last executing test programs:

3m20.667194104s ago: executing program 2 (id=778):
syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x428702, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0x400c000)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x272, 0xb, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96cd, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x401, 0xd}, {0xe4, 0x0, 0x7, 0x76, 0x2, 0x3}, 0x6, 0xc, 0x18de}}]}}]}, 0x45c}}, 0x0)
sendfile(r1, r1, 0x0, 0x200000)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000280)={{0x5}, 0x0, [0x40000000, 0x0, 0x4, 0x3, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x400001, 0x2, 0x3, 0x20004, 0xfffffffffffffffe, 0x3, 0x4, 0x0, 0x8, 0x0, 0x2, 0x1, 0x0, 0x0, 0x5, 0x1, 0xfffffffffffffc01, 0x58c132dc, 0x0, 0x0, 0x1000007ffe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0xfffffffffffffffc, 0x4, 0x5, 0x10000, 0x4, 0xfdfffffffffffffe, 0x0, 0xd0, 0x1, 0x9, 0x1, 0x20040000004, 0x20, 0x8, 0x80000000, 0x0, 0x0, 0x200001, 0x7, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x10, 0x5, 0xfffffe, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x4, 0x1, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffff19, 0x4, 0x8, 0x1, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x9d, 0xfffffffffffffffb, 0x0, 0x2, 0xfffffffffffffff4, 0x4, 0x0, 0x1075, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x40000000003, 0x7, 0x7fff, 0x1c, 0x6, 0xffffffff80000001, 0x2, 0x0, 0xfffffffffffffffb, 0x4]})
ioctl$sock_proto_private(0xffffffffffffffff, 0x89e1, &(0x7f0000001080))
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$vhost_msg(r5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
read$rfkill(r6, &(0x7f0000000040), 0x8)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r7, r6, 0x0, 0x23b)
socket$nl_route(0x10, 0x3, 0x0)

3m19.261631936s ago: executing program 2 (id=779):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)="5c00000012006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800190007000200060001c00200bc24eab556a705251e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004)

3m19.085035441s ago: executing program 2 (id=781):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000002ecab9028503571bd7382907f507c025a71474f736e8e73a1c25c3af0000"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r7, r6}, 0xc)
recvmsg(r5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002d00)=""/4080, 0xff0}, 0x0)
close(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000001000000001801000020207825d900000000002020a6f71af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000030000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r8, 0x0, 0x0)
r9 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSN(r9, 0x8028640c, &(0x7f0000000080)={0xc000003, 0xf, &(0x7f0000000580)=[0x18, 0x8004, 0x1, 0xffff, 0x9, 0x1ed, 0x2, 0x2, 0xbb, 0xc58f, 0x2060, 0xfec, 0xfffffffa, 0x1ac, 0xfffffff8], 0x0, 0x4})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000100)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x65, 0x0, 0x0, 0x0, 0x3}, @exit, @alu={0x4, 0x0, 0x6, 0x3}]}, &(0x7f0000000040)='syzkaller\x00'}, 0x94)

3m18.161363694s ago: executing program 2 (id=782):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/freeze_filesystems', 0x101a02, 0xc8)
sendfile(r1, r1, 0x0, 0x101)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r1, 0x4068aea3, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000008000000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000003000000dbaaf0ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m17.851875779s ago: executing program 2 (id=784):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000008000000000000000fdffffff8500000011000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018030000", @ANYRES32=0x0, @ANYBLOB="0000000000000100b705000008000000850000006900000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000800)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mm_khugepaged_scan_pmd\x00', r1, 0x0, 0x800}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

3m16.441447548s ago: executing program 2 (id=788):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xff92, 0x0, 0x1, 0x80000000})

3m1.21274157s ago: executing program 32 (id=788):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xff92, 0x0, 0x1, 0x80000000})

2m49.138676653s ago: executing program 3 (id=878):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
r0 = socket(0x1e, 0x2, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000240))
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r2, &(0x7f0000000380)=""/102392, 0x18ff8)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r4, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/135, 0x87}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb03", 0x3e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="51e657b8220ca193c9de9030c3c7175ae0132383bf66bd1ea5bd07a8092f5c1c356ef81ebc8a3ed11284c75e4991ca84a0eda6ac4148ace258f78bc2340c45834bc28c93523f00c13f7bda920d040647a60c2f548c6d1556573b", 0x5a}, {&(0x7f00000002c0)="ee3714aa7756572d12ad3cd80207f0ea76a0bc", 0x13}], 0x2}}], 0x2, 0xc0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r4, &(0x7f0000000580)="17", 0x501, 0x10008095, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000003d00), 0x0, 0x48800)
shutdown(r3, 0x1)

2m48.270040896s ago: executing program 3 (id=880):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xf8, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xe4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x26, 0x1, {0x0, 0x5, 0x0, 0x0, 0x4, {0xfc}, {0x0, 0x0, 0x0, 0x6}, 0x4}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_bpf={0x2c, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
syz_io_uring_setup(0x50d0, &(0x7f0000000000)={0x0, 0xfffffffd, 0x2, 0x2, 0x332}, &(0x7f0000000100), &(0x7f0000ff4000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x8b1b, &(0x7f0000000040))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)

2m46.759468724s ago: executing program 3 (id=885):
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000040)=ANY=[@ANYBLOB])
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340), 0x40500, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x2)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f5"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000340)={0x30, 0x5, 0x0, {0x0, 0x2, 0x4, 0x5}}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, 0x0, 0x0)

2m45.505961073s ago: executing program 3 (id=890):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
read$FUSE(0xffffffffffffffff, &(0x7f00000024c0)={0x2020}, 0x2020)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29)
socket$inet_sctp(0x2, 0x5, 0x84)
pipe2(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4000)
readv(r1, &(0x7f0000000740)=[{&(0x7f0000000480)=""/215, 0xd7}], 0x1)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000000100)="19", 0x1}], 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
rt_sigqueueinfo(0x0, 0x9, &(0x7f000000df80)={0x0, 0x0, 0x920})
syz_open_dev$mouse(0x0, 0x0, 0x2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f)
syz_io_uring_setup(0x3c9a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x2, 0x40024e}, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000000))
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x1d, 0x0, 0x0, 0xfffff03c}]})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x8b, 0xfffa}, 0x32, [0x7ffe, 0xc95a, 0xfffffff6, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x5, 0x8, 0x4, 0x3c5b, 0x10000001, 0x3, 0x9, 0x1, 0x1f461e2c, 0x0, 0xe660, 0x4, 0x7, 0x101, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x71, 0xfffffff8, 0x7, 0x0, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x10000006, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x134, 0x7ffe, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0x6, 0x3, 0x0, 0x7, 0x5, 0x0, 0xe, 0x312, 0x0, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x5, 0x6, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0xa, 0x4, 0x9, 0x8, 0x801, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0x8, 0x2, 0x7f, 0x9, 0x2, 0xffffffff, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x400, 0x4, 0x0, 0x5, 0xffdffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x8000b, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x83, 0x80000003, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0xf38, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x4, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x1, 0xffff, 0x0, 0x1a, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x65], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x93c, 0x6, 0x800006, 0x0, 0x9, 0xce7, 0x9ff, 0x2, 0xf58, 0x5, 0x3, 0x101, 0x10000, 0x3, 0x7ffe, 0x8, 0x200a620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0xe, 0x6, 0xa0, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x83, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0xca, 0x5, 0xb1c, 0x1, 0x200, 0xffbf2441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {r1}], 0x2, 0x0, 0x0, 0x0)

2m43.569840933s ago: executing program 3 (id=893):
socket(0xa, 0x3, 0x3a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000080)="0f8501dbdb0f74100f330f09660f3a0cb90000000e752020b9800000c00f326635004000000f300f01d7ba4100ed14", 0x34}], 0x0, 0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x3e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x7fb0c1, 0x0)
ioctl$SIOCGSKNS(r3, 0x894c, &(0x7f00000001c0)={'tunl0\x00', 0x200})
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000140)="41000200010001", 0x7)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9000a0006000500010802000600137d116e04a0ef879956193165d5dc06000000fd4b3d499aaa04"], 0xf)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r5, 0x1)
connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r6, 0x0, 0x2d, 0x0, @val=@netfilter={0x1, 0x0, 0x600, 0x1}}, 0x20)

2m42.605701826s ago: executing program 3 (id=897):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3ff, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x964}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x1, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x66, 0x0, 0x0, 0x2000000}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x41, 0xdc, 0x32, 0x8, 0xb57, 0x2a8d, 0x3374, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x60, 0x3, 0x0, 0x3, 0x1, 0x2}}]}}]}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000180)=0x1)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x401, 0x181, 0x2, 0xa, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3fd, 0x4000009, 0x200, 0xe2df, 0x9, 0x1, 0x4, 0x40000, 0x7, 0xf58, 0x6]})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()

2m34.381336665s ago: executing program 0 (id=916):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x18})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

2m31.708580148s ago: executing program 0 (id=922):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0e9ff3fea437d95cb3096af980c02d7c228cc0fcd139de0c5787c6a09f430de0c391e8d48f4601f42e50c3247201ff179e204923a8d4c6d57af9f48b8069be567e24c9045", 0xbe}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f42", 0xb8}, {&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cddb85a12df91fcf994fc680afe5d34268b23447589ef3f5383d152bf6dd104984297180f896ec8b1ba50952c5ab76e144f5636692d7cf17922c9b447ed6d59553ec6085e07413034875c1ae0947280e1a6f0d5e7f23b32e56ead8590d3269fdcb624cc870968b2f100bf3bc3d2ab105a5f61456d4969181fbd207b6f4d6d9ca0a1920daabec06d0c5e276d18f2571e88373dd41af9080d72aa88b10f8900b48acb61a61007dd4dd0e9240af5382a26f68bd706a83d8df76a4a5d02b39d07f97c4f86dad9e14eb957cc4be52b027a462262589929e3d035188dd9f0561e3ba2de6bafe743d9ae397e9aa423644fba8b2d6425ac1cd78c76e52e04d3a29e74075625fb5e674bab02843991ce804e0d04961f2978f3749c5ad83f355ae5da936fd6e0178d2bd12aacbe0205aa9a15579fd61d738f8d36412e814ba500edaf28ea68b0e96fb1839acf8416d8f5df7fad3b663f68e2ee5784fd01c7021130a490e629b1348acf3479e0392ecabbeeb18ec421c26e76f6f5c480e7decc85a0583a56180f199d26090b10ee5057ec4c1e04be948a5960acda014d646cf91bfdfb9d327f8ab545f8b41e8dbab94f195b189a8642a6b95e0ceb36b640fbdfe21925cc110bd2ef2c3fe24f12f95771b60e2ffbc47e58b2237b5574cadc32aab0f0db3202e4adc44a0651ef97703957857cfb6022578c97802f486bd7f48129f0c120700d0b70e048618a9f1de9f34dbb1f92dadc86f09e6288eb1bdbd1f700cc2df781654dfd57d9da779607080d3bc6dede5818aa8d6c99fa1ffdbb6a1a43040fe1379cf2a8b4b862db428c29e388a6e6b863bc818c2139a0d4238f10baf22f498b6629181f997ac280547e92fe300d0f8dd8b6724df5aa14be73cd630b808a29bfb52707b8db7d0065bd753b3773f8df58c74ea56f4582caa2fa8532b8049fd9ba775afc5b92b767ed0b35d4c086d9af6f7b7ed96f5f9d3734e703fc683fe0ed82b7763c67734067759e27b60036a3b4c53526716c175d75a9fa6ed019d3e1047bcb9c6510665de23cc2802804a0c3a347faba392282df430e5e6141f9eb660f7cb0eaedb832a7880c953bc0188c1f28eb466799e2768886ef81096847f50159278b572b0cca7744d6a572a81ddd2bcea73da3c8a59680bcaaadaf95e1fe91e41a8036835975b072a9587c560e3da854c96c64011755d08fef5228bb2db62a445bc0b9e17dea88854cd6a7c8a288727d5690fc4941978dee5eda2dbdc85915e7a2fdae978adb217b3f6b31cf69b51b9f805f8b447a4868b442933fc0e03860a7084230ff8fdff70665717f9c0bade31f87f5de99643e800feceb0dfdd6d1b67d4056a52f0efa2ed2b1142132c6242d917b46d939aade6a362bf586058385d7fcef1b4e358a093d6781b9e9bf280520ff083a6026bf701237e38927ed21209dbf407a7944ef687b93619b181b9112477fa902f391a7163f93bec2d6369ffba644f4fd5139890fb66bd6017a61d9fd043154eb0ab0de3046cdb8a182a553cece0701a922518cf09cd1ab421ee8ec677a8d453cd8c21bdaa5f8dd804dfe80fffec8c4d778d5e260b65a2f0d3c1b09e9d6bd1f3746aa7fe07374a028a89fc96eb66affbcddfaa01a72058566e33af88e37f43fbba73c0423d54079fad54c136ec5fcd61d5134f833ab44f6cfbc2348871f190ac4c4bc20c97fcb29f4823a8e3bf76f85b10dfd33df0001646a7e0b2ee3e14455f6c8f225b80eed457e772cb2504ded46a24e911428decff4a130be797b6530c33ec1be7b0dd4df6206eca1c4c8dfda776336bcb876d80043195de773fbcf0d3abe53e9a38da0af7a6598815a71ffc937203f5a04e87eb532e579d66d42b06b791b6ebd50e7855f6645d29434bb0280fdf1511b163b12838f39ca864516711501bbe345d46b34ab2f0d8317d45376f73e302a90f5c362b18e1840668a9f27e90f2b715b4b6ae7a6dc387583110a42fd4977635275f7244a1912d0c67cf53d5da8a384839020d71db234fcc4388a735275763f01b2b4967e99f551e489bcc28f693a1e688ac8c39a971f8ae9d973cc7adac4a642a7a84ecca2d0bd24c300b94dff82fa4f95c1ce5fdb9128466443cb8442048e53cd46334d59774de0e2ceefcd4cd2e6c9da7cdc2162346111f7da236d72f33d509d73133951e1a3f84fa7e767cf56fc9bfb3986c5ec501634b92a780f63e0ee61e3d25f51c39b975ea587027a101059e9386f1eaaaab8ebfd5c453e9f86c851f9c78e4e06184f04fa9a54ba0bba5d18108c2973f50cb626eca6e3d5b2907b00d2ad4fff9546482815291bd220fa31c1d1a735562174644fe06131e31ce66064fa6a02d5bda756994f81163b97e854274183bbc4ddeb9bb823944afc3e07caf510732df2835fd11de82cb318b88f4d385adb57ac73ffe7f3d1e387848766e11000c94123f2a7d33a93d3b030ebb1206f26221a1ceef44a708693796ab80add7d9b6907c653c6becc21d49c380b3fea419276a387ad482fc3614fa7ca", 0x7c1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e537dfc26029f52cfd5b4dd3416fc140fce45c077ab5ee206763130ccdaedd3bff9b7a20b6b02e558fddbaf1bff01a4e9c33db278", 0xba}, {&(0x7f0000000a40)}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000640)="5506b690", 0x4}], 0x1}}], 0x3, 0x11)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f40600", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m31.553221375s ago: executing program 0 (id=923):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r2, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x30, r4, 0x6419aa27cadae9f1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, '\tK'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4850}, 0x8000)
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x8000, 0x4f}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x24004804}, 0x800)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008000)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000002000010027bd70000009000002000000000000070000000014000200fe800000000000000000000000000101080018004e234e23"], 0x38}, 0x1, 0x0, 0x0, 0x24048844}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)

2m31.383677048s ago: executing program 0 (id=926):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendfile(r3, r2, 0x0, 0x40008)
r4 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
setsockopt$MRT6_INIT(r4, 0x29, 0xc8, &(0x7f00000002c0), 0x4)
r5 = signalfd4(r0, &(0x7f0000000080)={[0xc658]}, 0x8, 0x800)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x2b})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r6=>0x0)
pipe2$9p(&(0x7f00000000c0), 0x4000)
r7 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002)
io_submit(r6, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f00000000c0)="01", 0x24}])
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000000)={0xc, 0x1, 0x2, "18000040000000f7c28dca4c2100000000000000000000048400", 0x50424752})
cachestat(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0)

2m30.030307574s ago: executing program 0 (id=930):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="00800000000000000045a9000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf}, 0x50)

2m29.425142123s ago: executing program 0 (id=931):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3ff, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x964}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x1, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x66, 0x0, 0x0, 0x2000000}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x41, 0xdc, 0x32, 0x8, 0xb57, 0x2a8d, 0x3374, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x60, 0x3, 0x0, 0x3, 0x1, 0x2}}]}}]}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000180)=0x1)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x401, 0x181, 0x2, 0xa, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3fd, 0x4000009, 0x200, 0xe2df, 0x9, 0x1, 0x4, 0x40000, 0x7, 0xf58, 0x6]})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()

2m27.349463952s ago: executing program 33 (id=897):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3ff, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x964}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x1, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x66, 0x0, 0x0, 0x2000000}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x41, 0xdc, 0x32, 0x8, 0xb57, 0x2a8d, 0x3374, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x60, 0x3, 0x0, 0x3, 0x1, 0x2}}]}}]}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000180)=0x1)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x401, 0x181, 0x2, 0xa, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3fd, 0x4000009, 0x200, 0xe2df, 0x9, 0x1, 0x4, 0x40000, 0x7, 0xf58, 0x6]})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()

2m14.061152403s ago: executing program 34 (id=931):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3ff, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x964}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x1, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x66, 0x0, 0x0, 0x2000000}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x41, 0xdc, 0x32, 0x8, 0xb57, 0x2a8d, 0x3374, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x60, 0x3, 0x0, 0x3, 0x1, 0x2}}]}}]}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000180)=0x1)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x401, 0x181, 0x2, 0xa, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3fd, 0x4000009, 0x200, 0xe2df, 0x9, 0x1, 0x4, 0x40000, 0x7, 0xf58, 0x6]})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()

6.211258736s ago: executing program 5 (id=1625):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000240)='./file0\x00', 0x783000, 0x81)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(r3, &(0x7f0000002600)=[{&(0x7f0000000300)="d88b2da57872", 0x6}], 0x1)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x6], 0x0, 0x0, 0x1}}, 0x40)
socket$rxrpc(0x21, 0x2, 0xa)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000540)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000340)={@fda={0x66646185, 0x0, 0x1, 0x2e}, @flat=@handle={0x73682a85, 0x100a, 0x2}, @fda={0x66646185, 0x8, 0x1, 0x1a}}, &(0x7f0000000400)={0x0, 0x20, 0x38}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x58, 0x0, &(0x7f0000000740)=[@increfs_done={0x40106308, 0x1}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x1000000000000, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
userfaultfd(0x80801)
r8 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r8, 0xc10c5541, 0x0)
ioctl$FICLONE(r8, 0x40049409, r6)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)

5.465306956s ago: executing program 5 (id=1627):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x2000003c, &(0x7f0000000280)})
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r2, &(0x7f0000000040)=ANY=[], 0x6)

5.395721565s ago: executing program 5 (id=1629):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendfile(r3, r2, 0x0, 0x40008)
r4 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
setsockopt$MRT6_INIT(r4, 0x29, 0xc8, &(0x7f00000002c0), 0x4)
signalfd4(r0, &(0x7f0000000080)={[0xc658]}, 0x8, 0x800)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r5=>0x0)
pipe2$9p(&(0x7f00000000c0), 0x4000)
r6 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002)
io_submit(r5, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f00000000c0)="01", 0x24}])
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000300), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r7, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000000)={0xc, 0x1, 0x2, "18000040000000f7c28dca4c2100000000000000000000048400", 0x50424752})

4.421097639s ago: executing program 4 (id=1633):
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000000000/0x3000)=nil)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x4}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$pptp(0x18, 0x1, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c900"], 0x16)
accept4(r2, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)

4.289253264s ago: executing program 4 (id=1634):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x4080, 0x0)
setreuid(0xee01, 0xee01)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r3, 0x0, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40000)
syz_pidfd_open(0x0, 0x0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x0, &(0x7f0000000000)={[{}]})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r4 = dup2(r1, r1)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, 0x0)
read$FUSE(r4, &(0x7f0000004d80)={0x2020}, 0x2020)
write$vhost_msg_v2(r4, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000140)=""/116, 0xfccf, 0x0, 0x1, 0x2}}, 0x48)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x28, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x10, 0x145, 0x0, 0x1, [@nested={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x24, 0x0, 0x0, @fd}]}]}, @typed={0x4, 0x2}]}, 0x28}}, 0x4040040)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4000000002, 0x1, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

3.734125856s ago: executing program 5 (id=1635):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x4080, 0x0)
setreuid(0xee01, 0xee01)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r3, 0x0, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40000)
syz_pidfd_open(0x0, 0x0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x0, &(0x7f0000000000)={[{}]})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, 0x0)
r4 = dup2(r1, r1)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x5)
read$FUSE(r4, &(0x7f0000004d80)={0x2020}, 0x2020)
write$vhost_msg_v2(r4, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000140)=""/116, 0xfccf, 0x0, 0x1, 0x2}}, 0x48)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x28, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x10, 0x145, 0x0, 0x1, [@nested={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x24, 0x0, 0x0, @fd}]}]}, @typed={0x4, 0x2}]}, 0x28}}, 0x4040040)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4000000002, 0x1, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

2.856706068s ago: executing program 1 (id=1640):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r2, 0x5a6}, &(0x7f0000000180)=0x8)

2.788999181s ago: executing program 4 (id=1641):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
add_key(&(0x7f0000000180)='id_resolver\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f00000007c0)="ae098778254618f35768cd2917792bd9becbd865cc4f65bfa8c118a0a3363867f48507b8f9f595c543fcbbaee479d84c11eab6d0919d8f93f0e9ebb92eefb543ac21baf1eea52dd058ce11fbb9fbbda5c5b93c7ddd3303f6a5b72860d2ddba5ef1eff51c45965e9e59f2bda82330cb83504221dd5fc520c3695d8d6e4d3f5e2fbff0ba22bd1a14b4d07ba9bf319e85955ae82bd02c327834c05759478edbff442920d2373297512b81f3f395c08db24fb411ce579ce11b65a3f90683f9c596ff2796a98a649c82c86b87125b99cbf18206b7f3836def36d4d0dd502767a10c8608208af90a09416eb3828e3c78dbcd82b9b1db252fa0f9eb293c8f8fef851e8fa4d8d56a8bd7a897a0906910262b3aeb4b2f3b693412067972da1df6210c8555010c01a019a10dc3418795828f0f8a8e34b82cdaad2ff6f3988473c239ba5d5462230396fe5bbf99e2f337330c38a636256b8c70db8b15971040d4e1e8d4b24afe47aed4d6ae0c5b2a09c04d520ca50168a67b67cf2304877fd504b9b9ad678c01494deb83e2ea3fd0294870633cfd2101d29c77ff90986d9851cc113434c30e17f3e9c74ddd514758c55d761df766645feec481d426face66932e869027230759c9e365905ae1fb19d564b17c8bec0a2bc702a652cbd87d20767460729c7aa614f31b88b962b25d82385867fea4aa230e060b0b69deb68a09ca9afc38a00a7a9691ceec0de20a74fadd28cf01ca7a79413019302091f80ce8eea7b90b1fe39c096d52d03dea1546d5f194a54b49e13c47927eb853c2b25a961c6e75a97d87077bdd7081843aa73f42298b0fa3b5f9b920e1fb74f238ef4e196ed9c0109e1b553fade4b2b6f37f6dffdd69eb5b13ad7115d6ad7a233b6eb51d43aa64838a7399866f5e745c65e848843b83e93391f97876b719df881275db29bce3775f187faa42bbc38b1c2d61f13baa4d860df2d989c75470c6fb50d4f7ff81263053d8565854550b091733c553c1233c51b75cab74497aa6422ab11e4b58a744b1f0dabaacfbe6eabfc06680a9f9ca36a5fef731d58f3fc348ba319673b5db80e743fde8d343e13e3ea2bb09387efc605b89ebefbf8b65e86bce2848ae6e0061219597c9a210eaba7dcda25a6393fb494185fda1ea53fcf0bfc073bee5242618fb4658cfe95cd28b89c2953065dc2459e650770040b85702a0217d25d07cd1b97a95c2459d92f64c874c9bd090de827fffec4a8a66847a1718c4bd6df1481dd38bf7e069af7e1676c61c30ffaf3db2c53a740e18a851b3490ca4535880ccf7febca490e55c9c7a4d173a48ac58ce60f0efaf064ea516ce2b9f1631c471310f8b355bbf3cd7d07628477508abfe01c0ce783cf8dabefecfbcdb2c1cbb4528c6ddf6fe1ee8acbd97662a2415f1ee74a017a7eeeefcbc7f975dea5059d418fbc5db6adac10649c8790710260c79ee3813519ddfa96248c2076213659c8a70ccac83f082adf348886eca79c5af236183d2b1dead82a1f56912900c49a5207ada085bbcddffa4b6dd6f85aa2273d1411d7c8e16a0f07bdef068ddf5677920392f772192875bf197d2874410822bf220aea4a1ba440f3b86ceab266c1844a7b87e863b8a1fd0e694d4d74b5403d90442e3dcc21fd4d91db041fccfca89cf8a95ccab276fb8fc159486c235cd464c939baa5706a2729d4a063e98ef40502a96c6c7a821008ecb5b8d52fa80e292959fc44e9bfbe649083151ae7ef04b82e3bdc941ac255202b092612e5c44194114643f81acb01087f8975f64d676ee3c9af01aab581777bf6d983e7742227a18b14a0fc3484ce85db34ace9d39400361fa04786f5f44a5753502b69ece117a462af04b9308fe3a4d2d213cc32fb0f52ae4fb7c08c784a2b8682e9cdc54d25173c94f194410ae5ab40fd433f5a1b840dcb8e6861d9e63d11488c4bfbf2ea680b171b19e3690d2ab7d771a7cfcbaf21238cada602010c636520eb14c718829f40f72a83bb4c8c8c088c1ba3a91c5960bc7c1be2869fbd80877a4c37983cd86915fb93467ba269178e6b83dceec8962564b6c1d0f6c63d29b64b73bdcfc8a1f3bdb20ba754846a80e4b1932e0086a12459f0087e7e22227f3c7b2b7af6824440d7c8193fa7b07e69a601b59e4147769e96c9a953037806854a16d5433d9b2eeb137e9f2bf7b9b48c77d0d13ae0da3e139acdd227c1f4f7ea7a8998b1b44c680b50b0df906393ed7809e4ff400865ba93d96016f181271fefd5935dadfd42959d50b1cd3701c206f7291b524ad34393e23aa47e24adf207b881bba599dacfdb2de4c56a71f9a6f3b427b76d187c721410b1d3be17d4aba80545870c0a3ebc633b8c25c2b5d33d2ee73b8f3041b5e0195729a2fed82441084a6c02c7797a9166fb97f9803dca5f71278f9f382b3e261c3ee0a7ff364dfdcb819d4d8500f553099e4823d8dcbb40d1d16aba03e098823f6377f83d839fc84d1c7de31ad06b753be151ea4426ac4a442fbcce463f9ac37eecedc06175fa5a3779e9675b0dfa64945b035ff353f883e22dbf2ec7392cbc8f23edcceafba679d9cd792d89b66a98e8574ce4ba171181b35c7b0d9eb3a9935120398c8d63ab25e90d93130b0225dca74ea52fa41f0c5c28186f5f1943fb54b18966ffc367ec834972ee029f39bf056b456d4f557a6922b08d83c6688f7d6ed0013d951cf177ede14b1787d2c6f55d89c88350d87758649f4cd827aad84d29cbc5e9cbdd93425b875a7dbe790e06f3153083ce9493292f26a38b594606d3961564c71661f207a09c82601beb241e188e1745fbb1e2af5b1873590ee544cca4842d2ae5d9eaddc7a446f255cecaf92b11705aa28be8d01c5445989986b3ecb4e5f86d7dcccab669dadba9f8f5ee7c632c84e87116ed285371c5e57d3439c6909a0911c530fa1a35ad987922ec96f1deb03cd5e9644f7000fabe7f0c4b8a3d0bbd32574563383933f0efd7a6888535ede428e842bc3524299f8f0f58a15c59ac6b4e184e82b78702e1723f34a246ef1a4fc508062bbb21a10fb153cf3d8013ed2906133f77277f511d3b172c882ccbd57a20b20d2570856565fb2016d7db2cbfe16328aa52699e685464e035d5981ad2c71c77a6f2df554942b065cff95c51aae54fe501f3328520e7b86f30f320d6aeb40a3a31985ba8fb64c449dd34579632393ffaf403968e47506e0a651924013fd00042fdabad180caeefd6329784bb12724b13598aa029d866b0586003015543b07de1edab972a27816a7ad224240488920d3ce7b764daf3e50f036a7e399cd02ee23cea91fc3afc1718527d13851921323835037d0417bd1d789189dcb70f68ed1f1c9b7c0f728d63bdbe2de61348a4dac1f959c8b68f6b9378f66a56abc0fe076eae0b928b3b693090a0f67ddf037e3e2d81f2f1c2250b6e78eeed75a828fc4475eadd5698a922bd8838a5d021c02cf5a3ad4f70d0a67e62f91e3b28fdb7d3fe9692dcb96ec5c680b3c3f989c0fccc6c2e1c4b1edf529ecc30b30509b861cce0429f3a7c6c6545be6b7ec7c0609fa6bff19f572310498a467c5c1ca439a51ffabc90d36b5bfb2d943895a54d564dccf5c9dc2080fe08af671c9e4f40ae87c0430619a7eca3df507bf219ae76d6977ab8879443efb337b6b9f18655f6324c929fd808feca56bff3674e1df8bf3ade110d59d806c57fb3df33196e21480ca02aa19cdab0fc4d106c02b602284dc96be5614a9ce96632795d690db6a41c52767539b3430036f119f12188f63aa41d3c5b071933def5bcb0d901a9c38d8d7fadb3ab0416f63271d32fb9dd852a67b2a3d63e9bbb5e059fdcaa02953eb13b161fa445ddf66974a4fa360d7251bf8772aa131206d515844061a748bff8764078db3c91642447f6407062501ffff0951da58ac303821661ebbd7270c58806f49c4609c7720eb4c7b875af85768323f7c0e996832356e34d09b45f92747e6b4d583914d97d70ceffe6475b5fdcec97aba2496d1028080cea71d4b708db230ccf4d855b74f2b92caf88ae9c8b03cebaad9c7485d29adc0c8558ae105161a3371cb06abe21404773b3ed8c52cf095c05a5f31f2275b4f665612625871c5b261539a31d2c53433848809069fab7d3dfdad820db188266ab0a7511e4ff0034e3646430fd6b3d3403c5cb30a8c7e15426d70296a0effbe01783fa4a3ef0985b6751e1772b90f55b37376d881d3057c0b314c483caea763f27cf2ff4109dbef3dca85b4870a171c01277a0bfb9a237e9b6664553e7096a2357261a1b4beedb3efd75a8be09e9f0bdd0e8af1b1e7b0aa96b6838b4b93bbd74b17f857e26d8a893a1bc21afa4d82d1600104202d04503567df83c3a249532f5b88fae5285038c12e1e6500d6f39bfaf6284694fb7832287a2e37d5ef4354d1449dc3cf912e518d71062e452bc7f32636e476880763258f716f08d5a7d6077fd70c861bc8cf37f5d589ca42dc362388f6cd3193076917925f99cfbd12dc5a3f79727fbb84713ec3e29d61d24b37af08b65656125055c4d2e2d92af3241fab5054ad9458f1febe15f856ee3b2c1427cd69103d11ab641a6aa83b52b4d5c8ceb9234ad69d6d5763e0e64cf674af904adb94f6eb049f53216a52e70c597a377caa59f18245198bb5c0b6733d5e317921d71299997ed3b05bc506965384c944885bc0be6787bb52100396aa68e4858ff19a3ee26248fb4344afa43392ecbb2c6ef022b8450b3aa18f4fbccbe710776c609673daed02eb4d5238c0376f3f598223d41b5c47026c23848ba8e977fb368bba74bc91194b298985babfb1833cde93f929956ab412cd008b6c7626448c66f56edf8bc60beb907dcc05bf5044eed8ae38a408c5754edf77f7cac32c8da712ca2c85d1446a0aa54d217baf8d76281aa9605dc97eace0f3566cde0553a5319e0734afc88feb6d1d1def53d552b61f2e53707633bf229f691c2acccbfbd683879bfd013dac53dc3c19d4a0de94ce032637b6b58c3b480a53905770a1982b1b2f2e0bbce7b6a48dd297a1f72e279da86d3037234f523e3d6ddd36123b24adc53dd9993ccf3697e95ac1ce1b34e3f2a4932df3e41730e2a352d73282792ae81af7d34870189cc440a65e1f2ab6212025810d0e9608d57ca2c0d801420f1ac350def98e01e2a64ef9e91cce1b412b74c38ff163068cb5e8fbb8b413c0d581cc7d8a61645a2a9a8be1161e36f24cf9e9e7d5ba25ca6886ab333bc93efa2424501ae274a92fcd4f5970c6119f71f9fa027ceb679b70239513fc39f7da9382ddd2a1ef0ecf96413f07b44319e5dd4e0e294d07a6860bbc4fabb43c5512c5dda095935652db664464532a0981af89659bb8e860e1da7673bd68d84e7bdcb73d3f671a3ad6406c0be24e985f1763394acb8c4f3ada7f5f697c0e958c90ac994e1c63cabc94fda1338d63e9a18847de4d8ed9838d0c92bc86a5d40441bda2b5682a58a234de0988db023582f77341856a86846251747ea2619be2ddcc5b1fd69ef480519ea3e42030a25350521b9e07d9629f8d9467554ec04a2d0a4bf91f64c5aa10fa52818ca2e9effee43efd64b7f4686e88aaf951861270a6c682a66ef3bd330a6053365199a5558897808e01ff329364aa9d0548c48b1452c6944b9c485b71f63808a6db58013ce03d85beb19945051ab134e9376501f552d5b4ce855b03929a9042768512d1c73a3c32095bd215218e6e418ef6e42cb9b232a1004b72b6f342cbb28c67acbadec70d2570f78c44b36781c39a3309ebb8c242efcbf6698ceffc2b57", 0x1000, 0x0)
ioctl$IMADDTIMER(r4, 0x80044940, &(0x7f00000002c0))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x41, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
r8 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x39c4, 0x2, 0x4}, &(0x7f0000000580)=<r9=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r8, 0x66a8, 0x4000, 0xf, 0x0, 0x18)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])

2.719291632s ago: executing program 4 (id=1642):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
recvmmsg(r4, &(0x7f0000000180), 0x0, 0x2062, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r5 = socket(0x10, 0x3, 0x6)
r6 = socket(0x10, 0x3, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x70400, 0x89)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
openat$cgroup_ro(r7, 0x0, 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0xf0ff, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x88, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x20000000)

2.696651226s ago: executing program 1 (id=1643):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, <r1=>0x0}, &(0x7f0000000100)=0xc)
setresuid(r1, r1, r1)
r2 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@keyring)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000000)
r3 = gettid()
r4 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f00000029c0)=ANY=[@ANYBLOB='trans=fd,rf', @ANYRESHEX=r4, @ANYBLOB])
tkill(r3, 0x7)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r5}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x16, 0xfffffffffffffffd, 0x3, 0x6, 0x3, 0xe}, 0x0, &(0x7f00000000c0)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
getsockopt$inet_sctp_SCTP_NODELAY(r6, 0x84, 0x3, &(0x7f0000000240), &(0x7f0000000280)=0x4)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000440)=ANY=[], 0xb0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setfsgid(0xee01)
faccessat(0xffffffffffffff9c, 0x0, 0x0)

2.596748532s ago: executing program 5 (id=1644):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x60, 0x2, 0x6, 0x201, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x4}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) (fail_nth: 3)

2.530132554s ago: executing program 1 (id=1645):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendfile(r3, r2, 0x0, 0x40008)
r4 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
setsockopt$MRT6_INIT(r4, 0x29, 0xc8, &(0x7f00000002c0), 0x4)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x2b})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r5=>0x0)
pipe2$9p(&(0x7f00000000c0), 0x4000)
r6 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002)
io_submit(r5, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f00000000c0)="01", 0x24}])
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000300), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r7, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000000)={0xc, 0x1, 0x2, "18000040000000f7c28dca4c2100000000000000000000048400", 0x50424752})

2.417367629s ago: executing program 5 (id=1646):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
mlock2(&(0x7f0000856000/0x1000)=nil, 0x1000, 0x0)

2.24760755s ago: executing program 7 (id=1648):
syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x428702, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0x400c000)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x272, 0xb, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96cd, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x401, 0xd}, {0xe4, 0x0, 0x7, 0x76, 0x2, 0x3}, 0x6, 0xc, 0x18de}}]}}]}, 0x45c}}, 0x0)
sendfile(r1, r1, 0x0, 0x200000)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000280)={{0x5}, 0x0, [0x40000000, 0x0, 0x4, 0x3, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x400001, 0x2, 0x3, 0x20004, 0xfffffffffffffffe, 0x3, 0x4, 0x0, 0x8, 0x0, 0x2, 0x1, 0x0, 0x0, 0x5, 0x1, 0xfffffffffffffc01, 0x58c132dc, 0x0, 0x0, 0x1000007ffe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0xfffffffffffffffc, 0x4, 0x5, 0x10000, 0x4, 0xfdfffffffffffffe, 0x0, 0xd0, 0x1, 0x9, 0x1, 0x20040000004, 0x20, 0x8, 0x80000000, 0x0, 0x0, 0x200001, 0x7, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x10, 0x5, 0xfffffe, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x4, 0x1, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffff19, 0x4, 0x8, 0x1, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x9d, 0xfffffffffffffffb, 0x0, 0x2, 0xfffffffffffffff4, 0x4, 0x0, 0x1075, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x40000000003, 0x7, 0x7fff, 0x1c, 0x6, 0xffffffff80000001, 0x2, 0x0, 0xfffffffffffffffb, 0x4]})
ioctl$sock_proto_private(0xffffffffffffffff, 0x89e1, &(0x7f0000001080))
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$vhost_msg(r4, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
read$rfkill(r5, &(0x7f0000000040), 0x8)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r6, r5, 0x0, 0x23b)
socket$nl_route(0x10, 0x3, 0x0)

1.586443918s ago: executing program 6 (id=1649):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000004c0)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000cc0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, &(0x7f0000000240)={0x14, &(0x7f0000000180)={0x20, 0x8, 0x4, {0x4, 0x9, '+f'}}, &(0x7f00000001c0)={0x0, 0x3, 0x55, @string={0x55, 0x3, "c729f7dc72f22c654326ff77cca48f9776697252522eb0ff4817d08b6f627730b4cc564e54821327c25fa6fcbbeaba15f54544f82f9ffb11567498082817ba6588e67333e3c3157e6db6bf4561aa24621ec30d"}}}, &(0x7f0000000480)={0x34, &(0x7f0000000280)={0x0, 0x15, 0xa0, "777e982f4d40906d30072de83a6129ac634f5032fb2a3b1b06d9a2fcde9467b3f8902703de5deebdd044b6ba384f74bd3f068b20e08e6d6ffa6d90a3f3ed648b61f59fa6f768fba3e20569a36b605657683be1dbdb45b2990860d3612af22318a52700428d108702b27a5ce7236981189d9d08a1ed2316dd89d0ce49c6de2380e882acf778151fe2d1d8236722615f6d29e7a5155f88458b35050d6497dac06d"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xa1}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000003c0)={0xc0, 0xa1, 0x4, 0x8}, &(0x7f0000000400)={0x40, 0xa0, 0x4, 0x4}, &(0x7f0000000440)={0xc0, 0xa2, 0x2f, "fe0e3ce35e6f6774019a48b4fc020fe916e18d43b61d3e60fae30bffc77fed16a135087accf1714ab46d04d4ce662b"}})
syz_usb_control_io$lan78xx(r4, 0x0, &(0x7f0000000040)={0x34, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
syz_80211_inject_frame(&(0x7f0000000100)=@device_b, &(0x7f0000000500)=@mgmt_frame=@auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0xa}, @device_b, @device_a, @from_mac=@broadcast, {0x3, 0x4}, @value=@ver_80211n={0x0, 0x7ff9, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x0, 0x2, 0x4d, @void, [{0xdd, 0xad, "4ab5454be7faba16de741f8d23ac8af19c60a563763ead944e189ee5d056bac91a3c17e8985f93316b29468b89b664b8f6e6cd89249913c5440e447e05c7875914f4dbd76cab5000b8346af87d885f8ea58f10f1cadf4334747c66298e41d46692c9d6b4884c7dc0a33c53de330052bb0b2125c59dd7ab1abc74079575064125822285ca61ad940649b9ee1a6af0f25296e6c60d1022ff16ae94cc0fcdbf211e1ae72c1240fd67b353ba7db450"}, {0xdd, 0x7, "9292c13691f63a"}, {0xdd, 0xad, "f653ce3949b0d2ff62beb9d3a830fbaa8cc47f2e6621f4be1519c06e205e084ade482812be978679c74fbd5bb077d89f64b2f5002e2cf174c8d1811cf602a14997c39e42b09ff7a40fee41836bb0aa1d38cb8fe2d9be41b232ebbc6fde329477a46cceb31abbf8c948e0c5a0ea10e49e4b990f0c72c1a3bc38f67dff128bc1932d24e8777335fcaca005d9985652cbd02e250c723781c6a498cfc4d037b1f558db6161792b41930f327b512037"}, {0xdd, 0xfa, "57426e40dadcc6662b00a7ab6523e7a37ee0eeba0205366709492f1fef48b8c515f4b88ce3cbf6506b4ca8842e7d88f6b166308ad2c32bba4de86e6f8f29fe54a92b97134a5724284cc4ec016ba381b2f3251850058f335f30868563b5c6276b9a296c10e7b853d10e9fa1184210a5fc44d4787c31750b0ba0a35d778c5ebf032dea48f091abae27afcfc9894d22c28c0d6886c3665a9f1433a19942d1f21c8326a4a70bedb089e8b953fffc15a3ea1b6db63168bfc748eb1029db66abd1c2891da302a3d9ed868d9cea7b4732457c66f34fb6e5894e804c279a86f7bae9efa16e5a5719b858008943000e6b7f6625e05ea8580cfe81360bf07f"}]}, 0x285)
sendfile(r2, r5, 0x0, 0x1000a3)

1.423758768s ago: executing program 7 (id=1650):
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/freeze_filesystems', 0x101a02, 0xc8)
sendfile(r1, r1, 0x0, 0x101)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r1, 0x4068aea3, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000008000000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000003000000dbaaf0ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.224701263s ago: executing program 7 (id=1651):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000001b00), 0xffffffffffffffff)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4006001}, 0x0)
write$binfmt_script(r3, &(0x7f0000000600), 0xfec8)
recvmmsg(r3, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000009c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x2000000}, 0x9}], 0x1, 0xcb, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001b40)={0x3c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8804}, 0x20000800)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0xbc, 0x4, 0x8, 0x301, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8848}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x54, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0xff}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x200}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x40000000}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x200000}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6005}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x18}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}]}, 0xbc}, 0x1, 0x0, 0x0, 0x48090}, 0x8001)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x20, 0xe8}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='reno', 0x4)
sendmmsg$inet(r4, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000014c0)="44b896818dd13e040b09e9ff5327615afa549fe545b6e79585e067af4328bcc41f778fcecf104cf2318418907de2bda01878a558af061d15e45bfcba7610e1717120c4cd89550ca5069f6a023247437795a1028586291e3ff5ae2d9cd5d53032ac1d8e3f03fda211e4e8b45b57f046dcfde576d968f876c7f903e2fa43dca292ba5c8b339bb8d32875e723f56bf3f8c656c5c528a5b6976144b187c3d58e6bcb45d0236937b54f453e4f6db1a782473b11431baad933e77f6f394fcbec25197f80c65b92d44f127521", 0xc9}], 0x1}}], 0x1, 0x0)
sendto$inet(r4, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

1.171698686s ago: executing program 4 (id=1652):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
add_key(&(0x7f0000000180)='id_resolver\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f00000007c0)="ae098778254618f35768cd2917792bd9becbd865cc4f65bfa8c118a0a3363867f48507b8f9f595c543fcbbaee479d84c11eab6d0919d8f93f0e9ebb92eefb543ac21baf1eea52dd058ce11fbb9fbbda5c5b93c7ddd3303f6a5b72860d2ddba5ef1eff51c45965e9e59f2bda82330cb83504221dd5fc520c3695d8d6e4d3f5e2fbff0ba22bd1a14b4d07ba9bf319e85955ae82bd02c327834c05759478edbff442920d2373297512b81f3f395c08db24fb411ce579ce11b65a3f90683f9c596ff2796a98a649c82c86b87125b99cbf18206b7f3836def36d4d0dd502767a10c8608208af90a09416eb3828e3c78dbcd82b9b1db252fa0f9eb293c8f8fef851e8fa4d8d56a8bd7a897a0906910262b3aeb4b2f3b693412067972da1df6210c8555010c01a019a10dc3418795828f0f8a8e34b82cdaad2ff6f3988473c239ba5d5462230396fe5bbf99e2f337330c38a636256b8c70db8b15971040d4e1e8d4b24afe47aed4d6ae0c5b2a09c04d520ca50168a67b67cf2304877fd504b9b9ad678c01494deb83e2ea3fd0294870633cfd2101d29c77ff90986d9851cc113434c30e17f3e9c74ddd514758c55d761df766645feec481d426face66932e869027230759c9e365905ae1fb19d564b17c8bec0a2bc702a652cbd87d20767460729c7aa614f31b88b962b25d82385867fea4aa230e060b0b69deb68a09ca9afc38a00a7a9691ceec0de20a74fadd28cf01ca7a79413019302091f80ce8eea7b90b1fe39c096d52d03dea1546d5f194a54b49e13c47927eb853c2b25a961c6e75a97d87077bdd7081843aa73f42298b0fa3b5f9b920e1fb74f238ef4e196ed9c0109e1b553fade4b2b6f37f6dffdd69eb5b13ad7115d6ad7a233b6eb51d43aa64838a7399866f5e745c65e848843b83e93391f97876b719df881275db29bce3775f187faa42bbc38b1c2d61f13baa4d860df2d989c75470c6fb50d4f7ff81263053d8565854550b091733c553c1233c51b75cab74497aa6422ab11e4b58a744b1f0dabaacfbe6eabfc06680a9f9ca36a5fef731d58f3fc348ba319673b5db80e743fde8d343e13e3ea2bb09387efc605b89ebefbf8b65e86bce2848ae6e0061219597c9a210eaba7dcda25a6393fb494185fda1ea53fcf0bfc073bee5242618fb4658cfe95cd28b89c2953065dc2459e650770040b85702a0217d25d07cd1b97a95c2459d92f64c874c9bd090de827fffec4a8a66847a1718c4bd6df1481dd38bf7e069af7e1676c61c30ffaf3db2c53a740e18a851b3490ca4535880ccf7febca490e55c9c7a4d173a48ac58ce60f0efaf064ea516ce2b9f1631c471310f8b355bbf3cd7d07628477508abfe01c0ce783cf8dabefecfbcdb2c1cbb4528c6ddf6fe1ee8acbd97662a2415f1ee74a017a7eeeefcbc7f975dea5059d418fbc5db6adac10649c8790710260c79ee3813519ddfa96248c2076213659c8a70ccac83f082adf348886eca79c5af236183d2b1dead82a1f56912900c49a5207ada085bbcddffa4b6dd6f85aa2273d1411d7c8e16a0f07bdef068ddf5677920392f772192875bf197d2874410822bf220aea4a1ba440f3b86ceab266c1844a7b87e863b8a1fd0e694d4d74b5403d90442e3dcc21fd4d91db041fccfca89cf8a95ccab276fb8fc159486c235cd464c939baa5706a2729d4a063e98ef40502a96c6c7a821008ecb5b8d52fa80e292959fc44e9bfbe649083151ae7ef04b82e3bdc941ac255202b092612e5c44194114643f81acb01087f8975f64d676ee3c9af01aab581777bf6d983e7742227a18b14a0fc3484ce85db34ace9d39400361fa04786f5f44a5753502b69ece117a462af04b9308fe3a4d2d213cc32fb0f52ae4fb7c08c784a2b8682e9cdc54d25173c94f194410ae5ab40fd433f5a1b840dcb8e6861d9e63d11488c4bfbf2ea680b171b19e3690d2ab7d771a7cfcbaf21238cada602010c636520eb14c718829f40f72a83bb4c8c8c088c1ba3a91c5960bc7c1be2869fbd80877a4c37983cd86915fb93467ba269178e6b83dceec8962564b6c1d0f6c63d29b64b73bdcfc8a1f3bdb20ba754846a80e4b1932e0086a12459f0087e7e22227f3c7b2b7af6824440d7c8193fa7b07e69a601b59e4147769e96c9a953037806854a16d5433d9b2eeb137e9f2bf7b9b48c77d0d13ae0da3e139acdd227c1f4f7ea7a8998b1b44c680b50b0df906393ed7809e4ff400865ba93d96016f181271fefd5935dadfd42959d50b1cd3701c206f7291b524ad34393e23aa47e24adf207b881bba599dacfdb2de4c56a71f9a6f3b427b76d187c721410b1d3be17d4aba80545870c0a3ebc633b8c25c2b5d33d2ee73b8f3041b5e0195729a2fed82441084a6c02c7797a9166fb97f9803dca5f71278f9f382b3e261c3ee0a7ff364dfdcb819d4d8500f553099e4823d8dcbb40d1d16aba03e098823f6377f83d839fc84d1c7de31ad06b753be151ea4426ac4a442fbcce463f9ac37eecedc06175fa5a3779e9675b0dfa64945b035ff353f883e22dbf2ec7392cbc8f23edcceafba679d9cd792d89b66a98e8574ce4ba171181b35c7b0d9eb3a9935120398c8d63ab25e90d93130b0225dca74ea52fa41f0c5c28186f5f1943fb54b18966ffc367ec834972ee029f39bf056b456d4f557a6922b08d83c6688f7d6ed0013d951cf177ede14b1787d2c6f55d89c88350d87758649f4cd827aad84d29cbc5e9cbdd93425b875a7dbe790e06f3153083ce9493292f26a38b594606d3961564c71661f207a09c82601beb241e188e1745fbb1e2af5b1873590ee544cca4842d2ae5d9eaddc7a446f255cecaf92b11705aa28be8d01c5445989986b3ecb4e5f86d7dcccab669dadba9f8f5ee7c632c84e87116ed285371c5e57d3439c6909a0911c530fa1a35ad987922ec96f1deb03cd5e9644f7000fabe7f0c4b8a3d0bbd32574563383933f0efd7a6888535ede428e842bc3524299f8f0f58a15c59ac6b4e184e82b78702e1723f34a246ef1a4fc508062bbb21a10fb153cf3d8013ed2906133f77277f511d3b172c882ccbd57a20b20d2570856565fb2016d7db2cbfe16328aa52699e685464e035d5981ad2c71c77a6f2df554942b065cff95c51aae54fe501f3328520e7b86f30f320d6aeb40a3a31985ba8fb64c449dd34579632393ffaf403968e47506e0a651924013fd00042fdabad180caeefd6329784bb12724b13598aa029d866b0586003015543b07de1edab972a27816a7ad224240488920d3ce7b764daf3e50f036a7e399cd02ee23cea91fc3afc1718527d13851921323835037d0417bd1d789189dcb70f68ed1f1c9b7c0f728d63bdbe2de61348a4dac1f959c8b68f6b9378f66a56abc0fe076eae0b928b3b693090a0f67ddf037e3e2d81f2f1c2250b6e78eeed75a828fc4475eadd5698a922bd8838a5d021c02cf5a3ad4f70d0a67e62f91e3b28fdb7d3fe9692dcb96ec5c680b3c3f989c0fccc6c2e1c4b1edf529ecc30b30509b861cce0429f3a7c6c6545be6b7ec7c0609fa6bff19f572310498a467c5c1ca439a51ffabc90d36b5bfb2d943895a54d564dccf5c9dc2080fe08af671c9e4f40ae87c0430619a7eca3df507bf219ae76d6977ab8879443efb337b6b9f18655f6324c929fd808feca56bff3674e1df8bf3ade110d59d806c57fb3df33196e21480ca02aa19cdab0fc4d106c02b602284dc96be5614a9ce96632795d690db6a41c52767539b3430036f119f12188f63aa41d3c5b071933def5bcb0d901a9c38d8d7fadb3ab0416f63271d32fb9dd852a67b2a3d63e9bbb5e059fdcaa02953eb13b161fa445ddf66974a4fa360d7251bf8772aa131206d515844061a748bff8764078db3c91642447f6407062501ffff0951da58ac303821661ebbd7270c58806f49c4609c7720eb4c7b875af85768323f7c0e996832356e34d09b45f92747e6b4d583914d97d70ceffe6475b5fdcec97aba2496d1028080cea71d4b708db230ccf4d855b74f2b92caf88ae9c8b03cebaad9c7485d29adc0c8558ae105161a3371cb06abe21404773b3ed8c52cf095c05a5f31f2275b4f665612625871c5b261539a31d2c53433848809069fab7d3dfdad820db188266ab0a7511e4ff0034e3646430fd6b3d3403c5cb30a8c7e15426d70296a0effbe01783fa4a3ef0985b6751e1772b90f55b37376d881d3057c0b314c483caea763f27cf2ff4109dbef3dca85b4870a171c01277a0bfb9a237e9b6664553e7096a2357261a1b4beedb3efd75a8be09e9f0bdd0e8af1b1e7b0aa96b6838b4b93bbd74b17f857e26d8a893a1bc21afa4d82d1600104202d04503567df83c3a249532f5b88fae5285038c12e1e6500d6f39bfaf6284694fb7832287a2e37d5ef4354d1449dc3cf912e518d71062e452bc7f32636e476880763258f716f08d5a7d6077fd70c861bc8cf37f5d589ca42dc362388f6cd3193076917925f99cfbd12dc5a3f79727fbb84713ec3e29d61d24b37af08b65656125055c4d2e2d92af3241fab5054ad9458f1febe15f856ee3b2c1427cd69103d11ab641a6aa83b52b4d5c8ceb9234ad69d6d5763e0e64cf674af904adb94f6eb049f53216a52e70c597a377caa59f18245198bb5c0b6733d5e317921d71299997ed3b05bc506965384c944885bc0be6787bb52100396aa68e4858ff19a3ee26248fb4344afa43392ecbb2c6ef022b8450b3aa18f4fbccbe710776c609673daed02eb4d5238c0376f3f598223d41b5c47026c23848ba8e977fb368bba74bc91194b298985babfb1833cde93f929956ab412cd008b6c7626448c66f56edf8bc60beb907dcc05bf5044eed8ae38a408c5754edf77f7cac32c8da712ca2c85d1446a0aa54d217baf8d76281aa9605dc97eace0f3566cde0553a5319e0734afc88feb6d1d1def53d552b61f2e53707633bf229f691c2acccbfbd683879bfd013dac53dc3c19d4a0de94ce032637b6b58c3b480a53905770a1982b1b2f2e0bbce7b6a48dd297a1f72e279da86d3037234f523e3d6ddd36123b24adc53dd9993ccf3697e95ac1ce1b34e3f2a4932df3e41730e2a352d73282792ae81af7d34870189cc440a65e1f2ab6212025810d0e9608d57ca2c0d801420f1ac350def98e01e2a64ef9e91cce1b412b74c38ff163068cb5e8fbb8b413c0d581cc7d8a61645a2a9a8be1161e36f24cf9e9e7d5ba25ca6886ab333bc93efa2424501ae274a92fcd4f5970c6119f71f9fa027ceb679b70239513fc39f7da9382ddd2a1ef0ecf96413f07b44319e5dd4e0e294d07a6860bbc4fabb43c5512c5dda095935652db664464532a0981af89659bb8e860e1da7673bd68d84e7bdcb73d3f671a3ad6406c0be24e985f1763394acb8c4f3ada7f5f697c0e958c90ac994e1c63cabc94fda1338d63e9a18847de4d8ed9838d0c92bc86a5d40441bda2b5682a58a234de0988db023582f77341856a86846251747ea2619be2ddcc5b1fd69ef480519ea3e42030a25350521b9e07d9629f8d9467554ec04a2d0a4bf91f64c5aa10fa52818ca2e9effee43efd64b7f4686e88aaf951861270a6c682a66ef3bd330a6053365199a5558897808e01ff329364aa9d0548c48b1452c6944b9c485b71f63808a6db58013ce03d85beb19945051ab134e9376501f552d5b4ce855b03929a9042768512d1c73a3c32095bd215218e6e418ef6e42cb9b232a1004b72b6f342cbb28c67acbadec70d2570f78c44b36781c39a3309ebb8c242efcbf6698ceffc2b57", 0x1000, 0x0)
ioctl$IMADDTIMER(r4, 0x80044940, &(0x7f00000002c0))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x41, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
r8 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x39c4, 0x2, 0x4}, &(0x7f0000000580)=<r9=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r8, 0x66a8, 0x4000, 0xf, 0x0, 0x18)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])

1.1680033s ago: executing program 7 (id=1653):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3f}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x8}]}}}]}, 0x48}}, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x29)
pipe2$9p(&(0x7f0000001900)={<r3=>0xffffffffffffffff}, 0x0)
r4 = dup(r1)
r5 = socket$inet6(0xa, 0x2, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f00000005c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000c00)=@newlink={0x5c, 0x10, 0x437, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, 0x40c89}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @private2}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0xe3}}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmmsg$inet(r5, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @empty, @rand_addr=0x3}}}], 0x20}}], 0x1, 0x4040880)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e09b4f7a632a45c733d66642c7266646e6f3d", @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',k'])
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x6, 0xf3, 0x8c, 0x3}, {0x6, 0xbb, 0x0, 0x7}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000100)={<r9=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r8, 0x40082102, &(0x7f0000000180)=r9)

1.089193593s ago: executing program 1 (id=1654):
sysinfo(0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB], &(0x7f0000000000)=""/57, 0x8e, 0x39, 0x1, 0xa}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)
sendmmsg$inet(r0, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000002640)="ef0ba606342672dabc", 0x9}], 0x1}}], 0x1, 0x20000010)
recvmmsg(r0, &(0x7f0000002300)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$getown(r2, 0x9)
io_setup(0x6, &(0x7f0000000540)=<r3=>0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
io_destroy(r3)
r6 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000000), 0x49)
sendmsg$kcm(r6, &(0x7f00000001c0)={&(0x7f0000000100)=@phonet={0x23, 0x3, 0x3, 0x44}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="27050200420014000300002fb96dbcf706e10500070088a800008100", 0x1c}, {&(0x7f0000000440)="cb4e880400", 0x5}], 0x2}, 0x20000091)

1.013546387s ago: executing program 4 (id=1655):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000080)=0x10000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
socket$inet6(0xa, 0x3, 0x5)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000041c3c965fff00000b00000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x2, r4}, 0x38)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
getdents(r6, &(0x7f0000000380)=""/200, 0x1d)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x541b, 0x0)
accept4$ax25(r6, &(0x7f0000000480)={{0x3, @rose}, [@null, @null, @rose, @default, @bcast, @netrom, @null, @rose]}, &(0x7f0000000180)=0xffffffd9, 0x800)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)

931.810508ms ago: executing program 1 (id=1656):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r2, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3)
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x30, r4, 0x6419aa27cadae9f1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, '\tK'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4850}, 0x8000)
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x8000, 0x4f}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x24004804}, 0x800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008000)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r6 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000002000010027bd70000009000002000000000000070000000014000200fe800000000000000000000000000101080018004e234e23"], 0x38}, 0x1, 0x0, 0x0, 0x24048844}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)

850.374256ms ago: executing program 6 (id=1657):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$sock(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)}}], 0x1, 0x404c880)

721.623294ms ago: executing program 6 (id=1658):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRESHEX=0x0, @ANYRES32, @ANYRESHEX, @ANYRES32=0x0, @ANYRES8, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="1809000000b9368794e21007062cfb00000000000900006641431e00b835a80f895814", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x23, '\x00', 0x0, 0xb}, 0x94)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
r2 = getpgrp(r1)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050800)
io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x1, 0x4}, 0x6, 0x20000000, 0x4, 0x0, 0x0, 0x6, 'syz1\x00', 0x0})
sched_setaffinity(r2, 0x8, &(0x7f0000000080)=0x3)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000280)={0x1, 0xfffffffd}, 0x8)
connect$inet6(r5, 0x0, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
r6 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000200))
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r7)

701.883703ms ago: executing program 1 (id=1659):
io_setup(0x3ff, &(0x7f0000000500)=<r0=>0x0)
io_getevents(r0, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)

576.059108ms ago: executing program 6 (id=1660):
syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x428702, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0x400c000)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x272, 0xb, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96cd, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x401, 0xd}, {0xe4, 0x0, 0x7, 0x76, 0x2, 0x3}, 0x6, 0xc, 0x18de}}]}}]}, 0x45c}}, 0x0)
sendfile(r1, r1, 0x0, 0x200000)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000280)={{0x5}, 0x0, [0x40000000, 0x0, 0x4, 0x3, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x400001, 0x2, 0x3, 0x20004, 0xfffffffffffffffe, 0x3, 0x4, 0x0, 0x8, 0x0, 0x2, 0x1, 0x0, 0x0, 0x5, 0x1, 0xfffffffffffffc01, 0x58c132dc, 0x0, 0x0, 0x1000007ffe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0xfffffffffffffffc, 0x4, 0x5, 0x10000, 0x4, 0xfdfffffffffffffe, 0x0, 0xd0, 0x1, 0x9, 0x1, 0x20040000004, 0x20, 0x8, 0x80000000, 0x0, 0x0, 0x200001, 0x7, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x10, 0x5, 0xfffffe, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x4, 0x1, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffff19, 0x4, 0x8, 0x1, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x9d, 0xfffffffffffffffb, 0x0, 0x2, 0xfffffffffffffff4, 0x4, 0x0, 0x1075, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x40000000003, 0x7, 0x7fff, 0x1c, 0x6, 0xffffffff80000001, 0x2, 0x0, 0xfffffffffffffffb, 0x4]})
ioctl$sock_proto_private(0xffffffffffffffff, 0x89e1, &(0x7f0000001080))
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$vhost_msg(r4, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
read$rfkill(r5, &(0x7f0000000040), 0x8)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r6, r5, 0x0, 0x23b)
socket$nl_route(0x10, 0x3, 0x0)

220.690926ms ago: executing program 6 (id=1661):
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20)
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/freeze_filesystems', 0x101a02, 0xc8)
sendfile(r1, r1, 0x0, 0x101)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r1, 0x4068aea3, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000008000000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000003000000dbaaf0ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

161.23024ms ago: executing program 7 (id=1662):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
write$cgroup_pid(r2, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$DRM_IOCTL_MODE_GETGAMMA(0xffffffffffffffff, 0xc02064a4, &(0x7f00000001c0)={0x0, 0x1, &(0x7f0000000100)=[0x2], &(0x7f0000000140), &(0x7f0000000180)=[0xff03, 0x44a, 0x6715]})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x5, 0xf9, 0x2, 0x4, 0xff, 0x8, 0x1, 0x1, 0x0, 0xfffffff8, 0x5, 0xc, 0x72, 0x6, 0x3, '\x00', 0x3})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)

73.890208ms ago: executing program 6 (id=1663):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000003c0)=@newtaction={0x48, 0x31, 0x53b, 0x70bd2c, 0x0, {}, [{0x34, 0x1, [@m_simple={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x48}}, 0x4)

0s ago: executing program 7 (id=1664):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x49)
sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x3, 0x4}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="27050200420014000300002fb96dbcf706e10500070088a800008100", 0x1c}, {&(0x7f0000000440)="cb4e88a8af3288", 0x7}], 0x2}, 0x0) (fail_nth: 3)

kernel console output (not intermixed with test programs):

lave_1: entered allmulticast mode
[  301.778904][ T8942] bridge0: port 3(team0) entered blocking state
[  301.787683][ T8942] bridge0: port 3(team0) entered disabled state
[  301.806420][ T8942] bridge0: port 3(team0) entered blocking state
[  301.812968][ T8942] bridge0: port 3(team0) entered forwarding state
[  301.950363][   T24]  (null): failure reading functionality
[  302.123552][   T24] i2c i2c-2: connected i2c-tiny-usb device
[  302.286319][   T24] usb 1-1: USB disconnect, device number 28
[  302.656421][ T5959] usb 2-1: USB disconnect, device number 27
[  304.399928][ T8972] lo speed is unknown, defaulting to 1000
[  304.454056][   T30] audit: type=1400 audit(1759540120.025:504): avc:  denied  { ioctl } for  pid=8969 comm="syz.4.832" path="/dev/ppp" dev="devtmpfs" ino=708 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  304.776477][ T8977] netlink: 36 bytes leftover after parsing attributes in process `syz.1.833'.
[  304.785538][   T30] audit: type=1400 audit(1759540120.395:505): avc:  denied  { connect } for  pid=8978 comm="syz.3.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  304.875288][   T30] audit: type=1400 audit(1759540120.395:506): avc:  denied  { shutdown } for  pid=8978 comm="syz.3.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  305.927926][ T8991] netlink: 104 bytes leftover after parsing attributes in process `syz.1.837'.
[  305.953469][   T24] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  306.144212][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  306.163728][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  306.171846][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  306.180740][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  306.188279][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  306.202266][   T30] audit: type=1400 audit(1759540121.835:507): avc:  denied  { mounton } for  pid=8997 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  306.247083][ T8997] lo speed is unknown, defaulting to 1000
[  306.339368][   T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  306.419474][ T9001] fuse: Bad value for 'user_id'
[  306.454707][ T8997] chnl_net:caif_netlink_parms(): no params data found
[  306.471590][   T24] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  306.482963][ T9001] fuse: Bad value for 'user_id'
[  306.654843][ T9001] sp0: Synchronizing with TNC
[  307.123758][ T8997] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.133166][ T8997] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.152739][ T8997] bridge_slave_0: entered allmulticast mode
[  307.164945][   T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  307.179247][ T8997] bridge_slave_0: entered promiscuous mode
[  307.194668][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.236632][ T5808] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  307.237011][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.267010][ T8989] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  307.282783][ T8997] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.292873][ T8997] bridge_slave_1: entered allmulticast mode
[  307.301669][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  307.394870][ T5808] usb 2-1: device descriptor read/64, error -71
[  307.440601][ T8997] bridge_slave_1: entered promiscuous mode
[  307.767326][ T8997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.817260][ T5808] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  307.848735][ T8997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  308.022357][ T9026] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  308.030877][ T5808] usb 2-1: device descriptor read/64, error -71
[  308.053251][ T8997] team0: Port device team_slave_0 added
[  308.076925][ T8997] team0: Port device team_slave_1 added
[  308.155227][ T5808] usb usb2-port1: attempt power cycle
[  308.204950][ T5836] Bluetooth: hci5: command tx timeout
[  308.215147][ T9026] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  308.227671][ T9026] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  308.253666][ T8997] batman_adv: batadv0: Adding interface: batadv_slave_0
[  308.260813][ T8997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  308.287298][ T8997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  308.300012][ T8997] batman_adv: batadv0: Adding interface: batadv_slave_1
[  308.349786][ T8997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  308.378790][ T8997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.424739][ T8997] hsr_slave_0: entered promiscuous mode
[  308.465311][ T8997] hsr_slave_1: entered promiscuous mode
[  308.471639][ T8997] debugfs: 'hsr0' already exists in 'hsr'
[  308.477840][ T8997] Cannot create hsr debugfs directory
[  308.735219][ T5808] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  308.836080][ T5808] usb 2-1: device descriptor read/8, error -71
[  309.429437][ T9035] netlink: 8 bytes leftover after parsing attributes in process `syz.0.847'.
[  309.764300][ T8997] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  310.228326][   T10] usb 5-1: USB disconnect, device number 41
[  310.266950][ T8997] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  310.285405][ T5836] Bluetooth: hci5: command tx timeout
[  310.343157][ T8997] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  310.487136][ T8997] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  310.938114][   T43] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[  311.100595][ T8997] 8021q: adding VLAN 0 to HW filter on device bond0
[  311.127347][   T43] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  311.157453][   T43] usb 4-1: config 0 has no interface number 0
[  311.184084][ T9060] netlink: 36 bytes leftover after parsing attributes in process `syz.1.852'.
[  311.191036][ T8997] 8021q: adding VLAN 0 to HW filter on device team0
[  311.201157][   T43] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  311.338589][   T43] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  311.418905][   T43] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  311.442109][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.457875][ T3518] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.464978][ T3518] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.505503][   T43] usb 4-1: config 0 descriptor??
[  311.517167][ T3518] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.524321][ T3518] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.536086][ T9059] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  311.563692][   T43] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  311.801442][   T43] usb 4-1: USB disconnect, device number 26
[  311.807467][    C1] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  312.006958][ T5826] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  312.069184][ T8997] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.365524][ T5826] Bluetooth: hci5: command tx timeout
[  312.896909][ T8997] veth0_vlan: entered promiscuous mode
[  312.928090][ T8997] veth1_vlan: entered promiscuous mode
[  313.573778][ T8997] veth0_macvtap: entered promiscuous mode
[  313.584458][ T8997] veth1_macvtap: entered promiscuous mode
[  313.617097][ T8997] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.628286][ T8997] batman_adv: batadv0: Interface activated: batadv_slave_1
[  313.759840][   T55] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.808114][   T55] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.910803][   T55] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  314.096173][   T55] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.105328][ T5836] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  314.111477][ T5826] Bluetooth: hci2: command 0x0401 tx timeout
[  314.224874][   T43] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  314.291569][ T3518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.307496][ T3518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.349401][ T6576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.365077][ T6576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.383737][   T30] audit: type=1400 audit(1759540130.015:508): avc:  denied  { mounton } for  pid=8997 comm="syz-executor" path="/root/syzkaller.oN4ZzK/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  314.435143][   T43] usb 5-1: Using ep0 maxpacket: 16
[  314.437954][   T30] audit: type=1400 audit(1759540130.045:509): avc:  denied  { mount } for  pid=8997 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  314.485576][   T43] usb 5-1: config 0 descriptor has 1 excess byte, ignoring
[  314.504844][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024
[  314.548009][ T5826] Bluetooth: hci5: command tx timeout
[  314.568875][   T30] audit: type=1400 audit(1759540130.055:510): avc:  denied  { mounton } for  pid=8997 comm="syz-executor" path="/root/syzkaller.oN4ZzK/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  314.596731][   T30] audit: type=1400 audit(1759540130.055:511): avc:  denied  { mounton } for  pid=8997 comm="syz-executor" path="/root/syzkaller.oN4ZzK/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=23917 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  314.596995][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  314.624792][   T30] audit: type=1400 audit(1759540130.065:512): avc:  denied  { mounton } for  pid=8997 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  314.658493][   T30] audit: type=1400 audit(1759540130.065:513): avc:  denied  { mount } for  pid=8997 comm="syz-executor" name="/" dev="gadgetfs" ino=7616 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  314.815020][   T30] audit: type=1400 audit(1759540130.075:514): avc:  denied  { mounton } for  pid=8997 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  314.827911][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 188
[  315.226057][   T43] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  315.235763][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.252672][   T43] usb 5-1: Product: syz
[  315.261854][   T43] usb 5-1: Manufacturer: syz
[  315.271698][   T43] usb 5-1: SerialNumber: syz
[  315.319189][   T43] usb 5-1: config 0 descriptor??
[  315.325343][ T9097] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  315.389355][ T9124] FAULT_INJECTION: forcing a failure.
[  315.389355][ T9124] name failslab, interval 1, probability 0, space 0, times 0
[  315.402044][ T9124] CPU: 1 UID: 0 PID: 9124 Comm: syz.5.869 Not tainted syzkaller #0 PREEMPT(full) 
[  315.402067][ T9124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  315.402077][ T9124] Call Trace:
[  315.402083][ T9124]  <TASK>
[  315.402090][ T9124]  dump_stack_lvl+0x16c/0x1f0
[  315.402120][ T9124]  should_fail_ex+0x512/0x640
[  315.402149][ T9124]  ? fs_reclaim_acquire+0xae/0x150
[  315.402173][ T9124]  should_failslab+0xc2/0x120
[  315.402195][ T9124]  __kmalloc_noprof+0xdd/0x880
[  315.402222][ T9124]  ? tomoyo_encode2+0x100/0x3e0
[  315.402252][ T9124]  ? tomoyo_encode2+0x100/0x3e0
[  315.402277][ T9124]  tomoyo_encode2+0x100/0x3e0
[  315.402306][ T9124]  tomoyo_encode+0x29/0x50
[  315.402330][ T9124]  tomoyo_realpath_from_path+0x18f/0x6e0
[  315.402359][ T9124]  ? tomoyo_profile+0x47/0x60
[  315.402379][ T9124]  tomoyo_path_number_perm+0x245/0x580
[  315.402401][ T9124]  ? tomoyo_path_number_perm+0x237/0x580
[  315.402426][ T9124]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  315.402450][ T9124]  ? irqentry_exit+0x3b/0x90
[  315.402498][ T9124]  ? find_held_lock+0x2b/0x80
[  315.402523][ T9124]  ? hook_file_ioctl_common+0x145/0x410
[  315.402547][ T9124]  ? __fget_files+0x20e/0x3c0
[  315.402571][ T9124]  security_file_ioctl+0x9b/0x240
[  315.402598][ T9124]  __x64_sys_ioctl+0xb7/0x210
[  315.402626][ T9124]  do_syscall_64+0xcd/0x4e0
[  315.402653][ T9124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.402670][ T9124] RIP: 0033:0x7f122d38eec9
[  315.402683][ T9124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.402700][ T9124] RSP: 002b:00007f122e249038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  315.402719][ T9124] RAX: ffffffffffffffda RBX: 00007f122d5e6180 RCX: 00007f122d38eec9
[  315.402730][ T9124] RDX: 0000200000000140 RSI: 0000000000008b26 RDI: 0000000000000005
[  315.402741][ T9124] RBP: 00007f122e249090 R08: 0000000000000000 R09: 0000000000000000
[  315.402751][ T9124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.402761][ T9124] R13: 00007f122d5e6218 R14: 00007f122d5e6180 R15: 00007ffd3973e068
[  315.402786][ T9124]  </TASK>
[  315.402879][ T9124] ERROR: Out of memory at tomoyo_realpath_from_path.
[  315.550723][ T9097] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  315.733909][    C1] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71)
[  315.740288][   T43] mcba_usb 5-1:0.0: Microchip CAN BUS Analyzer connected
[  315.747392][    C1] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71)
[  315.847475][ T9127] lo speed is unknown, defaulting to 1000
[  316.225690][   T10] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  316.561454][   T10] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  316.668732][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.692583][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  316.699081][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  316.833248][   T10] usb 2-1: Product: syz
[  316.837877][   T10] usb 2-1: Manufacturer: syz
[  316.842795][   T10] usb 2-1: SerialNumber: syz
[  316.850128][   T10] usb 2-1: config 0 descriptor??
[  316.867442][   T10] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 032
[  316.924900][ T5826] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  316.931001][ T5836] Bluetooth: hci2: command 0x0401 tx timeout
[  317.256566][   T43] usb 5-1: USB disconnect, device number 42
[  317.264260][   T43] mcba_usb 5-1:0.0 can0: device disconnected
[  317.272761][   T10]  (null): failure reading functionality
[  317.329342][   T10] i2c i2c-1: connected i2c-tiny-usb device
[  317.369065][ T9127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.871'.
[  317.411221][ T9127] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9127 comm=syz.3.871
[  317.555815][ T5959] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  317.628397][   T43] usb 2-1: USB disconnect, device number 32
[  317.764843][ T5959] usb 6-1: Using ep0 maxpacket: 16
[  317.793130][ T5959] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  317.861998][ T5959] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  317.891900][ T5959] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  318.235256][ T5959] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  318.293962][ T5959] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  318.353411][ T5959] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  318.363288][ T5959] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  318.385256][ T5959] usb 6-1: Manufacturer: syz
[  318.602759][ T9178] loop5: detected capacity change from 0 to 7
[  318.665359][ T5959] usb 6-1: config 0 descriptor??
[  318.851874][ T9180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.880'.
[  318.885110][   T63] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  318.894611][   T63] Buffer I/O error on dev loop5, logical block 0, async page read
[  318.904115][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.033263][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.042263][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.054584][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.068412][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.079836][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.103575][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.113787][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.125414][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.135895][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.143849][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.153011][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.430566][ T9178] ldm_validate_partition_table(): Disk read failed.
[  319.494885][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.525780][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.542050][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.554991][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.597255][ T9178] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  319.654477][ T9178] Buffer I/O error on dev loop5, logical block 0, async page read
[  319.679852][ T9178] Dev loop5: unable to read RDB block 0
[  320.025148][ T9178]  loop5: unable to read partition table
[  320.054735][ T9178] loop5: partition table beyond EOD, truncated
[  320.061192][ T9178] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  320.166843][   T30] audit: type=1400 audit(1759540135.805:515): avc:  denied  { accept } for  pid=9192 comm="syz.4.883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  321.016886][ T5959] rc_core: IR keymap rc-hauppauge not found
[  321.024875][ T5959] Registered IR keymap rc-empty
[  321.052804][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  321.175059][ T5826] Bluetooth: hci2: command 0x0401 tx timeout
[  321.217657][ T5836] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  321.355085][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  321.407419][ T5959] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  321.431887][ T5959] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input26
[  321.453854][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  321.612224][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  321.634871][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  321.654879][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.194313][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.276733][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.301058][ T9220] ubi31: attaching mtd0
[  322.370664][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.411506][ T9220] ubi31: scanning is finished
[  322.544905][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.573636][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.637333][ T5959] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  322.704692][ T5959] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  322.730431][ T5959] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  322.817200][ T5959] usb 6-1: USB disconnect, device number 2
[  322.984213][ T9220] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  323.372007][   T43] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  323.999940][   T43] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  324.054855][ T5959] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  324.342875][   T43] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  324.355372][   T43] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  324.550669][   T30] audit: type=1804 audit(1759540140.115:516): pid=9242 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.894" name="/newroot/171/bus" dev="tmpfs" ino=963 res=1 errno=0
[  325.217829][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.805099][ T5826] Bluetooth: hci2: command 0x0401 tx timeout
[  325.815626][ T5836] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  325.844858][ T5956] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  326.084922][ T5808] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  326.106500][ T5956] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  326.144758][ T5956] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  326.195175][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.239304][ T5956] usb 5-1: config 0 descriptor??
[  326.275388][ T5808] usb 4-1: Using ep0 maxpacket: 8
[  326.370785][ T5808] usb 4-1: config 0 has an invalid interface number: 96 but max is 0
[  326.447409][ T5808] usb 4-1: config 0 has no interface number 0
[  326.453545][ T5808] usb 4-1: config 0 interface 96 has no altsetting 0
[  326.838105][ T5808] usb 4-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74
[  326.880006][ T5808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.912863][ T5808] usb 4-1: Product: syz
[  326.946319][ T5808] usb 4-1: Manufacturer: syz
[  326.955887][ T5808] usb 4-1: SerialNumber: syz
[  326.980226][   T43] usb 1-1: can't set config #27, error -71
[  326.980425][ T5808] usb 4-1: config 0 descriptor??
[  327.320189][   T43] usb 1-1: USB disconnect, device number 29
[  327.340882][ T5808] usbhid 4-1:0.96: couldn't find an input interrupt endpoint
[  327.538308][ T5878] usb 5-1: USB disconnect, device number 43
[  328.065958][ T9272] netlink: 36 bytes leftover after parsing attributes in process `syz.5.902'.
[  328.178365][ T9273] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  329.581465][ T5878] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  329.670901][ T9296] netlink: 36 bytes leftover after parsing attributes in process `syz.5.909'.
[  329.757047][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  329.768107][ T5878] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  329.799626][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  329.828621][ T5878] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  329.892617][ T5878] usb 1-1: New USB device found, idVendor=0451, idProduct=3410, bcdDevice=ef.1e
[  329.901971][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.920761][ T5878] usb 1-1: Product: syz
[  329.936823][ T5878] usb 1-1: Manufacturer: syz
[  330.263584][ T5878] usb 1-1: SerialNumber: syz
[  330.277020][ T5878] usb 1-1: config 0 descriptor??
[  330.287482][ T5878] ti_usb_3410_5052 1-1:0.0: TI USB 3410 1 port adapter converter detected
[  330.301967][ T5878] usb 1-1: TI USB 3410 1 port adapter converter now attached to ttyUSB0
[  331.869213][ T9318] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  332.538437][ T5878] usb 1-1: USB disconnect, device number 30
[  333.155274][ T5878] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0
[  333.337259][ T5878] ti_usb_3410_5052 1-1:0.0: device disconnected
[  334.246976][ T9335] IPVS: set_ctl: invalid protocol: 0 10.1.1.1:20001
[  334.256281][ T9335] Bluetooth: hci6: Frame reassembly failed (-84)
[  334.293199][ T3055] Bluetooth: hci6: Frame reassembly failed (-84)
[  334.307016][ T5956] IPVS: starting estimator thread 0...
[  334.495950][ T9336] IPVS: using max 74 ests per chain, 177600 per kthread
[  335.541061][ T9350] netlink: 36 bytes leftover after parsing attributes in process `syz.0.923'.
[  336.284946][ T5826] Bluetooth: hci6: command 0x1003 tx timeout
[  336.304870][ T5836] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  338.188630][ T5808] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  338.864836][ T5808] usb 1-1: Using ep0 maxpacket: 8
[  338.878093][ T5808] usb 1-1: config 0 has an invalid interface number: 96 but max is 0
[  338.894894][ T5808] usb 1-1: config 0 has no interface number 0
[  338.900988][ T5808] usb 1-1: config 0 interface 96 has no altsetting 0
[  338.932243][ T5808] usb 1-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74
[  338.951425][ T5808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.985030][ T5808] usb 1-1: Product: syz
[  338.995085][ T5808] usb 1-1: Manufacturer: syz
[  339.014271][ T5808] usb 1-1: SerialNumber: syz
[  339.044193][ T5808] usb 1-1: config 0 descriptor??
[  339.162532][ T5808] usbhid 1-1:0.96: couldn't find an input interrupt endpoint
[  340.168105][ T5826] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  340.386149][ T5826] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  340.405421][ T5826] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  340.442368][ T5826] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  340.458666][ T5826] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  340.622919][ T9405] lo speed is unknown, defaulting to 1000
[  340.883521][ T9409] FAULT_INJECTION: forcing a failure.
[  340.883521][ T9409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  340.912805][ T9409] CPU: 1 UID: 0 PID: 9409 Comm: syz.4.938 Not tainted syzkaller #0 PREEMPT(full) 
[  340.912830][ T9409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  340.912839][ T9409] Call Trace:
[  340.912845][ T9409]  <TASK>
[  340.912851][ T9409]  dump_stack_lvl+0x16c/0x1f0
[  340.912871][ T9409]  should_fail_ex+0x512/0x640
[  340.912890][ T9409]  _copy_from_iter+0x29f/0x1720
[  340.912909][ T9409]  ? _copy_from_iter+0x15d/0x1720
[  340.912926][ T9409]  ? __pfx__copy_from_iter+0x10/0x10
[  340.912944][ T9409]  ? __pfx__copy_from_iter+0x10/0x10
[  340.912961][ T9409]  ? _copy_from_iter+0x15d/0x1720
[  340.912980][ T9409]  copy_page_from_iter+0xde/0x180
[  340.912998][ T9409]  skb_copy_datagram_from_iter+0x2a0/0x740
[  340.913018][ T9409]  tun_get_user+0x1850/0x3cc0
[  340.913040][ T9409]  ? __pfx_tun_get_user+0x10/0x10
[  340.913056][ T9409]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  340.913078][ T9409]  ? find_held_lock+0x2b/0x80
[  340.913095][ T9409]  ? tun_get+0x191/0x370
[  340.913112][ T9409]  tun_chr_write_iter+0xdc/0x210
[  340.913128][ T9409]  vfs_write+0x7d3/0x11d0
[  340.913140][ T9409]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  340.913157][ T9409]  ? __pfx_vfs_write+0x10/0x10
[  340.913167][ T9409]  ? find_held_lock+0x2b/0x80
[  340.913190][ T9409]  ksys_write+0x12a/0x250
[  340.913202][ T9409]  ? __pfx_ksys_write+0x10/0x10
[  340.913217][ T9409]  do_syscall_64+0xcd/0x4e0
[  340.913234][ T9409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.913245][ T9409] RIP: 0033:0x7f1d00f8eec9
[  340.913255][ T9409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.913265][ T9409] RSP: 002b:00007f1d01ec1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  340.913276][ T9409] RAX: ffffffffffffffda RBX: 00007f1d011e5fa0 RCX: 00007f1d00f8eec9
[  340.913283][ T9409] RDX: 000000000000fdef RSI: 0000200000000100 RDI: 0000000000000003
[  340.913289][ T9409] RBP: 00007f1d01ec1090 R08: 0000000000000000 R09: 0000000000000000
[  340.913296][ T9409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  340.913302][ T9409] R13: 00007f1d011e6038 R14: 00007f1d011e5fa0 R15: 00007ffe18a4d728
[  340.913315][ T9409]  </TASK>
[  342.092444][ T9405] chnl_net:caif_netlink_parms(): no params data found
[  342.509709][ T9405] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.525113][ T5826] Bluetooth: hci6: command tx timeout
[  342.531775][ T9405] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.595929][ T9437] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9437 comm=syz.1.944
[  342.947803][ T9405] bridge_slave_0: entered allmulticast mode
[  342.960013][ T9405] bridge_slave_0: entered promiscuous mode
[  342.965926][ T9428] netlink: 104 bytes leftover after parsing attributes in process `syz.4.943'.
[  342.980936][ T9405] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.006406][ T9405] bridge0: port 2(bridge_slave_1) entered disabled state
[  343.013855][ T9405] bridge_slave_1: entered allmulticast mode
[  343.022165][ T9405] bridge_slave_1: entered promiscuous mode
[  343.093418][ T9405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  343.131728][ T9405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  343.151889][   T30] audit: type=1400 audit(1759540158.785:517): avc:  denied  { getopt } for  pid=9438 comm="syz.5.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  343.324581][ T9440] netlink: 'syz.5.945': attribute type 10 has an invalid length.
[  343.393239][ T9441] netlink: 'syz.5.945': attribute type 10 has an invalid length.
[  343.471145][   T30] audit: type=1400 audit(1759540158.785:518): avc:  denied  { setopt } for  pid=9438 comm="syz.5.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  343.768979][ T9440] team0: Port device dummy0 added
[  343.803916][ T9441] team0: Port device dummy0 removed
[  343.835887][ T9441] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  343.847183][ T9405] team0: Port device team_slave_0 added
[  343.895051][ T9405] team0: Port device team_slave_1 added
[  343.942646][ T9405] batman_adv: batadv0: Adding interface: batadv_slave_0
[  343.954857][ T5952] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  343.965412][ T9405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  344.028083][ T9405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  344.072179][ T9405] batman_adv: batadv0: Adding interface: batadv_slave_1
[  344.091556][ T9405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  344.134831][ T5952] usb 2-1: Using ep0 maxpacket: 16
[  344.656461][ T5826] Bluetooth: hci6: command tx timeout
[  344.885025][ T9405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  344.988873][ T5952] usb 2-1: config 0 has an invalid interface number: 110 but max is 1
[  345.020342][ T5952] usb 2-1: config 0 has an invalid interface number: 72 but max is 1
[  345.088881][ T5952] usb 2-1: config 0 has no interface number 0
[  345.125903][ T5952] usb 2-1: config 0 has no interface number 1
[  345.152240][ T5952] usb 2-1: config 0 interface 110 altsetting 5 endpoint 0xB has invalid maxpacket 1007, setting to 64
[  345.167857][ T9405] hsr_slave_0: entered promiscuous mode
[  345.173905][ T9405] hsr_slave_1: entered promiscuous mode
[  345.204949][ T5952] usb 2-1: config 0 interface 110 has no altsetting 0
[  345.215778][ T9405] debugfs: 'hsr0' already exists in 'hsr'
[  345.231630][ T9405] Cannot create hsr debugfs directory
[  345.231640][ T5952] usb 2-1: config 0 interface 72 has no altsetting 0
[  345.266654][ T5952] usb 2-1: New USB device found, idVendor=0d3a, idProduct=0300, bcdDevice=e5.50
[  345.296644][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.314957][ T5952] usb 2-1: Product: syz
[  345.326539][ T5952] usb 2-1: Manufacturer: syz
[  345.353819][ T5952] usb 2-1: SerialNumber: syz
[  345.366924][ T5952] usb 2-1: config 0 descriptor??
[  346.025532][ T9465] netlink: 40 bytes leftover after parsing attributes in process `syz.1.946'.
[  346.684992][ T5826] Bluetooth: hci6: command tx timeout
[  347.911184][ T9462] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  348.131367][ T9405] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  348.147417][ T9469] netlink: 104 bytes leftover after parsing attributes in process `syz.4.951'.
[  348.160598][ T9405] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  348.175684][ T9405] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  348.193224][ T9405] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  348.340904][ T9405] 8021q: adding VLAN 0 to HW filter on device bond0
[  348.376958][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  348.462881][ T9405] 8021q: adding VLAN 0 to HW filter on device team0
[  348.493762][ T3562] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.500909][ T3562] bridge0: port 1(bridge_slave_0) entered forwarding state
[  348.543927][ T3562] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.551128][ T3562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  348.561628][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.572531][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[  348.603378][   T10] usb 6-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  348.672963][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.715612][   T10] usb 6-1: config 0 descriptor??
[  348.774952][ T5826] Bluetooth: hci6: command tx timeout
[  348.926998][ T5952] ftdi_sio 2-1:0.110: FTDI USB Serial Device converter detected
[  348.948176][ T5952] ftdi_sio ttyUSB0: unknown device type: 0xe550
[  348.985998][ T5952] ftdi_sio 2-1:0.72: FTDI USB Serial Device converter detected
[  348.994356][ T5952] ftdi_sio ttyUSB1: unknown device type: 0xe550
[  349.084256][ T5952] usb 2-1: USB disconnect, device number 33
[  349.122407][ T5952] ftdi_sio 2-1:0.110: device disconnected
[  349.143803][   T10] Bluetooth: Can't get version to change to load ram patch err
[  349.151118][ T5952] ftdi_sio 2-1:0.72: device disconnected
[  349.162473][   T10] Bluetooth: Loading patch file failed
[  349.201301][   T10] ath3k 6-1:0.0: probe with driver ath3k failed with error -71
[  349.235874][   T10] usb 6-1: USB disconnect, device number 4
[  349.284585][ T9405] 8021q: adding VLAN 0 to HW filter on device batadv0
[  349.949105][ T9486] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  350.876789][ T9405] veth0_vlan: entered promiscuous mode
[  350.982945][ T9405] veth1_vlan: entered promiscuous mode
[  351.051886][ T9405] veth0_macvtap: entered promiscuous mode
[  351.065867][ T9405] veth1_macvtap: entered promiscuous mode
[  351.090542][ T9405] batman_adv: batadv0: Interface activated: batadv_slave_0
[  351.140477][ T9405] batman_adv: batadv0: Interface activated: batadv_slave_1
[  351.161358][ T7004] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  351.215476][   T30] audit: type=1804 audit(1759540166.835:519): pid=9519 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.959" name="/newroot/181/bus" dev="tmpfs" ino=1033 res=1 errno=0
[  351.250950][ T7004] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  352.131971][ T7004] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  352.157546][ T7004] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  352.236102][   T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  352.296211][   T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  352.367390][ T7004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  352.375411][ T7004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.949644][ T5836] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  353.958803][ T5836] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  353.966690][ T5836] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  353.974292][ T5836] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  353.981760][ T5836] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  354.434674][ T9534] lo speed is unknown, defaulting to 1000
[  354.900641][ T9546] FAULT_INJECTION: forcing a failure.
[  354.900641][ T9546] name failslab, interval 1, probability 0, space 0, times 0
[  354.914984][ T9546] CPU: 0 UID: 0 PID: 9546 Comm: syz.1.965 Not tainted syzkaller #0 PREEMPT(full) 
[  354.915008][ T9546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  354.915019][ T9546] Call Trace:
[  354.915025][ T9546]  <TASK>
[  354.915032][ T9546]  dump_stack_lvl+0x16c/0x1f0
[  354.915061][ T9546]  should_fail_ex+0x512/0x640
[  354.915086][ T9546]  ? __kmalloc_cache_noprof+0x5f/0x780
[  354.915114][ T9546]  ? __pfx_ucma_event_handler+0x10/0x10
[  354.915139][ T9546]  should_failslab+0xc2/0x120
[  354.915160][ T9546]  ? __pfx_ucma_event_handler+0x10/0x10
[  354.915183][ T9546]  __kmalloc_cache_noprof+0x72/0x780
[  354.915209][ T9546]  ? __rdma_create_id+0x5b/0x740
[  354.915228][ T9546]  ? __pfx_ucma_event_handler+0x10/0x10
[  354.915252][ T9546]  ? __rdma_create_id+0x5b/0x740
[  354.915267][ T9546]  __rdma_create_id+0x5b/0x740
[  354.915283][ T9546]  ? __pfx_ucma_event_handler+0x10/0x10
[  354.915309][ T9546]  rdma_create_user_id+0x7d/0xe0
[  354.915327][ T9546]  ucma_create_id+0x188/0x380
[  354.915350][ T9546]  ? __pfx_ucma_create_id+0x10/0x10
[  354.915374][ T9546]  ? __might_fault+0xe3/0x190
[  354.915389][ T9546]  ? __might_fault+0x13b/0x190
[  354.915412][ T9546]  ? __pfx_ucma_create_id+0x10/0x10
[  354.915444][ T9546]  ucma_write+0x1f8/0x330
[  354.915465][ T9546]  ? __pfx_ucma_write+0x10/0x10
[  354.915486][ T9546]  ? bpf_lsm_file_permission+0x9/0x10
[  354.915505][ T9546]  ? security_file_permission+0x71/0x210
[  354.915533][ T9546]  ? rw_verify_area+0xcf/0x6c0
[  354.915562][ T9546]  ? __pfx_ucma_write+0x10/0x10
[  354.915581][ T9546]  vfs_writev+0x5df/0xde0
[  354.915604][ T9546]  ? __pfx_vfs_writev+0x10/0x10
[  354.915639][ T9546]  ? __fget_files+0x20e/0x3c0
[  354.915657][ T9546]  ? __fget_files+0x170/0x3c0
[  354.915682][ T9546]  ? do_writev+0x28c/0x340
[  354.915696][ T9546]  do_writev+0x28c/0x340
[  354.915712][ T9546]  ? __pfx_do_writev+0x10/0x10
[  354.915736][ T9546]  do_syscall_64+0xcd/0x4e0
[  354.915763][ T9546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.915781][ T9546] RIP: 0033:0x7feb9f58eec9
[  354.915794][ T9546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.915810][ T9546] RSP: 002b:00007feba04b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  354.915827][ T9546] RAX: ffffffffffffffda RBX: 00007feb9f7e5fa0 RCX: 00007feb9f58eec9
[  354.915839][ T9546] RDX: 0000000000000003 RSI: 0000200000000000 RDI: 0000000000000004
[  354.915849][ T9546] RBP: 00007feba04b0090 R08: 0000000000000000 R09: 0000000000000000
[  354.915859][ T9546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.915869][ T9546] R13: 00007feb9f7e6038 R14: 00007feb9f7e5fa0 R15: 00007fffe1bb4ff8
[  354.915893][ T9546]  </TASK>
[  355.277420][ T9534] chnl_net:caif_netlink_parms(): no params data found
[  355.523824][ T9556] netlink: 16 bytes leftover after parsing attributes in process `syz.5.967'.
[  355.544681][ T9534] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.645151][ T9534] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.652355][ T9534] bridge_slave_0: entered allmulticast mode
[  355.666368][ T9534] bridge_slave_0: entered promiscuous mode
[  355.678491][ T9534] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.685671][ T9534] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.692760][ T9534] bridge_slave_1: entered allmulticast mode
[  355.702922][   T10] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  355.734810][ T9534] bridge_slave_1: entered promiscuous mode
[  355.877812][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  355.924845][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  355.948819][ T9534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.987553][   T10] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  355.999350][ T9534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.021754][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.044912][ T5826] Bluetooth: hci7: command tx timeout
[  356.053319][   T10] usb 2-1: Product: syz
[  356.061801][   T10] usb 2-1: Manufacturer: syz
[  356.093344][   T10] usb 2-1: SerialNumber: syz
[  356.114611][   T10] usb 2-1: config 0 descriptor??
[  356.127780][ T9534] team0: Port device team_slave_0 added
[  356.212329][ T9534] team0: Port device team_slave_1 added
[  356.298055][ T9534] batman_adv: batadv0: Adding interface: batadv_slave_0
[  356.373002][ T9534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.425708][   T30] audit: type=1400 audit(1759540172.065:520): avc:  denied  { create } for  pid=9565 comm="syz.6.970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  356.651589][ T9534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.652790][   T10] usb 2-1: USB disconnect, device number 34
[  356.673131][ T9534] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.731014][ T9534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.881017][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  356.914535][ T9534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.633405][ T9578] overlay: Unknown parameter 'euid<00000000000000000000'
[  357.777352][ T9534] hsr_slave_0: entered promiscuous mode
[  357.783357][ T9534] hsr_slave_1: entered promiscuous mode
[  358.124848][ T5826] Bluetooth: hci7: command tx timeout
[  358.154119][ T9534] debugfs: 'hsr0' already exists in 'hsr'
[  358.167515][ T9534] Cannot create hsr debugfs directory
[  359.513611][ T9583] vxlan0: entered promiscuous mode
[  359.555454][ T5959] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  359.898316][ T5826] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci6/hci6:201'
[  359.908011][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[  359.908028][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  359.908036][ T5826] Workqueue: hci6 hci_rx_work
[  359.908057][ T5826] Call Trace:
[  359.908061][ T5826]  <TASK>
[  359.908066][ T5826]  dump_stack_lvl+0x16c/0x1f0
[  359.908084][ T5826]  sysfs_warn_dup+0x7f/0xa0
[  359.908101][ T5826]  sysfs_create_dir_ns+0x24b/0x2b0
[  359.908118][ T5826]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  359.908134][ T5826]  ? find_held_lock+0x2b/0x80
[  359.908171][ T5826]  ? do_raw_spin_unlock+0x172/0x230
[  359.908198][ T5826]  kobject_add_internal+0x2c4/0x9b0
[  359.908219][ T5826]  kobject_add+0x16e/0x240
[  359.908236][ T5826]  ? __pfx_kobject_add+0x10/0x10
[  359.908253][ T5826]  ? do_raw_spin_unlock+0x172/0x230
[  359.908268][ T5826]  ? kobject_put+0xab/0x5a0
[  359.908288][ T5826]  device_add+0x288/0x1aa0
[  359.908303][ T5826]  ? __pfx_dev_set_name+0x10/0x10
[  359.908318][ T5826]  ? __pfx_device_add+0x10/0x10
[  359.908332][ T5826]  ? mgmt_send_event_skb+0x2fb/0x460
[  359.908351][ T5826]  hci_conn_add_sysfs+0x17e/0x230
[  359.908368][ T5826]  le_conn_complete_evt+0x1260/0x2150
[  359.908386][ T5826]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  359.908401][ T5826]  ? hci_event_packet+0x459/0x11c0
[  359.908420][ T5826]  hci_le_conn_complete_evt+0x23c/0x370
[  359.908444][ T5826]  hci_le_meta_evt+0x354/0x5e0
[  359.908460][ T5826]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  359.908478][ T5826]  hci_event_packet+0x682/0x11c0
[  359.908494][ T5826]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  359.908511][ T5826]  ? __pfx_hci_event_packet+0x10/0x10
[  359.908529][ T5826]  ? kcov_remote_start+0x3c9/0x6d0
[  359.908545][ T5826]  ? lockdep_hardirqs_on+0x7c/0x110
[  359.908564][ T5826]  hci_rx_work+0x2c5/0x16b0
[  359.908581][ T5826]  ? rcu_is_watching+0x12/0xc0
[  359.908599][ T5826]  process_one_work+0x9cf/0x1b70
[  359.908618][ T5826]  ? __pfx_process_one_work+0x10/0x10
[  359.908636][ T5826]  ? assign_work+0x1a0/0x250
[  359.908650][ T5826]  worker_thread+0x6c8/0xf10
[  359.908670][ T5826]  ? __pfx_worker_thread+0x10/0x10
[  359.908686][ T5826]  kthread+0x3c2/0x780
[  359.908700][ T5826]  ? __pfx_kthread+0x10/0x10
[  359.908713][ T5826]  ? rcu_is_watching+0x12/0xc0
[  359.908729][ T5826]  ? __pfx_kthread+0x10/0x10
[  359.908742][ T5826]  ret_from_fork+0x56a/0x730
[  359.908754][ T5826]  ? __pfx_kthread+0x10/0x10
[  359.908767][ T5826]  ret_from_fork_asm+0x1a/0x30
[  359.908795][ T5826]  </TASK>
[  359.908810][ T5826] kobject: kobject_add_internal failed for hci6:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  360.174848][ T5826] Bluetooth: hci6: failed to register connection device
[  360.202281][ T5959] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  360.215045][ T5836] Bluetooth: hci7: command tx timeout
[  360.226161][ T5959] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.244926][ T9583] vxlan0: entered allmulticast mode
[  360.250502][ T5959] usb 6-1: Product: syz
[  360.255946][ T5959] usb 6-1: Manufacturer: syz
[  360.260608][ T5959] usb 6-1: SerialNumber: syz
[  360.278547][ T5959] usb 6-1: config 0 descriptor??
[  360.294544][   T55] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  360.303411][   T55] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  360.317491][ T5959] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 005
[  360.342000][   T55] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  360.562197][   T55] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  360.673300][ T9534] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  360.695668][ T9534] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  360.718844][ T5959]  (null): failure reading functionality
[  360.726593][ T5959] i2c i2c-1: connected i2c-tiny-usb device
[  360.806697][ T9534] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  360.836078][ T9534] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  360.916686][ T9534] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.939320][   T10] usb 6-1: USB disconnect, device number 5
[  360.974103][ T9534] 8021q: adding VLAN 0 to HW filter on device team0
[  360.987979][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.995070][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.019552][ T3498] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.026672][ T3498] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.093205][ T9604] netlink: 52 bytes leftover after parsing attributes in process `syz.4.976'.
[  362.398906][   T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  362.410546][ T5836] Bluetooth: hci6: command tx timeout
[  362.416152][ T5836] Bluetooth: hci7: command tx timeout
[  362.509905][ T9534] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.564105][   T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  362.587958][   T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  362.618405][   T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  362.648521][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.747151][ T9615] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  362.763440][   T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  363.226555][ T5890] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  363.475148][ T5890] usb 5-1: Using ep0 maxpacket: 8
[  363.482259][ T5890] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  363.492724][ T5890] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  363.511508][ T9534] veth0_vlan: entered promiscuous mode
[  363.950542][ T9534] veth1_vlan: entered promiscuous mode
[  363.956906][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  363.986186][ T5952] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  364.009408][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  364.031422][ T5890] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  364.056239][ T9534] veth0_macvtap: entered promiscuous mode
[  364.090940][ T9534] veth1_macvtap: entered promiscuous mode
[  364.100069][ T5890] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  364.109291][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  364.126084][ T5890] usb 5-1: Product: syz
[  364.136971][ T5890] usb 5-1: Manufacturer: syz
[  364.143293][ T9534] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.150927][ T5890] usb 5-1: SerialNumber: syz
[  364.165241][ T5952] usb 6-1: Using ep0 maxpacket: 16
[  364.172540][ T5952] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.184629][ T5890] usb 5-1: config 0 descriptor??
[  364.242502][ T9534] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.267655][ T5952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  364.297768][ T3562] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.462938][ T5890] radio-si470x 5-1:0.0: DeviceID=0x3fba ChipID=0xe6ba
[  364.473283][ T5952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  364.484066][ T3562] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.572623][ T9642] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9642 comm=syz.1.984
[  364.885499][ T5890] radio-si470x 5-1:0.0: software version 63, hardware version 186
[  364.896167][ T5890] radio-si470x 5-1:0.0: submitting int urb failed (-90)
[  364.914956][ T3562] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.919447][ T5952] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  364.934094][ T5952] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  364.949557][ T3562] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.949589][ T5952] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  364.969900][ T5952] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  364.978224][ T5952] usb 6-1: Manufacturer: syz
[  364.990509][ T5952] usb 6-1: config 0 descriptor??
[  365.021709][ T3562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.054895][ T3562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.102997][ T7004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.111956][ T7004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.912735][ T5890] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71
[  365.932455][ T5890] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -71
[  365.939056][ T5956] usb 7-1: USB disconnect, device number 2
[  365.960066][ T5890] usb 5-1: USB disconnect, device number 44
[  366.255060][   T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  366.465823][ T5956] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  366.484866][   T10] usb 8-1: Using ep0 maxpacket: 8
[  366.491449][   T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  366.502592][   T10] usb 8-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  366.527969][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.687096][ T5956] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  366.776833][   T10] usb 8-1: config 0 descriptor??
[  366.784916][ T5956] usb 7-1: config 0 has no interface number 0
[  366.791021][ T5956] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  366.819694][   T10] gspca_main: vc032x-2.14.0 probing 046d:0892
[  366.853670][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.927900][ T5956] usb 7-1: config 0 descriptor??
[  366.961793][ T5956] usb 7-1: selecting invalid altsetting 1
[  366.985782][ T5956] dvb_ttusb_budget: ttusb_init_controller: error
[  366.993786][ T5956] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  367.144882][ T5952] rc_core: IR keymap rc-hauppauge not found
[  367.151158][ T5952] Registered IR keymap rc-empty
[  367.184113][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.203965][ T5956] DVB: Unable to find symbol cx22700_attach()
[  367.215833][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.454153][ T5952] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  367.639566][ T5952] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input27
[  367.728848][ T5956] DVB: Unable to find symbol tda10046_attach()
[  367.748579][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.759970][ T5956] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  367.787232][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.875354][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.892540][ T5956] usb 7-1: USB disconnect, device number 3
[  367.904942][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.937245][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.954946][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  367.986156][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  368.134918][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  368.154904][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  368.554076][ T5952] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  368.565989][   T10] gspca_vc032x: reg_w err -110
[  368.571905][ T9650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  368.585158][   T10] vc032x 8-1:0.0: probe with driver vc032x failed with error -110
[  368.600971][   T10] usb 8-1: USB disconnect, device number 2
[  368.632144][ T5952] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  368.654109][ T5952] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  368.710673][ T5952] usb 6-1: USB disconnect, device number 6
[  368.848381][ T5956] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  369.064834][ T5956] usb 7-1: Using ep0 maxpacket: 32
[  369.073909][ T5956] usb 7-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  369.094858][ T5956] usb 7-1: config 0 interface 0 has no altsetting 0
[  369.101683][ T5956] usb 7-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00
[  369.111208][ T5956] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.130737][ T5956] usb 7-1: config 0 descriptor??
[  369.236547][ T5956] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input28
[  369.394882][ T5878] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  369.913899][   T30] audit: type=1400 audit(1759540185.535:521): avc:  denied  { ioctl } for  pid=9678 comm="syz.6.993" path="/dev/rtc0" dev="devtmpfs" ino=920 ioctlcmd=0x7001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  369.944487][ T5878] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  369.983583][ T5878] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  370.135076][ T5878] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  370.203936][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.237956][ T9691] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  370.611573][ T5878] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  370.746913][ T5890] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  371.089602][ T5178] bcm5974 7-1:0.0: could not read from device
[  371.124838][ T5890] usb 2-1: Using ep0 maxpacket: 16
[  371.155126][ T5890] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  371.166997][ T5178] bcm5974 7-1:0.0: could not read from device
[  371.175736][ T5178] bcm5974 7-1:0.0: could not read from device
[  371.183329][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  371.184851][ T5956] usb 7-1: USB disconnect, device number 4
[  371.205223][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  371.224933][ T5890] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  371.255595][ T7650] bcm5974 7-1:0.0: could not read from device
[  371.273833][ T5178] bcm5974 7-1:0.0: could not read from device
[  371.299953][ T5890] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  371.329861][ T7650] udevd[7650]: Error opening device "/dev/input/event4": No such device
[  371.539370][ T7650] udevd[7650]: Unable to EVIOCGABS device "/dev/input/event4"
[  371.551618][ T7650] udevd[7650]: Unable to EVIOCGABS device "/dev/input/event4"
[  371.551801][ T5890] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  371.601256][ T9720] PKCS7: Unknown OID: [5] (bad)
[  371.608315][ T9720] PKCS7: Only support pkcs7_signedData type
[  371.713065][ T7650] udevd[7650]: Unable to EVIOCGABS device "/dev/input/event4"
[  371.730427][ T7650] udevd[7650]: Unable to EVIOCGABS device "/dev/input/event4"
[  371.736604][ T5890] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  371.761561][ T9719] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1003'.
[  371.781388][ T5890] usb 2-1: Manufacturer: syz
[  371.969514][ T5890] usb 2-1: config 0 descriptor??
[  372.200216][ T5808] usb 6-1: USB disconnect, device number 7
[  373.834858][ T5890] rc_core: IR keymap rc-hauppauge not found
[  373.958185][ T5890] Registered IR keymap rc-empty
[  373.963756][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  373.998107][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  374.014904][ T5956] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  374.451035][ T5890] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  374.481720][ T5890] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input29
[  374.532857][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  374.585521][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  374.614924][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  374.660501][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  374.711510][ T5956] usb 5-1: Using ep0 maxpacket: 8
[  374.918194][   T30] audit: type=1400 audit(1759540190.455:522): avc:  denied  { append } for  pid=9753 comm="syz.5.1012" name="mice" dev="devtmpfs" ino=915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  374.996478][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  375.056033][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  375.178354][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  375.317469][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  375.428799][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  375.510510][ T5956] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  375.521172][ T5956] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  375.530537][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.545577][ T5956] usb 5-1: config 0 descriptor??
[  375.553426][ T5956] gspca_main: vc032x-2.14.0 probing 046d:0892
[  375.764914][ T5890] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  375.953487][ T5890] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  375.967236][ T5890] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  375.982480][ T5890] usb 2-1: USB disconnect, device number 35
[  376.756105][ T5956] gspca_vc032x: reg_r err -110
[  376.761963][ T5956] vc032x 5-1:0.0: probe with driver vc032x failed with error -110
[  376.773500][ T9744] syz.7.1010 (9744) used obsolete PPPIOCDETACH ioctl
[  377.614856][ T5956] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  377.909774][   T30] audit: type=1804 audit(1759540193.335:523): pid=9789 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.7.1021" name="/newroot/6/bus" dev="tmpfs" ino=60 res=1 errno=0
[  377.932183][ T5956] usb 7-1: Using ep0 maxpacket: 16
[  377.938156][ T9790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  378.398726][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  378.405167][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  378.435320][ T5956] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  378.453644][ T5956] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  378.493388][ T5956] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  378.528567][ T5956] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  378.550088][ T5956] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  378.582321][ T5956] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  378.626755][ T5956] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  378.664808][ T5956] usb 7-1: Manufacturer: syz
[  378.691485][ T5959] usb 5-1: USB disconnect, device number 45
[  378.760458][ T5956] usb 7-1: config 0 descriptor??
[  379.647068][ T5883] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  379.714300][ T9809] vxlan0: entered promiscuous mode
[  379.745253][ T9809] vxlan0: entered allmulticast mode
[  379.888347][ T5883] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  379.923749][ T3562] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  379.945267][ T5883] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  380.453055][ T5883] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  380.464868][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.527267][ T3562] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  380.572848][ T9806] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  380.622915][ T3562] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  380.717898][ T5883] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  380.829751][ T3562] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  381.104866][ T5956] rc_core: IR keymap rc-hauppauge not found
[  381.111472][ T5956] Registered IR keymap rc-empty
[  381.184167][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.275779][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.515832][ T5956] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  381.584661][ T5956] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input30
[  381.625838][ T9826] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  381.633328][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.685007][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.703832][ T9826] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  381.710784][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.744888][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.755629][ T9826] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  381.772531][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.782769][ T9826] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  381.794034][ T9826] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  381.815072][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.854916][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.874847][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.912905][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.945123][ T5956] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  381.970836][ T5956] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  381.980166][ T5956] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  382.003100][ T5956] usb 7-1: USB disconnect, device number 5
[  382.065988][ T9826] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  382.165948][ T9826] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  382.189433][ T9826] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  382.239192][ T9826] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  382.266861][ T9826] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  382.286940][ T9826] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  382.293400][ T9826] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  382.340663][ T9826] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  382.356288][ T9838] futex_wake_op: syz.5.1032 tries to shift op by 32; fix this program
[  382.446460][ T5956] usb 2-1: USB disconnect, device number 36
[  383.484850][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout
[  383.725163][ T5836] Bluetooth: hci2: command 0x0401 tx timeout
[  383.748037][ T9848] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1035'.
[  383.805444][ T5836] Bluetooth: hci5: command 0x0c1a tx timeout
[  383.811497][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout
[  384.520033][ T5826] Bluetooth: hci6: command 0x0c1a tx timeout
[  384.525500][ T5836] Bluetooth: hci7: command 0x0c1a tx timeout
[  385.354736][ T9862] binder: 9861:9862 ioctl c0306201 200000000180 returned -14
[  385.885829][ T5836] Bluetooth: hci5: command 0x0c1a tx timeout
[  386.015047][ T1203] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  386.605756][ T5836] Bluetooth: hci6: command 0x0c1a tx timeout
[  386.611850][ T5836] Bluetooth: hci7: command 0x0c1a tx timeout
[  386.654957][ T5956] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  386.677346][ T1203] usb 8-1: config 0 interface 0 has no altsetting 0
[  386.683965][ T1203] usb 8-1: New USB device found, idVendor=0403, idProduct=bdc8, bcdDevice=a9.d7
[  386.835592][ T1203] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.874143][ T1203] usb 8-1: config 0 descriptor??
[  386.896172][ T1203] ftdi_sio 8-1:0.0: Ignoring interface reserved for JTAG
[  386.910152][ T5956] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  386.919368][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.933276][ T5956] usb 5-1: Product: syz
[  386.943199][ T9885] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1046'.
[  386.958908][ T5956] usb 5-1: Manufacturer: syz
[  386.964393][ T5956] usb 5-1: SerialNumber: syz
[  386.983644][ T5956] usb 5-1: config 0 descriptor??
[  386.992130][ T5956] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 046
[  387.130447][ T1203] usb 8-1: USB disconnect, device number 3
[  387.719962][ T5956]  (null): failure reading functionality
[  387.739044][ T5956] i2c i2c-1: connected i2c-tiny-usb device
[  387.980836][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  388.020000][ T9892] overlay: Unknown parameter 'euid<00000000000000000000'
[  388.716735][ T5826] Bluetooth: hci7: command 0x0c1a tx timeout
[  388.722771][ T5826] Bluetooth: hci6: command 0x0c1a tx timeout
[  389.204953][ T1203] usb 5-1: USB disconnect, device number 46
[  390.000683][   T30] audit: type=1400 audit(1759540205.635:524): avc:  denied  { listen } for  pid=9916 comm="syz.4.1056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  390.055455][ T5836] Bluetooth: hci5: command 0x0c1a tx timeout
[  390.178925][ T9922] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1055'.
[  390.814629][ T5836] Bluetooth: hci6: command 0x0c1a tx timeout
[  390.871225][   T30] audit: type=1400 audit(1759540206.505:525): avc:  denied  { connect } for  pid=9934 comm="syz.4.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  391.237305][ T9941] sp0: Synchronizing with TNC
[  391.332303][   T30] audit: type=1404 audit(1759540206.955:526): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[  391.526224][   T30] audit: type=1400 audit(1759540207.005:527): avc:  denied  { search } for  pid=5488 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=0
[  391.582622][   T30] audit: type=1400 audit(1759540207.025:528): avc:  denied  { read write } for  pid=9927 comm="syz.1.1058" name="video6" dev="devtmpfs" ino=937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=0
[  391.656619][   T30] audit: type=1400 audit(1759540207.035:529): avc:  denied  { create } for  pid=9939 comm="syz.7.1064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  391.707627][   T30] audit: type=1400 audit(1759540207.055:530): avc:  denied  { create } for  pid=9939 comm="syz.7.1064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=0
[  391.754872][   T30] audit: type=1400 audit(1759540207.055:531): avc:  denied  { map_create } for  pid=9932 comm="syz.5.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  391.794715][   T30] audit: type=1400 audit(1759540207.115:532): avc:  denied  { read write } for  pid=9939 comm="syz.7.1064" name="rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=0
[  391.894403][   T30] audit: type=1400 audit(1759540207.165:533): avc:  denied  { prog_load } for  pid=9932 comm="syz.5.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  393.804492][ T9970] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1069'.
[  395.106233][   T30] kauditd_printk_skb: 2764 callbacks suppressed
[  395.106244][   T30] audit: type=1400 audit(1759540210.745:3298): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  395.155890][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  395.185359][ T5488] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  395.221219][ T5488] audit: backlog limit exceeded
[  395.238918][   T30] audit: type=1400 audit(1759540210.745:3299): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  395.269059][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  395.279894][ T5488] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[  395.293546][ T5488] audit: backlog limit exceeded
[  395.334607][ T5836] Bluetooth: hci7: command 0x0c1a tx timeout
[  395.354739][ T9984] audit: audit_backlog=65 > audit_backlog_limit=64
[  395.354895][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  395.615128][ T5836] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  395.624908][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:8 Not tainted syzkaller #0 PREEMPT(full) 
[  395.624931][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  395.624945][ T5836] Workqueue: hci5 hci_rx_work
[  395.624975][ T5836] Call Trace:
[  395.624981][ T5836]  <TASK>
[  395.624987][ T5836]  dump_stack_lvl+0x16c/0x1f0
[  395.625016][ T5836]  sysfs_warn_dup+0x7f/0xa0
[  395.625042][ T5836]  sysfs_create_dir_ns+0x24b/0x2b0
[  395.625068][ T5836]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  395.625092][ T5836]  ? find_held_lock+0x2b/0x80
[  395.625122][ T5836]  ? do_raw_spin_unlock+0x172/0x230
[  395.625147][ T5836]  kobject_add_internal+0x2c4/0x9b0
[  395.625169][ T5836]  kobject_add+0x16e/0x240
[  395.625187][ T5836]  ? __pfx_kobject_add+0x10/0x10
[  395.625206][ T5836]  ? do_raw_spin_unlock+0x172/0x230
[  395.625229][ T5836]  ? kobject_put+0xab/0x5a0
[  395.625266][ T5836]  device_add+0x288/0x1aa0
[  395.625290][ T5836]  ? __pfx_dev_set_name+0x10/0x10
[  395.625316][ T5836]  ? __pfx_device_add+0x10/0x10
[  395.625338][ T5836]  ? mgmt_send_event_skb+0x2fb/0x460
[  395.625371][ T5836]  hci_conn_add_sysfs+0x17e/0x230
[  395.625408][ T5836]  le_conn_complete_evt+0x1260/0x2150
[  395.625443][ T5836]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  395.625469][ T5836]  ? hci_event_packet+0x459/0x11c0
[  395.625504][ T5836]  hci_le_conn_complete_evt+0x23c/0x370
[  395.625535][ T5836]  hci_le_meta_evt+0x354/0x5e0
[  395.625561][ T5836]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  395.625590][ T5836]  hci_event_packet+0x682/0x11c0
[  395.625613][ T5836]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  395.625635][ T5836]  ? __pfx_hci_event_packet+0x10/0x10
[  395.625658][ T5836]  ? kcov_remote_start+0x3c9/0x6d0
[  395.625680][ T5836]  ? lockdep_hardirqs_on+0x7c/0x110
[  395.625707][ T5836]  hci_rx_work+0x2c5/0x16b0
[  395.625730][ T5836]  ? rcu_is_watching+0x12/0xc0
[  395.625756][ T5836]  process_one_work+0x9cf/0x1b70
[  395.625785][ T5836]  ? __pfx_process_one_work+0x10/0x10
[  395.625812][ T5836]  ? assign_work+0x1a0/0x250
[  395.625832][ T5836]  worker_thread+0x6c8/0xf10
[  395.625863][ T5836]  ? __pfx_worker_thread+0x10/0x10
[  395.625882][ T5836]  kthread+0x3c2/0x780
[  395.625901][ T5836]  ? __pfx_kthread+0x10/0x10
[  395.625920][ T5836]  ? rcu_is_watching+0x12/0xc0
[  395.625942][ T5836]  ? __pfx_kthread+0x10/0x10
[  395.625960][ T5836]  ret_from_fork+0x56a/0x730
[  395.625976][ T5836]  ? __pfx_kthread+0x10/0x10
[  395.625994][ T5836]  ret_from_fork_asm+0x1a/0x30
[  395.626027][ T5836]  </TASK>
[  395.626047][ T5836] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  395.889696][ T5836] Bluetooth: hci5: failed to register connection device
[  396.138043][ T9995] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  397.843265][T10021] netlink: 'syz.4.1088': attribute type 4 has an invalid length.
[  397.964897][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  398.050222][T10028] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10028 comm=syz.7.1091
[  398.102921][T10028] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1091'.
[  399.762488][T10043] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  399.814683][T10043] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  399.848929][T10043] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  399.888024][T10043] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  399.890307][T10043] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  399.890336][T10043] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  399.891127][T10043] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  399.891142][T10043] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  399.937647][T10043] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  399.937669][T10043] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  399.938226][T10043] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  399.938241][T10043] Bluetooth: hci7: Error when powering off device on rfkill (-4)
[  400.291705][   T30] kauditd_printk_skb: 10275 callbacks suppressed
[  400.291722][   T30] audit: type=1400 audit(1759540215.705:10850): avc:  denied  { read write } for  pid=10087 comm="syz.4.1114" name="nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0
[  400.291769][   T30] audit: type=1400 audit(1759540215.845:10851): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.291806][   T30] audit: type=1400 audit(1759540215.845:10852): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.291841][   T30] audit: type=1400 audit(1759540215.845:10853): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.291877][   T30] audit: type=1400 audit(1759540215.845:10854): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.291914][   T30] audit: type=1400 audit(1759540215.845:10855): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.291951][   T30] audit: type=1400 audit(1759540215.845:10856): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.291987][   T30] audit: type=1400 audit(1759540215.845:10857): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.292024][   T30] audit: type=1400 audit(1759540215.845:10858): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  400.292062][   T30] audit: type=1400 audit(1759540215.845:10859): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  401.110215][T10110] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  402.766472][T10140] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  403.951456][T10157] trusted_key: encrypted_key: insufficient parameters specified
[  404.004234][T10158] trusted_key: encrypted_key: master key parameter 'defauÇt' is invalid
[  404.154207][T10158] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  404.192775][T10158] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  404.805240][T10166] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1142'.
[  405.043088][T10171] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1143'.
[  405.295018][   T30] kauditd_printk_skb: 9316 callbacks suppressed
[  405.295033][   T30] audit: type=1400 audit(1759540220.925:19882): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  405.312732][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  405.334848][ T5488] audit: audit_lost=1011 audit_rate_limit=0 audit_backlog_limit=64
[  405.342918][ T5488] audit: backlog limit exceeded
[  405.348230][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  405.354808][ T5488] audit: audit_lost=1012 audit_rate_limit=0 audit_backlog_limit=64
[  405.397969][ T5488] audit: backlog limit exceeded
[  405.403461][ T5827] audit: audit_backlog=65 > audit_backlog_limit=64
[  405.561180][T10185] audit: audit_backlog=65 > audit_backlog_limit=64
[  405.567793][T10185] audit: audit_lost=1013 audit_rate_limit=0 audit_backlog_limit=64
[  406.597244][T10208] netlink: 'syz.5.1155': attribute type 10 has an invalid length.
[  406.688864][T10208] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  407.118418][T10228] netlink: 52 bytes leftover after parsing attributes in process `syz.7.1163'.
[  408.363242][T10252] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1172'.
[  408.567921][T10259] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1175'.
[  408.806186][T10269] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  409.495600][T10294] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1189'.
[  410.181500][T10308] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  410.268757][T10315] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10315 comm=syz.1.1197
[  410.304923][   T30] kauditd_printk_skb: 11601 callbacks suppressed
[  410.304939][   T30] audit: type=1400 audit(1759540225.935:26387): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  410.374437][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  410.375181][T10315] audit: audit_backlog=65 > audit_backlog_limit=64
[  410.397762][T10315] audit: audit_lost=2713 audit_rate_limit=0 audit_backlog_limit=64
[  410.416616][   T30] audit: type=1400 audit(1759540225.935:26388): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  410.447507][T10315] audit: backlog limit exceeded
[  410.457605][ T5488] audit: audit_lost=2714 audit_rate_limit=0 audit_backlog_limit=64
[  410.466245][T10317] audit: audit_backlog=65 > audit_backlog_limit=64
[  410.474928][   T30] audit: type=1400 audit(1759540225.945:26389): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  410.505109][T10317] audit: audit_lost=2715 audit_rate_limit=0 audit_backlog_limit=64
[  410.537589][T10317] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10317 comm=syz.4.1198
[  410.550899][T10315] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1197'.
[  410.651534][T10317] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1198'.
[  411.213651][T10340] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1206'.
[  411.505887][T10344] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1206'.
[  411.525284][T10344] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1206'.
[  412.170418][T10352] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  414.381039][T10414] netlink: 'syz.5.1230': attribute type 1 has an invalid length.
[  414.399693][T10414] 8021q: adding VLAN 0 to HW filter on device bond1
[  414.439506][T10414] bond1: (slave gretap1): making interface the new active one
[  414.457534][T10414] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  415.314857][   T30] kauditd_printk_skb: 5686 callbacks suppressed
[  415.314872][   T30] audit: type=1400 audit(1759540230.945:32068): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  415.390941][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  415.425764][ T5488] audit: audit_lost=2718 audit_rate_limit=0 audit_backlog_limit=64
[  415.445336][T10426] audit: audit_backlog=65 > audit_backlog_limit=64
[  415.492005][T10426] audit: audit_lost=2719 audit_rate_limit=0 audit_backlog_limit=64
[  415.503840][ T5488] audit: backlog limit exceeded
[  415.515280][T10427] audit: audit_backlog=65 > audit_backlog_limit=64
[  415.517760][   T30] audit: type=1400 audit(1759540230.955:32069): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  415.548935][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  415.567571][T10427] audit: audit_lost=2720 audit_rate_limit=0 audit_backlog_limit=64
[  417.448148][T10458] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  419.720059][T10476] block device autoloading is deprecated and will be removed.
[  420.326275][   T30] kauditd_printk_skb: 14461 callbacks suppressed
[  420.326289][   T30] audit: type=1400 audit(1759540235.965:38154): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.426012][   T30] audit: type=1400 audit(1759540235.965:38155): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.449189][T10497] netlink: 'syz.5.1256': attribute type 4 has an invalid length.
[  420.458090][   T30] audit: type=1400 audit(1759540235.965:38156): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.505722][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  420.512414][   T30] audit: type=1400 audit(1759540235.965:38157): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.537462][   T30] audit: type=1400 audit(1759540235.965:38158): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.562681][   T30] audit: type=1400 audit(1759540235.965:38159): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.603701][   T30] audit: type=1400 audit(1759540235.965:38160): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  420.625124][ T5488] audit: audit_lost=5513 audit_rate_limit=0 audit_backlog_limit=64
[  420.626715][T10501] netlink: 'syz.5.1256': attribute type 4 has an invalid length.
[  420.646699][ T5488] audit: backlog limit exceeded
[  420.711837][T10505] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pid=10505 comm=syz.6.1257
[  420.875429][T10497] trusted_key: encrypted_key: insufficient parameters specified
[  421.025955][T10512] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10512 comm=syz.1.1259
[  421.089594][T10512] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1259'.
[  421.418464][T10516] vxlan0: entered promiscuous mode
[  421.434844][T10516] vxlan0: entered allmulticast mode
[  421.476662][ T3055] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  421.492588][ T3055] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  421.542549][ T3055] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  421.594874][ T3055] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  422.744882][T10546] netlink: 116 bytes leftover after parsing attributes in process `syz.5.1271'.
[  423.920743][T10572] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  425.438794][   T30] kauditd_printk_skb: 4390 callbacks suppressed
[  425.438807][   T30] audit: type=1400 audit(1759540240.935:42341): avc:  denied  { create } for  pid=10577 comm="syz.1.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=0
[  425.528098][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  425.556601][ T9405] audit: audit_backlog=65 > audit_backlog_limit=64
[  425.556813][   T30] audit: type=1400 audit(1759540241.105:42342): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  425.584781][ T5488] audit: audit_lost=5584 audit_rate_limit=0 audit_backlog_limit=64
[  425.593101][ T5488] audit: backlog limit exceeded
[  425.609760][T10592] audit: audit_backlog=65 > audit_backlog_limit=64
[  425.618853][ T8997] audit: audit_backlog=65 > audit_backlog_limit=64
[  425.619613][ T9405] audit: audit_lost=5585 audit_rate_limit=0 audit_backlog_limit=64
[  425.645043][T10592] audit: audit_lost=5586 audit_rate_limit=0 audit_backlog_limit=64
[  428.648750][T10671] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1310'.
[  428.717630][T10671] xfrm1: entered promiscuous mode
[  428.730749][T10671] xfrm1: entered allmulticast mode
[  428.749499][T10671] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1310'.
[  430.381327][T10697] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10697 comm=syz.4.1318
[  430.397979][T10697] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1318'.
[  430.446390][   T30] kauditd_printk_skb: 8697 callbacks suppressed
[  430.446404][   T30] audit: type=1400 audit(1759540246.084:47331): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  430.512421][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  430.525069][T10703] audit: audit_backlog=65 > audit_backlog_limit=64
[  430.531654][ T5488] audit: audit_lost=6823 audit_rate_limit=0 audit_backlog_limit=64
[  430.542448][T10703] audit: audit_lost=6824 audit_rate_limit=0 audit_backlog_limit=64
[  430.544165][ T8997] audit: audit_backlog=65 > audit_backlog_limit=64
[  430.551790][ T5488] audit: backlog limit exceeded
[  430.561916][   T30] audit: type=1400 audit(1759540246.114:47332): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  430.584457][T10703] audit: backlog limit exceeded
[  430.589445][ T8997] audit: audit_lost=6825 audit_rate_limit=0 audit_backlog_limit=64
[  433.249637][T10755] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  435.018029][T10796] vxlan0: entered promiscuous mode
[  435.053771][T10796] vxlan0: entered allmulticast mode
[  435.091403][ T9416] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  435.145586][ T9416] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  435.171013][ T9416] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  435.203762][ T9416] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  435.370120][T10803] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  435.376642][T10803] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  435.430372][T10803] vhci_hcd vhci_hcd.0: Device attached
[  435.515650][T10806] vhci_hcd: connection closed
[  435.584336][ T5488] audit_log_start: 5447 callbacks suppressed
[  435.584352][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  435.612995][ T3562] vhci_hcd: stop threads
[  435.623136][   T30] audit: type=1400 audit(1759540251.084:52419): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  435.644398][ T3562] vhci_hcd: release socket
[  435.644826][ T1203] vhci_hcd: vhci_device speed not set
[  435.665306][ T5488] audit: audit_lost=6946 audit_rate_limit=0 audit_backlog_limit=64
[  435.668495][ T3562] vhci_hcd: disconnect device
[  435.678370][ T5488] audit: backlog limit exceeded
[  435.854893][ T1203] usb 47-1: new full-speed USB device number 2 using vhci_hcd
[  435.897455][ T8997] audit: audit_backlog=65 > audit_backlog_limit=64
[  435.905480][T10815] audit: audit_backlog=65 > audit_backlog_limit=64
[  435.912010][T10815] audit: audit_lost=6947 audit_rate_limit=0 audit_backlog_limit=64
[  435.915282][   T30] audit: type=1400 audit(1759540251.084:52420): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  435.926463][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  435.947804][ T8997] audit: audit_lost=6948 audit_rate_limit=0 audit_backlog_limit=64
[  436.294442][T10820] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  436.673454][T10829] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1359'.
[  439.037484][T10876] Option 'D' to dns_resolver key: bad/missing value
[  439.340912][T10884] FAULT_INJECTION: forcing a failure.
[  439.340912][T10884] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.363354][T10884] CPU: 0 UID: 0 PID: 10884 Comm: syz.7.1380 Not tainted syzkaller #0 PREEMPT(full) 
[  439.363378][T10884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  439.363389][T10884] Call Trace:
[  439.363395][T10884]  <TASK>
[  439.363402][T10884]  dump_stack_lvl+0x16c/0x1f0
[  439.363431][T10884]  should_fail_ex+0x512/0x640
[  439.363461][T10884]  _copy_from_user+0x2e/0xd0
[  439.363489][T10884]  kstrtouint_from_user+0xd6/0x1d0
[  439.363512][T10884]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  439.363530][T10884]  ? __lock_acquire+0xb97/0x1ce0
[  439.363563][T10884]  proc_fail_nth_write+0x83/0x220
[  439.363586][T10884]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  439.363615][T10884]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  439.363636][T10884]  vfs_write+0x29d/0x11d0
[  439.363659][T10884]  ? __pfx___mutex_lock+0x10/0x10
[  439.363684][T10884]  ? __pfx_vfs_write+0x10/0x10
[  439.363717][T10884]  ? __fget_files+0x20e/0x3c0
[  439.363746][T10884]  ksys_write+0x12a/0x250
[  439.363763][T10884]  ? __pfx_ksys_write+0x10/0x10
[  439.363790][T10884]  do_syscall_64+0xcd/0x4e0
[  439.363816][T10884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.363834][T10884] RIP: 0033:0x7f8cabd8d97f
[  439.363849][T10884] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  439.363867][T10884] RSP: 002b:00007f8caccff030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  439.363884][T10884] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8cabd8d97f
[  439.363895][T10884] RDX: 0000000000000001 RSI: 00007f8caccff0a0 RDI: 0000000000000003
[  439.363906][T10884] RBP: 00007f8caccff090 R08: 0000000000000000 R09: 0000000000000000
[  439.363917][T10884] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  439.363927][T10884] R13: 00007f8cabfe6038 R14: 00007f8cabfe5fa0 R15: 00007ffdd7660b78
[  439.363953][T10884]  </TASK>
[  439.609153][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  439.617760][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  440.585434][   T30] kauditd_printk_skb: 6474 callbacks suppressed
[  440.585449][   T30] audit: type=1400 audit(1759540256.224:58783): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  440.617957][T10900] team0 (unregistering): Port device team_slave_0 removed
[  440.646409][T10900] team0 (unregistering): Port device team_slave_1 removed
[  440.705034][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  440.724406][ T5488] audit: audit_lost=6986 audit_rate_limit=0 audit_backlog_limit=64
[  440.738783][ T9405] audit: audit_backlog=65 > audit_backlog_limit=64
[  440.748975][ T5488] audit: backlog limit exceeded
[  440.754173][   T30] audit: type=1400 audit(1759540256.264:58784): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  440.788507][ T9405] audit: audit_lost=6987 audit_rate_limit=0 audit_backlog_limit=64
[  440.797425][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  440.848785][ T9405] audit: backlog limit exceeded
[  440.854988][ T5488] audit: audit_lost=6988 audit_rate_limit=0 audit_backlog_limit=64
[  440.994845][ T1203] vhci_hcd: vhci_device speed not set
[  441.057106][T10915] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10915 comm=syz.6.1391
[  441.207060][T10915] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1391'.
[  443.532728][T10942] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  445.631372][   T30] kauditd_printk_skb: 6646 callbacks suppressed
[  445.631387][   T30] audit: type=1400 audit(1759540261.264:64374): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  445.728697][   T30] audit: type=1400 audit(1759540261.304:64375): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  445.757531][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  445.782990][ T5819] audit: audit_backlog=65 > audit_backlog_limit=64
[  445.792462][ T5819] audit: audit_lost=7341 audit_rate_limit=0 audit_backlog_limit=64
[  445.801350][   T30] audit: type=1400 audit(1759540261.304:64376): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  445.831954][ T5819] audit: backlog limit exceeded
[  445.873803][T10978] audit: audit_backlog=65 > audit_backlog_limit=64
[  445.880545][   T30] audit: type=1400 audit(1759540261.304:64377): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  445.913010][T10978] audit: audit_lost=7342 audit_rate_limit=0 audit_backlog_limit=64
[  446.183831][T10983] pim6reg1: entered promiscuous mode
[  446.208324][T10983] pim6reg1: entered allmulticast mode
[  446.340678][ T5890] libceph: connect (1)[c::]:6789 error -101
[  446.354654][ T5890] libceph: mon0 (1)[c::]:6789 connect error
[  446.474123][ T5883] libceph: connect (1)[c::]:6789 error -101
[  446.487415][ T5883] libceph: mon0 (1)[c::]:6789 connect error
[  446.637753][ T5883] libceph: connect (1)[c::]:6789 error -101
[  446.649519][ T5883] libceph: mon0 (1)[c::]:6789 connect error
[  446.725297][T10992] netlink: 'syz.6.1416': attribute type 4 has an invalid length.
[  446.766451][ T5883] libceph: connect (1)[c::]:6789 error -101
[  446.772470][ T5883] libceph: mon0 (1)[c::]:6789 connect error
[  446.823640][T10992] netlink: 'syz.6.1416': attribute type 4 has an invalid length.
[  447.049768][T11001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11001 comm=syz.6.1416
[  447.165094][ T5878] libceph: connect (1)[c::]:6789 error -101
[  447.171713][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  447.296218][ T5883] libceph: connect (1)[c::]:6789 error -101
[  447.369209][T11007] netlink: 52 bytes leftover after parsing attributes in process `syz.7.1421'.
[  447.451839][ T5883] libceph: mon0 (1)[c::]:6789 connect error
[  447.459913][T10984] ceph: No mds server is up or the cluster is laggy
[  447.483588][T10983] ceph: No mds server is up or the cluster is laggy
[  447.792735][T11019] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  448.868883][T11039] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  450.641281][   T30] kauditd_printk_skb: 5056 callbacks suppressed
[  450.641295][   T30] audit: type=1400 audit(1759540266.234:68525): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  450.779888][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  450.850798][ T5488] audit: audit_lost=7646 audit_rate_limit=0 audit_backlog_limit=64
[  450.872440][   T30] audit: type=1400 audit(1759540266.274:68526): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  450.949885][ T5488] audit: backlog limit exceeded
[  451.024930][T11063] audit: audit_backlog=65 > audit_backlog_limit=64
[  451.153129][T11063] audit: audit_lost=7647 audit_rate_limit=0 audit_backlog_limit=64
[  451.174265][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  451.214142][ T5488] audit: audit_lost=7648 audit_rate_limit=0 audit_backlog_limit=64
[  451.273548][ T5488] audit: backlog limit exceeded
[  455.646112][   T30] kauditd_printk_skb: 4334 callbacks suppressed
[  455.646127][   T30] audit: type=1400 audit(1759540271.284:72860): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  455.720236][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  455.799690][T11128] audit: audit_backlog=65 > audit_backlog_limit=64
[  455.805377][ T5488] audit: audit_lost=7649 audit_rate_limit=0 audit_backlog_limit=64
[  455.814607][T11131] audit: audit_backlog=65 > audit_backlog_limit=64
[  455.821316][T11128] audit: audit_lost=7650 audit_rate_limit=0 audit_backlog_limit=64
[  455.834516][   T30] audit: type=1400 audit(1759540271.314:72861): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  455.855751][T11131] audit: audit_lost=7651 audit_rate_limit=0 audit_backlog_limit=64
[  455.856609][T11132] audit: audit_backlog=65 > audit_backlog_limit=64
[  455.874910][ T5488] audit: backlog limit exceeded
[  460.058897][T11180] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1474'.
[  460.184701][T11182] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1475'.
[  460.657318][   T30] kauditd_printk_skb: 5076 callbacks suppressed
[  460.670791][   T30] audit: type=1400 audit(1759540276.294:77406): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  460.711513][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  460.734932][ T5488] audit: audit_lost=7829 audit_rate_limit=0 audit_backlog_limit=64
[  460.752949][ T5488] audit: backlog limit exceeded
[  460.761216][ T5819] audit: audit_backlog=65 > audit_backlog_limit=64
[  460.795976][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  460.799399][   T30] audit: type=1400 audit(1759540276.294:77407): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  460.824293][ T5488] audit: audit_lost=7830 audit_rate_limit=0 audit_backlog_limit=64
[  461.075165][ T9534] audit: audit_backlog=65 > audit_backlog_limit=64
[  461.081672][ T9534] audit: audit_lost=7831 audit_rate_limit=0 audit_backlog_limit=64
[  462.290777][T11220] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  462.780266][T11232] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1494'.
[  464.004839][T11250] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11250 comm=syz.4.1501
[  464.148345][T11250] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1501'.
[  464.941274][T11260] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  465.665870][   T30] kauditd_printk_skb: 3975 callbacks suppressed
[  465.681055][   T30] audit: type=1400 audit(1759540281.284:80596): avc:  denied  { create } for  pid=11275 comm="syz.6.1512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0
[  465.698464][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  465.722162][ T5488] audit: audit_lost=8094 audit_rate_limit=0 audit_backlog_limit=64
[  465.741087][ T5488] audit: backlog limit exceeded
[  465.756862][T11278] audit: audit_backlog=65 > audit_backlog_limit=64
[  465.767082][T11278] audit: audit_lost=8095 audit_rate_limit=0 audit_backlog_limit=64
[  465.774290][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  465.781896][   T30] audit: type=1400 audit(1759540281.284:80597): avc:  denied  { map_create } for  pid=11275 comm="syz.6.1512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  465.782547][ T5488] audit: audit_lost=8096 audit_rate_limit=0 audit_backlog_limit=64
[  465.811412][T11278] audit: backlog limit exceeded
[  466.690993][T11294] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1514'.
[  466.701632][T11294] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  466.729978][T11294] 0ªî{X¹¦: entered allmulticast mode
[  466.755212][T11294] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  467.526501][T11314] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[  469.076513][T11346] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1534'.
[  469.365527][T11348] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=82 sclass=netlink_audit_socket pid=11348 comm=syz.5.1535
[  470.097960][T11370] FAULT_INJECTION: forcing a failure.
[  470.097960][T11370] name failslab, interval 1, probability 0, space 0, times 0
[  470.176873][T11370] CPU: 0 UID: 0 PID: 11370 Comm: syz.5.1544 Not tainted syzkaller #0 PREEMPT(full) 
[  470.176897][T11370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  470.176906][T11370] Call Trace:
[  470.176911][T11370]  <TASK>
[  470.176917][T11370]  dump_stack_lvl+0x16c/0x1f0
[  470.176943][T11370]  should_fail_ex+0x512/0x640
[  470.176966][T11370]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  470.176984][T11370]  should_failslab+0xc2/0x120
[  470.177004][T11370]  kmem_cache_alloc_node_noprof+0x78/0x770
[  470.177019][T11370]  ? __alloc_skb+0x2b2/0x380
[  470.177043][T11370]  ? __alloc_skb+0x2b2/0x380
[  470.177062][T11370]  __alloc_skb+0x2b2/0x380
[  470.177081][T11370]  ? __pfx___alloc_skb+0x10/0x10
[  470.177104][T11370]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  470.177132][T11370]  netlink_alloc_large_skb+0x69/0x140
[  470.177157][T11370]  netlink_sendmsg+0x698/0xdd0
[  470.177184][T11370]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.177215][T11370]  ____sys_sendmsg+0xa98/0xc70
[  470.177233][T11370]  ? copy_msghdr_from_user+0x10a/0x160
[  470.177254][T11370]  ? __pfx_____sys_sendmsg+0x10/0x10
[  470.177281][T11370]  ___sys_sendmsg+0x134/0x1d0
[  470.177303][T11370]  ? __pfx____sys_sendmsg+0x10/0x10
[  470.177352][T11370]  __sys_sendmsg+0x16d/0x220
[  470.177374][T11370]  ? __pfx___sys_sendmsg+0x10/0x10
[  470.177410][T11370]  do_syscall_64+0xcd/0x4e0
[  470.177433][T11370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.177449][T11370] RIP: 0033:0x7f122d38eec9
[  470.177466][T11370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.177481][T11370] RSP: 002b:00007f122e28b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  470.177495][T11370] RAX: ffffffffffffffda RBX: 00007f122d5e5fa0 RCX: 00007f122d38eec9
[  470.177505][T11370] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000003
[  470.177514][T11370] RBP: 00007f122e28b090 R08: 0000000000000000 R09: 0000000000000000
[  470.177523][T11370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.177531][T11370] R13: 00007f122d5e6038 R14: 00007f122d5e5fa0 R15: 00007ffd3973e068
[  470.177553][T11370]  </TASK>
[  470.675017][   T30] kauditd_printk_skb: 3582 callbacks suppressed
[  470.675030][   T30] audit: type=1400 audit(1759540286.314:83798): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  470.747652][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  470.762571][ T9405] audit: audit_backlog=65 > audit_backlog_limit=64
[  470.769410][ T5488] audit: audit_lost=8224 audit_rate_limit=0 audit_backlog_limit=64
[  470.779138][ T9534] audit: audit_backlog=65 > audit_backlog_limit=64
[  470.786475][ T9405] audit: audit_lost=8225 audit_rate_limit=0 audit_backlog_limit=64
[  470.794679][ T5488] audit: backlog limit exceeded
[  470.799798][   T30] audit: type=1400 audit(1759540286.334:83799): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  470.824199][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  470.825377][ T9534] audit: audit_lost=8226 audit_rate_limit=0 audit_backlog_limit=64
[  471.313334][T11391] FAULT_INJECTION: forcing a failure.
[  471.313334][T11391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.378021][T11391] CPU: 1 UID: 0 PID: 11391 Comm: syz.4.1552 Not tainted syzkaller #0 PREEMPT(full) 
[  471.378046][T11391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  471.378055][T11391] Call Trace:
[  471.378060][T11391]  <TASK>
[  471.378067][T11391]  dump_stack_lvl+0x16c/0x1f0
[  471.378093][T11391]  should_fail_ex+0x512/0x640
[  471.378119][T11391]  _copy_from_user+0x2e/0xd0
[  471.378145][T11391]  __sys_bpf+0x248/0x4980
[  471.378169][T11391]  ? __pfx___sys_bpf+0x10/0x10
[  471.378183][T11391]  ? find_held_lock+0x2b/0x80
[  471.378210][T11391]  ? find_held_lock+0x2b/0x80
[  471.378237][T11391]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  471.378272][T11391]  ? fput+0x9b/0xd0
[  471.378292][T11391]  ? ksys_write+0x1ac/0x250
[  471.378308][T11391]  ? __pfx_ksys_write+0x10/0x10
[  471.378329][T11391]  __x64_sys_bpf+0x78/0xc0
[  471.378343][T11391]  ? lockdep_hardirqs_on+0x7c/0x110
[  471.378364][T11391]  do_syscall_64+0xcd/0x4e0
[  471.378387][T11391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.378402][T11391] RIP: 0033:0x7f1d00f8eec9
[  471.378414][T11391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.378430][T11391] RSP: 002b:00007f1d01ec1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  471.378445][T11391] RAX: ffffffffffffffda RBX: 00007f1d011e5fa0 RCX: 00007f1d00f8eec9
[  471.378455][T11391] RDX: 0000000000000080 RSI: 0000200000000600 RDI: 0000000000000005
[  471.378464][T11391] RBP: 00007f1d01ec1090 R08: 0000000000000000 R09: 0000000000000000
[  471.378473][T11391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.378482][T11391] R13: 00007f1d011e6038 R14: 00007f1d011e5fa0 R15: 00007ffe18a4d728
[  471.378503][T11391]  </TASK>
[  472.087645][T11407] 8021q: VLANs not supported on ip_vti0
[  473.019295][T11428] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  475.687844][   T30] kauditd_printk_skb: 5434 callbacks suppressed
[  475.687860][   T30] audit: type=1400 audit(1759540291.324:88153): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  475.728750][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  475.738457][T11472] audit: audit_backlog=65 > audit_backlog_limit=64
[  475.745172][T11468] audit: audit_backlog=65 > audit_backlog_limit=64
[  475.749915][ T8997] audit: audit_backlog=65 > audit_backlog_limit=64
[  475.766313][T11472] audit: audit_lost=8587 audit_rate_limit=0 audit_backlog_limit=64
[  475.774682][T11474] audit: audit_backlog=65 > audit_backlog_limit=64
[  475.779083][ T5488] audit: audit_lost=8588 audit_rate_limit=0 audit_backlog_limit=64
[  475.789106][T11468] audit: audit_lost=8589 audit_rate_limit=0 audit_backlog_limit=64
[  475.797724][ T8997] audit: audit_lost=8590 audit_rate_limit=0 audit_backlog_limit=64
[  476.174019][T11489] netlink: 'syz.4.1589': attribute type 4 has an invalid length.
[  476.208128][T11489] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1589'.
[  476.459424][T11496] netlink: 'syz.4.1592': attribute type 13 has an invalid length.
[  476.504913][T11496] gretap0: refused to change device tx_queue_len
[  476.538830][T11496] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  479.368537][T11553] FAULT_INJECTION: forcing a failure.
[  479.368537][T11553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  479.421219][T11553] CPU: 0 UID: 0 PID: 11553 Comm: syz.6.1616 Not tainted syzkaller #0 PREEMPT(full) 
[  479.421244][T11553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  479.421254][T11553] Call Trace:
[  479.421260][T11553]  <TASK>
[  479.421267][T11553]  dump_stack_lvl+0x16c/0x1f0
[  479.421299][T11553]  should_fail_ex+0x512/0x640
[  479.421328][T11553]  _copy_from_user+0x2e/0xd0
[  479.421356][T11553]  kstrtouint_from_user+0xd6/0x1d0
[  479.421378][T11553]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  479.421398][T11553]  ? __lock_acquire+0xb97/0x1ce0
[  479.421432][T11553]  proc_fail_nth_write+0x83/0x220
[  479.421456][T11553]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  479.421485][T11553]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  479.421505][T11553]  vfs_write+0x29d/0x11d0
[  479.421528][T11553]  ? __pfx___mutex_lock+0x10/0x10
[  479.421555][T11553]  ? __pfx_vfs_write+0x10/0x10
[  479.421581][T11553]  ? __fget_files+0x20e/0x3c0
[  479.421609][T11553]  ksys_write+0x12a/0x250
[  479.421627][T11553]  ? __pfx_ksys_write+0x10/0x10
[  479.421654][T11553]  do_syscall_64+0xcd/0x4e0
[  479.421681][T11553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.421698][T11553] RIP: 0033:0x7f56b1b8d97f
[  479.421712][T11553] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  479.421727][T11553] RSP: 002b:00007f56b2a2a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  479.421740][T11553] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f56b1b8d97f
[  479.421747][T11553] RDX: 0000000000000001 RSI: 00007f56b2a2a0a0 RDI: 0000000000000003
[  479.421753][T11553] RBP: 00007f56b2a2a090 R08: 0000000000000000 R09: 0000000000000000
[  479.421759][T11553] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  479.421765][T11553] R13: 00007f56b1de6038 R14: 00007f56b1de5fa0 R15: 00007fff006b6388
[  479.421780][T11553]  </TASK>
[  479.824028][T11557] FAULT_INJECTION: forcing a failure.
[  479.824028][T11557] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  479.891739][T11557] CPU: 0 UID: 0 PID: 11557 Comm: syz.6.1618 Not tainted syzkaller #0 PREEMPT(full) 
[  479.891765][T11557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  479.891775][T11557] Call Trace:
[  479.891781][T11557]  <TASK>
[  479.891788][T11557]  dump_stack_lvl+0x16c/0x1f0
[  479.891818][T11557]  should_fail_ex+0x512/0x640
[  479.891849][T11557]  _copy_from_user+0x2e/0xd0
[  479.891878][T11557]  kstrtouint_from_user+0xd6/0x1d0
[  479.891900][T11557]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  479.891920][T11557]  ? __lock_acquire+0xb97/0x1ce0
[  479.891952][T11557]  proc_fail_nth_write+0x83/0x220
[  479.891976][T11557]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  479.892002][T11557]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  479.892021][T11557]  vfs_write+0x29d/0x11d0
[  479.892043][T11557]  ? __pfx___mutex_lock+0x10/0x10
[  479.892065][T11557]  ? __pfx_vfs_write+0x10/0x10
[  479.892080][T11557]  ? __fget_files+0x20e/0x3c0
[  479.892096][T11557]  ksys_write+0x12a/0x250
[  479.892108][T11557]  ? __pfx_ksys_write+0x10/0x10
[  479.892123][T11557]  do_syscall_64+0xcd/0x4e0
[  479.892140][T11557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.892152][T11557] RIP: 0033:0x7f56b1b8d97f
[  479.892160][T11557] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  479.892172][T11557] RSP: 002b:00007f56b2a2a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  479.892183][T11557] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f56b1b8d97f
[  479.892190][T11557] RDX: 0000000000000001 RSI: 00007f56b2a2a0a0 RDI: 0000000000000003
[  479.892197][T11557] RBP: 00007f56b2a2a090 R08: 0000000000000000 R09: 0000000000000000
[  479.892203][T11557] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  479.892209][T11557] R13: 00007f56b1de6038 R14: 00007f56b1de5fa0 R15: 00007fff006b6388
[  479.892223][T11557]  </TASK>
[  480.696690][ T5488] audit_log_start: 10062 callbacks suppressed
[  480.696705][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  480.730551][T11573] audit: audit_backlog=65 > audit_backlog_limit=64
[  480.749137][T11575] FAULT_INJECTION: forcing a failure.
[  480.749137][T11575] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.766656][ T8997] audit: audit_backlog=65 > audit_backlog_limit=64
[  480.773184][ T8997] audit: audit_lost=9830 audit_rate_limit=0 audit_backlog_limit=64
[  480.782416][T11573] audit: audit_lost=9831 audit_rate_limit=0 audit_backlog_limit=64
[  480.792810][ T5488] audit: audit_lost=9832 audit_rate_limit=0 audit_backlog_limit=64
[  480.802636][T11573] audit: backlog limit exceeded
[  480.813766][ T5488] audit: backlog limit exceeded
[  480.824023][T11575] CPU: 1 UID: 0 PID: 11575 Comm: syz.6.1624 Not tainted syzkaller #0 PREEMPT(full) 
[  480.824047][T11575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  480.824057][T11575] Call Trace:
[  480.824062][T11575]  <TASK>
[  480.824070][T11575]  dump_stack_lvl+0x16c/0x1f0
[  480.824099][T11575]  should_fail_ex+0x512/0x640
[  480.824128][T11575]  _copy_from_user+0x2e/0xd0
[  480.824157][T11575]  csum_and_copy_from_iter_full+0x21a/0x1f90
[  480.824184][T11575]  ? policy_nodemask+0xea/0x4e0
[  480.824208][T11575]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  480.824227][T11575]  ? alloc_pages_mpol+0x25a/0x550
[  480.824249][T11575]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  480.824281][T11575]  ip_generic_getfrag+0x170/0x270
[  480.824309][T11575]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  480.824338][T11575]  ? sk_page_frag_refill+0x6c/0x2f0
[  480.824362][T11575]  __ip_append_data+0x13fa/0x41a0
[  480.824385][T11575]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  480.824422][T11575]  ? __pfx___ip_append_data+0x10/0x10
[  480.824446][T11575]  ? do_raw_spin_lock+0x12c/0x2b0
[  480.824473][T11575]  ip_append_data+0x10f/0x1a0
[  480.824493][T11575]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  480.824522][T11575]  udp_sendmsg+0xa7e/0x2870
[  480.824545][T11575]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  480.824573][T11575]  ? avc_has_perm_noaudit+0x149/0x3b0
[  480.824593][T11575]  ? __pfx_udp_sendmsg+0x10/0x10
[  480.824611][T11575]  ? avc_has_perm+0x144/0x1f0
[  480.824643][T11575]  ? sock_has_perm+0x259/0x2f0
[  480.824664][T11575]  ? __pfx_sock_has_perm+0x10/0x10
[  480.824696][T11575]  ? inode_has_perm+0x16f/0x1d0
[  480.824721][T11575]  ? __pfx_udp_sendmsg+0x10/0x10
[  480.824739][T11575]  inet_sendmsg+0x105/0x140
[  480.824762][T11575]  sock_write_iter+0x509/0x610
[  480.824782][T11575]  ? __pfx_sock_write_iter+0x10/0x10
[  480.824810][T11575]  ? bpf_lsm_file_permission+0x9/0x10
[  480.824829][T11575]  ? security_file_permission+0x71/0x210
[  480.824857][T11575]  ? rw_verify_area+0xcf/0x6c0
[  480.824887][T11575]  vfs_write+0x7d3/0x11d0
[  480.824906][T11575]  ? __pfx_sock_write_iter+0x10/0x10
[  480.824926][T11575]  ? __pfx_vfs_write+0x10/0x10
[  480.824942][T11575]  ? find_held_lock+0x2b/0x80
[  480.824984][T11575]  ksys_write+0x1f8/0x250
[  480.825002][T11575]  ? __pfx_ksys_write+0x10/0x10
[  480.825027][T11575]  do_syscall_64+0xcd/0x4e0
[  480.825054][T11575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.825072][T11575] RIP: 0033:0x7f56b1b8eec9
[  480.825086][T11575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.825103][T11575] RSP: 002b:00007f56b2a2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  480.825120][T11575] RAX: ffffffffffffffda RBX: 00007f56b1de5fa0 RCX: 00007f56b1b8eec9
[  480.825131][T11575] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000003
[  480.825142][T11575] RBP: 00007f56b2a2a090 R08: 0000000000000000 R09: 0000000000000000
[  480.825152][T11575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.825162][T11575] R13: 00007f56b1de6038 R14: 00007f56b1de5fa0 R15: 00007fff006b6388
[  480.825186][T11575]  </TASK>
[  480.951940][   T30] audit: type=1400 audit(1759540296.294:94496): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  480.966689][ T8997] audit: backlog limit exceeded
[  485.704926][   T30] kauditd_printk_skb: 9513 callbacks suppressed
[  485.704940][   T30] audit: type=1400 audit(1759540301.344:100353): avc:  denied  { read } for  pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  485.782907][ T5488] audit: audit_backlog=65 > audit_backlog_limit=64
[  485.797901][ T9534] audit: audit_backlog=65 > audit_backlog_limit=64
[  485.804422][ T9534] audit: audit_lost=11052 audit_rate_limit=0 audit_backlog_limit=64
[  485.812770][ T5488] audit: audit_lost=11053 audit_rate_limit=0 audit_backlog_limit=64
[  485.821011][   T30] audit: type=1400 audit(1759540301.344:100354): avc:  denied  { read write } for  pid=9534 comm="syz-executor" name="loop7" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  485.846854][ T9534] audit: backlog limit exceeded
[  485.858213][ T5488] audit: backlog limit exceeded
[  485.863419][T11651] audit: audit_backlog=65 > audit_backlog_limit=64
[  485.870305][T11650] audit: audit_backlog=65 > audit_backlog_limit=64
[  486.072512][T11659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11659 comm=syz.1.1656
[  486.156479][T11659] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1656'.
[  486.924925][   T31] INFO: task syz.3.897:9248 blocked for more than 143 seconds.
[  486.959716][   T31]       Not tainted syzkaller #0
[  486.983849][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  487.019926][   T31] task:syz.3.897       state:D stack:28856 pid:9248  tgid:9244  ppid:5817   task_flags:0x400040 flags:0x00080002
[  487.072723][   T31] Call Trace:
[  487.089860][   T31]  <TASK>
[  487.101041][   T31]  __schedule+0x1190/0x5de0
[  487.119986][   T31]  ? __lock_acquire+0x62e/0x1ce0
[  487.142879][   T31]  ? __pfx___schedule+0x10/0x10
[  487.158901][   T31]  ? find_held_lock+0x2b/0x80
[  487.181475][   T31]  ? schedule+0x2d7/0x3a0
[  487.200539][   T31]  ? comedi_open+0xe0/0x5a0
[  487.227910][   T31]  schedule+0xe7/0x3a0
[  487.253429][   T31]  schedule_preempt_disabled+0x13/0x30
[  487.298144][   T31]  __mutex_lock+0x818/0x1060
[  487.321464][   T31]  ? comedi_open+0xe0/0x5a0
[  487.355144][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  487.385139][   T31]  ? __pfx_comedi_open+0x10/0x10
[  487.404925][   T31]  ? comedi_open+0xe0/0x5a0
[  487.431591][   T31]  ? __pfx_comedi_open+0x10/0x10
[  487.444611][   T31]  comedi_open+0xe0/0x5a0
[  487.455658][   T31]  ? __pfx_comedi_open+0x10/0x10
[  487.468336][   T31]  chrdev_open+0x231/0x6a0
[  487.480639][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  487.491854][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  487.508603][   T31]  do_dentry_open+0x982/0x1530
[  487.523033][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  487.534876][   T31]  vfs_open+0x82/0x3f0
[  487.545286][   T31]  path_openat+0x1de4/0x2cb0
[  487.554775][   T31]  ? __pfx_path_openat+0x10/0x10
[  487.570939][   T31]  do_filp_open+0x20b/0x470
[  487.582237][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  487.593957][   T31]  ? alloc_fd+0x471/0x7d0
[  487.605009][   T31]  do_sys_openat2+0x11b/0x1d0
[  487.610395][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  487.618839][   T31]  __x64_sys_openat+0x174/0x210
[  487.624030][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  487.630433][   T31]  ? fput+0x9b/0xd0
[  487.691944][   T31]  do_syscall_64+0xcd/0x4e0
[  487.699982][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.711769][   T31] RIP: 0033:0x7f019ab8eec9
[  487.724893][   T31] RSP: 002b:00007f019baec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  487.747791][   T31] RAX: ffffffffffffffda RBX: 00007f019ade6090 RCX: 00007f019ab8eec9
[  487.767786][   T31] RDX: 0000000000002000 RSI: 0000200000000040 RDI: 00000000ffffff9c
[  487.787596][   T31] RBP: 00007f019ac11f91 R08: 0000000000000000 R09: 0000000000000000
[  487.809225][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  487.830995][   T31] R13: 00007f019ade6128 R14: 00007f019ade6090 R15: 00007ffc79ee0ab8
[  487.849545][   T31]  </TASK>
[  487.858141][   T31] INFO: task syz.0.931:9379 blocked for more than 144 seconds.
[  487.875716][   T31]       Not tainted syzkaller #0
[  487.894119][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  487.912957][   T31] task:syz.0.931       state:D stack:28792 pid:9379  tgid:9377  ppid:5822   task_flags:0x400040 flags:0x00080002
[  487.941202][   T31] Call Trace:
[  487.950192][   T31]  <TASK>
[  487.958605][   T31]  __schedule+0x1190/0x5de0
[  487.968594][   T31]  ? __pfx___schedule+0x10/0x10
[  487.979855][   T31]  ? find_held_lock+0x2b/0x80
[  487.991869][   T31]  ? schedule+0x2d7/0x3a0
[  488.008393][   T31]  ? comedi_open+0xe0/0x5a0
[  488.019624][   T31]  schedule+0xe7/0x3a0
[  488.032795][   T31]  schedule_preempt_disabled+0x13/0x30
[  488.046226][   T31]  __mutex_lock+0x818/0x1060
[  488.058777][   T31]  ? comedi_open+0xe0/0x5a0
[  488.067648][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  488.080619][   T31]  ? __pfx_comedi_open+0x10/0x10
[  488.092220][   T31]  ? comedi_open+0xe0/0x5a0
[  488.104220][   T31]  ? __pfx_comedi_open+0x10/0x10
[  488.118434][   T31]  comedi_open+0xe0/0x5a0
[  488.134170][   T31]  ? __pfx_comedi_open+0x10/0x10
[  488.145899][   T31]  chrdev_open+0x231/0x6a0
[  488.159331][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  488.171913][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  488.184762][   T31]  do_dentry_open+0x982/0x1530
[  488.194870][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  488.200702][   T31]  vfs_open+0x82/0x3f0
[  488.210713][   T31]  path_openat+0x1de4/0x2cb0
[  488.218888][   T31]  ? __pfx_path_openat+0x10/0x10
[  488.224848][   T31]  do_filp_open+0x20b/0x470
[  488.232470][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  488.239916][   T31]  ? alloc_fd+0x471/0x7d0
[  488.244664][   T31]  do_sys_openat2+0x11b/0x1d0
[  488.250749][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  488.256264][   T31]  __x64_sys_openat+0x174/0x210
[  488.261925][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  488.268226][   T31]  ? fput+0x9b/0xd0
[  488.273020][   T31]  do_syscall_64+0xcd/0x4e0
[  488.277933][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.284476][   T31] RIP: 0033:0x7f75f158eec9
[  488.289508][   T31] RSP: 002b:00007f75f24d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  488.298468][   T31] RAX: ffffffffffffffda RBX: 00007f75f17e6090 RCX: 00007f75f158eec9
[  488.307400][   T31] RDX: 0000000000002000 RSI: 0000200000000040 RDI: 00000000ffffff9c
[  488.316411][   T31] RBP: 00007f75f1611f91 R08: 0000000000000000 R09: 0000000000000000
[  488.324767][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  488.334548][   T31] R13: 00007f75f17e6128 R14: 00007f75f17e6090 R15: 00007ffeb6132e68
[  488.345662][   T31]  </TASK>
[  488.348843][   T31] 
[  488.348843][   T31] Showing all locks held in the system:
[  488.359291][   T31] 1 lock held by khungtaskd/31:
[  488.364442][   T31]  #0: ffffffff8e1c4120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  488.386081][   T31] 2 locks held by getty/5586:
[  488.391119][   T31]  #0: ffff8880350cd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  488.401896][   T31]  #1: ffffc900036c32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  488.413684][   T31] 1 lock held by syz.2.788/8806:
[  488.419067][   T31] 1 lock held by syz.3.897/9248:
[  488.424173][   T31]  #0: ffff88814cdca0f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xe0/0x5a0
[  488.436488][   T31] 1 lock held by syz.0.931/9379:
[  488.442016][   T31]  #0: ffff88814cdca0f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xe0/0x5a0
[  488.454021][   T31] 4 locks held by syz.4.1655/11660:
[  488.459961][   T31] 
[  488.463532][   T31] =============================================
[  488.463532][   T31] 
[  488.475410][   T31] NMI backtrace for cpu 0
[  488.475427][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  488.475449][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  488.475459][   T31] Call Trace:
[  488.475467][   T31]  <TASK>
[  488.475475][   T31]  dump_stack_lvl+0x116/0x1f0
[  488.475506][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  488.475525][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  488.475544][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  488.475565][   T31]  watchdog+0xf3f/0x1170
[  488.475593][   T31]  ? rcu_is_watching+0x12/0xc0
[  488.475623][   T31]  ? __pfx_watchdog+0x10/0x10
[  488.475646][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  488.475670][   T31]  ? __kthread_parkme+0x19e/0x250
[  488.475689][   T31]  ? __pfx_watchdog+0x10/0x10
[  488.475712][   T31]  kthread+0x3c2/0x780
[  488.475732][   T31]  ? __pfx_kthread+0x10/0x10
[  488.475754][   T31]  ? rcu_is_watching+0x12/0xc0
[  488.475778][   T31]  ? __pfx_kthread+0x10/0x10
[  488.475799][   T31]  ret_from_fork+0x56a/0x730
[  488.475817][   T31]  ? __pfx_kthread+0x10/0x10
[  488.475838][   T31]  ret_from_fork_asm+0x1a/0x30
[  488.475873][   T31]  </TASK>
[  488.475897][   T31] Sending NMI from CPU 0 to CPUs 1:
[  488.598252][    C1] NMI backtrace for cpu 1
[  488.598266][    C1] CPU: 1 UID: 0 PID: 7004 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
[  488.598282][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  488.598292][    C1] Workqueue: events_unbound toggle_allocation_gate
[  488.598312][    C1] RIP: 0010:cr4_update_irqsoff+0x57/0xb0
[  488.598333][    C1] Code: c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 04 84 d2 75 55 8b 05 1f 82 fd 0e 85 c0 74 0b 65 8b 05 e8 0e 18 12 85 c0 74 1c 48 f7 d6 <48> 89 f7 48 21 ef 48 09 df 48 39 fd 75 1c 48 83 c4 08 5b 5d c3 cc
[  488.598347][    C1] RSP: 0018:ffffc9000427f888 EFLAGS: 00000046
[  488.598357][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff20bec9e
[  488.598370][    C1] RDX: 0000000000000000 RSI: fffffffffffffeff RDI: 0000000000000000
[  488.598379][    C1] RBP: 00000000003526f0 R08: 0000000000000000 R09: fffffbfff1c6d626
[  488.598388][    C1] R10: ffffffff8e36b133 R11: 0000000000000000 R12: ffff888079d14b40
[  488.598397][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000010000
[  488.598406][    C1] FS:  0000000000000000(0000) GS:ffff888124f85000(0000) knlGS:0000000000000000
[  488.598420][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  488.598429][    C1] CR2: 0000200000402030 CR3: 000000000df82000 CR4: 00000000003526f0
[  488.598439][    C1] Call Trace:
[  488.598443][    C1]  <TASK>
[  488.598449][    C1]  switch_mm_irqs_off+0x52c/0x7f0
[  488.598463][    C1]  ? page_table_check_set+0x721/0x750
[  488.598479][    C1]  switch_mm+0x17/0x70
[  488.598490][    C1]  ? __kmalloc_noprof+0xf3/0x880
[  488.598509][    C1]  use_temporary_mm+0x101/0x150
[  488.598522][    C1]  ? __kmalloc_noprof+0xf3/0x880
[  488.598540][    C1]  __text_poke+0x3ac/0xb70
[  488.598555][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  488.598574][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  488.598589][    C1]  ? __pfx___text_poke+0x10/0x10
[  488.598605][    C1]  ? __kmalloc_noprof+0xf3/0x880
[  488.598625][    C1]  smp_text_poke_batch_finish+0x4f1/0xdb0
[  488.598646][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  488.598666][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[  488.598688][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  488.598708][    C1]  jump_label_update+0x376/0x550
[  488.598727][    C1]  static_key_disable_cpuslocked+0x158/0x1c0
[  488.598745][    C1]  static_key_disable+0x1a/0x20
[  488.598762][    C1]  toggle_allocation_gate+0x145/0x280
[  488.598777][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  488.598794][    C1]  ? rcu_is_watching+0x12/0xc0
[  488.598815][    C1]  process_one_work+0x9cf/0x1b70
[  488.598835][    C1]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  488.598853][    C1]  ? __pfx_process_one_work+0x10/0x10
[  488.598872][    C1]  ? assign_work+0x1a0/0x250
[  488.598888][    C1]  worker_thread+0x6c8/0xf10
[  488.598907][    C1]  ? __kthread_parkme+0x19e/0x250
[  488.598920][    C1]  ? __pfx_worker_thread+0x10/0x10
[  488.598935][    C1]  kthread+0x3c2/0x780
[  488.598950][    C1]  ? __pfx_kthread+0x10/0x10
[  488.598965][    C1]  ? rcu_is_watching+0x12/0xc0
[  488.598983][    C1]  ? __pfx_kthread+0x10/0x10
[  488.598998][    C1]  ret_from_fork+0x56a/0x730
[  488.599011][    C1]  ? __pfx_kthread+0x10/0x10
[  488.599026][    C1]  ret_from_fork_asm+0x1a/0x30
[  488.599048][    C1]  </TASK>
[  488.968068][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  488.974930][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  488.984028][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  488.994058][   T31] Call Trace:
[  488.997315][   T31]  <TASK>
[  489.000220][   T31]  dump_stack_lvl+0x3d/0x1f0
[  489.004793][   T31]  vpanic+0x640/0x6f0
[  489.008752][   T31]  panic+0xca/0xd0
[  489.012444][   T31]  ? __pfx_panic+0x10/0x10
[  489.016835][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  489.022186][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  489.028317][   T31]  ? watchdog+0xe48/0x1170
[  489.032712][   T31]  ? watchdog+0xe3b/0x1170
[  489.037105][   T31]  watchdog+0xe59/0x1170
[  489.041330][   T31]  ? rcu_is_watching+0x12/0xc0
[  489.046071][   T31]  ? __pfx_watchdog+0x10/0x10
[  489.050729][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  489.055910][   T31]  ? __kthread_parkme+0x19e/0x250
[  489.060923][   T31]  ? __pfx_watchdog+0x10/0x10
[  489.065586][   T31]  kthread+0x3c2/0x780
[  489.069635][   T31]  ? __pfx_kthread+0x10/0x10
[  489.074201][   T31]  ? rcu_is_watching+0x12/0xc0
[  489.078948][   T31]  ? __pfx_kthread+0x10/0x10
[  489.083513][   T31]  ret_from_fork+0x56a/0x730
[  489.088077][   T31]  ? __pfx_kthread+0x10/0x10
[  489.092644][   T31]  ret_from_fork_asm+0x1a/0x30
[  489.097393][   T31]  </TASK>
[  489.100581][   T31] Kernel Offset: disabled
[  489.104881][   T31] Rebooting in 86400 seconds..