[ 1744.813773][   T24] usb 5-1: Using ep0 maxpacket: 32
[ 1744.828522][   T24] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1744.845054][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1744.865496][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1744.872402][   T24] usb 5-1: config 0 has no interface number 0
[ 1744.875347][   T10] usb 6-1: config 0 has an invalid interface number: 136 but max is 0
[ 1744.887069][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1744.893966][   T24] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1744.965918][   T10] usb 6-1: config 0 has no interface number 0
[ 1744.978290][   T10] usb 6-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1744.990039][   T10] usb 6-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1744.990057][   T24] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1745.023996][   T24] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1745.023996][   T10] usb 6-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1745.054054][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1745.062430][   T10] usb 6-1: Product: syz
[ 1745.067262][   T10] usb 6-1: Manufacturer: syz
[ 1745.072574][   T10] usb 6-1: SerialNumber: syz
[ 1745.072603][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1745.092569][   T10] usb 6-1: config 0 descriptor??
[ 1745.103747][T24975] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1745.113282][   T24] usb 5-1: Product: syz
[ 1745.115203][   T10] vmk80xx 6-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1745.123751][   T24] usb 5-1: Manufacturer: syz
[ 1745.142032][   T24] usb 5-1: SerialNumber: syz
[ 1745.161173][   T24] usb 5-1: config 0 descriptor??
[ 1745.173055][T24977] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1745.184154][ T9051] hid-led 0003:1D34:000A.0056: unknown main item tag 0x0
[ 1745.193464][ T9051] hid-led 0003:1D34:000A.0056: unknown main item tag 0x0
[ 1745.200738][   T24] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1745.212466][ T9051] hid-led 0003:1D34:000A.0056: unknown main item tag 0x0
[ 1746.409562][ T9051] hid-led 0003:1D34:000A.0056: probe with driver hid-led failed with error -71
[ 1746.430692][ T9051] usb 3-1: USB disconnect, device number 93
[ 1746.746666][T24991] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5488'.
[ 1747.487492][ T6136] usb 6-1: USB disconnect, device number 127
[ 1747.805693][   T10] usb 5-1: USB disconnect, device number 113
[ 1749.475929][T25031] No source specified
[ 1750.035664][T25033] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5500'.
[ 1750.363781][ T5875] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1750.515403][ T5875] usb 2-1: Using ep0 maxpacket: 32
[ 1750.535267][ T5875] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[ 1750.553926][ T5875] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1750.574222][ T5875] usb 2-1: config 0 has no interface number 0
[ 1750.580427][ T5875] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1750.668745][ T5875] usb 2-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1750.719314][ T5875] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1750.738759][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1750.752953][ T5875] usb 2-1: Product: syz
[ 1750.983182][ T5875] usb 2-1: Manufacturer: syz
[ 1750.995733][ T5875] usb 2-1: SerialNumber: syz
[ 1751.012764][ T5875] usb 2-1: config 0 descriptor??
[ 1751.021440][T25051] netlink: 'syz.6.5501': attribute type 9 has an invalid length.
[ 1751.028738][T25037] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1751.036592][T25051] netlink: 'syz.6.5501': attribute type 11 has an invalid length.
[ 1751.068221][ T5875] vmk80xx 2-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1751.071060][T25051] netlink: 'syz.6.5501': attribute type 12 has an invalid length.
[ 1751.242618][T25051] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.5501'.
[ 1751.265173][T25054] fuse: Bad value for 'fd'
[ 1751.475054][T25061] devpts: Bad value for 'max'
[ 1751.506645][T25061] input: syz0 as /devices/virtual/input/input69
[ 1753.122205][   T10] usb 2-1: USB disconnect, device number 94
[ 1754.342057][T25097] netlink: 'syz.2.5517': attribute type 9 has an invalid length.
[ 1754.353952][T25097] netlink: 'syz.2.5517': attribute type 11 has an invalid length.
[ 1754.361767][T25097] netlink: 'syz.2.5517': attribute type 12 has an invalid length.
[ 1754.445468][T25097] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.5517'.
[ 1755.917003][   T30] audit: type=1400 audit(1765560250.575:987): avc:  denied  { write } for  pid=25111 comm="syz.2.5522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1756.519182][T25115] devpts: Bad value for 'max'
[ 1756.536955][   T30] audit: type=1400 audit(1765560250.575:988): avc:  denied  { lock } for  pid=25111 comm="syz.2.5522" path="socket:[102223]" dev="sockfs" ino=102223 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1756.650226][   T30] audit: type=1400 audit(1765560250.575:989): avc:  denied  { setopt } for  pid=25111 comm="syz.2.5522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1756.688810][   T30] audit: type=1400 audit(1765560250.575:990): avc:  denied  { ioctl } for  pid=25111 comm="syz.2.5522" path="socket:[102225]" dev="sockfs" ino=102225 ioctlcmd=0x4584 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1756.733785][   T30] audit: type=1400 audit(1765560250.585:991): avc:  denied  { ioctl } for  pid=25111 comm="syz.2.5522" path="socket:[102226]" dev="sockfs" ino=102226 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1757.148616][ T7508] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1757.333832][ T7508] usb 6-1: Using ep0 maxpacket: 32
[ 1757.412555][ T7508] usb 6-1: config 0 has an invalid interface number: 136 but max is 0
[ 1757.431597][ T7508] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1757.453297][ T7508] usb 6-1: config 0 has no interface number 0
[ 1757.462824][T25129] FAULT_INJECTION: forcing a failure.
[ 1757.462824][T25129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1757.476192][ T7508] usb 6-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1757.498753][ T7508] usb 6-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1757.566191][T25129] CPU: 1 UID: 0 PID: 25129 Comm: syz.4.5524 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1757.566222][T25129] Tainted: [L]=SOFTLOCKUP
[ 1757.566229][T25129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1757.566240][T25129] Call Trace:
[ 1757.566246][T25129]  <TASK>
[ 1757.566253][T25129]  dump_stack_lvl+0x16c/0x1f0
[ 1757.566280][T25129]  should_fail_ex+0x512/0x640
[ 1757.566305][T25129]  _copy_from_iter+0x2a4/0x16c0
[ 1757.566330][T25129]  ? __pfx_avc_has_perm+0x10/0x10
[ 1757.566358][T25129]  ? __pfx__copy_from_iter+0x10/0x10
[ 1757.566381][T25129]  ? sock_has_perm+0x258/0x2f0
[ 1757.566407][T25129]  ? __pfx_sock_has_perm+0x10/0x10
[ 1757.566435][T25129]  hci_sock_sendmsg+0x46d/0x26b0
[ 1757.566476][T25129]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1757.566512][T25129]  sock_write_iter+0x566/0x610
[ 1757.566534][T25129]  ? __pfx_sock_write_iter+0x10/0x10
[ 1757.566552][T25129]  ? kasan_save_stack+0x42/0x60
[ 1757.566570][T25129]  ? kasan_save_stack+0x33/0x60
[ 1757.566586][T25129]  ? kasan_save_track+0x14/0x30
[ 1757.566615][T25129]  ? bpf_lsm_file_permission+0x9/0x10
[ 1757.566634][T25129]  ? security_file_permission+0x71/0x210
[ 1757.566656][T25129]  ? rw_verify_area+0xcf/0x6c0
[ 1757.566680][T25129]  aio_write+0x3b9/0x910
[ 1757.566710][T25129]  ? __pfx_aio_write+0x10/0x10
[ 1757.566737][T25129]  ? __lock_acquire+0x436/0x2890
[ 1757.566776][T25129]  ? __might_fault+0xe3/0x190
[ 1757.566792][T25129]  ? __might_fault+0x13b/0x190
[ 1757.566814][T25129]  ? io_submit_one+0x1243/0x1e70
[ 1757.566829][T25129]  io_submit_one+0x1243/0x1e70
[ 1757.566850][T25129]  ? __lock_acquire+0x436/0x2890
[ 1757.566876][T25129]  ? __pfx_io_submit_one+0x10/0x10
[ 1757.566904][T25129]  ? __might_fault+0xe3/0x190
[ 1757.566919][T25129]  ? __might_fault+0x13b/0x190
[ 1757.566943][T25129]  ? __x64_sys_io_submit+0x1a9/0x370
[ 1757.566961][T25129]  __x64_sys_io_submit+0x1a9/0x370
[ 1757.566984][T25129]  ? __pfx___x64_sys_io_submit+0x10/0x10
[ 1757.567002][T25129]  ? fput+0x70/0xf0
[ 1757.567033][T25129]  do_syscall_64+0xcd/0xf80
[ 1757.567054][T25129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1757.567073][T25129] RIP: 0033:0x7fc079f8f749
[ 1757.567089][T25129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1757.567107][T25129] RSP: 002b:00007fc07ae1e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 1757.567126][T25129] RAX: ffffffffffffffda RBX: 00007fc07a1e5fa0 RCX: 00007fc079f8f749
[ 1757.567139][T25129] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 00007fc07adda000
[ 1757.567151][T25129] RBP: 00007fc07ae1e090 R08: 0000000000000000 R09: 0000000000000000
[ 1757.567163][T25129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1757.567174][T25129] R13: 00007fc07a1e6038 R14: 00007fc07a1e5fa0 R15: 00007fff949f6918
[ 1757.567202][T25129]  </TASK>
[ 1757.852703][ T7508] usb 6-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1757.944196][ T7508] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1757.952222][ T7508] usb 6-1: Product: syz
[ 1757.959786][ T7508] usb 6-1: Manufacturer: syz
[ 1757.965211][ T7508] usb 6-1: SerialNumber: syz
[ 1757.998215][ T7508] usb 6-1: config 0 descriptor??
[ 1758.004858][T25118] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1758.017681][ T7508] vmk80xx 6-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1759.760423][T14380] usb 6-1: USB disconnect, device number 2
[ 1759.789316][T25157] devpts: Bad value for 'max'
[ 1760.654982][   T30] audit: type=1400 audit(1765560255.285:992): avc:  denied  { append } for  pid=25163 comm="syz.1.5540" name="video1" dev="devtmpfs" ino=933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1761.183840][ T6136] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1761.704049][ T6136] usb 6-1: Using ep0 maxpacket: 32
[ 1761.711139][ T6136] usb 6-1: config 0 has an invalid interface number: 136 but max is 0
[ 1761.732047][ T6136] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1761.926094][ T6136] usb 6-1: config 0 has no interface number 0
[ 1761.932413][ T6136] usb 6-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1761.942371][ T6136] usb 6-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1761.957995][ T6136] usb 6-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1761.967207][ T6136] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1762.613682][ T6136] usb 6-1: Product: syz
[ 1762.621022][ T6136] usb 6-1: Manufacturer: syz
[ 1762.625770][ T6136] usb 6-1: SerialNumber: syz
[ 1762.632653][ T6136] usb 6-1: config 0 descriptor??
[ 1762.647235][T25171] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1762.657899][ T6136] vmk80xx 6-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1762.687232][T25191] netlink: 'syz.6.5547': attribute type 9 has an invalid length.
[ 1762.696307][T25191] netlink: 'syz.6.5547': attribute type 11 has an invalid length.
[ 1762.704198][T25191] netlink: 'syz.6.5547': attribute type 12 has an invalid length.
[ 1762.713185][T25191] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.5547'.
[ 1763.125895][T25201] devpts: Bad value for 'max'
[ 1763.372429][T25205] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5553'.
[ 1764.031316][ T5876] usb 6-1: USB disconnect, device number 3
[ 1764.090239][T25220] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1764.133337][T25216] macvlan1: left promiscuous mode
[ 1764.176809][T25216] bridge0: left promiscuous mode
[ 1764.188312][T25216] bridge1: left promiscuous mode
[ 1764.202937][T25216] bridge2: left promiscuous mode
[ 1764.214588][T25216] bridge3: left promiscuous mode
[ 1764.503959][T25216] bridge4: left promiscuous mode
[ 1764.519124][T25216] bridge6: left promiscuous mode
[ 1764.548642][T25222] netlink: 'syz.5.5559': attribute type 9 has an invalid length.
[ 1764.573950][T25222] netlink: 'syz.5.5559': attribute type 11 has an invalid length.
[ 1764.592698][T25222] netlink: 'syz.5.5559': attribute type 12 has an invalid length.
[ 1764.620944][T25222] netlink: 210020 bytes leftover after parsing attributes in process `syz.5.5559'.
[ 1766.681101][T25242] devpts: Bad value for 'max'
[ 1766.695856][T25242] input: syz0 as /devices/virtual/input/input70
[ 1767.566546][ T6136] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[ 1767.813773][ T6136] usb 5-1: Using ep0 maxpacket: 32
[ 1768.979448][ T6136] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1769.093898][ T6136] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1769.106469][ T6136] usb 5-1: config 0 has no interface number 0
[ 1769.112596][ T6136] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1769.122790][ T6136] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1769.137769][ T6136] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1769.147129][ T6136] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1769.155186][ T6136] usb 5-1: Product: syz
[ 1769.159347][ T6136] usb 5-1: Manufacturer: syz
[ 1769.163976][ T6136] usb 5-1: SerialNumber: syz
[ 1769.317525][ T6136] usb 5-1: config 0 descriptor??
[ 1769.323943][T25253] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1769.335427][ T6136] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1769.554671][   T30] audit: type=1326 audit(1765560264.205:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25267 comm="syz.6.5567" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbd5b8f749 code=0x0
[ 1770.884304][T25290] devpts: Bad value for 'max'
[ 1771.770179][T14380] usb 5-1: USB disconnect, device number 114
[ 1773.912110][   T30] audit: type=1400 audit(1765560267.985:994): avc:  denied  { read } for  pid=25309 comm="syz.4.5585" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1773.966397][   T30] audit: type=1400 audit(1765560267.985:995): avc:  denied  { open } for  pid=25309 comm="syz.4.5585" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1774.268761][   T30] audit: type=1400 audit(1765560267.985:996): avc:  denied  { ioctl } for  pid=25309 comm="syz.4.5585" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1774.487351][   T30] audit: type=1326 audit(1765560268.285:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25315 comm="syz.1.5586" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02a778f749 code=0x0
[ 1775.377675][T25334] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5590'.
[ 1775.445686][T25336] devpts: Bad value for 'max'
[ 1775.461242][T25336] input: syz0 as /devices/virtual/input/input71
[ 1776.208631][T25348] netlink: 'syz.6.5597': attribute type 9 has an invalid length.
[ 1776.337251][T25348] netlink: 'syz.6.5597': attribute type 11 has an invalid length.
[ 1776.345427][T25348] netlink: 'syz.6.5597': attribute type 12 has an invalid length.
[ 1776.353247][T25348] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.5597'.
[ 1783.749278][T25427] fuse: Unknown parameter 'ÿ00000000000000000006'
[ 1785.414706][T25436] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5612'.
[ 1785.765341][   T30] audit: type=1400 audit(1765560280.425:998): avc:  denied  { write } for  pid=25441 comm="syz.5.5618" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1785.813785][   T30] audit: type=1400 audit(1765560280.425:999): avc:  denied  { open } for  pid=25441 comm="syz.5.5618" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1785.941018][   T30] audit: type=1400 audit(1765560280.445:1000): avc:  denied  { ioctl } for  pid=25441 comm="syz.5.5618" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1786.927846][T25454] FAULT_INJECTION: forcing a failure.
[ 1786.927846][T25454] name failslab, interval 1, probability 0, space 0, times 0
[ 1786.958742][T25454] CPU: 1 UID: 0 PID: 25454 Comm: syz.4.5620 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1786.958776][T25454] Tainted: [L]=SOFTLOCKUP
[ 1786.958784][T25454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1786.958796][T25454] Call Trace:
[ 1786.958802][T25454]  <TASK>
[ 1786.958811][T25454]  dump_stack_lvl+0x16c/0x1f0
[ 1786.958836][T25454]  should_fail_ex+0x512/0x640
[ 1786.958859][T25454]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1786.958894][T25454]  should_failslab+0xc2/0x120
[ 1786.958919][T25454]  __kmalloc_cache_noprof+0x80/0x800
[ 1786.958945][T25454]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1786.958967][T25454]  ? io_wq_create+0x6a/0x9a0
[ 1786.958996][T25454]  ? io_wq_create+0x6a/0x9a0
[ 1786.959019][T25454]  io_wq_create+0x6a/0x9a0
[ 1786.959046][T25454]  io_uring_alloc_task_context+0x1e1/0x650
[ 1786.959077][T25454]  ? __pfx_io_uring_alloc_task_context+0x10/0x10
[ 1786.959109][T25454]  __io_uring_add_tctx_node+0x2dd/0x500
[ 1786.959132][T25454]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[ 1786.959158][T25454]  ? __fget_files+0x20e/0x3c0
[ 1786.959186][T25454]  __io_uring_add_tctx_node_from_submit+0x89/0x130
[ 1786.959211][T25454]  __do_sys_io_uring_enter+0x1242/0x1630
[ 1786.959243][T25454]  ? __fget_files+0x20e/0x3c0
[ 1786.959267][T25454]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1786.959297][T25454]  ? fput+0x70/0xf0
[ 1786.959323][T25454]  ? ksys_write+0x1ac/0x250
[ 1786.959344][T25454]  ? __pfx_ksys_write+0x10/0x10
[ 1786.959375][T25454]  do_syscall_64+0xcd/0xf80
[ 1786.959397][T25454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1786.959417][T25454] RIP: 0033:0x7fc079f8f749
[ 1786.959432][T25454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1786.959450][T25454] RSP: 002b:00007fc07adcf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1786.959469][T25454] RAX: ffffffffffffffda RBX: 00007fc07a1e6180 RCX: 00007fc079f8f749
[ 1786.959482][T25454] RDX: 0000000020000000 RSI: 0000000000003516 RDI: 0000000000000005
[ 1786.959494][T25454] RBP: 00007fc07adcf090 R08: 0000000000000000 R09: 0000000000000000
[ 1786.959506][T25454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1786.959518][T25454] R13: 00007fc07a1e6218 R14: 00007fc07a1e6180 R15: 00007fff949f6918
[ 1786.959547][T25454]  </TASK>
[ 1791.694032][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.939200][   T30] audit: type=1400 audit(1765560286.595:1001): avc:  denied  { create } for  pid=25490 comm="syz.2.5631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1792.305390][   T30] audit: type=1400 audit(1765560286.595:1002): avc:  denied  { write } for  pid=25490 comm="syz.2.5631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1794.889772][T25519] siw: device registration error -23
[ 1798.985374][T25553] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5645'.
[ 1799.787077][ T7508] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[ 1800.014114][ T7508] usb 5-1: Using ep0 maxpacket: 32
[ 1800.098575][ T7508] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1800.155556][ T7508] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1800.213891][ T7508] usb 5-1: config 0 has no interface number 0
[ 1800.247211][ T7508] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1800.306248][ T7508] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1800.404970][ T7508] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1800.439133][ T7508] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1800.457774][ T7508] usb 5-1: Product: syz
[ 1800.466280][ T7508] usb 5-1: Manufacturer: syz
[ 1800.476774][ T7508] usb 5-1: SerialNumber: syz
[ 1800.545053][ T7508] usb 5-1: config 0 descriptor??
[ 1800.569760][T25557] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1800.611344][ T7508] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1802.290820][ T7508] usb 5-1: USB disconnect, device number 115
[ 1802.762502][T25588] netlink: 'syz.4.5655': attribute type 9 has an invalid length.
[ 1802.770506][T25588] netlink: 'syz.4.5655': attribute type 11 has an invalid length.
[ 1802.778515][T25588] netlink: 'syz.4.5655': attribute type 12 has an invalid length.
[ 1802.792959][T25588] netlink: 210020 bytes leftover after parsing attributes in process `syz.4.5655'.
[ 1804.034253][T25597] FAULT_INJECTION: forcing a failure.
[ 1804.034253][T25597] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1804.047334][T25597] CPU: 1 UID: 0 PID: 25597 Comm: syz.2.5658 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1804.047355][T25597] Tainted: [L]=SOFTLOCKUP
[ 1804.047359][T25597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1804.047368][T25597] Call Trace:
[ 1804.047376][T25597]  <TASK>
[ 1804.047386][T25597]  dump_stack_lvl+0x16c/0x1f0
[ 1804.047416][T25597]  should_fail_ex+0x512/0x640
[ 1804.047443][T25597]  _copy_to_user+0x32/0xd0
[ 1804.047459][T25597]  simple_read_from_buffer+0xcb/0x170
[ 1804.047476][T25597]  proc_fail_nth_read+0x197/0x240
[ 1804.047489][T25597]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1804.047501][T25597]  ? rw_verify_area+0xcf/0x6c0
[ 1804.047513][T25597]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1804.047524][T25597]  vfs_read+0x1e4/0xcf0
[ 1804.047538][T25597]  ? __pfx___mutex_lock+0x10/0x10
[ 1804.047553][T25597]  ? __pfx_vfs_read+0x10/0x10
[ 1804.047569][T25597]  ? __fget_files+0x20e/0x3c0
[ 1804.047590][T25597]  ksys_read+0x12a/0x250
[ 1804.047602][T25597]  ? __pfx_ksys_read+0x10/0x10
[ 1804.047620][T25597]  do_syscall_64+0xcd/0xf80
[ 1804.047640][T25597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1804.047652][T25597] RIP: 0033:0x7f082898e15c
[ 1804.047662][T25597] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1804.047673][T25597] RSP: 002b:00007f08298ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1804.047685][T25597] RAX: ffffffffffffffda RBX: 00007f0828be5fa0 RCX: 00007f082898e15c
[ 1804.047692][T25597] RDX: 000000000000000f RSI: 00007f08298ef0a0 RDI: 0000000000000004
[ 1804.047699][T25597] RBP: 00007f08298ef090 R08: 0000000000000000 R09: 0000000000000000
[ 1804.047705][T25597] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[ 1804.047712][T25597] R13: 00007f0828be6038 R14: 00007f0828be5fa0 R15: 00007fffc16bd1c8
[ 1804.047727][T25597]  </TASK>
[ 1807.023780][ T7124] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[ 1807.183808][ T7124] usb 5-1: Using ep0 maxpacket: 32
[ 1807.190747][ T7124] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1807.206925][ T7124] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1807.228057][ T7124] usb 5-1: config 0 has no interface number 0
[ 1807.244051][ T7124] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1807.263754][ T7124] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1807.296858][ T7124] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1807.306342][T25620] bond3: (slave geneve2): Opening slave failed
[ 1807.333909][ T7124] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1807.341933][ T7124] usb 5-1: Product: syz
[ 1807.377520][ T7124] usb 5-1: Manufacturer: syz
[ 1807.382149][ T7124] usb 5-1: SerialNumber: syz
[ 1807.397263][ T7124] usb 5-1: config 0 descriptor??
[ 1807.403008][T25618] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1807.434347][ T7124] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1807.901986][T25638] devpts: Bad value for 'max'
[ 1808.331682][T25645] overlayfs: failed to resolve './file1': -2
[ 1809.194736][   T30] audit: type=1400 audit(1765560303.665:1003): avc:  denied  { mounton } for  pid=25653 comm="syz.1.5674" path="/523/file0" dev="tmpfs" ino=2822 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[ 1809.339627][T14380] usb 5-1: USB disconnect, device number 116
[ 1809.556091][T25663] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5676'.
[ 1810.710383][T25674] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5679'.
[ 1814.403769][ T9051] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1814.683453][   T30] audit: type=1400 audit(1765560309.285:1004): avc:  denied  { getopt } for  pid=25713 comm="syz.2.5690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1815.007000][ T9051] usb 2-1: Using ep0 maxpacket: 32
[ 1815.172173][ T9051] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[ 1816.190253][ T9051] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1816.273742][ T9051] usb 2-1: config 0 has no interface number 0
[ 1816.282011][ T9051] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1816.292200][ T9051] usb 2-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1816.317244][ T9051] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1816.339997][ T9051] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1816.350370][ T9051] usb 2-1: Product: syz
[ 1816.354886][ T9051] usb 2-1: Manufacturer: syz
[ 1816.360775][ T9051] usb 2-1: SerialNumber: syz
[ 1816.404790][ T9051] usb 2-1: config 0 descriptor??
[ 1816.454469][T25712] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1816.481580][ T9051] vmk80xx 2-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1817.047447][ T5822] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1817.079139][ T5822] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1817.088062][ T5822] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1817.096953][ T5822] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1817.111231][ T5822] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1817.125412][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1817.132729][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1817.610531][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1817.622898][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1817.630599][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1817.707759][T25743] Failed to initialize the IGMP autojoin socket (err -2)
[ 1817.796784][T25748] devpts: Bad value for 'max'
[ 1817.849377][T25748] input: syz0 as /devices/virtual/input/input72
[ 1817.929542][   T10] usb 2-1: USB disconnect, device number 95
[ 1818.562742][T25743] chnl_net:caif_netlink_parms(): no params data found
[ 1819.674350][ T5829] Bluetooth: hci5: command tx timeout
[ 1819.891934][T25768] netlink: 'syz.5.5704': attribute type 9 has an invalid length.
[ 1819.946854][T25768] netlink: 'syz.5.5704': attribute type 11 has an invalid length.
[ 1819.983782][T25768] netlink: 'syz.5.5704': attribute type 12 has an invalid length.
[ 1820.033453][T25743] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1820.040800][T25743] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1820.046261][T25768] netlink: 210020 bytes leftover after parsing attributes in process `syz.5.5704'.
[ 1820.080597][T25743] bridge_slave_0: entered allmulticast mode
[ 1820.305589][T25743] bridge_slave_0: entered promiscuous mode
[ 1820.445503][T25743] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1820.452826][T25743] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1820.479955][T25743] bridge_slave_1: entered allmulticast mode
[ 1820.497333][T25743] bridge_slave_1: entered promiscuous mode
[ 1820.881662][T25743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1820.910817][T25743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1821.628538][T25743] team0: Port device team_slave_0 added
[ 1821.656136][T25743] team0: Port device team_slave_1 added
[ 1821.720987][T25743] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1821.736381][T25743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1821.765297][ T5829] Bluetooth: hci5: command tx timeout
[ 1821.796476][T25743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1821.841646][T25743] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1821.858988][T25743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1821.960659][T25743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1822.304125][T25743] hsr_slave_0: entered promiscuous mode
[ 1822.327558][T25743] hsr_slave_1: entered promiscuous mode
[ 1822.344545][T25743] debugfs: 'hsr0' already exists in 'hsr'
[ 1822.350305][T25743] Cannot create hsr debugfs directory
[ 1822.513957][T25797] devpts: Bad value for 'max'
[ 1822.527364][T25797] input: syz0 as /devices/virtual/input/input73
[ 1822.766355][T25743] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1822.939561][T25804] netlink: 'syz.6.5714': attribute type 9 has an invalid length.
[ 1822.964117][T25804] netlink: 'syz.6.5714': attribute type 11 has an invalid length.
[ 1822.971932][T25804] netlink: 'syz.6.5714': attribute type 12 has an invalid length.
[ 1822.981292][T25804] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.5714'.
[ 1823.048682][T25743] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1823.191631][T25743] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1823.298009][T25743] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1823.719211][   T30] audit: type=1400 audit(1765560318.335:1005): avc:  denied  { ioctl } for  pid=25799 comm="syz.1.5713" path="socket:[105387]" dev="sockfs" ino=105387 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1823.903128][ T5829] Bluetooth: hci5: command tx timeout
[ 1824.170032][T25814] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5717'.
[ 1824.249590][T25814] bond1: (slave geneve2): Opening slave failed
[ 1824.316980][T25743] netdevsim netdevsim2 netdevsim0: renamed from eth9
[ 1824.409606][T25743] netdevsim netdevsim2 netdevsim1: renamed from eth10
[ 1824.436281][T25743] netdevsim netdevsim2 netdevsim2: renamed from eth11
[ 1824.864183][T25743] netdevsim netdevsim2 netdevsim3: renamed from eth12
[ 1825.098903][T25743] 8021q: adding VLAN 0 to HW filter on device team0
[ 1825.119704][T21208] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1825.126841][T21208] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1825.146953][T21208] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1825.154086][T21208] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1825.749373][T25743] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1825.913947][ T5829] Bluetooth: hci5: command tx timeout
[ 1826.311724][   T30] audit: type=1326 audit(1765560320.965:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25842 comm="syz.5.5722" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fab4938f749 code=0x0
[ 1826.568251][T25743] veth0_vlan: entered promiscuous mode
[ 1826.611602][T25743] veth1_vlan: entered promiscuous mode
[ 1826.707718][T25743] veth0_macvtap: entered promiscuous mode
[ 1826.732325][T25743] veth1_macvtap: entered promiscuous mode
[ 1827.077482][T25743] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1827.134691][T25743] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1828.082477][T25743] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1828.220174][T25743] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1828.689837][T25743] wireguard: wg0: Could not create IPv4 socket
[ 1828.700706][T25743] wireguard: wg1: Could not create IPv4 socket
[ 1828.716672][T25743] wireguard: wg2: Could not create IPv4 socket
[ 1829.814298][T25885] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1829.814298][T25885]    program syz.1.5733 not setting count and/or reply_len properly
[ 1831.996916][T25907] netlink: 'syz.1.5738': attribute type 9 has an invalid length.
[ 1832.085113][T25907] netlink: 'syz.1.5738': attribute type 11 has an invalid length.
[ 1832.156795][T25907] netlink: 'syz.1.5738': attribute type 12 has an invalid length.
[ 1832.211193][T25907] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.5738'.
[ 1834.733187][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1834.743656][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1834.752685][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1834.760555][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1834.768248][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1834.807006][T25933] Failed to initialize the IGMP autojoin socket (err -2)
[ 1835.943787][T19893] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1836.104093][T19893] usb 2-1: Using ep0 maxpacket: 32
[ 1836.115627][T19893] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[ 1836.138183][T19893] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1836.151487][T19893] usb 2-1: config 0 has no interface number 0
[ 1836.158114][T19893] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1836.178580][T19893] usb 2-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1836.208567][T19893] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1836.833156][ T5829] Bluetooth: hci1: command tx timeout
[ 1836.866911][T19893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1836.876509][T19893] usb 2-1: Product: syz
[ 1836.880876][T19893] usb 2-1: Manufacturer: syz
[ 1836.885544][T19893] usb 2-1: SerialNumber: syz
[ 1836.893047][T19893] usb 2-1: config 0 descriptor??
[ 1836.900131][T25943] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1836.916413][T19893] vmk80xx 2-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1837.169010][T18387] usb 2-1: USB disconnect, device number 96
[ 1838.911522][ T5829] Bluetooth: hci1: command tx timeout
[ 1839.175595][T25933] netdevsim netdevsim2 netdevsim0: renamed from eth9
[ 1839.417443][T25933] netdevsim netdevsim2 netdevsim1: renamed from eth10
[ 1839.719369][T25970] netlink: 'syz.6.5753': attribute type 9 has an invalid length.
[ 1839.720594][T25933] netdevsim netdevsim2 netdevsim2: renamed from eth11
[ 1839.727302][T25970] netlink: 'syz.6.5753': attribute type 11 has an invalid length.
[ 1839.741926][T25970] netlink: 'syz.6.5753': attribute type 12 has an invalid length.
[ 1839.749927][T25970] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.5753'.
[ 1839.836747][T25933] netdevsim netdevsim2 netdevsim3: renamed from eth12
[ 1840.954915][ T5829] Bluetooth: hci1: command tx timeout
[ 1842.358493][T25933] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1842.388006][T25933] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1842.427410][T25933] wireguard: wg0: Could not create IPv4 socket
[ 1842.452395][T25933] wireguard: wg1: Could not create IPv4 socket
[ 1842.487475][T25933] wireguard: wg2: Could not create IPv4 socket
[ 1842.682799][T26023] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5762'.
[ 1842.903934][T14380] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1843.381601][   T30] audit: type=1326 audit(1765560337.975:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26028 comm="syz.1.5764" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02a778f749 code=0x0
[ 1843.485032][T14380] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1843.494377][T14380] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1843.504772][T14380] usb 6-1: config 0 descriptor??
[ 1844.316667][T14380] kaweth 6-1:0.0: Firmware present in device.
[ 1844.469181][T14380] kaweth 6-1:0.0: Error reading configuration (-32), no net device created
[ 1844.486286][T14380] kaweth 6-1:0.0: probe with driver kaweth failed with error -5
[ 1845.850248][T14380] usb 6-1: USB disconnect, device number 4
[ 1846.143836][ T7124] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1846.313992][ T7124] usb 2-1: Using ep0 maxpacket: 32
[ 1846.323308][ T7124] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[ 1846.341395][ T7124] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1846.376950][ T7124] usb 2-1: config 0 has no interface number 0
[ 1846.405388][ T7124] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1846.439479][ T7124] usb 2-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1846.483015][ T7124] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1846.498370][ T7124] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1846.530608][ T7124] usb 2-1: Product: syz
[ 1846.551307][ T7124] usb 2-1: Manufacturer: syz
[ 1846.561419][ T7124] usb 2-1: SerialNumber: syz
[ 1846.589685][ T7124] usb 2-1: config 0 descriptor??
[ 1846.642866][T26061] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1846.676837][ T7124] vmk80xx 2-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1846.743430][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1846.755852][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1846.766257][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1846.774178][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1846.781791][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1846.981364][T26078] Failed to initialize the IGMP autojoin socket (err -2)
[ 1848.262714][T26104] netlink: 'syz.5.5786': attribute type 9 has an invalid length.
[ 1848.271762][T26104] netlink: 'syz.5.5786': attribute type 11 has an invalid length.
[ 1848.279658][T26104] netlink: 'syz.5.5786': attribute type 12 has an invalid length.
[ 1848.287620][T26104] netlink: 210020 bytes leftover after parsing attributes in process `syz.5.5786'.
[ 1849.164369][ T5829] Bluetooth: hci1: command tx timeout
[ 1849.736818][ T7124] usb 2-1: USB disconnect, device number 97
[ 1849.811546][T26078] netdevsim netdevsim2 netdevsim0: renamed from eth9
[ 1849.834768][T26078] netdevsim netdevsim2 netdevsim1: renamed from eth10
[ 1849.855034][T26078] netdevsim netdevsim2 netdevsim2: renamed from eth11
[ 1849.868970][T26078] netdevsim netdevsim2 netdevsim3: renamed from eth12
[ 1850.585539][T26078] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1850.688570][T26078] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1850.819287][T26078] wireguard: wg0: Could not create IPv4 socket
[ 1850.828635][T26078] wireguard: wg1: Could not create IPv4 socket
[ 1850.838880][T26078] wireguard: wg2: Could not create IPv4 socket
[ 1851.193886][ T5829] Bluetooth: hci1: command tx timeout
[ 1852.194361][T26140] overlayfs: failed to clone upperpath
[ 1852.241543][T26140] macvtap0: entered allmulticast mode
[ 1852.247766][T26140] veth0_macvtap: entered allmulticast mode
[ 1853.053732][T14380] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[ 1853.158856][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.789174][T14380] usb 5-1: Using ep0 maxpacket: 32
[ 1853.799646][T14380] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[ 1853.809785][T14380] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1854.495339][T14380] usb 5-1: config 0 has no interface number 0
[ 1854.501481][T14380] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 1854.511580][T14380] usb 5-1: config 0 interface 136 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1854.527166][T14380] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 1854.536365][T14380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1854.549591][T14380] usb 5-1: Product: syz
[ 1854.553876][T14380] usb 5-1: Manufacturer: syz
[ 1854.558477][T14380] usb 5-1: SerialNumber: syz
[ 1854.566511][T14380] usb 5-1: config 0 descriptor??
[ 1854.577589][T26144] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1854.602461][T14380] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[ 1855.220175][T26166] fuse: Unknown parameter 'ÿ00000000000000000005'
[ 1855.342033][T19893] usb 5-1: USB disconnect, device number 117
[ 1855.999287][T26174] devpts: Bad value for 'max'
[ 1856.687747][T26174] input: syz0 as /devices/virtual/input/input74
[ 1856.882113][   T30] audit: type=1400 audit(1765560351.535:1008): avc:  denied  { write } for  pid=26183 comm="syz.1.5807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1859.886086][   T30] audit: type=1326 audit(1765560354.265:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26206 comm="syz.1.5812" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02a778f749 code=0x0
[ 1860.303117][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1860.313836][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1860.336109][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1860.344574][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1860.352249][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1860.390049][T26213] Failed to initialize the IGMP autojoin socket (err -2)
[ 1861.146514][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1861.160866][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1861.171199][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1861.179124][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1861.186691][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1861.212358][T26213] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1861.431306][T26213] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1861.806061][T26225] Failed to initialize the IGMP autojoin socket (err -2)
[ 1861.844779][T26213] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.002903][   T30] audit: type=1400 audit(1765560356.655:1010): avc:  denied  { relabelfrom } for  pid=26225 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1862.026265][   T30] audit: type=1400 audit(1765560356.655:1011): avc:  denied  { relabelto } for  pid=26225 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1862.172030][T26213] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.193858][ T7124] usb 2-1: new low-speed USB device number 98 using dummy_hcd
[ 1862.385416][ T7124] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1862.394188][ T5829] Bluetooth: hci1: command tx timeout
[ 1862.404018][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1862.414831][ T7124] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1862.426607][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1862.437869][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1862.449988][ T7124] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1862.457585][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1862.468376][ T7124] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1862.480068][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1862.491453][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1862.503640][ T7124] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1862.511214][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1862.521959][ T7124] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1862.533683][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1862.544869][ T7124] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1862.558819][ T7124] usb 2-1: string descriptor 0 read error: -22
[ 1862.565252][ T7124] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1862.574374][ T7124] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1862.596068][ T7124] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1862.824402][ T5822] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1862.843443][ T5822] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1862.852001][ T5822] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1862.859953][ T5822] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1862.867610][ T5822] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1862.920864][ T7124] usb 2-1: USB disconnect, device number 98
[ 1863.803593][T14884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1863.816162][T14884] bond0 (unregistering): Released all slaves
[ 1863.834367][T14884] bond1 (unregistering): Released all slaves
[ 1863.850325][T14884] bond2 (unregistering): Released all slaves
[ 1863.866003][T14884] bond3 (unregistering): Released all slaves
[ 1863.906796][T26240] Failed to initialize the IGMP autojoin socket (err -2)
[ 1864.331104][T14884] tipc: Left network mode
[ 1864.520220][ T5822] Bluetooth: hci1: command tx timeout
[ 1864.953737][    C1] ------------[ cut here ]------------
[ 1864.959547][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci3
[ 1864.966229][    C1] WARNING: kernel/workqueue.c:2251 at 0x0, CPU#1: syz.4.5822/26257
[ 1864.974113][    C1] Modules linked in:
[ 1864.978295][    C1] CPU: 1 UID: 0 PID: 26257 Comm: syz.4.5822 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1864.989216][    C1] Tainted: [L]=SOFTLOCKUP
[ 1864.993523][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1865.003561][    C1] RIP: 0010:__queue_work+0xca1/0x10e0
[ 1865.008926][    C1] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 63 bf 06 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 30 31 3a 00 90 0f 0b 90 e9 15 f6
[ 1865.028521][    C1] RSP: 0000:ffffc90000a08be8 EFLAGS: 00010046
[ 1865.034575][    C1] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11006ab7951
[ 1865.042530][    C1] RDX: ffff88807cd20978 RSI: ffffffff8a6afda0 RDI: ffffffff908b71e0
[ 1865.050489][    C1] RBP: ffff8880355bca70 R08: 0000000000000005 R09: 0000000000000000
[ 1865.058448][    C1] R10: 0000000000000100 R11: ffff888031fcd4b0 R12: 1ffff9200014118f
[ 1865.066411][    C1] R13: ffffffff8184c3c0 R14: 0000000080000100 R15: ffff88807cd20800
[ 1865.074371][    C1] FS:  00007fc07adfd6c0(0000) GS:ffff8881249fb000(0000) knlGS:0000000000000000
[ 1865.083316][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1865.089883][    C1] CR2: fffffffffffffe70 CR3: 000000009c7b3000 CR4: 00000000003526f0
[ 1865.097835][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1865.105782][    C1] DR3: 0000000000e1000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1865.113732][    C1] Call Trace:
[ 1865.116990][    C1]  <IRQ>
[ 1865.119818][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.125619][    C1]  call_timer_fn+0x19a/0x5a0
[ 1865.130202][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1865.135297][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.141089][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.146900][    C1]  ? __run_timers+0x559/0xae0
[ 1865.151574][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.157366][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.163162][    C1]  __run_timers+0x569/0xae0
[ 1865.167663][    C1]  ? __pfx___run_timers+0x10/0x10
[ 1865.172712][    C1]  run_timer_base+0x114/0x190
[ 1865.177382][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1865.182574][    C1]  run_timer_softirq+0x1a/0x40
[ 1865.187320][    C1]  handle_softirqs+0x219/0x950
[ 1865.192072][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1865.197348][    C1]  __irq_exit_rcu+0x109/0x170
[ 1865.202015][    C1]  irq_exit_rcu+0x9/0x30
[ 1865.206246][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1865.211879][    C1]  </IRQ>
[ 1865.214808][    C1]  <TASK>
[ 1865.217718][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1865.223692][    C1] RIP: 0010:write_comp_data+0x3c/0x90
[ 1865.229074][    C1] Code: 8b 05 78 73 f3 11 a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 0f 00 75 60 a9 00 00 f0 00 75 59 8b 82 6c 16 00 00 85 c0 74 4f <8b> 82 48 16 00 00 83 f8 03 75 44 48 8b 82 50 16 00 00 8b 92 4c 16
[ 1865.248661][    C1] RSP: 0000:ffffc9000ea1efa8 EFLAGS: 00000246
[ 1865.254710][    C1] RAX: 0000000080000000 RBX: 0000000000000000 RCX: ffffffff8201f3a9
[ 1865.262661][    C1] RDX: ffff888031fcc980 RSI: 0000000000000000 RDI: 0000000000000007
[ 1865.270615][    C1] RBP: ffffc9000ea1f030 R08: 0000000000000007 R09: 0000000000000000
[ 1865.278579][    C1] R10: 0000000000000000 R11: ffff888031fcd4b0 R12: ffff88804a344ff8
[ 1865.286532][    C1] R13: ffffc9000ea1f198 R14: ffff88807cdc7180 R15: ffffffff8201f2b0
[ 1865.294491][    C1]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1865.300329][    C1]  ? shmem_file_write_iter+0xf9/0x140
[ 1865.305718][    C1]  shmem_file_write_iter+0xf9/0x140
[ 1865.310906][    C1]  __kernel_write_iter+0x31a/0xb10
[ 1865.316009][    C1]  ? __pfx___kernel_write_iter+0x10/0x10
[ 1865.321625][    C1]  ? __up_read+0x2d1/0x700
[ 1865.326069][    C1]  ? dump_user_range+0x756/0xb70
[ 1865.331010][    C1]  dump_user_range+0x413/0xb70
[ 1865.335770][    C1]  ? __pfx_dump_user_range+0x10/0x10
[ 1865.341044][    C1]  ? elf_coredump_extra_notes_write+0xbd/0x4f0
[ 1865.347206][    C1]  ? __pfx_writenote+0x10/0x10
[ 1865.351965][    C1]  elf_core_dump+0x29c3/0x3c10
[ 1865.356937][    C1]  ? __pfx_elf_core_dump+0x10/0x10
[ 1865.362049][    C1]  ? kasan_save_stack+0x33/0x60
[ 1865.366895][    C1]  ? kasan_save_track+0x14/0x30
[ 1865.371727][    C1]  ? __kasan_kmalloc+0xaa/0xb0
[ 1865.376475][    C1]  ? __kvmalloc_node_noprof+0x3ac/0xa40
[ 1865.382026][    C1]  ? vfs_coredump+0x1dd9/0x55e0
[ 1865.386871][    C1]  ? arch_do_signal_or_restart+0x8f/0x7e0
[ 1865.392621][    C1]  ? irqentry_exit+0x38a/0x8c0
[ 1865.397379][    C1]  ? asm_exc_page_fault+0x26/0x30
[ 1865.402420][    C1]  ? 0xffffffffff600000
[ 1865.406616][    C1]  ? vfs_coredump+0x2b85/0x55e0
[ 1865.411549][    C1]  vfs_coredump+0x2b85/0x55e0
[ 1865.416226][    C1]  ? __pfx_vfs_coredump+0x10/0x10
[ 1865.421241][    C1]  ? __lock_acquire+0x436/0x2890
[ 1865.426167][    C1]  ? __lock_acquire+0x436/0x2890
[ 1865.431086][    C1]  ? lock_acquire+0x179/0x330
[ 1865.435750][    C1]  ? lock_acquire+0x179/0x330
[ 1865.440472][    C1]  ? arch_stack_walk+0xa6/0x100
[ 1865.445315][    C1]  ? stack_trace_save+0x8e/0xc0
[ 1865.450149][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1865.455509][    C1]  ? stack_depot_save_flags+0x29/0x9b0
[ 1865.460957][    C1]  ? __lock_acquire+0x436/0x2890
[ 1865.465882][    C1]  ? kasan_save_stack+0x42/0x60
[ 1865.470743][    C1]  ? proc_coredump_connector+0x2d1/0x4f0
[ 1865.476372][    C1]  ? __pfx_proc_coredump_connector+0x10/0x10
[ 1865.482341][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1865.487126][    C1]  get_signal+0x22e1/0x26d0
[ 1865.491629][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1865.496478][    C1]  arch_do_signal_or_restart+0x8f/0x7e0
[ 1865.502013][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1865.508163][    C1]  ? __bad_area_nosemaphore+0x350/0x690
[ 1865.513706][    C1]  irqentry_exit+0x38a/0x8c0
[ 1865.518287][    C1]  asm_exc_page_fault+0x26/0x30
[ 1865.523117][    C1] RIP: 0033:0x7fc079f8f751
[ 1865.527508][    C1] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[ 1865.547368][    C1] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217
[ 1865.553448][    C1] RAX: 0000000000000000 RBX: 00007fc07a1e6090 RCX: 00007fc079f8f749
[ 1865.561406][    C1] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000
[ 1865.569372][    C1] RBP: 00007fc07a013f91 R08: 0000000000000000 R09: 0000000000000000
[ 1865.577325][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1865.585311][    C1] R13: 00007fc07a1e6128 R14: 00007fc07a1e6090 R15: 00007fff949f6918
[ 1865.593280][    C1]  </TASK>
[ 1865.596304][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1865.603571][    C1] CPU: 1 UID: 0 PID: 26257 Comm: syz.4.5822 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1865.614492][    C1] Tainted: [L]=SOFTLOCKUP
[ 1865.618794][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1865.628829][    C1] Call Trace:
[ 1865.632094][    C1]  <IRQ>
[ 1865.634919][    C1]  dump_stack_lvl+0x3d/0x1f0
[ 1865.639495][    C1]  vpanic+0x640/0x6f0
[ 1865.643462][    C1]  panic+0xca/0xd0
[ 1865.647164][    C1]  ? __pfx_panic+0x10/0x10
[ 1865.651563][    C1]  ? check_panic_on_warn+0x1f/0xb0
[ 1865.656657][    C1]  check_panic_on_warn+0xab/0xb0
[ 1865.661580][    C1]  __warn+0x108/0x3c0
[ 1865.665547][    C1]  __report_bug+0x2a0/0x520
[ 1865.670038][    C1]  ? __pfx___report_bug+0x10/0x10
[ 1865.675047][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1865.680840][    C1]  ? __pfx_hci_cmd_timeout+0x10/0x10
[ 1865.686113][    C1]  ? look_up_lock_class+0x59/0x130
[ 1865.691205][    C1]  report_bug_entry+0xb2/0x220
[ 1865.695970][    C1]  ? __queue_work+0xca1/0x10e0
[ 1865.700715][    C1]  handle_bug+0x18a/0x260
[ 1865.705031][    C1]  exc_invalid_op+0x17/0x50
[ 1865.709514][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1865.714348][    C1] RIP: 0010:__queue_work+0xca1/0x10e0
[ 1865.719704][    C1] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 63 bf 06 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 30 31 3a 00 90 0f 0b 90 e9 15 f6
[ 1865.739292][    C1] RSP: 0000:ffffc90000a08be8 EFLAGS: 00010046
[ 1865.745348][    C1] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11006ab7951
[ 1865.753315][    C1] RDX: ffff88807cd20978 RSI: ffffffff8a6afda0 RDI: ffffffff908b71e0
[ 1865.761272][    C1] RBP: ffff8880355bca70 R08: 0000000000000005 R09: 0000000000000000
[ 1865.769237][    C1] R10: 0000000000000100 R11: ffff888031fcd4b0 R12: 1ffff9200014118f
[ 1865.777197][    C1] R13: ffffffff8184c3c0 R14: 0000000080000100 R15: ffff88807cd20800
[ 1865.785243][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.791049][    C1]  ? __pfx_hci_cmd_timeout+0x10/0x10
[ 1865.796371][    C1]  ? __queue_work+0xc70/0x10e0
[ 1865.801154][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.806969][    C1]  call_timer_fn+0x19a/0x5a0
[ 1865.811574][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1865.816676][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.822565][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.828475][    C1]  ? __run_timers+0x559/0xae0
[ 1865.833148][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.838942][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1865.844738][    C1]  __run_timers+0x569/0xae0
[ 1865.849232][    C1]  ? __pfx___run_timers+0x10/0x10
[ 1865.854261][    C1]  run_timer_base+0x114/0x190
[ 1865.858936][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1865.864118][    C1]  run_timer_softirq+0x1a/0x40
[ 1865.868868][    C1]  handle_softirqs+0x219/0x950
[ 1865.873627][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1865.878915][    C1]  __irq_exit_rcu+0x109/0x170
[ 1865.883583][    C1]  irq_exit_rcu+0x9/0x30
[ 1865.887812][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1865.893432][    C1]  </IRQ>
[ 1865.896353][    C1]  <TASK>
[ 1865.899463][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1865.905445][    C1] RIP: 0010:write_comp_data+0x3c/0x90
[ 1865.910801][    C1] Code: 8b 05 78 73 f3 11 a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 0f 00 75 60 a9 00 00 f0 00 75 59 8b 82 6c 16 00 00 85 c0 74 4f <8b> 82 48 16 00 00 83 f8 03 75 44 48 8b 82 50 16 00 00 8b 92 4c 16
[ 1865.930396][    C1] RSP: 0000:ffffc9000ea1efa8 EFLAGS: 00000246
[ 1865.936449][    C1] RAX: 0000000080000000 RBX: 0000000000000000 RCX: ffffffff8201f3a9
[ 1865.944403][    C1] RDX: ffff888031fcc980 RSI: 0000000000000000 RDI: 0000000000000007
[ 1865.952357][    C1] RBP: ffffc9000ea1f030 R08: 0000000000000007 R09: 0000000000000000
[ 1865.960312][    C1] R10: 0000000000000000 R11: ffff888031fcd4b0 R12: ffff88804a344ff8
[ 1865.968279][    C1] R13: ffffc9000ea1f198 R14: ffff88807cdc7180 R15: ffffffff8201f2b0
[ 1865.976260][    C1]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1865.982063][    C1]  ? shmem_file_write_iter+0xf9/0x140
[ 1865.987422][    C1]  shmem_file_write_iter+0xf9/0x140
[ 1865.992613][    C1]  __kernel_write_iter+0x31a/0xb10
[ 1865.997722][    C1]  ? __pfx___kernel_write_iter+0x10/0x10
[ 1866.003362][    C1]  ? __up_read+0x2d1/0x700
[ 1866.007781][    C1]  ? dump_user_range+0x756/0xb70
[ 1866.012710][    C1]  dump_user_range+0x413/0xb70
[ 1866.017472][    C1]  ? __pfx_dump_user_range+0x10/0x10
[ 1866.022743][    C1]  ? elf_coredump_extra_notes_write+0xbd/0x4f0
[ 1866.028891][    C1]  ? __pfx_writenote+0x10/0x10
[ 1866.033640][    C1]  elf_core_dump+0x29c3/0x3c10
[ 1866.038401][    C1]  ? __pfx_elf_core_dump+0x10/0x10
[ 1866.043489][    C1]  ? kasan_save_stack+0x33/0x60
[ 1866.048319][    C1]  ? kasan_save_track+0x14/0x30
[ 1866.053150][    C1]  ? __kasan_kmalloc+0xaa/0xb0
[ 1866.057914][    C1]  ? __kvmalloc_node_noprof+0x3ac/0xa40
[ 1866.063464][    C1]  ? vfs_coredump+0x1dd9/0x55e0
[ 1866.068303][    C1]  ? arch_do_signal_or_restart+0x8f/0x7e0
[ 1866.074008][    C1]  ? irqentry_exit+0x38a/0x8c0
[ 1866.078757][    C1]  ? asm_exc_page_fault+0x26/0x30
[ 1866.083778][    C1]  ? 0xffffffffff600000
[ 1866.087996][    C1]  ? vfs_coredump+0x2b85/0x55e0
[ 1866.092885][    C1]  vfs_coredump+0x2b85/0x55e0
[ 1866.097618][    C1]  ? __pfx_vfs_coredump+0x10/0x10
[ 1866.102680][    C1]  ? __lock_acquire+0x436/0x2890
[ 1866.107645][    C1]  ? __lock_acquire+0x436/0x2890
[ 1866.112572][    C1]  ? lock_acquire+0x179/0x330
[ 1866.117232][    C1]  ? lock_acquire+0x179/0x330
[ 1866.121898][    C1]  ? arch_stack_walk+0xa6/0x100
[ 1866.126737][    C1]  ? stack_trace_save+0x8e/0xc0
[ 1866.131565][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1866.136911][    C1]  ? stack_depot_save_flags+0x29/0x9b0
[ 1866.142346][    C1]  ? __lock_acquire+0x436/0x2890
[ 1866.147260][    C1]  ? kasan_save_stack+0x42/0x60
[ 1866.152121][    C1]  ? proc_coredump_connector+0x2d1/0x4f0
[ 1866.157740][    C1]  ? __pfx_proc_coredump_connector+0x10/0x10
[ 1866.163704][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1866.168457][    C1]  get_signal+0x22e1/0x26d0
[ 1866.172946][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1866.177779][    C1]  arch_do_signal_or_restart+0x8f/0x7e0
[ 1866.183306][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1866.189445][    C1]  ? __bad_area_nosemaphore+0x350/0x690
[ 1866.194982][    C1]  irqentry_exit+0x38a/0x8c0
[ 1866.199550][    C1]  asm_exc_page_fault+0x26/0x30
[ 1866.204375][    C1] RIP: 0033:0x7fc079f8f751
[ 1866.208768][    C1] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[ 1866.228377][    C1] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217
[ 1866.234430][    C1] RAX: 0000000000000000 RBX: 00007fc07a1e6090 RCX: 00007fc079f8f749
[ 1866.242380][    C1] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000
[ 1866.250332][    C1] RBP: 00007fc07a013f91 R08: 0000000000000000 R09: 0000000000000000
[ 1866.258284][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1866.266229][    C1] R13: 00007fc07a1e6128 R14: 00007fc07a1e6090 R15: 00007fff949f6918
[ 1866.274190][    C1]  </TASK>
[ 1866.277532][    C1] Kernel Offset: disabled
[ 1866.281837][    C1] Rebooting in 86400 seconds..