last executing test programs:

14m30.541181101s ago: executing program 32 (id=126):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000d2030000000000000002000095000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1c, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="76287b2091905b28ca25c2f57bb04767ea9bc874ae8b5f8b70308652b0c0d6ee", @ANYRES32=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000900)='>', 0x1}], 0x1}, 0x800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0xfffffffc, 0x0, 0x0, 0x20000000]}})
poll(&(0x7f0000000380)=[{r1, 0x120}], 0x1, 0xae6)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r6, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abfe0055acc8ef039a5be42200000000000000000100", 0x38}, 0x60)
bind$nfc_llcp(r6, &(0x7f00000001c0)={0x27, 0x0, 0x1, 0x7, 0x1, 0x5, "78b032077654e16fbba309ac089345ae0058f834b8caf93019fead013e930b883cd3b01075f788ee73ff3dc81e3d5d626b2487a674ede7bc165808819d98d7", 0x2}, 0x60)
ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f00000000c0))
syz_usb_connect(0x1, 0x1b, &(0x7f0000001400)={{0x12, 0x1, 0x0, 0xcb, 0x5b, 0x38, 0x10, 0x19d2, 0x58, 0x9666, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x1, 0x0, 0x10}}]}}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mprotect(&(0x7f000044d000/0x1000)=nil, 0x1000, 0x3000009)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r8, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3m45.587930146s ago: executing program 5 (id=2473):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000340)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1})
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(r4, &(0x7f0000000300)='attr/current\x00')
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x2, 0x1000000, {0x1, 0x4, 0xe}}, 0x28)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, 0x0, &(0x7f0000000740), 0x75, r7}, 0x38)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0xffffff38, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010000100000000f5ffffff000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

3m44.804044936s ago: executing program 0 (id=2475):
syz_open_procfs(0x0, &(0x7f0000000480)='net/ip_vs_stats_percpu\x00')
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r0}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000340), 0x1000, r0}, 0x38)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, 0x0, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000100)=0x1, 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2(0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000003500)=""/102392, 0x18ff8)
ftruncate(0xffffffffffffffff, 0x8800000)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000200)='wg0\x00', 0x4)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)={0x34, r3, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x34}}, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb)
syz_emit_ethernet(0x9a, &(0x7f0000000040)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "000080", 0x64, 0x11, 0x0, @remote, @mcast2, {[], {0x0, 0x4e22, 0x4d, 0x0, @wg=@response={0x2, 0x0, 0x0, "eaf12af8010d489432cc01f9f39c6526ece5d2603725b9cabfc2c9f4513d3dfb", "201f3a70a41ef6c2fca06a9bd768d5f1", {"76c19815002000000000000000001000", "9514b06796dbf2ea9e520f1475c8f65b"}}}}}}}}, 0x0)

3m43.998800788s ago: executing program 0 (id=2476):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x2180, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000500), 0x40, 0x80)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="4400001000001500100000000000000000000000a8a8ab5d49ebe20e9de0a924a452d08ef231e04059577c69e704eec88eb3bb4de220bb62cb0d6f7b4348b2dd5ce52ba2e9ec35fbfb3af68cf732dd6dfce30b4585128f839b1bca58871fab53c0820af26d0f8e9f7c95c8216f1ad0b747f702097e004005fcfc59e6184fdb9c7e78", @ANYRESDEC=r0, @ANYBLOB="0100020000000000080004000a0000001c001a8018000a80140007"], 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x18}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f00000003c0)}, 0x20)
r4 = syz_open_procfs(0x0, &(0x7f0000000280)='io\x00')
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/230, 0xe6}], 0x1, 0x2000401, 0x9)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000018010040"])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x5, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRESDEC=r8, @ANYRES16, @ANYRESDEC=r1, @ANYRES8=r8, @ANYRES16=r3, @ANYRES64=r9, @ANYRES32=r8], &(0x7f0000000100)='GPL\x00', 0x2, 0x98, &(0x7f0000000140)=""/152, 0x41000, 0x41, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000240)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0xe, 0x5200000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000440)=[r10, r3, r4, r7], &(0x7f0000000480)=[{0x6, 0x1, 0x2, 0x5}], 0x10, 0x9, @void, @value}, 0x94)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setrlimit(0xe, &(0x7f0000000040)={0x6, 0x8001})
socket$inet(0x2, 0x3, 0x8d)
r11 = socket(0xa, 0x1, 0x0)
ioctl(r11, 0x8916, 0x0)
syz_open_dev$loop(0x0, 0x81, 0x2a82)
socket$netlink(0x10, 0x3, 0x0)
r12 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
ioctl$SNDCTL_DSP_SYNC(r12, 0x5001, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m43.830647913s ago: executing program 5 (id=2478):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1a, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b703000000000000850000009d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$packet(0x11, 0x2, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x7ff, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x1, 0xb, 0x7fffffff, 0x2}, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
socket$inet(0x2, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x90}}, 0x0)
getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r8, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x8084)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80)

3m43.271108465s ago: executing program 33 (id=2433):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r3}, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3, &(0x7f0000000f80)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x10}}, 0x0, 0x13f, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x200000, @void, @value}, 0x94)
write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0x2000)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000003b40)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b40)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x20}}, @TCA_RATE={0x6, 0x5, {0x7, 0x9}}]}, 0xfcf1}}, 0xc014)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
chdir(&(0x7f0000000100)='./file0\x00')
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
timer_create(0x2, &(0x7f0000000180)={0x0, 0x12, 0x1, @thr={&(0x7f0000000380)="7c512d5f49936932f773795d065479540e7a6a974316dd6eb7cde49d5568b91128c34a6b5f075961916a1642dc75125016c7dc32c32969b68b762a049eea134039690a0a04fe9175c5b259b8dc42f4d1fc0184244d6ac00aa97b8bd054e40ea4", &(0x7f0000000480)="8e47ca64078fff004e7e8d260f672b8f3589fbfff0967a6681b747e5ce3ac2af3ca8dd41d5c55f264a14d0d5935268880ca0ca040884527ad923ddcd3c37e852ad"}}, &(0x7f0000000200))
creat(&(0x7f00000001c0)='./file0\x00', 0x16c)

3m43.205427228s ago: executing program 0 (id=2480):
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
unshare(0x6a040000)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774"], 0x25c}}, 0x0)

3m42.086812437s ago: executing program 0 (id=2483):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1a, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b703000000000000850000009d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$packet(0x11, 0x2, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x7ff, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x1, 0xb, 0x7fffffff, 0x2}, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x90}}, 0x0)
getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r8, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x8084)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80)

3m42.010247603s ago: executing program 5 (id=2484):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4001d}, 0x2000e703)

3m41.786971701s ago: executing program 5 (id=2486):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="580000002f004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b0001006272696467650000280002800600060000040000050007000700000005002600010000000c002e000000000001ea"], 0x58}}, 0x0)

3m41.344785747s ago: executing program 5 (id=2487):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
r1 = io_uring_setup(0x7d2e, &(0x7f0000002380)={0x0, 0x38d9, 0x1046, 0x0, 0x3b8})
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0)
r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x0, 0x0})
io_uring_enter(r2, 0x14, 0xb9c, 0x3, 0x0, 0xffffffd5)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r1, 0xb, &(0x7f00000001c0), 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xae, 0x800002, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
accept4$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs, &(0x7f00000001c0)=0x6e, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f0000000480)={{0x1000, 0x2, 0x3, 0x1, 0xa5, 0x11, 0x80, 0x4, 0x8, 0x3, 0xff, 0x5}, {0x5000, 0x2000, 0xe, 0x6, 0xfd, 0x60, 0x7f, 0x6, 0x5, 0xc, 0xff, 0x16}, {0x0, 0x3000, 0xa, 0x8, 0xb3, 0x50, 0xe, 0x5, 0x3, 0x7, 0x4, 0x80}, {0xf000, 0xf000, 0x0, 0x6, 0x8, 0x4, 0x9, 0xc7, 0x5, 0xb, 0x0, 0xef}, {0x10000, 0x7777b000, 0x10, 0x0, 0xbc, 0x3, 0x1, 0xed, 0x0, 0x0, 0x0, 0x1}, {0x8000000, 0x8080000, 0xc, 0x3, 0x0, 0x20, 0x3, 0x80, 0x1, 0xd, 0x8}, {0xd000, 0xf000, 0xf, 0x1, 0x8, 0xe, 0xcc, 0x5, 0x10, 0x1, 0x2, 0x7}, {0x0, 0xdddd0000, 0xf, 0xd, 0xf, 0x3, 0x7f, 0x3, 0xc, 0x0, 0x6, 0x3}, {0x1, 0x6}, {0x6000, 0x7}, 0x80000010, 0x0, 0xe6f7e004, 0x4281, 0xc, 0x100, 0xeeee8000, [0x10000, 0x8, 0x1, 0x80000000]})
msgrcv(0x0, 0x0, 0x0, 0x3, 0x6000)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0)
ioctl$HDIO_GETGEO(r8, 0x301, &(0x7f0000000040))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r1, 0xc, 0x0, 0x0)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8)

3m41.230155288s ago: executing program 6 (id=2479):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='nilfs2\x00', 0x20a04e1, 0x0)
splice(r0, 0x0, r5, 0x0, 0x400000, 0x3)
setsockopt$RDS_GET_MR_FOR_DEST(r5, 0x114, 0x7, &(0x7f00000003c0)={@vsock, {&(0x7f0000000180)=""/92, 0x5c}, &(0x7f0000000100), 0x4}, 0xa0)

3m40.774422492s ago: executing program 34 (id=2479):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='nilfs2\x00', 0x20a04e1, 0x0)
splice(r0, 0x0, r5, 0x0, 0x400000, 0x3)
setsockopt$RDS_GET_MR_FOR_DEST(r5, 0x114, 0x7, &(0x7f00000003c0)={@vsock, {&(0x7f0000000180)=""/92, 0x5c}, &(0x7f0000000100), 0x4}, 0xa0)

3m40.769294639s ago: executing program 0 (id=2489):
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000000000))
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x146)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_connect$uac1(0x0, 0xd6, &(0x7f0000000a80)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc4, 0x3, 0x1, 0x0, 0x0, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x5}, [@processing_unit={0xb, 0x24, 0x7, 0x2, 0x2, 0x7, "db251206"}, @extension_unit={0x9, 0x24, 0x8, 0x2, 0x8, 0xf, "f752"}, @mixer_unit={0x9, 0x24, 0x4, 0x5, 0x6, "35966f7a"}, @extension_unit={0xb, 0x24, 0x8, 0x6, 0x7, 0x4, "6b236184"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x3, 0xcc, 0x2, {0x7, 0x25, 0x1, 0x2, 0x8, 0x7ff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x1, 0x7, 0x9, "81"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x80, 0x2, 0xa, 0x3, "6213", "f073"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0xa, 0x2, 0x1, 0x4, "da09fb", "93"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x8000, 0x5, 0xa0}, @as_header={0x7, 0x24, 0x1, 0x80, 0xdb, 0x1001}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x4, 0x81, 0x6, 0x2, "f45fb0"}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x6, 0x3, 0xfd, {0x7, 0x25, 0x1, 0x1, 0x5, 0x5}}}}}}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x1, 0x0, 0xff, 0xc7, 0x9}, 0xaa, &(0x7f0000000680)={0x5, 0xf, 0xaa, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x119, 0x0, 0xd, 0x0, 0xff}, @generic={0x9a, 0x10, 0x2, "81ac1cd1ca0933507559395a5ef17f31bda990965efa9090e8b6afb9f798da4c76253b77da2781a65d4db68a5f8d6bd1386decf91e94b70e116822a6fd9b5139e4887f8c3a2c492c38b9df9d8f22b855e711b57ff28e85d04b2bb03fab778dc2173fc1077af5be363eae5f9bd9320916151ffea3f37851062351293b88b1e5faf10ad3df5a84ec2c6515ff0655e7f6f4a55fc061357ec9"}]}, 0x9, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x83e}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x812}}, {0x57, &(0x7f0000000740)=ANY=[@ANYBLOB]}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x2428}}, {0x6, &(0x7f00000007c0)=ANY=[@ANYBLOB='w\x00\x00']}, {0x8d, &(0x7f0000000280)=ANY=[@ANYBLOB="8d036c326506a6cba6c5762101e719706cbfa1105545cda710d6308907008c9861513c01e95ce2e3f3597ede8fc6ea541f967ef4fd1705dc7089ac9af8cf8f1db1af570fedc3b2fc1878b028edd49c0d18b85bc48ad49ced73bac965fa10393105e3b62e135216776c6ed700feb13079ed7b8228ec210194023b6fb3338212a0e2fd19594e2dec"]}, {0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="360321338455755fa5887a77584fff36eb6af81f85856a96ce4fefec0cfc9b54dbd970ec887aedc66266090062ddcc92d46e58dc8c218aa76aefc489286f04cf65263e5f9e07dc762c12959ffe7824522ee54b12c88ab3299493f9a87a77c79a9dac9005388c1794671191b6943e81d123a6a07724bd35cb12ace2955aef04a1245bdd69e2bc4793dc9a305319531acc9b49e3290341e2a74b725bf2870bf055b057d80f57a8221eb81758649c830a04c6dda20167ffc605b7c5eeae06b404316bdb36a80f1435c5fc790e7edbd2c77545a602beb166be44c5c457bb37253ec38bb1e9c5b914a0e3f73bcff7f86d192ef0ef6407e7e2fa"]}, {0x5f, &(0x7f0000000900)=@string={0x5f, 0x3, "e7cbcbd9e3d5812bf68e5d828510525b9fd5e79ab29c353b300963de78a02f96e31c1f904d035ab054292baa5c7fc8bb78dc3d891c9f0cc918d73a13e52e4cbe8b9fcf0a576efb5aa8ea11438e14b1ecae8ea2ee11e16df2c251079b32"}}, {0x24, &(0x7f0000000980)=@string={0x24, 0x3, "a6ece74e7fe4fc6dc53370e178825b603ccfc8b52c4b030d690123d01b93ed32234d"}}]})
syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x2c, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {}, {0xfff3}}, [{0x8, 0xb, 0x202}]}, 0x2c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES16=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000d3c301cd5b5fcd2ca4a3a3cbe99e01be2c7b315bfe3e1854b24d00"/39], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000200), &(0x7f0000000240)=r4}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000625ce5"], 0x14}, 0x1, 0x0, 0x0, 0x2004001}, 0x40004)
syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r6)

3m40.767713125s ago: executing program 5 (id=2491):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = dup(r0)
io_setup(0x19, &(0x7f00000009c0)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x18000000, 0x0, 0x5, 0x0, r1, 0x0}])

3m40.65670623s ago: executing program 35 (id=2491):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = dup(r0)
io_setup(0x19, &(0x7f00000009c0)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x18000000, 0x0, 0x5, 0x0, r1, 0x0}])

3m40.409583019s ago: executing program 0 (id=2493):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0x154, 0x10, 0x1, 0x5401, 0x0, {{@in=@rand_addr=0x64010102, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in, 0x0, 0x32}, @in6=@loopback, {0xfffffffffffffffe, 0x5, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x80000}, {}, 0x0, 0x0, 0xa, 0x4, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0xffffffff, 0x1000000}}]}, 0x154}}, 0x0)

3m39.936954666s ago: executing program 36 (id=2493):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0x154, 0x10, 0x1, 0x5401, 0x0, {{@in=@rand_addr=0x64010102, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in, 0x0, 0x32}, @in6=@loopback, {0xfffffffffffffffe, 0x5, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x80000}, {}, 0x0, 0x0, 0xa, 0x4, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0xffffffff, 0x1000000}}]}, 0x154}}, 0x0)

2m53.830113818s ago: executing program 8 (id=2595):
kexec_load(0x0, 0x2, &(0x7f0000000900)=[{0x0, 0x0, 0x200000000, 0x3000000}, {0x0, 0x0, 0x0, 0x8000}], 0x0)

2m52.819871286s ago: executing program 8 (id=2597):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x401, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}]}, 0x3c}, 0xfe, 0x0, 0x0, 0x4008000}, 0x0)

2m52.715640458s ago: executing program 8 (id=2598):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0, 0x780e}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000004f00)=""/209, 0xd1}, {&(0x7f00000004c0)=""/261, 0x105}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000000240)=""/84, 0x54}, {&(0x7f0000000000)=""/244, 0xf4}], 0x5}, 0x80000000}], 0x4, 0x20, 0x0)

2m52.408166403s ago: executing program 8 (id=2600):
syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1c000000}, {{0x18, 0x1, 0x1, 0x3f00, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1000000}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2m51.061560448s ago: executing program 8 (id=2602):
socket$netlink(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x90)
rt_sigpending(0x0, 0x1000000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
accept$inet6(r1, 0x0, &(0x7f0000000080))
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write(r3, &(0x7f0000002d00)="6ca0e70d5d6b8084b9dc6d98a882cd79191e143fcaf2081c298f8d2be82813f47e8d5cecdeb483d6efd49b558d4338a0a544c198644642b3b277c356c0e06bed0bede83924a08f4f64857308290b04f6c36e51f110123266557f744f5ee75bfef409080d6d8c0b9ab6eff69b8dff45b3b7e956dbadea2e30bc4d537c87b62cd01534a9d5da786e4420aa5fd81aac3abaebc3030977dd9ac5368f739948f97c2f437f7af8f5a4f3ddef879fb746501010511db7e639f46bed88b540c648ccada0d1a58455ca3b1db14c7ce400f21295f5789f6ed67488d210945ef03ace21c595362813853a78f54a5d3d7a2924429fc2b9c2797eb6d8a9fa50e11200f0069e6fa495cc2046486c462bb31691af21fa85f67d66630203d5bbbf65c7ed779171a3548c40742ab0945c75909d22c9146ea2e617ebc20242b615f1f3da8eda7b17be2507cea13803bd60f98184111d05852e8bfafa85a0c73c3fb511e354f0998ff38243c5edc368aec4f9ed61c1de5d9c45b92923f5c6b331317073442c2df7065448329235b2e0205de2bc2dca067bf821f60bcb6883929e637654063513d639324f01996d14fe2cabfa310918e9e0c3e801184e2b00388b10e7217fddba21e546ff82509d1629834541f55fcbdd358a54fd236c79d7c64700e36551f5ea8ab2951f6641ea7b03c95b847632d685ab5bc43fc834ef03d2a8ce98db76d75fc2c59ebbafa9986f44e1b1aa19d0aede5f45b175b0dff239ca27e7059419f69907c6f71301082ddc3e137528308925e1970fee75d03a65aea4d5527cd5ad5f030b210798759774a49bfa63d87c8cad2b433a1bccd95a60b9117bef7bf20bf2252a6df1cf730758f1214bf61b22aa8bd6bd13a812978290e0cb84d85487184ae9f2521bd3161602aa498a21050cc9d1706698ac9809caf77cf594d2d4a613edab7169030edf44ef0913e202e8e95c2f4017cdfda0a0f2a97f4664812b6f8067ff44deb7f10926bbb70cd34200ddbc0ddd00d49c2f565dfd8845593f929572e6820a059f88a7f946f2450b67aa423d6ba224449d582270b9c716c9ffebf7107acf01da9f44bac12a94f7b097553893bc2770d317bb7396e38dda316a66eadf187b8cff1756f906a92e567c7363e9940c092efd3e9781d77db5af4fa7d3186b5746a72d4517895674dda3ee338ff7ffd2a2a3cedaca11f44d4c4d964a44ea7d7cb4c9b2dfb099faa1a82558a6a39183bb1320b0646f36d6095bc6dc0a5ce310211d47616735530bac407527fa68f2aae15e57943833bed81944605e7b15e09aa34c8724bdb367ab03fa3a558e5459b730f230a0f4fd0964e4b746529714cb3e4cc8cf0b4f40668eb6122e0b5e6e8d305fc59c8998e114ffec6fe93e44b64409ea04e4541ccec28c10dea8a33cfbbf5f78617a2bfcaa53107dd990a981bcb0775042db57949ef29084b7f3c2c331f40ff95a93e9dcb892e6c1621f0797b9d5164ddd0cb6d39a0b10ad0c101f7360c6b6bd4e05e0fd3bc273dd7075565fd9b5df7e97bbc41ca5d86b53817f0bd31e05eff002a26b6d0e4c795a478572870e05cf5e9568418a8a74aa63912efe406414995bdcf97b278f8f8b336cd00c5d3abc881dc3da17c3657863b3486e3c053be509f2b92d36d7376fb8ba5015c7a4cf1652aded805f2caeca327cb43ec337f8a18ec5e787a2f0970ec765147529d181604bdd5b6022706805615506023c6ebabe57150adc781ee7c2f66e82960760e586d7195117b75caef816a936f90a43507f157a509d90ed2699b90805737a78e20ead0beaca7e3adbee431990bb93916b18e0b8680fd9f734919c10cb1b74ed33b15b0f3d394bdae5de4e9ece3562077576e2f34eb2a9e529f70998f3654fb208d2ac38c853a468a4350965237bdd01a2172081a3db591c3f159133694a7ff6cb2e80bef2dd41af28cf760d51f71dc8bfa1c2f7cf6880fdfd2057373dc398652b442d14e7dc11d1219539b989e8437047cec9924cc019ae453cf6196397160f1da63d5099e6734e608ee4965d3f48579ccee9f551bc5a2a3ea2187fca4b890821761e428f9a66528a91af6f8a6c1bcd63051b5ffd0cc492a73f0f", 0x5d3)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030f000002000000000034000000080003000000ce"], 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0x1, 0x7}, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007"], 0x6c}}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r6, &(0x7f0000000140), 0x4924b68, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x9, 0x3, &(0x7f00000000c0)=@framed={{0x85, 0x0, 0x0, 0x0, 0xa0, 0x27}}, &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = add_key$user(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x0}, &(0x7f00000004c0)="a9c85c082fba884a98804fa52e2149a792d5379671a4fa626510aabb5b60579ad81c441a2ec75e521bc70f94bef65fd22f1e25e1b2260ffe797f2d21efc94bda48772b0ae710d7d18e8889f64a6e7a119c2786f6347a46ad4ea4948ddbc11d0a243fdca90fdf118e2e2dbc20036a8e1fb7f3ff0f7813f1782b6538105510515aae1e6ac0fca874935136aa454badecd869fed1f9b1bd9fba7a8f364032a2e0e730505927609720a36b9f141ca5c3335ae77f227b32f735952000dfe9d2a70737cee5da4862e25aba325c634edb81a9aed77cafc46fac091456a892ef894624d010ac029e5b79869a1d708f714f7b9094e77b98", 0xf3, 0xffffffffffffffff)
keyctl$instantiate(0xc, r8, &(0x7f00000005c0)=ANY=[@ANYBLOB="6e65772064656661756c7420757365723a73797a9705000000000000000ae9c8387a80a7d78bef8b83d786ba1f28cfe0d39ff0e29d301d7ddfe8ceea4706949c4f697c91f4a920faae21f765aeb9fc3f9fd7e9c6a0e1670ea47d6520303030303030303030303030303030303430393300f4a4664ea24f76b847cb9e7afff095cce10863ef25746f10ad8028a7f11a0d244362a9c61c40e10e7387d8a71f"], 0x73, 0xfffffffffffffffc)
keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55)

2m46.759807784s ago: executing program 8 (id=2614):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota')
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0xf4ffffff, 0x0)

2m30.180861418s ago: executing program 37 (id=2614):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota')
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0xf4ffffff, 0x0)

2m12.910244627s ago: executing program 7 (id=2703):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000100)={0x0})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000e00)=@newtaction={0x488, 0x30, 0x12f, 0x3c, 0x8100, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0xb, 0x4, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0xa4f, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1000, 0x10, 0xfffffffd, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6454f508, 0xb4, 0x0, 0x0, 0x1, 0x8000000, 0x0, 0x0, 0x11, 0x0, 0x3, 0x400000, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x100000, 0xb2e4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x140, 0x0, 0x3, 0x1, 0x4000000, 0x0, 0x0, 0x0, 0x934, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0xc, 0x0, 0x10000000, 0x0, 0x7, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2000, 0x0, 0x0, 0x7, 0x3, 0x8, 0xffffffff, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xffff3bac, 0xd, 0x2, 0x2000, 0x3, 0x0, 0x1000003, 0x0, 0xffffffd1, 0x480000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a3, 0x0, 0x6, 0x7ff, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x40, 0xfffffffd, 0x713b, 0x0, 0x0, 0x0, 0xffff, 0x1000000, 0xffffffff, 0x2, 0xfffffffd, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce2, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x2000000, 0xfffffff9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x10000000, 0x7, 0xff, 0x0, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x1, 0x0, 0x0, 0x0, {0x3, 0x2, 0x0, 0x0, 0x3, 0xffffc3fd}, {0x0, 0xf6c5d7a4e5a498ca, 0x1000, 0x8}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x0, 0x3}}}}]}]}, 0x488}, 0x1, 0x0, 0x0, 0x4044840}, 0x44004)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={0x0})
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
socket$unix(0x1, 0x2, 0x0)
r7 = dup(r1)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="b746b0a69a37a6eab4c7c9117f3bd21dc15d602538a870018a2fd2f5d00000c956f7d88670a1991086fab17ae1a0ad09820c4025663b9ce9a6", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',cache=fscache,\x00'])
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)

2m11.823167487s ago: executing program 7 (id=2705):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x74, 0x30, 0xb, 0x5, 0xffffff7f, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @private=0xa010102}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @multicast2}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x8890}, 0x40)

2m11.16957374s ago: executing program 7 (id=2706):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x315500, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr=0x1000000}})
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000300)={0x1d, r5, 0x0, {}, 0x1}, 0x18)
connect$can_j1939(r4, &(0x7f0000000640)={0x1d, r5, 0x0, {0x0, 0x0, 0x1}, 0x1}, 0x18)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x1000000000000a)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x24, 0x10, 0x1, 0x3, 0x0, {0x0, 0x0, 0x0, r5, {0xffe0}, {0xffff}, {0xe, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
close_range(r2, 0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x20}], 0x1, 0x0, 0x0, 0x0)

2m9.583882393s ago: executing program 7 (id=2709):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, 0x0, &(0x7f0000000040)='tracefs\x00', 0x0, &(0x7f00000006c0)='=\n\x9b\xa1Q\a\x00\n@\xf6\"2a\xd7\x1fch\x1a}#\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nR\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|\xd8ZE\x92\xb4\x18|\x14\xc8\x14\xab\xe3\xd2\xb8\xf9J\x13\xbc\xea\xccp;\xa5\xe8\r=\n\x9e\xfb\x17\"\xc4QJ\xdf\xa9\x02BQ\x11\b\xab\x14\xf7\x16\xde\xc3\x89\xc6d\xdd\x18\x01\xdd\xf3\xe2\xa5\xef\x02\x17T\x94\xb9\xd4v\xb1\xe3\xb7L\xe6>*\x11e\x18\xe7-\b\xe9\x87\x81,N\x1f\x94\xa4\xe5\xd6\xd4m\x92\xccg3jNvd\xd2O|c\xb3\xa0\xf2\xc6\\\x8a\'\xb3\x81S\x9b6\xf5\xb7\x93\v\xb0\aD\xb9\xf7>\xcf?\xea\xfb\xfc\xb9\x9d\xa5\xb5\xbc\xe2\xddUJN\xb2\xb7\x9c\xc3qk\x06\xdb\xd69\x8b\x00'/288)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c8d5ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a3200000000440005800800024000"], 0x2d4}, 0x1, 0x0, 0x300000000000000, 0x480c0}, 0x4040010)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x24005810)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SET_FEATURE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x20, 0x3fa, 0x400, 0x70bd27, 0x25dfdbfd, {0x1, 0x1, 0x1, 0x1}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x18008040}, 0x4004000)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000013b80)=ANY=[@ANYBLOB="280000001b14010000000000000000000800030001fc000008000100000000000800"], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2m8.110082593s ago: executing program 7 (id=2710):
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1f, 0xf, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc}, {{}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4c000000}, {0x85, 0x0, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0x9, 0x0, 0x4}, {0x65, 0x0, 0x6, 0x9}}, [], {{0x5, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='syzkaller\x00', 0xd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)

2m8.061440801s ago: executing program 7 (id=2711):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2$9p(0x0, 0x880)
sync()
recvmmsg(0xffffffffffffffff, &(0x7f00000020c0)=[{{&(0x7f0000000000)=@llc, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/45, 0x2d}, {&(0x7f00000001c0)=""/246, 0xf6}], 0x2, &(0x7f0000000300)=""/180, 0xb4}, 0xffffffff}, {{&(0x7f00000003c0)=@hci, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000100)=""/59, 0x3b}, {&(0x7f0000000440)=""/71, 0x47}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/185, 0xb9}, {&(0x7f0000000640)=""/138, 0x8a}, {&(0x7f0000000700)=""/72, 0x48}, {&(0x7f0000000780)=""/165, 0xa5}, {&(0x7f0000000840)=""/246, 0xf6}, {&(0x7f0000000940)=""/150, 0x96}, {&(0x7f0000000a00)=""/102, 0x66}], 0xa, &(0x7f0000000b40)=""/236, 0xec}, 0x1}, {{&(0x7f0000000c40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/228, 0xe4}, {&(0x7f0000001dc0)=""/216, 0xd8}, {&(0x7f0000001ec0)=""/142, 0x8e}], 0x4, &(0x7f0000001fc0)=""/234, 0xea}, 0x5}], 0x3, 0x40000100, &(0x7f0000002180)={0x77359400})
sync()
sync()
sync()
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000008, 0x2010, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r0)
sync()
sync()
sync()
sync()

1m51.204834363s ago: executing program 38 (id=2711):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2$9p(0x0, 0x880)
sync()
recvmmsg(0xffffffffffffffff, &(0x7f00000020c0)=[{{&(0x7f0000000000)=@llc, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/45, 0x2d}, {&(0x7f00000001c0)=""/246, 0xf6}], 0x2, &(0x7f0000000300)=""/180, 0xb4}, 0xffffffff}, {{&(0x7f00000003c0)=@hci, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000100)=""/59, 0x3b}, {&(0x7f0000000440)=""/71, 0x47}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/185, 0xb9}, {&(0x7f0000000640)=""/138, 0x8a}, {&(0x7f0000000700)=""/72, 0x48}, {&(0x7f0000000780)=""/165, 0xa5}, {&(0x7f0000000840)=""/246, 0xf6}, {&(0x7f0000000940)=""/150, 0x96}, {&(0x7f0000000a00)=""/102, 0x66}], 0xa, &(0x7f0000000b40)=""/236, 0xec}, 0x1}, {{&(0x7f0000000c40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/228, 0xe4}, {&(0x7f0000001dc0)=""/216, 0xd8}, {&(0x7f0000001ec0)=""/142, 0x8e}], 0x4, &(0x7f0000001fc0)=""/234, 0xea}, 0x5}], 0x3, 0x40000100, &(0x7f0000002180)={0x77359400})
sync()
sync()
sync()
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000008, 0x2010, 0xffffffffffffffff, 0x0)
syz_io_uring_complete(r0)
sync()
sync()
sync()
sync()

13.224049975s ago: executing program 9 (id=3003):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r4, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

12.189437974s ago: executing program 9 (id=3004):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r1 = fanotify_init(0x202, 0x1000)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
dup2(r1, r1)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0)
write$snapshot(r2, &(0x7f0000000300)="5c09aab66d4ab47448988fea841a08698c9944b9812972156e78b40855d416ebc74e7cec00cc55459449da0ac565b4124ed5e15bc14c2bab0cbd2e39016f6a42a2e117c49c8659c2991eca8608225c46f02b66b4f3b8118c5355cafc57a2976de38355f0eb9cb8438a0ec0616f2bbffb616f61814ad2a3b477e98c9f0ede308b49f1737a15c8612de9f41cf649a205aae6e06a094e1c183b53bb8168cc34035982b50405af9f3318c8df3598ed475b97cb77bc13e4d9ef7ec38460be97d664c3d4f388cf1eaaceb06924282d36e93b07684299624bda6dfd177228188359bde38e122cf77410038f4a3499ea97ddeca3d435348f670e1df2945197c7b387500d0eba51a04eeda0c78693848bbf758e1ca42baea149cff1d8a91bc49a563f363167ceb66b55cb9d65d7f8110dbcf7b2d726f5859e571e9122ee6337905cd1ebe0de5223c70b38ec6cc9d7fc3c9e8a4010f8dbf1153935914215a54a12cc227aaa96c22c075634e024ccce8652bfb25755b732263e5855bf48eb0bb1f16e90f2368d49ab94701176d667bf2c618bd09bc78870f1ffac671739f1ca6f5b3aaf6d2fc80da31e84f24b2682af4b5848a187c221108263f89e382cafb175fff5d1ce5ca123b7a8a56fbcb0e46173a2061aef5d86cff632de35ad10955bed7377eadc68df3566854a318aadb866a020857b7fe0c0218176d28ad009e64584c2691ea57975be895467d4f954b74e676ba5ad8b1179d058c26ed827a35f20f3aacb4fd2afb6a54801fb2344622b5d7388984e9395eb814ace55d22487a75f8df898aa3710f7ee7a228da67e6d6ab8e3c45649cc8f811fc43828e02fe3fac46c6ed89dcf9c19a3925f60eeaad9daa58fce2dd48c0743db7bad31c84a4f9c80d6dc26d59d1ea3341e270bad9b5391c615765623a2410b6fa56ce19bbc839395f92ed1f6123da89f358e85062ab157bb51787e97f65d5a2fc197d7957f9e7c4caca3fadf0e6a4676016d00b1e2c23a6f12e42ab4cc2fcb02a4017a492334997101818037a6394ef94a0cfb40639604b15136157d95c348493fb5a2636dde6839cf6d5589d50296c426311505a398e81bdd710ac5b571f132d16d2d5752bdd8180cff4209705f04019f776d3c8991c8874d2a9407573af2500894dc68215bd55475f7e1553221a71879bede58626ebb414924d6844d0c462b7de230aa9812bf0180974ca756db49d2c01326c9a8b5767f502be366ba74c7c844dc2e52c653f59f3fe60e6406f4d5fa46d179ce2d2147ae8e92d3d9acc41428d276469ccf8ab7c9567247410381942f36b0a5cd08865a8fd198b812060b199ab56fc416483f56a2ce1d9af9428d1f863718cbb8ba4b6d029f6b555135c69c6db559c3bff9ceceeb6081751dea5a7977971513f11f8af4c6d38c521cfe2eaa40f9f774137a5461740c8ce682ac5ed0ec68c4a7ed8aef8db392180edc4cf61218281fd04e3153495d1bd342d8215694a8da77dcea07371e4cbb13193267f62ffb347eac1a4c1eecb5fbc5147070367058d652c56715d9c27674fb726136f242298f4b49af6149b34004b3437bfec3cacf80e4b62afe5060276d2545d7b8d0aba2952eeb4d6c07d56a291b7bb516711a10ca3fff72b4f1b06927d735a1f9f2761fc89ca49d56d580d4a6263d0beaa4b28f4b601cc50a3a", 0x4a8)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001240)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$netlink(0x10, 0x3, 0x12)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x9a0441, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f00000001c0)='freezer.parent_freezing\x00', 0x0, 0x0)
preadv2(r5, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000010000a0000040500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000980))

9.511717842s ago: executing program 4 (id=3014):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x80, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x1, @mcast2}}, {{0xa, 0x0, 0x800, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x20000000}}}, 0x108)
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000080)={0x90002, 0x0, [0x5, 0x80000001, 0x81, 0x80000001, 0x8, 0x1, 0x2, 0xfffffffffffffff8]})
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x18c)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r4, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendfile(r3, r3, 0x0, 0xb)
ioctl$SG_IO(r2, 0x2285, 0x0)
syz_emit_ethernet(0x72, &(0x7f0000000240)={@random="64919d942631", @random="6487a2bed3d6", @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x5, 0x1, 0x2}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x300, 0x0, 0x0, 0x6c, 0x0, @private=0xfffffffd, @loopback}, {{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0xe, 0x7]}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x37}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x2c, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff0008000340000000384c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000200003801c00008008000340000000021000028007000280080001800000000014000000020a0102000000000000000000000000140000001000010000000000000000000084000a44262f1142fc8b624f70f255d10f6d1e0b0cc743df06e0c0aa6e6931945af75b36c80b78e555810420ebcfa449e08235d09b8ad53f41a869640fa31d01045a420b15c6fe319606afa93b8251cac5a0e62280d5726bd2329cf6"], 0xf4}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
pause()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc)
setresuid(0x0, 0x0, 0x0)

9.19212687s ago: executing program 3 (id=3015):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000000000000000000aa66a4e6dbc2487dd4ea7ca676cfd6f66b5f38f21d1473b91deafc231f415c3cf8d49a217be75ee576a94d95fd978bff636f24582ed82c397d3c9073a74beba810c21ae77cd5838a3194fb25215f0791766eaeb39b4225d67d8f2124ffce87d7516bd6ba6432cacc0722c382cef1e06198ee0cfde6e33d5a9faa712e64b9cdd4e59b5d1c5f54d9a1539871aa71e4e682d88d18e837a2c95a4acf4930dec634377e1799690b10e1f"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x13, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x1c}}, 0x4040040)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x3, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

8.508453636s ago: executing program 3 (id=3017):
syz_open_procfs(0x0, &(0x7f0000000200)='net/xfrm_stat\x00')
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x7, 0x40900)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r3, 0x114, 0x1d, 0x0, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040491}, 0x4000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x1, 0x21e, [0x200000002300, 0x0, 0x0, 0x2000000024be, 0x2000000024ee], 0x0, 0x0, &(0x7f0000002300)=ANY=[]}, 0x78)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
pipe(&(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)

8.063083555s ago: executing program 1 (id=3018):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = syz_io_uring_setup(0x88f, &(0x7f00000000c0)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
socket$inet6_sctp(0xa, 0x1, 0x84)

7.939928479s ago: executing program 9 (id=3019):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, 0x0)
io_uring_setup(0x7d2e, &(0x7f0000002380)={0x0, 0x38d9, 0x1046, 0x0, 0x3b8})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0x88, r5, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xad0, 0x51}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x39}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16d5}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2e}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16ee}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x31}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x1}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0xa6}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x8}]}, 0x88}, 0x1, 0x0, 0x0, 0x4004}, 0x20005054)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
readv(r1, &(0x7f0000000180)=[{&(0x7f0000000340)=""/178, 0xb2}], 0x1)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
sched_getattr(0x0, &(0x7f00000011c0)={0x38}, 0x59, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x149080, 0x8)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r7, 0x5411, &(0x7f0000000080)=@null)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r6, 0x100000000)

7.7021978s ago: executing program 4 (id=3020):
r0 = eventfd2(0xfffffe00, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000023000040"])
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="2c0000000b0601020000000000000000060000020500010007000000040001800900020073717a3100000000"], 0x2c}}, 0x8000)
r8 = openat$vcs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
io_submit(0x0, 0x7, &(0x7f0000000a00)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x6, 0x3dc, 0xffffffffffffffff, &(0x7f0000000300)="c02b214b92a56e8c3cd8f6cc21d4314c81619634735c3846fdbcb94e82bd1f669d9d6673195a9f4acc29acdb7cd923b606f73790a6d7faf078c78a0fec349c29f3d300e3ec7366afbba05e9643028f35a427fc143b3dc52d02b6e8d1e779206e5bed439188be57dc4a58e702cfe6881bf21df8d70dda724593a9b892f14e3d50d68f1e", 0x83, 0x2, 0x0, 0x1}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x7fff, 0xffffffffffffffff, &(0x7f00000003c0)="d8d27ff59901c7df47da6ff178945d8f585bd64c8128239dd83f499f5410b8ccfc910b80b446e4380dfbf5bebaa779", 0x2f, 0x7, 0x0, 0x1, r0}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x8, 0x10, r1, &(0x7f0000000440)="05ebac2295c1b666f59693a61bd851cbc1bca97ac02bbf7f694a5c7f0907adb8955a2d647d0d101a1d1663471a808bff006f9c9968538b13ccc3885e7039c745e8fb10213204bc65b4", 0x49, 0x5, 0x0, 0x2, r5}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3, r6, &(0x7f0000000540)="ce3e3f66618ed0c08ab08cc42d7f3cb7f7cf5484809e8a5b0e37efda36407f5008d9dfea79b1b970810a5ba648bd230a8323788e3c33c965319122f029b235c63a542d336741e8a5943d8e37c73840e0219b22f587a7e3742b80a30269bac36f48756e5d7327dffee95e972ac53d6c35e40dfbfdf8eb0e407a1e2d5034ea41aa8d4eb7", 0x83, 0x7ff, 0x0, 0x1}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x1, 0x3, r7, &(0x7f0000000640)="874cab2aa558d90afa0daa561fba5b31ead0e360ca165537231b64ce2e0678d2f5540bf966cfe86046a0549d404a870dd8c79a9a33598409c289864d0837b8f78625ebcce48ae5560742a187117ecb3adae4c2f8a1ce61338e31c70e657668504ba8eaebcf46589fe5c638840683d99d27d11d08d3ac2d15ff1f5a5058f2ab5984d43f9f967710f9f8fc9378789ffd2c018e93c752531590214849638bb216ffaadaefc0d50c74f9cb52f6fd3b2535ca41704266b63cb7f31679c0bc6d0e42f1a8c17e8df1f6ad46f4adb0477b1ff40ce8ff12b856313a80fc6c9c81f47808", 0xdf, 0x1c2, 0x0, 0x1, r8}, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x7, 0xf801, 0xffffffffffffffff, &(0x7f0000000840)="8a42", 0x2, 0xca, 0x0, 0x1}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x3, 0xfff8, r9, &(0x7f00000008c0)="039262aa8495b29f3a62cf94f653492b67674f72ad62999b7f7aa4927168978dce9f9679887907a117473169a8c77bc4942f2f66b79f3dd2d10d725d7695c74e28f26e8e49f73aff566125e0981b5a0f3c7481f97c6865e5da56f9fdf58a7bb90facae106607d4a939a9dab49e5e2e4b53f24c5d1d53faebc83d213eaa8bed1f59814cd2a1aa51c72469d5ca42d3c942fd2aea5b21eb6b0443d21f722d80fa7496e3f24f2c884c7e6167b14c53140a0f1910028f6d6f50ab0903dac82e3d8af0d68b601292c11b29bb3bd367028a9e58", 0xd0, 0xf, 0x0, 0x2}])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r10 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r11 = dup(r10)
write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c)
r12 = syz_io_uring_setup(0x4bb3, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r11}, &(0x7f0000000180)=<r13=>0x0, &(0x7f00000001c0)=<r14=>0x0)
syz_io_uring_submit(r13, r14, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r10, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r12, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r15 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r15, 0x227b, &(0x7f00000000c0)=0x1)
r16 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r16, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r16, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
ppoll(&(0x7f0000000000)=[{r16, 0x4}], 0x1, 0x0, 0x0, 0x0)
readv(r15, &(0x7f0000000000)=[{&(0x7f0000000100)=""/54, 0x36}], 0x1)

6.187566101s ago: executing program 9 (id=3021):
socket$inet6(0xa, 0x3, 0x8000000003c)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x1, @mcast2}}, {{0xa, 0x0, 0x800, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x20000000}}}, 0x108)
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x400002, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000000000ffff000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff0008000340000000384c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000200003801c00008008000340000000021000028007000280080001800000000014000000020a0102000000000000000000000000140000001000010000000000000000000084000a44262f1142fc8b624f70f255d10f6d1e0b0cc743df06e0c0aa6e6931945af75b36c80b78e555810420ebcfa449e08235d09b8ad53f41a869640fa31d01045a420b15c6fe319606afa93b8251cac5a0e62280d5726bd2329c"], 0xf4}}, 0x0)

5.065354595s ago: executing program 4 (id=3023):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0xe2a02)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x7, 0x7, 0x2, 0x1, @private1, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x7, 0x80, 0xb, 0x3}})
r1 = getpgrp(0xffffffffffffffff)
fcntl$lock(r0, 0x25, &(0x7f0000000040)={0x2, 0x0, 0x80000000, 0x3, r1})
poll(&(0x7f0000000140)=[{r0, 0x4010}], 0x1, 0x3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x90000005})
socket$nl_xfrm(0x10, 0x3, 0x6)
pipe2$9p(&(0x7f0000000000), 0x80080)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x1000000})
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='attr/exec\x00')
r8 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000300)={0xfffffffffffffd9f, 0x0, <r9=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r8, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r9, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r8, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r9, r9, 0x3, 0xfffffffffefffff8, 0x3fff})
close_range(r7, 0xffffffffffffffff, 0x0)

5.000318912s ago: executing program 1 (id=3024):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x60000000}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0)

4.058194738s ago: executing program 2 (id=3025):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)

4.011546059s ago: executing program 9 (id=3026):
syz_usb_connect(0x3, 0x176, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000064c76220560801bcbfb20102030109026401010000100009040f00026c992b00052406000005240080000d240f01010000001000042ca6042402021524120800a317a88b045e4f01a607c0ffcb7e392a0b2406000131702e67abdd05240009000d240f0108000000070002000206243304001c07240a7f070905e624137f91a0dbd05b01e3760020507a66e10058420ef758a17e613b6567d9e89464b6670dfb2f053c88511657b6a0c998aa1522a8521cc2447854b3f379f34106b9864f4bd25180ceeb7b87527974154030b49c2795083dd39795d3fcdf2fc27933882e2cfa89c6c1d08dc76091eacb32ebf6f4205ad89d3dcc5d2174885f0bf8cf9928bba4a8b5e41b5be792fb4c4eab35636587b7472808da71bac105dcac6803c571063911ca996722047e3478d9d48d32a83bdb2fd04e393057b7f0617212138458173a95c0ae14d13a8751f7ae732e77ebbfd2140d9deb2a8ebea5ac421cdd7dfb6eaf09050c020002fe00000905820b"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, 0xfffffffffffffffd) (async)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, 0xfffffffffffffffd)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
prlimit64(0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x8000000000000001, 0xb}, &(0x7f00000001c0))
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04050400c9"], 0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002, 0x41004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
setreuid(0xee01, 0xee01)
getpgrp(0x0) (async)
getpgrp(0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0)
socket$inet6(0xa, 0x3, 0x7)

3.948000577s ago: executing program 4 (id=3027):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, &(0x7f0000000080)=0x3, 0x4)
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x37)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x4000)
setresuid(r4, r4, 0x0)
setuid(0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r3, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)
write$evdev(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000009000000080000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000ddb9a013d41b58f81e41b23f4e1562c999c5b3be4ef18947468421881fd597bd09280000000000000000007b86bdd4aa1ee4bd4b86576b5b396f669c29f89570b2020ce566dbca083c76ccf7936c13896431562141dc2d986cb8c8b265f9893d6912f4901e4f90701acac9737a7ceacf43206194650851d961a39b04195cbb268beefb9e64688186f59da193000000000000"], 0x48)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000f5000000da9d9011ffffffff330000", @ANYRES32=r5, @ANYBLOB="000000000000000085000000c00000009500000000000000"], &(0x7f0000001680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mknod$loop(0x0, 0x200, 0x1)
pipe2$9p(&(0x7f0000000240), 0x80000)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x4})
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r7, 0x4040534e, &(0x7f0000000140)={0x1e6, @tick=0x9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000001c0)="9e36d449b388dd965f7ade1a96dd", 0x0, 0x10700, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)
mount$fuse(0x0, 0x0, 0x0, 0x1010, 0xfffffffffffffffc)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800e97800000000090000000a0000008100000008000500", @ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x84854}, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)="87f74d568b22e72c7b123a005503dac9db", 0x11, 0x20008080}, 0x8000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b"])
sendmsg$nl_route(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0)

3.947540244s ago: executing program 1 (id=3028):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x853, 0x148, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xfc}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
pipe(&(0x7f00000009c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0))
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
memfd_create(&(0x7f0000000bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[z\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x82\x10n1\xed\xba\xe3\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\xff\xe9\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\xaf\x88X\xbc', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107", @ANYRES32=r1], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, 0x0, 0x0)

3.881185202s ago: executing program 2 (id=3029):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0xe}]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r3=>0x0)
capset(&(0x7f0000000040)={0x19980330, r3}, &(0x7f0000000080)={0xc6, 0xc4, 0x1, 0x80000000, 0x3, 0x7})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000001040)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000001c0)={0x30, r6, 0x1, 0x70bd22, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r5, 0x2, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7fffffff, 0x47}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x8081}, 0x8000000)
close_range(r2, 0xffffffffffffffff, 0x10000000000000)

3.700503794s ago: executing program 3 (id=3030):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x80, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x1, @mcast2}}, {{0xa, 0x0, 0x800, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x20000000}}}, 0x108)
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000080)={0x90002, 0x0, [0x5, 0x80000001, 0x81, 0x80000001, 0x8, 0x1, 0x2, 0xfffffffffffffff8]})
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x18c)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r4, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendfile(r3, r3, 0x0, 0xb)
ioctl$SG_IO(r2, 0x2285, 0x0)
syz_emit_ethernet(0x72, &(0x7f0000000240)={@random="64919d942631", @random="6487a2bed3d6", @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x5, 0x1, 0x2}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x300, 0x0, 0x0, 0x6c, 0x0, @private=0xfffffffd, @loopback}, {{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0xe, 0x7]}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x37}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x2c, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff0008000340000000384c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000200003801c00008008000340000000021000028007000280080001800000000014000000020a0102000000000000000000000000140000001000010000000000000000000084000a44262f1142fc8b624f70f255d10f6d1e0b0cc743df06e0c0aa6e6931945af75b36c80b78e555810420ebcfa449e08235d09b8ad53f41a869640fa31d01045a420b15c6fe319606afa93b8251cac5a0e62280d5726bd2329cf6"], 0xf4}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
pause()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc)
setresuid(0x0, 0x0, 0x0)

3.604207767s ago: executing program 2 (id=3031):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0)
syz_usb_connect$uac1(0xebd985df01937ca, 0x71, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x3, 0x60, 0xb, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x4, 0x6, 0x6, {0x7, 0x25, 0x1, 0x1, 0x7, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x30, 0x4, 0xff, 0xf9, {0x7, 0x25, 0x1, 0x83, 0xfe, 0x9}}}}}}}]}}, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x200800, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="64000000100003040000000ffe000000000000ef", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB, @ANYBLOB], 0x64}}, 0x0)

3.603595438s ago: executing program 4 (id=3032):
syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000d9e5f720fd0b1c00e88c0102030109021b00010000000009047c0001c5d5370009051a084000000010"], 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000000)=0x1, 0x4)

2.836694628s ago: executing program 2 (id=3033):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xb, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000084)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4204, r4, 0x202, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}}, @NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0x7c}}, 0xfffffff5)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r5, 0x34, 0x1, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r6 = socket$kcm(0x10, 0x2, 0x4)
syz_open_dev$sg(0x0, 0x6, 0x8003)
sendmsg$kcm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)}], 0x1}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)

2.013552516s ago: executing program 9 (id=3034):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000040000000800000000080000", @ANYRES32, @ANYBLOB="020000000000efff0000800000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'dvmrp0\x00', @remote})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = timerfd_create(0x0, 0x0)
eventfd2(0x2, 0x80800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000001640)=""/4097, 0x693d4f623b09dbf1}], 0x1)
ioctl$TFD_IOC_SET_TICKS(r2, 0x40085400, &(0x7f0000000080)=0x6)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000027ba5000000000000000000000000000791200000095000000000000000000000ba2334230ff9efc9a7a86e4c5aeb8dec3840529c0ec7d2fcbc2ad6f5cf884836274846e4e4eb96bb0b8ef762ca01a7f9597be9c7a39b83a23870762e4bf0f06ce51f720154663dececc7345fbb6281aaae229bb026481e8b2674db9e5a096fa201df62cd32204c05a44ef1a47f6954d26d606451c1aa7aea181c75ebc27cac3a74821eac02cd1780c7671ecbcc1bb1dfb8f4d849bab4b5c47a15c"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001e008d2a00000000000000000a0000000ea5"], 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000700)={0x84, &(0x7f00000002c0)=ANY=[@ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000472600000000000000180b000000000000000000000000000095000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x400004, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000280)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000002e00), &(0x7f0000000400), 0x8, 0x23, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r7, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'veth0_virt_wifi\x00', @multicast})

1.812202912s ago: executing program 2 (id=3035):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000000000000000000aa66a4e6dbc2487dd4ea7ca676cfd6f66b5f38f21d1473b91deafc231f415c3cf8d49a217be75ee576a94d95fd978bff636f24582ed82c397d3c9073a74beba810c21ae77cd5838a3194fb25215f0791766eaeb39b4225d67d8f2124ffce87d7516bd6ba6432cacc0722c382cef1e06198ee0cfde6e33d5a9faa712e64b9cdd4e59b5d1c5f54d9a1539871aa71e4e682d88d18e837a2c95a4acf4930dec634377e1799690b10e1f28"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, 0x0, 0x4040040)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x3, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.647047661s ago: executing program 2 (id=3036):
syz_emit_ethernet(0xa5, &(0x7f00000020c0)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "430093", 0x6f, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x22, 0x9, "a78ce5400659808000ffffc0fe4023493b87aafaffffffffffffff2373247202fa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b"}, {0x0, 0x1, "00000000000000000800ee00"}, {0x4}, {0x2}]}}}}}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
personality(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
iopl(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x4, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x2, 0x300}, {0x6e}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9, 0x0, 0x0, 0x20}, {0x3, 0x0, 0x6, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$netlink(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0xf8, 0x9, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_EXPRESSIONS={0xc8, 0x12, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}, {0x24, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_LIMIT_FLAGS={0x8}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x4}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}]}}}, {0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}]}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14}}, 0x120}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f00000003c0)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x2, 0x3a, '\xbb\xbb\xbb\xbb\xbb\xbb', 0x3a, '', 0x3a, './file0', 0x3a, [0x4f, 0x4f]}, 0x2f)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0c000f000000120000"], 0x30}], 0x1}, 0x0)
fcntl$setlease(r6, 0x400, 0x2)
unshare(0x0)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
syz_usb_connect$uac1(0x2, 0x94, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902820003010000000904000000010100000a24010000000201020c24020000000000000000000904010000010200000904010101010200000724010000000009050109000000000007250101000000090402000001020000090402010101ff0f0009240202000000000007240100000110090582", @ANYRESOCT=r9], 0x0)

1.417767988s ago: executing program 1 (id=3037):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000000000000000000aa66a4e6dbc2487dd4ea7ca676cfd6f66b5f38f21d1473b91deafc231f415c3cf8d49a217be75ee576a94d95fd978bff636f24582ed82c397d3c9073a74beba810c21ae77cd5838a3194fb25215f0791766eaeb39b4225d67d8f2124ffce87d7516bd6ba6432cacc0722c382cef1e06198ee0cfde6e33d5a9faa712e64b9cdd4e59b5d1c5f54d9a1539871aa71e4e682d88d18e837a2c95a4acf4930dec634377e1799690b10e1f"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x13, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x1c}}, 0x4040040)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x3, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.388506326s ago: executing program 3 (id=3038):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0x0, 0xc}], 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x84, 0x64, &(0x7f0000000000)=r4, 0x10)
sendmsg$inet(r1, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0xffc0}], 0x1}, 0x80d1)
r5 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0}, 0x40040d4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x0)
r9 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r9, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$sock_attach_bpf(r5, 0x84, 0x64, &(0x7f0000000000)=r8, 0x10)
sendmsg$inet(r5, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0xffc0}], 0x1}, 0x80d1) (fail_nth: 23)

344.266453ms ago: executing program 3 (id=3039):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)

275.46631ms ago: executing program 4 (id=3040):
syz_open_procfs(0x0, &(0x7f0000000200)='net/xfrm_stat\x00')
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x7, 0x40900)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r3, 0x114, 0x1d, 0x0, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040491}, 0x4000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x1, 0x21e, [0x200000002300, 0x0, 0x0, 0x2000000024be, 0x2000000024ee], 0x0, 0x0, &(0x7f0000002300)=ANY=[]}, 0x78)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
pipe(&(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)

194.070901ms ago: executing program 3 (id=3041):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1a, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b703000000000000850000009d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$packet(0x11, 0x2, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x7ff, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x1, 0xb, 0x7fffffff, 0x2}, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
socket$inet(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x90}}, 0x0)
getsockname$packet(r1, &(0x7f0000000940)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r7, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x8084)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80)

133.653569ms ago: executing program 1 (id=3042):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r1)
sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r2, 0x203, 0x70bd26, 0x25dfdc01, {}, [@IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x1}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x3}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1000000}, 0x20000840)

0s ago: executing program 1 (id=3043):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_open_dev$mouse(&(0x7f00000002c0), 0x9269, 0x2)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bca)
setrlimit(0x0, &(0x7f0000000000)={0x6, 0x6})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f00000001c0)={0x80000, "340b7832ceefdad118cf501922d6974a270000c50f0000002ddc7d00"})
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffd0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
setsockopt$sock_int(r6, 0x1, 0x10, &(0x7f0000000240)=0x8000, 0x4)
connect$unix(r6, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x850b}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}, @IFLA_GTP_LOCAL6={0x14, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x2c000004)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)

kernel console output (not intermixed with test programs):


[  797.315941][T15189] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  797.329975][T15189] Cannot create hsr debugfs directory
[  797.552649][ T3547] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.709297][ T3547] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.839735][ T3547] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.937226][ T3547] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.154259][T15187] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  798.192765][T15189] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  798.270192][T15337] fuse: Bad value for 'fd'
[  798.359393][T15189] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  798.392557][T15187] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  799.442474][T15187] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  799.456979][T15337] netlink: 788 bytes leftover after parsing attributes in process `syz.2.2528'.
[  799.557015][T15189] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  799.641975][T15187] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  799.674970][T15189] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  799.675101][   T30] audit: type=1326 audit(794.152:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15341 comm="syz.4.2529" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb3c5f8e969 code=0x0
[  799.764961][   T30] audit: type=1400 audit(794.236:2216): avc:  denied  { getopt } for  pid=15345 comm="syz.2.2530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  799.853924][ T3547] bridge_slave_1: left allmulticast mode
[  799.859767][ T3547] bridge_slave_1: left promiscuous mode
[  799.865672][ T3547] bridge0: port 2(bridge_slave_1) entered disabled state
[  799.877665][ T3547] bridge_slave_0: left allmulticast mode
[  799.883543][ T3547] bridge_slave_0: left promiscuous mode
[  799.895444][ T3547] bridge0: port 1(bridge_slave_0) entered disabled state
[  799.904131][T13846] Bluetooth: hci3: unexpected event for opcode 0xb121
[  800.257327][T15349] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  800.839324][T15356] fuse: Bad value for 'fd'
[  801.133462][T15356] netlink: 788 bytes leftover after parsing attributes in process `syz.4.2532'.
[  801.494940][ T3547] bond0 (unregistering): Released all slaves
[  801.513500][ T3547] bond1 (unregistering): Released all slaves
[  801.680699][ T3547] : left promiscuous mode
[  801.828084][T15204] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  802.145167][T15204] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  802.162748][T15204] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  802.177282][T15204] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  802.274042][T15187] 8021q: adding VLAN 0 to HW filter on device bond0
[  802.939362][T15189] 8021q: adding VLAN 0 to HW filter on device bond0
[  802.975678][T15187] 8021q: adding VLAN 0 to HW filter on device team0
[  803.013527][ T3588] bridge0: port 1(bridge_slave_0) entered blocking state
[  803.020693][ T3588] bridge0: port 1(bridge_slave_0) entered forwarding state
[  803.065175][T15189] 8021q: adding VLAN 0 to HW filter on device team0
[  803.078539][ T8593] bridge0: port 2(bridge_slave_1) entered blocking state
[  803.085715][ T8593] bridge0: port 2(bridge_slave_1) entered forwarding state
[  803.214988][ T6477] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  803.289576][ T8597] bridge0: port 1(bridge_slave_0) entered blocking state
[  803.296743][ T8597] bridge0: port 1(bridge_slave_0) entered forwarding state
[  803.374035][T15381] netlink: 'syz.2.2538': attribute type 15 has an invalid length.
[  803.381958][T15381] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2538'.
[  803.414774][ T6477] usb 5-1: Using ep0 maxpacket: 16
[  803.431505][ T6477] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  803.521337][ T6477] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  803.546017][ T6477] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  803.673139][ T6477] usb 5-1: config 0 descriptor??
[  803.693348][ T6477] pxrc 5-1:0.0: Could not find endpoint
[  803.729377][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state
[  803.736520][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state
[  803.818786][ T3547] hsr_slave_0: left promiscuous mode
[  803.827043][ T3547] hsr_slave_1: left promiscuous mode
[  803.837901][ T3547] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  803.847507][ T3547] batman_adv: batadv0: Removing interface: batadv_slave_0
[  803.857317][ T3547] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  803.867016][ T3547] batman_adv: batadv0: Removing interface: batadv_slave_1
[  803.889428][ T3547] veth0_macvtap: left promiscuous mode
[  803.895168][ T3547] veth1_vlan: left promiscuous mode
[  803.908647][ T3547] veth0_vlan: left promiscuous mode
[  804.012552][T15385] syz.4.2537: attempt to access beyond end of device
[  804.012552][T15385] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  804.037673][T15385] syz.4.2537: attempt to access beyond end of device
[  804.037673][T15385] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  804.084115][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  804.108575][T15385] syz.4.2537: attempt to access beyond end of device
[  804.108575][T15385] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  804.137366][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  804.161213][T15385] syz.4.2537: attempt to access beyond end of device
[  804.161213][T15385] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  804.226944][T15385] syz.4.2537: attempt to access beyond end of device
[  804.226944][T15385] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  804.249010][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  804.276881][T15385] syz.4.2537: attempt to access beyond end of device
[  804.276881][T15385] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  804.314134][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  804.367286][T15385] syz.4.2537: attempt to access beyond end of device
[  804.367286][T15385] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  804.549555][T15385] syz.4.2537: attempt to access beyond end of device
[  804.549555][T15385] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  804.563226][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  804.573384][T15385] syz.4.2537: attempt to access beyond end of device
[  804.573384][T15385] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  804.586469][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  804.602808][T15385] syz.4.2537: attempt to access beyond end of device
[  804.602808][T15385] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  804.615872][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  804.625802][T15385] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  804.635454][T15385] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  805.280957][ T3547] team0 (unregistering): Port device team_slave_1 removed
[  805.341944][ T3547] team0 (unregistering): Port device team_slave_0 removed
[  806.052367][T15204] 8021q: adding VLAN 0 to HW filter on device bond0
[  806.136829][T15204] 8021q: adding VLAN 0 to HW filter on device team0
[  806.175114][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state
[  806.182286][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state
[  806.221842][ T5872] usb 5-1: USB disconnect, device number 42
[  806.239299][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.246472][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state
[  806.477300][T15187] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.524696][ T3547] IPVS: stop unused estimator thread 0...
[  806.636897][T15189] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.643920][ T5872] usb 5-1: new full-speed USB device number 43 using dummy_hcd
[  806.823499][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  806.847511][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  806.858681][ T5872] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  806.863059][T15204] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.888365][ T5872] usb 5-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  806.911865][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.948028][ T5872] usb 5-1: config 0 descriptor??
[  807.101703][T15187] veth0_vlan: entered promiscuous mode
[  807.137880][T15187] veth1_vlan: entered promiscuous mode
[  807.272568][T15189] veth0_vlan: entered promiscuous mode
[  807.291834][T15187] veth0_macvtap: entered promiscuous mode
[  807.306953][T15189] veth1_vlan: entered promiscuous mode
[  807.322643][T15187] veth1_macvtap: entered promiscuous mode
[  807.415394][T15187] batman_adv: batadv0: Interface activated: batadv_slave_0
[  807.434981][T15406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  807.448127][T15187] batman_adv: batadv0: Interface activated: batadv_slave_1
[  807.457850][T15406] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  807.479795][T15187] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  807.492300][T15187] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  807.513088][ T5872] topre 0003:0853:0148.0010: hidraw0: USB HID v0.00 Device [HID 0853:0148] on usb-dummy_hcd.4-1/input0
[  807.535973][T15187] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  807.549505][T15187] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  807.563721][T15204] veth0_vlan: entered promiscuous mode
[  807.569768][T15189] veth0_macvtap: entered promiscuous mode
[  807.609751][T15204] veth1_vlan: entered promiscuous mode
[  807.646598][T15189] veth1_macvtap: entered promiscuous mode
[  807.749757][T15204] veth0_macvtap: entered promiscuous mode
[  807.791551][T12451] usb 5-1: USB disconnect, device number 43
[  807.809643][T15189] batman_adv: batadv0: Interface activated: batadv_slave_0
[  807.818077][T15204] veth1_macvtap: entered promiscuous mode
[  807.857653][ T3588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  807.860360][T15204] batman_adv: batadv0: Interface activated: batadv_slave_0
[  807.874783][ T3588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  807.895257][T15189] batman_adv: batadv0: Interface activated: batadv_slave_1
[  807.918229][T15204] batman_adv: batadv0: Interface activated: batadv_slave_1
[  807.945026][T15189] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  807.955102][T15189] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  807.964462][T15189] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  807.973668][T15189] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.011717][T15204] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  808.020426][T15204] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  808.032619][T15204] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.041351][T15204] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.057165][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.068932][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.273039][ T8595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.294297][ T6884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.310013][ T8595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.332012][ T6884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.545326][ T8595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.603587][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.612999][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.619258][ T8595] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  810.211407][T15457] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2547'.
[  811.563405][T15468] loop2: detected capacity change from 0 to 7
[  811.570075][T15468] Dev loop2: unable to read RDB block 7
[  811.581878][T15468]  loop2: unable to read partition table
[  811.587633][T15468] loop2: partition table beyond EOD, truncated
[  811.647069][T15468] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  811.977036][T15472] overlayfs: overlapping lowerdir path
[  813.407094][T15483] netlink: 356 bytes leftover after parsing attributes in process `syz.8.2554'.
[  813.850957][   T30] audit: type=1400 audit(807.154:2217): avc:  denied  { mount } for  pid=15482 comm="syz.4.2555" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  814.110578][   T30] audit: type=1400 audit(807.210:2218): avc:  denied  { remount } for  pid=15482 comm="syz.4.2555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  814.258880][   T30] audit: type=1400 audit(807.799:2219): avc:  denied  { unmount } for  pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  814.451422][   T30] audit: type=1400 audit(807.977:2220): avc:  denied  { bind } for  pid=15503 comm="syz.4.2559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  817.122768][T15506] overlayfs: missing 'lowerdir'
[  817.715146][T13846] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  817.715438][T15529] netlink: 'syz.4.2567': attribute type 6 has an invalid length.
[  820.703921][T15563] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2577'.
[  821.151581][T15568] fuse: Bad value for 'fd'
[  821.909408][T15575] netlink: 788 bytes leftover after parsing attributes in process `syz.4.2580'.
[  822.452751][   T30] audit: type=1400 audit(815.460:2221): avc:  denied  { unmount } for  pid=15204 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  823.048325][T15587] netlink: 788 bytes leftover after parsing attributes in process `syz.7.2582'.
[  823.692262][    T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  823.941723][    T9] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  823.964684][    T9] usb 9-1: config 0 has no interfaces?
[  823.965358][T15605] netlink: 'syz.7.2588': attribute type 10 has an invalid length.
[  823.976389][    T9] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  823.984897][T15605] team0: Device veth1_macvtap failed to register rx_handler
[  824.029753][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  824.067288][    T9] usb 9-1: SerialNumber: syz
[  824.124376][    T9] usb 9-1: config 0 descriptor??
[  824.161060][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2591'.
[  824.949551][    T9] usb 9-1: USB disconnect, device number 2
[  824.967581][T15604] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  825.353629][T15604] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  825.394934][T15604] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  825.403672][T15604] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  825.442637][T15604] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  825.456982][T15604] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  825.463128][T15604] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  825.601286][T15604] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  825.610515][T15604] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  825.616577][T15604] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  825.623828][T15604] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  826.427896][   T30] audit: type=1400 audit(819.155:2222): avc:  denied  { create } for  pid=15632 comm="syz.9.2596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  826.482108][T15635] lo speed is unknown, defaulting to 1000
[  827.271472][T15645] netlink: 788 bytes leftover after parsing attributes in process `syz.9.2599'.
[  827.387636][T13846] Bluetooth: hci3: command 0x0c1a tx timeout
[  827.686454][T13846] Bluetooth: hci4: command 0x0405 tx timeout
[  827.687013][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  827.696856][T13846] Bluetooth: hci0: command 0x0c1a tx timeout
[  828.189042][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  828.315804][   T30] audit: type=1804 audit(820.904:2223): pid=15655 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2601" name="/newroot/531/file0" dev="tmpfs" ino=2838 res=1 errno=0
[  829.170831][T15665] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2602'.
[  829.171205][T15665] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2602'.
[  829.852245][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  829.852243][T13846] Bluetooth: hci0: command 0x0c1a tx timeout
[  830.381256][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  830.501262][T15677] netlink: 'syz.2.2609': attribute type 1 has an invalid length.
[  830.501287][T15677] netlink: 'syz.2.2609': attribute type 2 has an invalid length.
[  830.549592][T15679] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2607'.
[  830.617636][T15681] netlink: 'syz.7.2608': attribute type 15 has an invalid length.
[  830.621207][T15681] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2608'.
[  831.500925][   T51] Bluetooth: hci4: unexpected event for opcode 0xb121
[  831.683146][   T51] Bluetooth: hci3: unexpected event for opcode 0xb121
[  832.076002][T13846] Bluetooth: hci1: command 0x0c1a tx timeout
[  832.083396][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  832.588902][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  833.048658][   T30] audit: type=1326 audit(825.357:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  833.323549][T15706] netlink: 788 bytes leftover after parsing attributes in process `syz.4.2615'.
[  833.456803][T15700] loop6: detected capacity change from 0 to 63
[  833.475355][   T30] audit: type=1326 audit(825.488:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  833.535296][T15709] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2616'.
[  833.546511][T15709] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  833.757658][   T30] audit: type=1326 audit(825.497:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  833.873761][   T30] audit: type=1326 audit(825.497:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  833.886766][T15716] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  833.907962][T15715] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2619'.
[  833.923420][ T6366] kernel write not supported for file [eventfd] (pid: 6366 comm: kworker/1:6)
[  833.944699][T15718] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2620'.
[  833.954206][T15718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2620'.
[  833.963654][   T30] audit: type=1326 audit(825.497:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.052926][   T30] audit: type=1326 audit(825.497:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.431470][   T30] audit: type=1326 audit(825.497:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.455605][   T30] audit: type=1326 audit(825.497:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.535538][T15724] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2622'.
[  834.548346][T15724] vlan2: entered promiscuous mode
[  834.553386][T15724] bond0: entered promiscuous mode
[  834.564074][   T30] audit: type=1326 audit(825.497:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.596875][   T30] audit: type=1326 audit(825.497:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.624155][   T30] audit: type=1326 audit(825.497:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.699944][   T30] audit: type=1326 audit(825.497:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0a1dd8e969 code=0x7ffc0000
[  834.824273][   T51] Bluetooth: hci0: unexpected event for opcode 0xb121
[  834.928681][T15729] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  836.769023][ T5872] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  836.941610][ T5872] usb 10-1: Using ep0 maxpacket: 8
[  836.951746][ T5872] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  836.966840][ T5872] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  836.983832][ T5872] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  836.998170][ T5872] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  837.010541][ T5872] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  837.023409][ T5872] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.051831][ T5872] hub 10-1:1.0: bad descriptor, ignoring hub
[  837.058845][ T5872] hub 10-1:1.0: probe with driver hub failed with error -5
[  837.071676][ T5872] cdc_wdm 10-1:1.0: skipping garbage
[  837.077053][ T5872] cdc_wdm 10-1:1.0: skipping garbage
[  837.093556][ T5872] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  837.100199][ T5872] cdc_wdm 10-1:1.0: Unknown control protocol
[  837.560000][T15748] netlink: 788 bytes leftover after parsing attributes in process `syz.4.2629'.
[  837.583359][   T42] usb 10-1: USB disconnect, device number 2
[  838.556717][ T5872] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  838.747076][ T5872] usb 10-1: Using ep0 maxpacket: 8
[  838.756831][ T5872] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  838.773458][ T5872] usb 10-1: config 0 has no interface number 0
[  838.783253][ T5872] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  838.803295][ T5872] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  838.831436][ T5872] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  838.844289][ T5872] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  838.885989][ T5872] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  838.910376][ T5872] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  838.939837][ T5872] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.958515][ T5872] usb 10-1: config 0 descriptor??
[  838.977439][ T5872] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  839.132632][    T9] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  839.706036][T15759] ldusb 10-1:0.55: Couldn't submit interrupt_in_urb -90
[  839.891426][T15768] SELinux:  policydb version 0 does not match my version range 15-34
[  839.902066][T15768] SELinux: failed to load policy
[  840.043945][T15766] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2635'.
[  840.049534][T15770] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2636'.
[  840.061421][    T9] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  840.071917][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.082607][    T9] usb 5-1: Product: syz
[  840.093395][    T9] usb 5-1: Manufacturer: syz
[  840.155836][    T9] usb 5-1: SerialNumber: syz
[  840.175403][ T5873] usb 10-1: USB disconnect, device number 3
[  840.183730][    T9] usb 5-1: config 0 descriptor??
[  840.189560][ T5873] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  840.420199][    T9] usb-storage 5-1:0.0: USB Mass Storage device detected
[  840.905739][    T9] usb 5-1: USB disconnect, device number 44
[  841.324473][T15783] loop9: detected capacity change from 0 to 8
[  841.365654][T15783] Dev loop9: unable to read RDB block 8
[  841.411741][T15783]  loop9: unable to read partition table
[  841.417665][T15783] loop9: partition table beyond EOD, truncated
[  841.433770][T15783] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  841.607565][T15792] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  842.822232][T15800] netlink: 'syz.7.2645': attribute type 7 has an invalid length.
[  843.238620][   T51] Bluetooth: hci5: unexpected event for opcode 0xb121
[  843.431022][T15803] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  846.558471][T15819] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  846.594971][T15819] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  846.624462][T15819] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  846.659452][T15819] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  846.711139][T15819] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  847.676687][T15846] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2657'.
[  847.676722][T15846] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2657'.
[  848.258375][T15851] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2658'.
[  848.267442][T15851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2658'.
[  848.280705][T15851] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2658'.
[  848.435215][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  848.817330][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  848.838894][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  848.844948][T13846] Bluetooth: hci1: command 0x0c1a tx timeout
[  848.851136][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  850.487517][T15862] netlink: 'syz.9.2662': attribute type 15 has an invalid length.
[  850.506662][T15862] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2662'.
[  850.938614][T15870] netlink: 'syz.2.2664': attribute type 5 has an invalid length.
[  851.120915][T13846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  851.142525][T13846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  851.163052][T13846] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  851.190326][T13846] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  851.232530][T13846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  851.232822][T15877] ptrace attach of "./syz-executor exec"[5822] was attempted by "./syz-executor exec"[15877]
[  851.571453][T15876] netlink: zone id is out of range
[  851.577290][T15876] netlink: del zone limit has 4 unknown bytes
[  851.673481][T15871] lo speed is unknown, defaulting to 1000
[  852.352824][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  852.368216][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  853.128977][T15895] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  853.137333][T15895] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  853.146322][T15895] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  853.154623][T15895] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  853.167684][T15895] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  853.174195][T15895] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  853.182220][T13846] Bluetooth: hci0: unexpected event for opcode 0xb121
[  853.287420][T15895] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  853.293683][T15905] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  853.611935][T15871] chnl_net:caif_netlink_parms(): no params data found
[  853.697422][T15895] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  854.053227][T15871] bridge0: port 1(bridge_slave_0) entered blocking state
[  854.131148][T15871] bridge0: port 1(bridge_slave_0) entered disabled state
[  854.150117][T15871] bridge_slave_0: entered allmulticast mode
[  854.195535][T15871] bridge_slave_0: entered promiscuous mode
[  854.334201][T15871] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.360556][T13846] Bluetooth: hci4: unexpected event for opcode 0xb121
[  854.887766][T15871] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.045996][T15871] bridge_slave_1: entered allmulticast mode
[  855.117502][T15929] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  855.316611][T13846] Bluetooth: hci3: command 0x0c1a tx timeout
[  855.325381][T15871] bridge_slave_1: entered promiscuous mode
[  855.338605][T13846] Bluetooth: hci6: command 0x041b tx timeout
[  855.346165][T13846] Bluetooth: hci5: command 0x0c1a tx timeout
[  855.352233][T13846] Bluetooth: hci1: command 0x0c1a tx timeout
[  856.866893][T15871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  857.072312][T15871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  857.226181][T15939] netlink: 'syz.4.2681': attribute type 10 has an invalid length.
[  857.562223][   T51] Bluetooth: hci6: command 0x041b tx timeout
[  857.723887][T15939] veth1_macvtap: left allmulticast mode
[  857.729749][T15939] veth1_macvtap: left promiscuous mode
[  857.738486][T15939] team0: Device veth1_macvtap failed to register rx_handler
[  857.835591][T15871] team0: Port device team_slave_0 added
[  857.852305][T15943] fuse: Bad value for 'fd'
[  858.046756][T15871] team0: Port device team_slave_1 added
[  858.168951][T15945] netlink: 788 bytes leftover after parsing attributes in process `syz.7.2682'.
[  858.455964][T15871] batman_adv: batadv0: Adding interface: batadv_slave_0
[  858.469205][T15871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  858.648599][T15952] netlink: 'syz.9.2684': attribute type 21 has an invalid length.
[  858.788920][T15871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  858.821425][T15952] netlink: 132 bytes leftover after parsing attributes in process `syz.9.2684'.
[  858.831495][T15871] batman_adv: batadv0: Adding interface: batadv_slave_1
[  858.852091][T15871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  858.938173][T15871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  859.787674][   T51] Bluetooth: hci6: command 0x041b tx timeout
[  859.990042][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  859.990058][   T30] audit: type=1400 audit(850.575:2270): avc:  denied  { bind } for  pid=15959 comm="syz.4.2687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  860.392039][T15871] hsr_slave_0: entered promiscuous mode
[  860.412964][T15871] hsr_slave_1: entered promiscuous mode
[  860.413474][T15871] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  860.413535][T15871] Cannot create hsr debugfs directory
[  861.262081][T15964] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  861.272939][T15964] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  861.273257][T15964] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  861.273607][T15964] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  861.273906][T15964] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  861.274206][T15964] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  863.463531][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  863.469620][ T5833] Bluetooth: hci6: command 0x041b tx timeout
[  863.475679][T13846] Bluetooth: hci5: command 0x0c1a tx timeout
[  863.481690][T13846] Bluetooth: hci1: command 0x0c1a tx timeout
[  863.483862][ T5137] Bluetooth: hci0: command 0x0c1a tx timeout
[  863.487744][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  863.577274][T15996] fuse: Bad value for 'fd'
[  863.850699][T15998] netlink: 788 bytes leftover after parsing attributes in process `syz.7.2695'.
[  864.256862][T16004] netlink: 'syz.9.2697': attribute type 10 has an invalid length.
[  864.636975][T16004] team0: Device veth1_macvtap failed to register rx_handler
[  865.694495][ T5137] Bluetooth: hci6: command 0x041b tx timeout
[  867.487860][T16025] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  867.521132][T16025] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  867.570403][T16025] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  867.590428][T16025] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  867.619240][T15871] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  867.629597][T16025] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  867.639169][T16025] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  867.837233][T15871] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  868.340367][T15871] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  868.388382][T15871] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  868.603421][T15871] 8021q: adding VLAN 0 to HW filter on device bond0
[  868.666457][T15871] 8021q: adding VLAN 0 to HW filter on device team0
[  869.498345][T16047] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2706'.
[  869.728100][ T5137] Bluetooth: hci4: command 0x0405 tx timeout
[  869.734419][ T5137] Bluetooth: hci3: command 0x0c1a tx timeout
[  869.812750][T15994] Bluetooth: hci6: command 0x041b tx timeout
[  869.818811][ T5137] Bluetooth: hci5: command 0x0c1a tx timeout
[  869.824903][T13846] Bluetooth: hci1: command 0x0c1a tx timeout
[  869.830910][T13846] Bluetooth: hci0: command 0x0c1a tx timeout
[  869.849139][T16047] vcan0: entered promiscuous mode
[  869.854204][T16047] vcan0: entered allmulticast mode
[  869.955330][ T6884] bridge0: port 1(bridge_slave_0) entered blocking state
[  869.962484][ T6884] bridge0: port 1(bridge_slave_0) entered forwarding state
[  870.010112][ T6884] bridge0: port 2(bridge_slave_1) entered blocking state
[  870.017312][ T6884] bridge0: port 2(bridge_slave_1) entered forwarding state
[  871.500282][T15871] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  871.560007][T15871] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  872.131956][T15871] 8021q: adding VLAN 0 to HW filter on device batadv0
[  872.217657][T16068] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  872.224897][T16068] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  872.238761][T16068] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  872.248101][T16068] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  872.256076][T16068] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  872.264041][T16068] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  872.304791][T16080] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2714'.
[  872.350265][T15871] veth0_vlan: entered promiscuous mode
[  872.392498][ T6366] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  872.450293][T15871] veth1_vlan: entered promiscuous mode
[  872.573890][ T6366] usb 5-1: config index 0 descriptor too short (expected 539, got 27)
[  872.590959][ T6366] usb 5-1: config 0 has an invalid descriptor of length 80, skipping remainder of the config
[  872.698370][ T6366] usb 5-1: too many endpoints for config 0 interface 0 altsetting 142: 118, using maximum allowed: 30
[  872.723717][T15871] veth0_macvtap: entered promiscuous mode
[  872.730253][ T6366] usb 5-1: config 0 interface 0 altsetting 142 has 0 endpoint descriptors, different from the interface descriptor's value: 118
[  872.742295][T15871] veth1_macvtap: entered promiscuous mode
[  872.766998][ T6366] usb 5-1: config 0 interface 0 has no altsetting 0
[  872.779057][T15871] batman_adv: batadv0: Interface activated: batadv_slave_0
[  872.912405][ T6366] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  872.923855][ T6366] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.948813][ T6366] usb 5-1: Product: syz
[  872.951758][T15871] batman_adv: batadv0: Interface activated: batadv_slave_1
[  873.434756][T15871] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  873.443643][T15871] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  873.452729][T15871] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  873.461658][T15871] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  873.467224][   T30] audit: type=1804 audit(863.137:2271): pid=16087 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2715" name="/newroot/563/file0" dev="tmpfs" ino=3007 res=1 errno=0
[  873.494811][ T6366] usb 5-1: Manufacturer: syz
[  873.503247][ T6366] usb 5-1: SerialNumber: syz
[  873.531046][ T6366] usb 5-1: config 0 descriptor??
[  873.766023][ T6366] hub 5-1:0.0: bad descriptor, ignoring hub
[  873.774639][ T6366] hub 5-1:0.0: probe with driver hub failed with error -5
[  873.866323][ T6366] usb 5-1: USB disconnect, device number 45
[  874.205300][T16089] Lens B: =================  START STATUS  =================
[  874.214871][T16089] Lens B: Focus, Absolute: 0
[  874.219989][T16089] Lens B: ==================  END STATUS  ==================
[  874.459851][T15994] Bluetooth: hci6: command 0x041b tx timeout
[  874.469458][T15994] Bluetooth: hci5: command 0x0c1a tx timeout
[  874.477301][T15994] Bluetooth: hci1: command 0x0c1a tx timeout
[  874.483489][T15994] Bluetooth: hci0: command 0x0c1a tx timeout
[  874.491100][T15994] Bluetooth: hci4: command 0x0405 tx timeout
[  874.504741][T15994] Bluetooth: hci3: command 0x0c1a tx timeout
[  874.532169][ T8588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  875.069652][ T8588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  875.210198][ T3588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  875.246553][ T3588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  876.206758][   T30] audit: type=1400 audit(865.729:2272): avc:  denied  { create } for  pid=16102 comm="syz.4.2720" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  876.639468][T16111] netlink: 'syz.2.2721': attribute type 10 has an invalid length.
[  876.648363][T16111] team0: Device veth1_macvtap failed to register rx_handler
[  877.510862][ T5873] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  877.991957][ T5873] usb 5-1: Using ep0 maxpacket: 32
[  878.020036][ T5873] usb 5-1: config 0 has an invalid interface number: 59 but max is 0
[  878.041028][ T5873] usb 5-1: config 0 has no interface number 0
[  878.062906][ T5873] usb 5-1: config 0 interface 59 has no altsetting 0
[  878.086351][ T5873] usb 5-1: New USB device found, idVendor=1bc7, idProduct=1063, bcdDevice=24.f5
[  878.137663][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.164469][ T5873] usb 5-1: Product: syz
[  878.168705][ T5873] usb 5-1: Manufacturer: syz
[  878.195793][ T5873] usb 5-1: SerialNumber: syz
[  878.215237][T13846] Bluetooth: hci3: unexpected event for opcode 0xb121
[  878.237411][ T5873] usb 5-1: config 0 descriptor??
[  878.256973][ T5873] option 5-1:0.59: GSM modem (1-port) converter detected
[  878.860755][ T5873] usb 5-1: GSM modem (1-port) converter now attached to ttyUSB0
[  878.887165][T16129] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  879.318292][T16138] tipc: Started in network mode
[  879.323343][T16138] tipc: Node identity fe800000000000000000000000000012, cluster identity 4711
[  879.338588][T16138] tipc: Enabled bearer <udp:syz0>, priority 10
[  880.560023][ T5872] tipc: Node number set to 4269801490
[  883.252977][ T5873] usb 5-1: USB disconnect, device number 46
[  883.273717][ T5873] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  883.283269][ T5873] option 5-1:0.59: device disconnected
[  883.429113][T16161] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  883.435762][T16161] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  883.482328][T16161] vhci_hcd vhci_hcd.0: Device attached
[  883.669536][T16163] vhci_hcd: connection closed
[  883.686442][ T8593] vhci_hcd: stop threads
[  883.719266][ T8593] vhci_hcd: release socket
[  883.719628][T16172] fuse: Bad value for 'fd'
[  884.185265][   T42] vhci_hcd: vhci_device speed not set
[  884.282515][ T8593] vhci_hcd: disconnect device
[  884.854618][T16176] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  884.865955][   T42] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  884.936925][   T42] usb 39-1: enqueue for inactive port 0
[  885.056340][T16180] netlink: 788 bytes leftover after parsing attributes in process `syz.3.2737'.
[  885.085118][   T42] vhci_hcd: vhci_device speed not set
[  885.416020][T16188] fuse: Bad value for 'fd'
[  885.562814][T13846] Bluetooth: hci5: unexpected event for opcode 0xb121
[  885.868583][T16189] netlink: 'syz.2.2739': attribute type 10 has an invalid length.
[  885.888941][T16191] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  885.900496][T16188] netlink: 788 bytes leftover after parsing attributes in process `syz.4.2741'.
[  885.941363][T16189] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2739'.
[  886.038095][T16197] netlink: 'syz.3.2742': attribute type 15 has an invalid length.
[  886.046320][T16197] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2742'.
[  886.091852][T16185] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2739'.
[  886.285736][T16189] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  886.303794][T16185] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  886.314717][T16189] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  886.329987][T16189] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  886.339814][T16189] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  886.362467][T16189] team0: Port device geneve0 added
[  886.580264][T16204] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  886.673455][ T6366] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  886.894799][T16212] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2747'.
[  886.906300][T16212] xt_connbytes: Forcing CT accounting to be enabled
[  886.913165][T16212] --map-set only usable from mangle table
[  886.946535][ T6366] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  886.962434][ T6366] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  886.984084][ T6366] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  886.997131][ T6366] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  887.053807][T16216] netlink: 'syz.3.2749': attribute type 10 has an invalid length.
[  887.066472][T16216] team0: Device veth1_macvtap failed to register rx_handler
[  887.084805][ T6366] usb 5-1: SerialNumber: syz
[  888.007381][   T42] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  888.017071][ T6366] usb 5-1: cannot find UAC_HEADER
[  888.233906][   T42] usb 10-1: Using ep0 maxpacket: 8
[  888.310745][   T42] usb 10-1: too many configurations: 33, using maximum allowed: 8
[  888.330080][   T42] usb 10-1: unable to read config index 0 descriptor/start: -61
[  888.425718][ T6366] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  888.445980][   T42] usb 10-1: can't read configurations, error -61
[  888.490285][ T6366] usb 5-1: USB disconnect, device number 47
[  888.551442][T15195] udevd[15195]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  888.608636][   T42] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  888.992816][   T42] usb 10-1: Using ep0 maxpacket: 8
[  889.000446][   T42] usb 10-1: too many configurations: 33, using maximum allowed: 8
[  889.020268][   T42] usb 10-1: unable to read config index 0 descriptor/start: -61
[  889.310162][   T30] audit: type=1400 audit(877.589:2273): avc:  denied  { listen } for  pid=16230 comm="syz.4.2754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  889.412955][   T42] usb 10-1: can't read configurations, error -61
[  889.441995][   T42] usb usb10-port1: attempt power cycle
[  889.794504][   T30] audit: type=1400 audit(878.431:2274): avc:  denied  { read } for  pid=16229 comm="syz.3.2753" path="socket:[54386]" dev="sockfs" ino=54386 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  889.827399][   T42] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  889.848436][   T42] usb 10-1: Using ep0 maxpacket: 8
[  889.854155][   T42] usb 10-1: too many configurations: 33, using maximum allowed: 8
[  889.886463][T16244] x_tables: ip_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[  889.910627][   T42] usb 10-1: unable to read config index 0 descriptor/start: -61
[  889.921126][   T42] usb 10-1: can't read configurations, error -61
[  890.071058][T15994] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  890.090374][T15994] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  890.099165][T15994] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  890.107479][T15994] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  890.115277][T15994] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  890.296901][ T5872] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  890.467134][T16251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  890.523352][T16245] lo speed is unknown, defaulting to 1000
[  890.618996][ T5872] usb 3-1: New USB device found, idVendor=0af7, idProduct=0101, bcdDevice=2d.62
[  890.634464][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.666906][ T5872] usb 3-1: config 0 descriptor??
[  890.823744][ T5872] usb 3-1: selecting invalid altsetting 1
[  890.829496][ T5872] flexcop_usb: set interface failed.
[  890.871976][ T5872] b2c2_flexcop_usb 3-1:0.0: probe with driver b2c2_flexcop_usb failed with error -22
[  890.969889][T16245] chnl_net:caif_netlink_parms(): no params data found
[  891.057740][    T9] usb 3-1: USB disconnect, device number 40
[  891.100656][T12382] IPVS: starting estimator thread 0...
[  891.151728][T16245] bridge0: port 1(bridge_slave_0) entered blocking state
[  891.170710][T16245] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.188945][T16245] bridge_slave_0: entered allmulticast mode
[  891.208498][T16245] bridge_slave_0: entered promiscuous mode
[  891.216188][T16268] IPVS: using max 41 ests per chain, 98400 per kthread
[  891.226595][T16245] bridge0: port 2(bridge_slave_1) entered blocking state
[  891.247044][T16245] bridge0: port 2(bridge_slave_1) entered disabled state
[  891.254821][ T5873] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[  891.277424][T16245] bridge_slave_1: entered allmulticast mode
[  891.298809][T16245] bridge_slave_1: entered promiscuous mode
[  891.507109][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  891.524676][T16245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  891.536383][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  891.560078][T16245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  891.569647][ T5873] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  891.654753][ T5873] usb 5-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  891.663840][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.698456][ T5873] usb 5-1: config 0 descriptor??
[  891.800228][T16245] team0: Port device team_slave_0 added
[  891.831801][T16245] team0: Port device team_slave_1 added
[  891.966679][T16245] batman_adv: batadv0: Adding interface: batadv_slave_0
[  891.996901][T16245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  892.023631][    T9] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  892.050122][T16245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  892.084273][T16245] batman_adv: batadv0: Adding interface: batadv_slave_1
[  892.103479][T16245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  892.171492][ T5873] usbhid 5-1:0.0: can't add hid device: -71
[  892.177523][ T5873] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  892.193632][T16245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  892.220058][ T5873] usb 5-1: USB disconnect, device number 48
[  892.232609][    T9] usb 10-1: Using ep0 maxpacket: 32
[  892.265803][    T9] usb 10-1: config 0 has an invalid interface number: 67 but max is 0
[  892.274031][    T9] usb 10-1: config 0 has no interface number 0
[  892.295371][    T9] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  892.311681][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.338700][    T9] usb 10-1: Product: syz
[  892.360808][    T9] usb 10-1: Manufacturer: syz
[  892.364070][T16276] lo speed is unknown, defaulting to 1000
[  892.369239][T16245] hsr_slave_0: entered promiscuous mode
[  892.371691][T15994] Bluetooth: hci7: command tx timeout
[  892.393370][    T9] usb 10-1: SerialNumber: syz
[  892.403959][T16245] hsr_slave_1: entered promiscuous mode
[  892.420533][    T9] usb 10-1: config 0 descriptor??
[  892.421094][T16245] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  892.438420][T16245] Cannot create hsr debugfs directory
[  892.445491][    T9] smsc95xx v2.0.0
[  892.623300][T15433] hid-generic 0005:16BF:0006.0011: unknown main item tag 0x0
[  892.641187][T15433] hid-generic 0005:16BF:0006.0011: hidraw0: BLUETOOTH HID vc3.b8 Device [syz1] on aa:aa:aa:aa:aa:aa
[  893.009291][    T9] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  893.101986][    T9] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  893.159550][T16284] fido_id[16284]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci7/hci7:200/report_descriptor': No such file or directory
[  893.922154][    T9] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  893.997283][T16292] netlink: 'syz.3.2768': attribute type 15 has an invalid length.
[  894.005332][T16292] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2768'.
[  894.032921][    T9] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -61
[  894.426360][T16300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  894.426561][T16300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  894.449476][T16245] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  894.449513][T16245] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.469831][T15994] Bluetooth: hci4: unexpected event for opcode 0xb121
[  894.605395][T15994] Bluetooth: hci7: command tx timeout
[  894.879747][    T9] usb 10-1: USB disconnect, device number 8
[  895.311756][T16245] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  895.332146][T16245] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  895.438797][T16302] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  895.468832][T16312] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2772'.
[  895.528350][T16245] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  895.538868][T16245] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  895.672291][T16245] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  895.704163][T16245] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  895.999679][T16321] netlink: 'syz.3.2775': attribute type 15 has an invalid length.
[  896.007931][T16321] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2775'.
[  896.417589][T16245] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  896.432743][T16327] netlink: 'syz.4.2777': attribute type 10 has an invalid length.
[  896.460040][T16327] team0: Device veth1_macvtap failed to register rx_handler
[  896.474041][T16245] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  896.602190][T16245] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  896.617585][T16245] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  897.437195][T15433] usb 10-1: new full-speed USB device number 9 using dummy_hcd
[  897.452730][T15994] Bluetooth: hci7: command tx timeout
[  897.591896][T16336] fuse: Bad value for 'fd'
[  897.617906][T16245] 8021q: adding VLAN 0 to HW filter on device bond0
[  897.626495][T16337] overlayfs: failed to resolve '/rt': -2
[  897.673165][T15433] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  897.793033][T16339] netlink: 788 bytes leftover after parsing attributes in process `syz.3.2779'.
[  897.961626][T15433] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  898.010765][T15433] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  898.033380][T16245] 8021q: adding VLAN 0 to HW filter on device team0
[  898.072628][T15433] usb 10-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  898.108818][T15433] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.132735][ T8585] bridge0: port 1(bridge_slave_0) entered blocking state
[  898.133707][T15433] usb 10-1: config 0 descriptor??
[  898.139948][ T8585] bridge0: port 1(bridge_slave_0) entered forwarding state
[  898.194079][ T8585] bridge0: port 2(bridge_slave_1) entered blocking state
[  898.201257][ T8585] bridge0: port 2(bridge_slave_1) entered forwarding state
[  898.318340][T16245] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  898.494034][T15994] Bluetooth: hci3: unexpected event for opcode 0xb121
[  898.633212][T15433] usbhid 10-1:0.0: can't add hid device: -71
[  898.659039][T15433] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  898.683899][T16353] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  898.727056][T15433] usb 10-1: USB disconnect, device number 9
[  898.731972][ T7488] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  898.806190][T16245] 8021q: adding VLAN 0 to HW filter on device batadv0
[  898.904323][ T7488] usb 4-1: Using ep0 maxpacket: 16
[  898.955401][ T7488] usb 4-1: config 0 has an invalid descriptor of length 209, skipping remainder of the config
[  898.981201][T16245] veth0_vlan: entered promiscuous mode
[  899.005186][ T7488] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  899.015451][T16245] veth1_vlan: entered promiscuous mode
[  899.058273][ T7488] usb 4-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.00
[  899.060815][T16245] veth0_macvtap: entered promiscuous mode
[  899.083018][ T7488] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.087375][T16245] veth1_macvtap: entered promiscuous mode
[  899.114195][T16245] batman_adv: batadv0: Interface activated: batadv_slave_0
[  899.137276][T16245] batman_adv: batadv0: Interface activated: batadv_slave_1
[  899.146525][ T7488] usb 4-1: config 0 descriptor??
[  899.168012][T16245] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.207278][T16245] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.239606][T16245] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.288290][T16245] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  899.326671][T16367] loop2: detected capacity change from 0 to 7
[  899.369947][T16367] Dev loop2: unable to read RDB block 7
[  899.377396][T16367]  loop2: unable to read partition table
[  899.388922][T16367] loop2: partition table beyond EOD, truncated
[  899.413216][T16367] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  899.677316][T15994] Bluetooth: hci7: command tx timeout
[  899.869849][T16371] netlink: 'syz.2.2788': attribute type 10 has an invalid length.
[  899.870801][ T8593] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  899.880349][T16371] team0: Device veth1_macvtap failed to register rx_handler
[  899.900205][ T8593] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.939593][ T8588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.954101][ T8588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  901.234857][T16382] netlink: 'syz.1.2752': attribute type 15 has an invalid length.
[  901.247324][T16382] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2752'.
[  901.608519][ T5872] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  901.850192][ T7488] usb 4-1: USB disconnect, device number 10
[  902.041639][ T5872] usb 10-1: Using ep0 maxpacket: 8
[  902.053317][ T5872] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  902.078052][ T5872] usb 10-1: config 0 has no interface number 0
[  902.084372][ T5872] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  902.611629][ T5872] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  902.641136][ T5872] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  902.667563][ T5872] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  902.687813][ T5872] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  902.719811][ T5872] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  902.747506][T16395] netlink: 'syz.4.2796': attribute type 15 has an invalid length.
[  902.755807][T16395] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2796'.
[  902.761330][ T5872] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.796916][ T5872] usb 10-1: config 0 descriptor??
[  902.903611][ T5872] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  903.726066][T16379] SELinux:  policydb version 0 does not match my version range 15-34
[  903.734751][T16379] SELinux: failed to load policy
[  903.776807][ T5872] usb 10-1: USB disconnect, device number 10
[  903.777201][T16400] input: syz0 as /devices/virtual/input/input38
[  903.809575][ T5872] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  904.938276][ T5873] IPVS: starting estimator thread 0...
[  904.960742][T16414] bridge0: port 2(bridge_slave_1) entered disabled state
[  905.112765][T16416] IPVS: using max 50 ests per chain, 120000 per kthread
[  907.168104][T15994] Bluetooth: hci3: command 0x0c1a tx timeout
[  907.416073][T16404] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  907.951016][T16404] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  907.961541][T16404] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  907.979110][T16404] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  908.830805][T16404] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  908.851632][T16404] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  908.912834][T16404] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  908.926445][T16404] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  908.967856][T16449] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  908.984884][T16404] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  909.615308][T15433] usb 5-1: new full-speed USB device number 49 using dummy_hcd
[  909.693293][T16449] lo speed is unknown, defaulting to 1000
[  909.903657][T15994] Bluetooth: hci4: command 0x0405 tx timeout
[  909.971746][T16466] netlink: 'syz.1.2815': attribute type 15 has an invalid length.
[  910.000465][T16461] lo speed is unknown, defaulting to 1000
[  910.160832][T15994] Bluetooth: hci1: command 0x0c1a tx timeout
[  910.166934][T13846] Bluetooth: hci0: command 0x0c1a tx timeout
[  910.247067][T16472] netlink: 'syz.9.2817': attribute type 10 has an invalid length.
[  910.315321][T16472] team0: Device veth1_macvtap failed to register rx_handler
[  911.086225][T15994] Bluetooth: hci6: command 0x041b tx timeout
[  911.092376][T13846] Bluetooth: hci5: command 0x0c1a tx timeout
[  911.100848][T15994] Bluetooth: hci7: command 0x0c1a tx timeout
[  912.518695][T16487] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2820'.
[  912.539111][T16487] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2820'.
[  913.378019][T15994] Bluetooth: hci7: command 0x0c1a tx timeout
[  914.357282][   T30] audit: type=1326 audit(901.386:2275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  914.443319][T16504] loop6: detected capacity change from 0 to 63
[  914.484103][   T30] audit: type=1326 audit(901.386:2276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  914.554045][   T30] audit: type=1326 audit(901.386:2277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  914.671117][   T30] audit: type=1326 audit(901.386:2278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  914.710296][   T30] audit: type=1326 audit(901.386:2279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  914.950810][   T30] audit: type=1326 audit(901.386:2280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  915.200150][   T30] audit: type=1326 audit(901.386:2281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  915.412020][   T30] audit: type=1326 audit(901.386:2282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  915.435791][   T30] audit: type=1326 audit(901.395:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  915.459831][   T30] audit: type=1326 audit(901.395:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16503 comm="syz.4.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb3c5f8e969 code=0x7ffc0000
[  915.548164][T15994] Bluetooth: hci7: command 0x0c1a tx timeout
[  915.665807][   T42] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  915.911541][   T42] usb 5-1: Using ep0 maxpacket: 8
[  915.918632][   T42] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  915.933183][   T42] usb 5-1: config 0 has no interface number 0
[  915.943359][   T42] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  915.965027][   T42] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  915.986388][   T42] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  916.027565][   T42] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  916.049289][   T42] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  916.067607][   T42] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  916.083401][   T42] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.146832][ T6477] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  916.156636][   T42] usb 5-1: config 0 descriptor??
[  916.222872][   T42] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  916.789671][ T6477] usb 4-1: config index 0 descriptor too short (expected 539, got 27)
[  916.812565][ T6477] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x1B, changing to 0xB
[  916.830601][T16511] ldusb 5-1:0.55: Couldn't submit interrupt_in_urb -90
[  916.850623][T16511] SELinux:  policydb version 0 does not match my version range 15-34
[  916.858813][T16511] SELinux: failed to load policy
[  916.871767][    T9] usb 5-1: USB disconnect, device number 50
[  916.876087][ T6477] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 117, setting to 64
[  916.900169][ T6477] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  916.909860][ T6477] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.910192][    T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  916.924585][ T6477] usb 4-1: Product: syz
[  916.930168][ T6477] usb 4-1: Manufacturer: syz
[  916.934909][ T6477] usb 4-1: SerialNumber: syz
[  917.057173][ T6477] usb 4-1: config 0 descriptor??
[  917.076253][ T6477] hub 4-1:0.0: bad descriptor, ignoring hub
[  917.092258][ T6477] hub 4-1:0.0: probe with driver hub failed with error -5
[  917.440915][   T42] usb 4-1: USB disconnect, device number 11
[  918.039633][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  918.046148][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  918.307306][T16537] fuse: Bad value for 'fd'
[  918.382667][T16539] fuse: Bad value for 'fd'
[  918.552411][T16543] Bluetooth: MGMT ver 1.23
[  919.122071][T16545] netlink: 788 bytes leftover after parsing attributes in process `syz.2.2838'.
[  919.359672][T16549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2840'.
[  919.846521][T16554] loop2: detected capacity change from 0 to 7
[  919.870272][T15195] Dev loop2: unable to read RDB block 7
[  919.926464][T15195]  loop2: unable to read partition table
[  920.043523][T15195] loop2: partition table beyond EOD, truncated
[  920.070911][T16554] Dev loop2: unable to read RDB block 7
[  920.076516][T16554]  loop2: unable to read partition table
[  920.100366][T16554] loop2: partition table beyond EOD, truncated
[  920.205260][ T6477] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  920.217225][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  920.217271][   T30] audit: type=1400 audit(906.867:2325): avc:  denied  { setcurrent } for  pid=16553 comm="syz.9.2841" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  920.252140][T16554] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  920.379980][ T6477] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  920.583378][ T6477] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  920.595433][ T6477] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  920.609038][ T6477] usb 4-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  920.618925][ T6477] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.792293][ T6477] usb 4-1: config 0 descriptor??
[  921.304102][ T6477] usbhid 4-1:0.0: can't add hid device: -71
[  921.332951][ T6477] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  921.379852][ T6477] usb 4-1: USB disconnect, device number 12
[  921.422281][T16572] xt_HMARK: proto mask must be zero with L3 mode
[  922.425101][   T30] audit: type=1400 audit(908.654:2326): avc:  denied  { watch } for  pid=16578 comm="syz.1.2848" path="/8" dev="tmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  922.501213][   T30] audit: type=1400 audit(908.654:2327): avc:  denied  { watch_sb } for  pid=16578 comm="syz.1.2848" path="/8" dev="tmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  923.118351][T16591] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2851'.
[  923.605943][   T30] audit: type=1400 audit(910.076:2328): avc:  denied  { ioctl } for  pid=16592 comm="syz.1.2852" path="socket:[56407]" dev="sockfs" ino=56407 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  923.674348][T16593] openvswitch: netlink: Multiple metadata blocks provided
[  924.461843][T16603] veth0_to_team: entered promiscuous mode
[  924.469540][T16603] veth0_to_team: entered allmulticast mode
[  925.673193][ T8585] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  926.741178][   T30] audit: type=1400 audit(912.658:2329): avc:  denied  { ioctl } for  pid=16621 comm="syz.9.2861" path="socket:[56184]" dev="sockfs" ino=56184 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  926.817957][ T6366] libceph: connect (1)[c::]:6789 error -101
[  926.826268][ T6366] libceph: mon0 (1)[c::]:6789 connect error
[  926.885771][ T8585] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  926.952944][T13846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  926.964157][T13846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  926.978985][T13846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  927.017659][T13846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  927.033808][T13846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  927.080485][T16625] ceph: No mds server is up or the cluster is laggy
[  927.123481][ T5872] libceph: connect (1)[c::]:6789 error -101
[  927.140229][ T5872] libceph: mon0 (1)[c::]:6789 connect error
[  927.853743][ T8585] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  928.362178][ T8585] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  928.484910][T16632] lo speed is unknown, defaulting to 1000
[  929.152330][T15994] Bluetooth: hci6: unexpected event for opcode 0xb121
[  929.235810][T15994] Bluetooth: hci3: command tx timeout
[  929.357025][T16657] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  929.574559][T15994] Bluetooth: hci4: command 0x0405 tx timeout
[  929.586789][T16634] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  929.691130][ T8585] team0: Port device geneve0 removed
[  930.058395][ T8585] bond0 (unregistering): Released all slaves
[  930.100435][T16634] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  930.106593][T16634] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  930.114226][T16634] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  930.123909][T16634] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  930.139176][T16634] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  930.165148][T16634] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  930.181077][T16634] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  930.211759][T16634] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  930.367894][T16661] FAULT_INJECTION: forcing a failure.
[  930.367894][T16661] name failslab, interval 1, probability 0, space 0, times 0
[  930.380743][T16661] CPU: 0 UID: 0 PID: 16661 Comm: syz.4.2867 Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) 
[  930.380768][T16661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  930.380778][T16661] Call Trace:
[  930.380784][T16661]  <TASK>
[  930.380790][T16661]  dump_stack_lvl+0x16c/0x1f0
[  930.380817][T16661]  should_fail_ex+0x512/0x640
[  930.380841][T16661]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  930.380858][T16661]  should_failslab+0xc2/0x120
[  930.380873][T16661]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  930.380886][T16661]  ? sock_alloc_inode+0x25/0x1c0
[  930.380906][T16661]  ? __pfx_sock_alloc_inode+0x10/0x10
[  930.380921][T16661]  sock_alloc_inode+0x25/0x1c0
[  930.380937][T16661]  alloc_inode+0x61/0x240
[  930.380955][T16661]  sock_alloc+0x40/0x280
[  930.380971][T16661]  do_accept+0xf7/0x530
[  930.380982][T16661]  ? do_raw_spin_lock+0x12c/0x2b0
[  930.381000][T16661]  ? __pfx_do_accept+0x10/0x10
[  930.381021][T16661]  __sys_accept4+0x100/0x1c0
[  930.381033][T16661]  ? __pfx___sys_accept4+0x10/0x10
[  930.381045][T16661]  ? __pfx_ksys_write+0x10/0x10
[  930.381060][T16661]  __x64_sys_accept4+0x96/0x100
[  930.381072][T16661]  ? lockdep_hardirqs_on+0x7c/0x110
[  930.381091][T16661]  do_syscall_64+0xcd/0x4c0
[  930.381107][T16661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.381119][T16661] RIP: 0033:0x7fb3c5f8e969
[  930.381128][T16661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  930.381139][T16661] RSP: 002b:00007fb3c3df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  930.381149][T16661] RAX: ffffffffffffffda RBX: 00007fb3c61b6080 RCX: 00007fb3c5f8e969
[  930.381157][T16661] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  930.381163][T16661] RBP: 00007fb3c3df6090 R08: 0000000000000000 R09: 0000000000000000
[  930.381169][T16661] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  930.381176][T16661] R13: 0000000000000000 R14: 00007fb3c61b6080 R15: 00007ffe4ec66728
[  930.381190][T16661]  </TASK>
[  930.979996][ T8585] bond1 (unregistering): Released all slaves
[  931.098907][T16670] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2868'.
[  931.114622][T16668] lo speed is unknown, defaulting to 1000
[  931.413232][    T9] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  931.491374][T16632] chnl_net:caif_netlink_parms(): no params data found
[  931.586244][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  931.798110][T15994] Bluetooth: hci0: command 0x0c1a tx timeout
[  931.868900][    T9] usb 5-1: can't read configurations, error -61
[  932.054705][    T9] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  932.086270][T16632] bridge0: port 1(bridge_slave_0) entered blocking state
[  932.106182][T16632] bridge0: port 1(bridge_slave_0) entered disabled state
[  932.117330][T16632] bridge_slave_0: entered allmulticast mode
[  932.145583][T16632] bridge_slave_0: entered promiscuous mode
[  932.170499][T16632] bridge0: port 2(bridge_slave_1) entered blocking state
[  932.180464][T16632] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.198817][T16632] bridge_slave_1: entered allmulticast mode
[  932.205330][ T6366] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  932.234367][T16632] bridge_slave_1: entered promiscuous mode
[  932.258846][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  932.283487][    T9] usb 5-1: can't read configurations, error -61
[  932.306989][    T9] usb usb5-port1: attempt power cycle
[  932.311125][T15994] Bluetooth: hci3: command 0x040f tx timeout
[  932.312581][T13846] Bluetooth: hci7: command 0x0c1a tx timeout
[  932.318442][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  932.324426][T13846] Bluetooth: hci1: command 0x0c1a tx timeout
[  932.338876][ T5137] Bluetooth: hci6: command 0x041b tx timeout
[  932.393698][T16632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  932.407879][T16684] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2874'.
[  932.423653][ T6366] usb 10-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  932.437655][T16632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  932.451917][ T6366] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  932.486248][ T6366] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  932.499780][ T6366] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  932.537364][ T6366] usb 10-1: config 0 descriptor??
[  932.549683][ T6366] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  932.573711][T16632] team0: Port device team_slave_0 added
[  932.609538][T16632] team0: Port device team_slave_1 added
[  932.667767][T16632] batman_adv: batadv0: Adding interface: batadv_slave_0
[  932.674904][T16632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  932.703134][T16632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  932.719617][    T9] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  932.722080][T16632] batman_adv: batadv0: Adding interface: batadv_slave_1
[  932.737045][T16632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  932.770228][T16632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  932.784694][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  932.800357][    T9] usb 5-1: can't read configurations, error -61
[  932.892326][ T8585] : left promiscuous mode
[  932.982060][T16632] hsr_slave_0: entered promiscuous mode
[  932.987960][    T9] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  932.989750][T16632] hsr_slave_1: entered promiscuous mode
[  933.014432][T16632] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  933.025618][T16632] Cannot create hsr debugfs directory
[  933.034580][ T8585] tipc: Left network mode
[  933.097922][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  933.107716][    T9] usb 5-1: can't read configurations, error -61
[  933.130967][    T9] usb usb5-port1: unable to enumerate USB device
[  933.782863][T16690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  933.791598][T16690] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  934.513196][ T5872] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  934.535749][   T51] Bluetooth: hci3: command 0x040f tx timeout
[  934.545342][ T5137] Bluetooth: hci7: unexpected event for opcode 0xb121
[  934.638753][T16700] netlink: 'syz.4.2878': attribute type 7 has an invalid length.
[  935.011821][T16699] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  935.297881][ T5873] usb 10-1: USB disconnect, device number 11
[  935.390968][ T5872] usb 4-1: Using ep0 maxpacket: 32
[  935.422556][ T5872] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  935.435275][ T5872] usb 4-1: config 0 has no interface number 0
[  935.453348][ T5872] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=b0.57
[  935.469687][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  935.481746][ T5872] usb 4-1: Product: syz
[  935.501232][ T5872] usb 4-1: Manufacturer: syz
[  935.505907][ T5872] usb 4-1: SerialNumber: syz
[  935.527320][ T5872] usb 4-1: config 0 descriptor??
[  935.538796][ T5872] smsc95xx v2.0.0
[  935.779546][T16707] netlink: 'syz.1.2880': attribute type 15 has an invalid length.
[  935.787632][T16707] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2880'.
[  936.201743][ T5872] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  936.232783][ T5872] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  936.892798][ T5137] Bluetooth: hci3: command 0x040f tx timeout
[  936.978311][ T5872] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  937.046710][ T5872] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  937.059454][ T5872] usb 4-1: USB disconnect, device number 13
[  937.121799][T16722] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2883'.
[  937.147859][T16722] fuse: Unknown parameter 'r000000000000_	0000040000'
[  937.717269][T16715] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  937.902833][T16632] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  937.955074][T16632] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  937.989975][T16632] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  938.014395][T16632] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  938.743105][ T8585] IPVS: stop unused estimator thread 0...
[  939.074360][ T5137] Bluetooth: hci3: command 0x040f tx timeout
[  939.393691][T16632] 8021q: adding VLAN 0 to HW filter on device bond0
[  939.552216][T16632] 8021q: adding VLAN 0 to HW filter on device team0
[  940.295637][T16748] bridge0: port 1(bridge_slave_0) entered disabled state
[  940.304758][T16748] bridge0: port 2(bridge_slave_1) entered disabled state
[  940.380814][ T8588] bridge0: port 1(bridge_slave_0) entered blocking state
[  940.388087][ T8588] bridge0: port 1(bridge_slave_0) entered forwarding state
[  940.579333][ T8595] bridge0: port 2(bridge_slave_1) entered blocking state
[  940.586565][ T8595] bridge0: port 2(bridge_slave_1) entered forwarding state
[  941.303869][ T5137] Bluetooth: hci3: command 0x040f tx timeout
[  941.856922][ T7495] usb 5-1: new full-speed USB device number 55 using dummy_hcd
[  942.222466][T16782] geneve1: entered promiscuous mode
[  942.265745][ T7495] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  942.276020][ T7495] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  942.296125][ T7495] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  942.307520][ T7495] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  942.324436][ T7495] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  942.344385][ T7495] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  942.353652][ T7495] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  942.364377][ T7495] usb 5-1: Product: syz
[  942.368581][ T7495] usb 5-1: Manufacturer: syz
[  942.375538][ T7495] usb 5-1: SerialNumber: syz
[  942.395942][T16787] geneve2: entered promiscuous mode
[  942.445949][ T7495] usb 5-1: config 0 descriptor??
[  942.701031][ T7495] radio-si470x 5-1:0.0: DeviceID=0xe1a8 ChipID=0x2878
[  942.728715][T16797] netlink: 'syz.9.2895': attribute type 15 has an invalid length.
[  942.736859][T16797] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2895'.
[  942.905517][ T7495] radio-si470x 5-1:0.0: software version 225, hardware version 168
[  943.123634][ T7495] radio-si470x 5-1:0.0: submitting int urb failed (-90)
[  943.442336][T16632] 8021q: adding VLAN 0 to HW filter on device batadv0
[  943.915187][ T7495] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -110
[  943.919414][T16632] veth0_vlan: entered promiscuous mode
[  943.940698][ T7495] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22
[  943.945888][T16632] veth1_vlan: entered promiscuous mode
[  944.027673][T16632] veth0_macvtap: entered promiscuous mode
[  944.346715][T16814] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2899'.
[  944.752945][T16632] veth1_macvtap: entered promiscuous mode
[  944.871751][T16632] batman_adv: batadv0: Interface activated: batadv_slave_0
[  945.051792][T16632] batman_adv: batadv0: Interface activated: batadv_slave_1
[  945.101571][T16632] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  945.116419][T16632] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  945.134731][T16632] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  945.142937][T16818] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2900'.
[  945.279657][T16632] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  945.445545][T16826] netlink: 'syz.9.2901': attribute type 10 has an invalid length.
[  945.854885][T16826] hsr_slave_0: left promiscuous mode
[  945.860750][T16826] hsr_slave_1: left promiscuous mode
[  946.527385][T16779] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  946.628436][T16779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  946.750279][ T8596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  946.767461][ T7489] usb 5-1: USB disconnect, device number 55
[  946.789543][ T8596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  947.177612][T16837] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  947.759599][ T5872] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  948.047934][ T5872] usb 5-1: Using ep0 maxpacket: 8
[  948.054614][ T5872] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  948.136962][ T5872] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  948.150462][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  948.162233][ T5872] usb 5-1: Product: syz
[  948.166708][ T5872] usb 5-1: Manufacturer: syz
[  948.171383][ T5872] usb 5-1: SerialNumber: syz
[  948.187923][ T5872] usb 5-1: config 0 descriptor??
[  948.199125][ T5872] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  948.214018][ T5872] usb 5-1: setting power ON
[  948.226856][ T5872] dvb-usb: bulk message failed: -22 (2/0)
[  948.265344][ T5872] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  948.330440][ T5872] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  948.431337][ T5872] usb 5-1: media controller created
[  948.458872][ T5872] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  948.467779][T16835] dvb-usb: bulk message failed: -22 (3/0)
[  948.474498][T16835] dvb-usb: bulk message failed: -22 (5/0)
[  948.533242][   T30] audit: type=1400 audit(933.395:2330): avc:  denied  { listen } for  pid=16853 comm="syz.2.2906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  948.582045][   T30] audit: type=1400 audit(933.395:2331): avc:  denied  { accept } for  pid=16853 comm="syz.2.2906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  948.643196][ T5872] usb 5-1: selecting invalid altsetting 6
[  948.712070][ T5872] usb 5-1: digital interface selection failed (-22)
[  948.731666][ T5872] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  948.758984][ T5872] usb 5-1: setting power OFF
[  949.233830][ T5872] dvb-usb: bulk message failed: -22 (2/0)
[  949.239803][ T5872] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  949.249565][ T5872] (NULL device *): no alternate interface
[  949.353217][ T5872] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  949.387141][T16858] bridge0: port 2(bridge_slave_1) entered disabled state
[  949.394733][T16858] bridge0: port 1(bridge_slave_0) entered disabled state
[  949.449717][ T5872] usb 5-1: USB disconnect, device number 56
[  950.038022][T16858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  950.061208][T16858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  950.524767][T16858] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  950.562115][T16858] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  950.609217][T16858] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  950.618301][T16858] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  950.797098][T16866] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  950.804328][T16866] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  950.823489][T16866] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  950.885646][T16879] netlink: 'syz.3.2911': attribute type 6 has an invalid length.
[  950.896861][ T5137] Bluetooth: hci6: ACL packet for unknown connection handle 201
[  950.975053][T16866] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  951.150200][T16866] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  951.177006][T16866] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  951.186555][T16866] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  952.143491][   T30] audit: type=1400 audit(936.772:2333): avc:  denied  { ioctl } for  pid=16882 comm="syz.1.2913" path="socket:[58130]" dev="sockfs" ino=58130 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  952.399694][   T30] audit: type=1326 audit(936.763:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16882 comm="syz.1.2913" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f59f8e969 code=0x0
[  952.562607][T15433] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  952.772916][ T7489] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  953.035391][T15433] usb 3-1: Using ep0 maxpacket: 8
[  953.040846][T15994] Bluetooth: hci4: command 0x0405 tx timeout
[  953.047439][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  953.054067][ T5137] Bluetooth: hci1: command 0x0c1a tx timeout
[  953.148728][T15433] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  953.168294][T15433] usb 3-1: config 0 has no interface number 0
[  953.179030][ T5137] Bluetooth: hci5: command 0x0c1a tx timeout
[  953.185165][T15433] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  953.203925][T15433] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  953.226673][T15433] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  953.247203][ T7489] usb 5-1: Using ep0 maxpacket: 16
[  953.254099][T15433] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  953.266315][ T7489] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  953.274964][T15433] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  953.287527][ T7489] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  953.296603][T15433] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  953.309341][T15433] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.317495][ T5873] IPVS: starting estimator thread 0...
[  953.331612][ T7489] usb 5-1: config 0 has no interface number 0
[  953.332097][T15433] usb 3-1: config 0 descriptor??
[  953.350171][ T5137] Bluetooth: hci3: command 0x040f tx timeout
[  953.351821][ T7489] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  953.356387][   T51] Bluetooth: hci7: command 0x0c1a tx timeout
[  953.365565][T15994] Bluetooth: hci6: command 0x041b tx timeout
[  953.401927][T15433] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  953.408327][ T7489] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.430852][ T7489] usb 5-1: Product: syz
[  953.435281][ T7489] usb 5-1: Manufacturer: syz
[  953.440525][ T7489] usb 5-1: SerialNumber: syz
[  953.446451][T16912] IPVS: using max 47 ests per chain, 112800 per kthread
[  953.455031][ T7489] usb 5-1: config 0 descriptor??
[  953.473489][ T7489] usb 5-1: Found UVC 0.00 device syz (046d:08f3)
[  953.499526][ T7489] usb 5-1: No valid video chain found.
[  953.645653][T16891] ldusb 3-1:0.55: Couldn't submit interrupt_in_urb -90
[  953.732671][T16895] SELinux:  policydb version 0 does not match my version range 15-34
[  953.741553][T16895] SELinux: failed to load policy
[  954.028661][T15433] usb 5-1: USB disconnect, device number 57
[  954.038180][ T7489] usb 3-1: USB disconnect, device number 41
[  954.066850][ T7489] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  955.415104][T16920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2923'.
[  955.847422][   T42] kernel write not supported for file [eventfd] (pid: 42 comm: kworker/1:1)
[  955.857532][T16935] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2928'.
[  955.868238][T16935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2928'.
[  956.122724][T16941] netlink: 4260 bytes leftover after parsing attributes in process `syz.4.2927'.
[  956.387421][T16930] netlink: 340 bytes leftover after parsing attributes in process `syz.9.2924'.
[  956.660857][T16945] bridge1: entered allmulticast mode
[  957.227662][T16946] ubi: mtd0 is already attached to ubi31
[  958.621002][   T30] audit: type=1804 audit(942.310:2334): pid=16968 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2935" name="/newroot/7/file0" dev="tmpfs" ino=56 res=1 errno=0
[  959.053162][T16974] sp0: Synchronizing with TNC
[  959.980908][T16978] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  960.311601][T16986] netlink: 'syz.9.2939': attribute type 10 has an invalid length.
[  960.364452][T15994] Bluetooth: hci6: unexpected event for opcode 0xb121
[  960.869755][T16988] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  960.889883][T16981] bridge1: entered allmulticast mode
[  961.822771][T16998] xt_hashlimit: overflow, rate too high: 0
[  961.929406][T17004] netlink: 'syz.3.2944': attribute type 10 has an invalid length.
[  961.939743][T17004] team0: Device veth1_macvtap failed to register rx_handler
[  962.086896][ T7488] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  962.885820][ T7488] usb 3-1: config 3 has an invalid descriptor of length 161, skipping remainder of the config
[  962.909424][ T6487] vivid-000: reconnect
[  962.920300][ T7488] usb 3-1: config 3 has 0 interfaces, different from the descriptor's value: 1
[  962.962477][ T7488] usb 3-1: New USB device found, idVendor=06cd, idProduct=0135, bcdDevice=a8.a4
[  962.984159][ T7488] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.223324][T16996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  963.240930][T16996] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  963.274919][   T42] usb 3-1: USB disconnect, device number 42
[  963.330345][ T5137] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  963.345990][ T5137] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  963.358419][ T5137] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  963.373475][ T5137] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  963.384574][ T5137] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  963.809485][T17024] vivid-000: disconnect
[  963.820254][T17024] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2949'.
[  963.905879][T17025] vivid-000: reconnect
[  964.213641][T17027] netlink: 'syz.1.2950': attribute type 15 has an invalid length.
[  964.252023][T15343] bond0: (slave syz_tun): Releasing backup interface
[  964.259228][T17027] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2950'.
[  964.289515][T17024] vcan0: entered promiscuous mode
[  964.294668][T17024] vcan0: entered allmulticast mode
[  965.126020][T17016] chnl_net:caif_netlink_parms(): no params data found
[  965.167914][ T8596] Bluetooth: Error in BCSP hdr checksum
[  965.477268][   T42] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  965.541147][T17048] netlink: 788 bytes leftover after parsing attributes in process `syz.3.2955'.
[  965.582993][ T5137] Bluetooth: hci8: command tx timeout
[  965.684237][   T42] usb 3-1: Using ep0 maxpacket: 8
[  965.712906][   T42] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  965.808964][T17051] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2956'.
[  965.869173][   T42] usb 3-1: config 0 has no interface number 0
[  966.031023][   T42] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  966.042579][   T42] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  966.083245][   T42] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  966.136449][   T42] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  966.178194][   T42] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  966.180538][ T3588] bond0: (slave netdevsim0): Releasing backup interface
[  966.252498][   T42] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  966.280653][   T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.295955][   T42] usb 3-1: config 0 descriptor??
[  966.327281][   T42] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  966.569454][T17016] bridge0: port 1(bridge_slave_0) entered blocking state
[  967.407524][T17016] bridge0: port 1(bridge_slave_0) entered disabled state
[  967.419448][ T5137] Bluetooth: hci4: command 0x1003 tx timeout
[  967.576648][T15994] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  967.952836][T17042] ldusb 3-1:0.55: Couldn't submit interrupt_in_urb -90
[  967.979137][T17016] bridge_slave_0: entered allmulticast mode
[  968.043425][T15994] Bluetooth: hci8: command tx timeout
[  968.084092][T17016] bridge_slave_0: entered promiscuous mode
[  968.119581][T17062] SELinux:  policydb version 0 does not match my version range 15-34
[  968.132558][T17062] SELinux: failed to load policy
[  968.181144][T17016] bridge0: port 2(bridge_slave_1) entered blocking state
[  968.194470][T17016] bridge0: port 2(bridge_slave_1) entered disabled state
[  968.249702][T17016] bridge_slave_1: entered allmulticast mode
[  968.353036][T17016] bridge_slave_1: entered promiscuous mode
[  968.427853][   T30] audit: type=1400 audit(952.010:2335): avc:  denied  { mount } for  pid=17065 comm="syz.9.2959" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  968.501172][ T7495] usb 3-1: USB disconnect, device number 43
[  968.530724][   T30] audit: type=1400 audit(952.047:2336): avc:  denied  { watch } for  pid=17065 comm="syz.9.2959" path="/89/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  968.531393][ T7495] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  968.766115][T17072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2962'.
[  968.775194][T17073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2962'.
[  969.520264][T17016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  969.737958][T17016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  969.955014][T17083] xt_CT: You must specify a L4 protocol and not use inversions on it
[  969.958347][   T30] audit: type=1400 audit(953.432:2337): avc:  denied  { unmount } for  pid=15204 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  970.021186][T17016] team0: Port device team_slave_0 added
[  970.198426][T15994] Bluetooth: hci8: command tx timeout
[  970.244374][T17016] team0: Port device team_slave_1 added
[  970.263578][ T7495] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  970.481683][ T7495] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  970.698383][ T7495] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  970.792675][ T7495] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  970.812449][ T7495] usb 4-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  970.829389][ T7495] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  970.850257][ T7495] usb 4-1: config 0 descriptor??
[  970.878396][T17016] batman_adv: batadv0: Adding interface: batadv_slave_0
[  970.891251][T17016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  970.918427][T17016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  970.930667][ T3588] bridge_slave_1: left promiscuous mode
[  970.936957][ T3588] bridge0: port 2(bridge_slave_1) entered disabled state
[  970.948667][ T3588] bridge_slave_0: left promiscuous mode
[  970.955803][ T3588] bridge0: port 1(bridge_slave_0) entered disabled state
[  971.418881][ T7495] usbhid 4-1:0.0: can't add hid device: -71
[  971.424994][ T7495] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  971.425301][T17097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2969'.
[  971.456721][ T7495] usb 4-1: USB disconnect, device number 14
[  971.635062][ T3588] team0: Port device geneve0 removed
[  972.107875][ T3588] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  972.121840][ T3588] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  972.131375][ T3588] bond0 (unregistering): Released all slaves
[  972.150074][ T3588] bond1 (unregistering): Released all slaves
[  972.238826][T17016] batman_adv: batadv0: Adding interface: batadv_slave_1
[  972.253413][T17016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  972.289878][T17016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  972.373321][T17097] batman_adv: batadv0: Removing interface: batadv_slave_0
[  972.381563][T17097] batman_adv: batadv0: Removing interface: batadv_slave_1
[  972.422955][T15994] Bluetooth: hci8: command tx timeout
[  972.431957][T17106] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0
[  972.516270][T17016] hsr_slave_0: entered promiscuous mode
[  972.523002][T17016] hsr_slave_1: entered promiscuous mode
[  972.535651][T17016] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  972.561015][T17016] Cannot create hsr debugfs directory
[  972.996504][T17111] fuse: Bad value for 'fd'
[  973.298685][T17114] netlink: 788 bytes leftover after parsing attributes in process `syz.2.2972'.
[  973.773675][T17108] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  974.346277][ T3588] : left promiscuous mode
[  974.615946][ T3588] tipc: Left network mode
[  974.635917][ T7495] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  974.831318][ T7495] usb 3-1: Using ep0 maxpacket: 32
[  974.846538][ T7495] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  974.877546][ T7495] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  974.918806][ T7495] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  974.940379][ T7495] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.955878][ T5873] usb 2-1: new full-speed USB device number 62 using dummy_hcd
[  974.976614][ T7495] usb 3-1: config 0 descriptor??
[  975.008433][ T7495] hub 3-1:0.0: USB hub found
[  975.164289][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  975.209416][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  975.240433][ T7495] hub 3-1:0.0: 1 port detected
[  975.265672][ T5873] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  975.606185][ T5873] usb 2-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  975.684759][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  975.709885][ T5873] usb 2-1: config 0 descriptor??
[  975.805840][T17016] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  975.844141][T17016] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  975.876409][T17016] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  975.906587][T17016] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  975.964029][ T7495] hub 3-1:0.0: activate --> -90
[  976.236924][ T5873] usbhid 2-1:0.0: can't add hid device: -71
[  976.243770][ T5873] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  976.267015][ T5873] usb 2-1: USB disconnect, device number 62
[  976.394081][ T3588] batman_adv: batadv0: Removing interface: batadv_slave_0
[  976.407279][ T3588] batman_adv: batadv0: Removing interface: batadv_slave_1
[  977.189134][T17151] netlink: 'syz.1.2984': attribute type 15 has an invalid length.
[  977.210035][T17151] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2984'.
[  977.298650][ T3588] team0 (unregistering): Port device team_slave_1 removed
[  977.325841][ T7495] hub 3-1:0.0: hub_ext_port_status failed (err = -32)
[  977.346867][ T7495] usb 3-1-port1: connect-debounce failed
[  977.367713][ T7495] usb 3-1-port1: cannot disable (err = -32)
[  977.401668][ T3588] team0 (unregistering): Port device team_slave_0 removed
[  978.405974][ T5873] usb 3-1: USB disconnect, device number 44
[  979.125373][T17143] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  979.143982][T17143] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  979.221863][T17143] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  979.239740][T17143] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  979.251094][T17016] 8021q: adding VLAN 0 to HW filter on device bond0
[  979.280534][T17143] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  979.361217][T17143] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  979.745956][T17172] netlink: 'syz.2.2988': attribute type 10 has an invalid length.
[  979.771982][T17172] hsr_slave_0: left promiscuous mode
[  979.784508][T17172] hsr_slave_1: left promiscuous mode
[  980.216567][T17174] binder: 17167:17174 ioctl c00c620f 200000000dc0 returned -22
[  980.435739][ T3588] IPVS: stop unused estimator thread 0...
[  980.656102][T17016] 8021q: adding VLAN 0 to HW filter on device team0
[  980.882084][T17143] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  980.883951][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state
[  980.888019][T17143] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  980.895181][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state
[  980.968122][ T3547] bridge0: port 2(bridge_slave_1) entered blocking state
[  980.975496][ T3547] bridge0: port 2(bridge_slave_1) entered forwarding state
[  981.054627][T17185] binder: 17179:17185 ioctl c00c620f 200000000dc0 returned -22
[  981.314013][T17190] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  981.447507][T17143] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  981.459530][T17016] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  981.470318][T17143] Bluetooth: hci7: Error when powering off device on rfkill (-4)
[  981.507578][T17016] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  981.521472][T17178] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  981.532291][T17178] Bluetooth: hci8: Opcode 0x0c1a failed: -4
[  981.547948][T17178] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  981.562849][ T6477] usb 3-1: new full-speed USB device number 45 using dummy_hcd
[  981.599051][T17178] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  981.661166][T17143] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  981.686194][T17143] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  981.741802][T17143] Bluetooth: hci8: Opcode 0x0c1a failed: -4
[  981.757952][ T6477] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  981.759840][T17143] Bluetooth: hci8: Error when powering off device on rfkill (-4)
[  981.802291][ T6477] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  981.832902][ T6477] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  981.879168][ T6477] usb 3-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  981.901233][ T6477] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  981.935410][ T6477] usb 3-1: config 0 descriptor??
[  983.756702][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  983.763058][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  984.145087][T17016] 8021q: adding VLAN 0 to HW filter on device batadv0
[  984.288918][ T6477] usbhid 3-1:0.0: can't add hid device: -71
[  984.295006][ T6477] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  984.374858][ T6477] usb 3-1: USB disconnect, device number 45
[  984.556620][T17206] fuse: Bad value for 'fd'
[  984.695011][T17209] netlink: 788 bytes leftover after parsing attributes in process `syz.9.2996'.
[  985.320591][T17016] veth0_vlan: entered promiscuous mode
[  985.334191][T17016] veth1_vlan: entered promiscuous mode
[  985.400767][T17016] veth0_macvtap: entered promiscuous mode
[  985.424580][T17016] veth1_macvtap: entered promiscuous mode
[  985.444252][T17016] batman_adv: batadv0: Interface activated: batadv_slave_0
[  985.459149][T17016] batman_adv: batadv0: Interface activated: batadv_slave_1
[  985.470133][T17016] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  985.482649][T17016] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  985.491866][T17016] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  985.505273][T17016] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  985.670651][ T7495] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  985.700618][   T30] audit: type=1400 audit(968.145:2338): avc:  denied  { getattr } for  pid=17216 comm="syz.9.2999" name="/" dev="pidfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  985.892779][ T7495] usb 3-1: Using ep0 maxpacket: 16
[  985.912396][T16779] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  985.917925][ T7495] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  985.965273][T16779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  985.994526][ T7495] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  986.026747][T16779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  986.048535][T16779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  986.116874][ T7495] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  986.201301][ T7495] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  986.224663][ T7495] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  986.250974][ T7495] usb 3-1: SerialNumber: syz
[  986.294117][T17219] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  986.417955][T17228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2946'.
[  986.637974][T17219] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3000'.
[  986.776189][ T7495] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  987.380315][ T7495] usb 3-1: USB disconnect, device number 46
[  988.010458][T17237] geneve2: entered promiscuous mode
[  988.059368][T17249] fuse: Bad value for 'fd'
[  988.862452][T17257] xt_HMARK: proto mask must be zero with L3 mode
[  989.560184][ T6477] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[  989.885086][ T6477] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  990.094071][ T6477] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  990.125706][ T6477] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  990.150733][ T6477] usb 2-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  990.183295][ T6477] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.268319][ T6477] usb 2-1: config 0 descriptor??
[  990.677349][T17282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3015'.
[  990.797471][ T6477] usbhid 2-1:0.0: can't add hid device: -71
[  990.870487][ T6477] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  990.914319][ T6477] usb 2-1: USB disconnect, device number 63
[  991.030964][T17284] netlink: 'syz.2.3016': attribute type 1 has an invalid length.
[  991.189628][T17284] bond1: entered promiscuous mode
[  991.291811][T17284] 8021q: adding VLAN 0 to HW filter on device bond1
[  991.498615][T17285] 8021q: adding VLAN 0 to HW filter on device bond1
[  991.530341][T17285] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  991.571461][T17285] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  991.625732][T17287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3016'.
[  991.670569][T17285] bond1: (slave ip6gre1): making interface the new active one
[  991.724772][T17285] ip6gre1: entered promiscuous mode
[  991.737191][T17285] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  992.244700][   T30] audit: type=1804 audit(974.226:2339): pid=17299 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.9.3019" name="/newroot/102/file0" dev="tmpfs" ino=553 res=1 errno=0
[  992.532896][T17302] netlink: 'syz.4.3020': attribute type 1 has an invalid length.
[  993.691436][ T7488] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  994.606157][ T7488] usb 3-1: device not accepting address 47, error -71
[  994.939866][T17315] SELinux:  policydb version 0 does not match my version range 15-34
[  994.948339][T17315] SELinux: failed to load policy
[  995.899863][T17326] capability: warning: `syz.2.3029' uses 32-bit capabilities (legacy support in use)
[  996.027215][ T5872] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  996.069842][ T7488] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  996.159864][T17331] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3031'.
[  996.173550][T17331] vlan2: entered promiscuous mode
[  996.178678][T17331] bond0: entered promiscuous mode
[  996.183690][T17331] bond_slave_0: entered promiscuous mode
[  996.189436][T17331] bond_slave_1: entered promiscuous mode
[  996.219412][ T5872] usb 10-1: Using ep0 maxpacket: 32
[  996.226674][ T5872] usb 10-1: config 0 has an invalid interface number: 15 but max is 0
[  996.236151][ T5872] usb 10-1: config 0 has no interface number 0
[  996.244987][ T5872] usb 10-1: config 0 interface 15 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  996.259215][ T5872] usb 10-1: config 0 interface 15 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  996.302181][ T7488] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  996.303149][ T5872] usb 10-1: New USB device found, idVendor=0856, idProduct=bc01, bcdDevice=b2.bf
[  996.314035][ T7488] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  996.337643][ T7488] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  996.347609][ T5872] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  996.376841][ T5872] usb 10-1: Product: syz
[  996.376975][ T7488] usb 2-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  996.401332][ T5872] usb 10-1: Manufacturer: syz
[  996.418685][ T5872] usb 10-1: SerialNumber: syz
[  996.419066][ T7488] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  996.450683][ T7488] usb 2-1: config 0 descriptor??
[  996.465372][ T5872] usb 10-1: config 0 descriptor??
[  996.476057][ T7495] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  996.646016][ T7495] usb 5-1: Using ep0 maxpacket: 32
[  996.662600][ T7495] usb 5-1: config 0 has an invalid interface number: 124 but max is 0
[  996.679307][ T7495] usb 5-1: config 0 has no interface number 0
[  996.696271][ T7495] usb 5-1: config 0 interface 124 altsetting 0 has an endpoint descriptor with address 0x1A, changing to 0xA
[  996.740116][ T7495] usb 5-1: New USB device found, idVendor=0bfd, idProduct=001c, bcdDevice=8c.e8
[  996.750104][ T7495] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  996.819681][ T5872] mos7840 10-1:0.15: missing endpoints
[  996.843339][ T7495] usb 5-1: Product: syz
[  996.846284][ T5872] usb 10-1: USB disconnect, device number 12
[  997.555764][ T7495] usb 5-1: Manufacturer: syz
[  997.563976][ T7488] usbhid 2-1:0.0: can't add hid device: -71
[  997.573630][ T7488] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  997.583694][ T7495] usb 5-1: SerialNumber: syz
[  997.610519][ T7495] usb 5-1: config 0 descriptor??
[  997.635373][ T7488] usb 2-1: USB disconnect, device number 64
[  997.648199][ T7495] kvaser_usb 5-1:0.124: error -ENODEV: Cannot get usb endpoint(s)
[  997.815655][T17345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3035'.
[  997.913324][ T7478] usb 5-1: USB disconnect, device number 58
[  998.272965][ T5872] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  998.625887][T17351] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17351 comm=syz.2.3036
[  998.638780][T17351] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17351 comm=syz.2.3036
[  998.784882][T17354] FAULT_INJECTION: forcing a failure.
[  998.784882][T17354] name failslab, interval 1, probability 0, space 0, times 0
[  998.802194][T17354] CPU: 0 UID: 0 PID: 17354 Comm: syz.3.3038 Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) 
[  998.802223][T17354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  998.802233][T17354] Call Trace:
[  998.802240][T17354]  <TASK>
[  998.802246][T17354]  dump_stack_lvl+0x16c/0x1f0
[  998.802275][T17354]  should_fail_ex+0x512/0x640
[  998.802296][T17354]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  998.802319][T17354]  should_failslab+0xc2/0x120
[  998.802342][T17354]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  998.802363][T17354]  ? sctp_chunkify+0x51/0x2d0
[  998.802388][T17354]  sctp_chunkify+0x51/0x2d0
[  998.802411][T17354]  _sctp_make_chunk+0x148/0x270
[  998.802435][T17354]  sctp_make_datafrag_empty+0x16f/0x240
[  998.802461][T17354]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  998.802494][T17354]  sctp_datamsg_from_user+0x592/0x1320
[  998.802530][T17354]  sctp_sendmsg_to_asoc+0xaf5/0x1bf0
[  998.802556][T17354]  ? sctp_assoc_set_primary+0x177/0x300
[  998.802593][T17354]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  998.802629][T17354]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  998.802649][T17354]  ? selinux_sctp_bind_connect+0x112/0x2c0
[  998.802685][T17354]  sctp_sendmsg+0xef5/0x1ee0
[  998.802713][T17354]  ? __pfx_sctp_sendmsg+0x10/0x10
[  998.802736][T17354]  ? __pfx_sock_has_perm+0x10/0x10
[  998.802770][T17354]  ? __import_iovec+0x1dd/0x650
[  998.802791][T17354]  ? __pfx_sctp_sendmsg+0x10/0x10
[  998.802810][T17354]  inet_sendmsg+0x119/0x140
[  998.802834][T17354]  ____sys_sendmsg+0x973/0xc70
[  998.802863][T17354]  ? copy_msghdr_from_user+0x10a/0x160
[  998.802886][T17354]  ? __pfx_____sys_sendmsg+0x10/0x10
[  998.802926][T17354]  ___sys_sendmsg+0x134/0x1d0
[  998.802950][T17354]  ? __pfx____sys_sendmsg+0x10/0x10
[  998.802969][T17354]  ? __lock_acquire+0x622/0x1c90
[  998.803016][T17354]  ? lookup_nulls_elem_raw+0x50/0x180
[  998.803043][T17354]  __sys_sendmsg+0x16d/0x220
[  998.803066][T17354]  ? __pfx___sys_sendmsg+0x10/0x10
[  998.803088][T17354]  ? __pfx_bpf_trace_run2+0x10/0x10
[  998.803120][T17354]  ? syscall_trace_enter+0x1cb/0x260
[  998.803151][T17354]  ? rcu_is_watching+0x12/0xc0
[  998.803172][T17354]  do_syscall_64+0xcd/0x4c0
[  998.803197][T17354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  998.803216][T17354] RIP: 0033:0x7f5228b8e969
[  998.803231][T17354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  998.803247][T17354] RSP: 002b:00007f5229ac1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  998.803264][T17354] RAX: ffffffffffffffda RBX: 00007f5228db5fa0 RCX: 00007f5228b8e969
[  998.803275][T17354] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000006
[  998.803283][T17354] RBP: 00007f5229ac1090 R08: 0000000000000000 R09: 0000000000000000
[  998.803289][T17354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  998.803296][T17354] R13: 0000000000000000 R14: 00007f5228db5fa0 R15: 00007ffdac4a1188
[  998.803310][T17354]  </TASK>
[  999.105874][ T5872] usb 10-1: Using ep0 maxpacket: 8
[  999.114725][ T5872] usb 10-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  999.127232][ T5872] usb 10-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  999.136031][ T5872] usb 10-1: Product: syz
[  999.142915][ T5872] usb 10-1: Manufacturer: syz
[  999.147698][ T5872] usb 10-1: SerialNumber: syz
[  999.159416][ T7478] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  999.178461][ T5872] usb 10-1: config 0 descriptor??
[  999.242486][ T5872] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  999.321553][ T7478] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  999.346472][ T7478] usb 3-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  999.405357][ T7478] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  999.416831][ T7478] usb 3-1: config 1 has no interface number 1
[  999.423024][ T7478] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  999.497014][ T7478] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[  999.682147][ T7478] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  999.691660][ T7478] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  999.700313][ T7478] usb 3-1: Product: syz
[  999.704920][ T7478] usb 3-1: Manufacturer: syz
[  999.709676][ T7478] usb 3-1: SerialNumber: syz
[ 1000.090982][ T5872] gspca_zc3xx: reg_w_i err -71
[ 1000.097249][ T5872] gspca_zc3xx 10-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1000.138639][   T31] INFO: task syz.8.2614:15704 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1000.180637][   T31]       Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0
[ 1000.187661][ T7488] IPVS: starting estimator thread 0...
[ 1000.194089][ T5872] usb 10-1: USB disconnect, device number 13
[ 1000.200202][   T30] audit: type=1400 audit(981.718:2340): avc:  denied  { write } for  pid=5800 comm="syz-executor" path="pipe:[3035]" dev="pipefs" ino=3035 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1000.222712][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1000.290164][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1000.387517][   T31] task:syz.8.2614      state:D stack:28136 pid:15704 tgid:15703 ppid:15189  task_flags:0x400140 flags:0x00004004
[ 1000.464127][T17372] IPVS: using max 42 ests per chain, 100800 per kthread
[ 1000.774995][   T31] Call Trace:
[ 1000.804779][   T31]  <TASK>
[ 1000.830415][   T31]  __schedule+0x116a/0x5de0
[ 1000.858253][   T31]  ? __pfx___schedule+0x10/0x10
[ 1000.878703][   T31]  ? find_held_lock+0x2b/0x80
[ 1000.918997][   T31]  ? schedule+0x2d7/0x3a0
[ 1000.949844][   T31]  schedule+0xe7/0x3a0
[ 1001.062888][   T31]  super_lock+0x2c0/0x3f0
[ 1001.067281][   T31]  ? __pfx_super_lock+0x10/0x10
[ 1001.082864][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1001.093461][   T31]  ? __iterate_supers+0x1b6/0x330
[ 1001.126327][   T31]  __iterate_supers+0x1e0/0x330
[ 1001.137158][   T31]  ? __pfx_quota_sync_one+0x10/0x10
[ 1001.146302][   T31]  __x64_sys_quotactl+0x2b3/0x440
[ 1001.158984][   T31]  ? __pfx___x64_sys_quotactl+0x10/0x10
[ 1001.164640][   T31]  ? xfd_validate_state+0x61/0x180
[ 1001.174476][   T31]  do_syscall_64+0xcd/0x4c0
[ 1001.179053][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1001.185265][   T31] RIP: 0033:0x7fab9ab8e969
[ 1001.189726][   T31] RSP: 002b:00007fab9ba31038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[ 1001.202938][   T31] RAX: ffffffffffffffda RBX: 00007fab9adb5fa0 RCX: 00007fab9ab8e969
[ 1001.211028][   T31] RDX: 00000000f4ffffff RSI: 0000000000000000 RDI: ffffffff80000100
[ 1001.221843][   T31] RBP: 00007fab9ac10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1001.232181][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1001.243129][   T31] R13: 0000000000000000 R14: 00007fab9adb5fa0 R15: 00007ffcd219aff8
[ 1001.253565][   T31]  </TASK>
[ 1001.257112][   T31] 
[ 1001.257112][   T31] Showing all locks held in the system:
[ 1001.265925][   T31] 2 locks held by ksoftirqd/0/15:
[ 1001.400985][   T31]  #0: ffff8880b843bc58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1001.411092][   T31]  #1: ffff8880b8424048 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2c1/0x8e0
[ 1001.422681][   T31] 1 lock held by khungtaskd/31:
[ 1001.427664][   T31]  #0: ffffffff8e5c4d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1001.437694][   T31] 2 locks held by kworker/u8:10/3588:
[ 1001.443077][   T31] 2 locks held by getty/5576:
[ 1001.487023][   T31]  #0: ffff88814d5400a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1001.527671][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1001.575390][   T31] 3 locks held by kworker/1:7/6477:
[ 1001.584773][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1001.611165][   T31]  #1: ffffc9000c3e7d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1001.627892][   T31]  #2: ffffffff8e5d0338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[ 1001.682504][   T31] 6 locks held by kworker/1:8/7478:
[ 1001.687771][   T31]  #0: ffff888140e8fd48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1001.702749][   T31]  #1: ffffc9000538fd10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1001.719486][   T31]  #2: ffff888143f79198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0
[ 1001.728568][   T31]  #3: ffff8880639ed198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[ 1001.746413][   T31]  #4: ffff88802c5fc160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[ 1001.768065][   T31]  #5: ffffffff90281dc8 (register_mutex#6){+.+.}-{4:4}, at: usb_audio_probe+0x4e2/0x3c80
[ 1001.777969][   T31] 1 lock held by syz.1.2433/14976:
[ 1001.793539][   T31] 4 locks held by udevd/15195:
[ 1001.798351][   T31]  #0: ffff88807e38a790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[ 1001.807537][   T31]  #1: ffff888036afac88 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240
[ 1001.824997][   T31]  #2: ffff88805ee85d28 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240
[ 1001.838861][   T31]  #3: ffff8880639ed198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1001.848374][   T31] 1 lock held by syz-executor/15204:
[ 1001.858025][   T31]  #0: ffffffff90346fa8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1001.867163][   T31] 2 locks held by syz.2.3036/17351:
[ 1001.875001][   T31]  #0: ffffffff90346fa8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1001.884055][   T31]  #1: ffffffff8e5d0338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x280/0x3c0
[ 1001.903537][   T31] 1 lock held by syz.1.3043/17370:
[ 1001.909661][   T31]  #0: ffffffff90346fa8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1001.922394][   T31] 
[ 1001.969204][   T31] =============================================
[ 1001.969204][   T31] 
[ 1001.996163][   T31] NMI backtrace for cpu 1
[ 1001.996178][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) 
[ 1001.996193][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1001.996200][   T31] Call Trace:
[ 1001.996205][   T31]  <TASK>
[ 1001.996209][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1001.996230][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1001.996240][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1001.996258][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1001.996272][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1001.996285][   T31]  watchdog+0xf70/0x12c0
[ 1001.996306][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1001.996322][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1001.996337][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1001.996351][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1001.996368][   T31]  kthread+0x3c5/0x780
[ 1001.996383][   T31]  ? __pfx_kthread+0x10/0x10
[ 1001.996399][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1001.996411][   T31]  ? __pfx_kthread+0x10/0x10
[ 1001.996427][   T31]  ret_from_fork+0x5d7/0x6f0
[ 1001.996439][   T31]  ? __pfx_kthread+0x10/0x10
[ 1001.996455][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1001.996473][   T31]  </TASK>
[ 1001.996488][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1002.123843][    C0] NMI backtrace for cpu 0
[ 1002.123857][    C0] CPU: 0 UID: 0 PID: 14976 Comm: syz.1.2433 Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) 
[ 1002.123875][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1002.123883][    C0] RIP: 0010:its_return_thunk+0x0/0x10
[ 1002.123906][    C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 9b ac ab f5 cc
[ 1002.123920][    C0] RSP: 0018:ffffc9000b917b60 EFLAGS: 00000297
[ 1002.123932][    C0] RAX: 0000000000000002 RBX: 194a5043e0756200 RCX: ffffffff81a772d5
[ 1002.123941][    C0] RDX: ffff888079052440 RSI: 000000003b9ac9ff RDI: 0000000000000007
[ 1002.123950][    C0] RBP: 001600012d326791 R08: 0000000000000007 R09: 000000003b9ac9ff
[ 1002.123958][    C0] R10: 194a5043e0756200 R11: 0000000000000001 R12: ffffc9000b917bb0
[ 1002.123967][    C0] R13: 1ffff92001722f72 R14: ffffc9000b917bb8 R15: dffffc0000000000
[ 1002.123976][    C0] FS:  00007fd75bdf66c0(0000) GS:ffff888124765000(0000) knlGS:0000000000000000
[ 1002.123990][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1002.123999][    C0] CR2: 000055d6f1d7eb48 CR3: 000000007e81b000 CR4: 00000000003526f0
[ 1002.124008][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1002.124016][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1002.124024][    C0] Call Trace:
[ 1002.124029][    C0]  <TASK>
[ 1002.124034][    C0]  set_normalized_timespec64+0x35/0xc0
[ 1002.124052][    C0]  inode_set_ctime_to_ts+0xca/0x1f0
[ 1002.124070][    C0]  ? __pfx_inode_set_ctime_to_ts+0x10/0x10
[ 1002.124086][    C0]  ? mark_held_locks+0x49/0x80
[ 1002.124105][    C0]  v9fs_stat2inode_dotl+0x6e1/0xd30
[ 1002.124121][    C0]  ? v9fs_init_inode+0x164/0x680
[ 1002.124135][    C0]  v9fs_inode_from_fid_dotl+0x249/0x2f0
[ 1002.124152][    C0]  v9fs_mount+0x4fd/0xa30
[ 1002.124164][    C0]  ? __pfx_v9fs_mount+0x10/0x10
[ 1002.124176][    C0]  ? cap_capable+0xb3/0x250
[ 1002.124192][    C0]  ? __pfx_v9fs_mount+0x10/0x10
[ 1002.124203][    C0]  legacy_get_tree+0x109/0x220
[ 1002.124220][    C0]  vfs_get_tree+0x8e/0x340
[ 1002.124239][    C0]  path_mount+0x14d4/0x1f70
[ 1002.124257][    C0]  ? kmem_cache_free+0x2d1/0x4d0
[ 1002.124271][    C0]  ? __pfx_path_mount+0x10/0x10
[ 1002.124288][    C0]  ? putname+0x154/0x1a0
[ 1002.124305][    C0]  __x64_sys_mount+0x28d/0x310
[ 1002.124322][    C0]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1002.124342][    C0]  do_syscall_64+0xcd/0x4c0
[ 1002.124360][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1002.124374][    C0] RIP: 0033:0x7fd75df8e969
[ 1002.124384][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1002.124396][    C0] RSP: 002b:00007fd75bdf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1002.124408][    C0] RAX: ffffffffffffffda RBX: 00007fd75e1b5fa0 RCX: 00007fd75df8e969
[ 1002.124416][    C0] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000
[ 1002.124424][    C0] RBP: 00007fd75e010ab1 R08: 0000200000000000 R09: 0000000000000000
[ 1002.124433][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1002.124440][    C0] R13: 0000000000000000 R14: 00007fd75e1b5fa0 R15: 00007ffedb48c7b8
[ 1002.124454][    C0]  </TASK>
[ 1002.536583][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1002.543496][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-10815-gbb1556ec9464 #0 PREEMPT(full) 
[ 1002.554941][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1002.565089][   T31] Call Trace:
[ 1002.568355][   T31]  <TASK>
[ 1002.571289][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1002.575890][   T31]  panic+0x71c/0x800
[ 1002.579777][   T31]  ? __pfx_panic+0x10/0x10
[ 1002.584182][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1002.589548][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1002.595519][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1002.600883][   T31]  ? watchdog+0xdda/0x12c0
[ 1002.605294][   T31]  ? watchdog+0xdcd/0x12c0
[ 1002.609708][   T31]  watchdog+0xdeb/0x12c0
[ 1002.613950][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1002.618643][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1002.623851][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1002.628866][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1002.633537][   T31]  kthread+0x3c5/0x780
[ 1002.637613][   T31]  ? __pfx_kthread+0x10/0x10
[ 1002.642194][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1002.646946][   T31]  ? __pfx_kthread+0x10/0x10
[ 1002.651528][   T31]  ret_from_fork+0x5d7/0x6f0
[ 1002.656107][   T31]  ? __pfx_kthread+0x10/0x10
[ 1002.660775][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1002.665536][   T31]  </TASK>
[ 1002.668770][   T31] Kernel Offset: disabled
[ 1002.673076][   T31] Rebooting in 86400 seconds..