last executing test programs:

4m12.96149486s ago: executing program 4 (id=2930):
socket$netlink(0x10, 0x3, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0xa2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4}, 0x50)
fcntl$setlease(r3, 0x400, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, [@RTA_OIF={0x8, 0x4, r6}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0xa}}]}, 0x38}}, 0x1000c840)

4m11.77313393s ago: executing program 4 (id=2931):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
io_cancel(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x800008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x40c9}, 0x15)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fcntl$dupfd(r3, 0x0, r3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r4, 0x0, 0x0)
sendmsg$inet6(r3, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x40001080)
syz_genetlink_get_family_id$nl80211(0x0, r4)
recvmmsg(r2, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000700)={0x634, r0, 0x0, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_IE={0xfc, 0x2a, [@mesh_id={0x72, 0x6}, @perr={0x84, 0xe8, {0x2, 0xe, [{{0x0, 0x1}, @broadcast, 0xc3, @value=@device_b, 0x3f}, {{}, @device_a, 0x446c, @void, 0x41}, {{0x0, 0x1}, @device_a, 0x1, @value=@device_b, 0xe}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0x39}, {{0x0, 0x1}, @device_b, 0x9, @value=@broadcast, 0x27}, {{}, @device_a, 0x9, @void, 0x1f}, {{0x0, 0x1}, @device_b, 0x702d, @value=@device_b, 0x3c}, {{}, @broadcast, 0x8, @void, 0x6}, {{}, @device_a, 0x6, @void, 0x33}, {{}, @device_a, 0x10001, @void, 0x1d}, {{0x0, 0x1}, @device_b, 0x10, @value=@broadcast, 0x36}, {{}, @device_b, 0x16, @void, 0x9}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x19}, {{0x0, 0x1}, @broadcast, 0x8001, @value=@broadcast, 0xf}]}}, @peer_mgmt={0x75, 0x4, {0x0, 0x64, @void, @void, @void}}]}, @NL80211_ATTR_PROBE_RESP={0x1ee, 0x91, "2060a2956603e0f76f8ad77949a1547f78bb58ea98e93da7f2301159fda08b3b2bd1d57b85380d1293d9def7298f682dc2fbce376abddf71bcf984c8abf61cdd518c36c0f511d7e779d0a52d52cad338aa40c1cbf65d4b0f664110059df61d761b2aa42fc1e74089962bece1265f91e702874820c7d190f564cc0069f8cba214a58a4be669f65e981231a8910680452b118b10f4c7b75ba4c55bc0a275a99bd54d3b0161b6a32bbf6dc33669eeefaa3d520dc4d3cdbcbf2e35eef86c48e16d8a4b69a5f09f3fb51335336ad4315966627cf9bf8b2ea0eac7c9519204ff2d6c0b43a7d0286a9a6b1fdb3b01f3c51bb063bdfe36f94012c5426625bafaf6f69f0c26c8e7c84a29878e6ffe7823dc94971e9f378e3e334ad3edeff8f2523782d43227095e56090e297d8f7dba432d12681dee4d9e97816788bb8ea07f27a3e7b76997a91a7d73e59aa7b064ddaf0f787f329c500c2ef7906969e64433e97964d8604096eb062d5a1d53aa46d1098ac6ce3e11e60ac595486d40072154582bd1a3812865e00ff9d680a09a8477acc58b25af739c70241993a93a86b33b993a6d2c991891da7643b105b83b82b4ff13a8e98d723a244519a3f597ab4e3ad755327198adac94d051ed5dc92bfb91114027786aa27ac6e3a144704176624f4983b6c4e56397a5c2c031f2dbb776"}, @NL80211_ATTR_BEACON_HEAD={0xef, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7fd1}, @device_a, @device_a, @from_mac=@device_b, {0xa, 0x81}, @value=@ver_80211n={0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x6, @random=0xfe01, 0x2000, @void, @val={0x1, 0x5, [{0x12}, {0x9}, {0x1}, {0x5}, {0x5}]}, @val={0x3, 0x1, 0x6}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x5, 0x0, {0x9e, 0xf8, 0x0, 0x7, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x300, 0x1, 0x8}}, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x3, 0xf5, 0x40, 0xd72}}, [{0xdd, 0x7a, "56cac8e1d671738b6c7a1cd5b73677195b10200ae0449113904bb3b5dd3a39a736731e11c46895db2436c9703bc4a1b85e552341dd9d26fcc63077aef4a9e53fc38526df6b1f358cc3f18b20ecb06f734a9b6a1605cdd94590937996f9caa23d3ef627a14a8d08ac25920520af719dca9acf5ca587bf36fe8696"}, {0xdd, 0xb, "b3f9cd861fea2e28d7207d"}]}}], @NL80211_ATTR_TX_RATES={0x230, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2b, 0x2, [{0x2, 0x2}, {0x7, 0xa}, {0x1, 0x6}, {0x3, 0x3}, {0x7, 0xa}, {0x0, 0x5}, {0x2, 0x2}, {0x6, 0x1}, {0x3, 0x8}, {0x6, 0x8}, {0x3, 0x4}, {0x2, 0x2}, {0x1, 0x4}, {0x0, 0x2}, {0x0, 0x6}, {0x0, 0x8}, {0x7, 0x8}, {0x2, 0x2}, {0x1, 0x5}, {0x1, 0x9}, {0x5, 0xa}, {0x3, 0x4}, {0x5}, {0x0, 0x8}, {0x6, 0x6}, {0x2, 0x3}, {0x7, 0xa}, {0x5, 0x5}, {0x3}, {0x4, 0x7}, {0x5, 0x4}, {0x0, 0x7}, {0x0, 0x4}, {0x3, 0xa}, {0x2, 0x6}, {0x5, 0x1}, {0x3, 0x2}, {0x5, 0x8}, {0x0, 0x6}]}]}, @NL80211_BAND_60GHZ={0xc4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x6, 0x2, 0x12, 0x2, 0xe, 0x2, 0x1b, 0x48, 0x4, 0xc, 0x6, 0x48, 0x12, 0x16, 0x60, 0x1, 0x2, 0x1, 0x24, 0x48, 0x24, 0x3, 0xc, 0x6c, 0xc, 0x48]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x4, 0x4, 0x80, 0x40, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe00, 0x5, 0x800, 0x1, 0x6, 0xce6, 0x6, 0x5]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x60, 0x16, 0x60, 0xc62b9059808190b4, 0x5, 0x3, 0x16, 0x36, 0x16, 0x1b, 0x12, 0x6, 0x6c, 0x4, 0x9, 0x60, 0x36, 0x5, 0x0, 0x30, 0x1, 0x6c, 0x1b, 0x60, 0xc, 0x14, 0xb, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x4, 0x1, 0x3, 0x9fe, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x4, 0x1}, {0x2, 0x5}, {0x1, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0xff, 0x0, 0x8, 0x4, 0x8, 0x4, 0x1]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1, 0x2, 0x36, 0x48, 0x24, 0x24, 0x1, 0x36, 0x48, 0xb, 0x36, 0xb, 0x1, 0x1, 0x6c, 0x9, 0x24, 0x30, 0x3, 0x30]}]}, @NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8, 0xd6, 0x1, 0x2, 0x4, 0x4, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0xce, 0x200, 0x0, 0xf3, 0x1, 0x9]}}]}, @NL80211_BAND_6GHZ={0x88, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x7, 0x5000, 0xc, 0x617, 0x4, 0x8]}}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x36, 0x30, 0x5, 0x6, 0x6c, 0x3, 0x12, 0x0, 0x2, 0x4, 0x2, 0x6c, 0x6, 0x30, 0x3, 0x3, 0x2, 0x30, 0x2, 0xb, 0x18, 0x4, 0x36]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x0, 0x18, 0x4, 0x36, 0x34, 0x3, 0x48, 0x2, 0x6c, 0x24, 0x17, 0x1, 0x24]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff05, 0x401, 0x5, 0xfff, 0xa, 0x3, 0x1, 0x1]}}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x12, 0x48, 0xb, 0x30, 0x60, 0x60, 0x30, 0x6c, 0x12, 0x5, 0xb, 0x0, 0x6, 0x2, 0xc, 0x3, 0x4, 0x36, 0xc, 0x60, 0x24, 0x6, 0x1, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x15, 0x2, [{0x5, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x6}, {0x4, 0x6}, {0x2, 0x9}, {0x1, 0xa}, {0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x1, 0x1}, {0x2, 0x3}, {0x1}, {0x6, 0x6}, {0x0, 0x1}, {0x1}, {0x4, 0x9}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa8f, 0x7, 0x7, 0xffff, 0x6, 0x9, 0x9, 0x94bd]}}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x7, 0x6}, {0x0, 0x9}, {0x7, 0x4}, {0x4, 0x4}, {0x1, 0x3}, {0x7, 0xa}, {0x0, 0x2}, {0x1, 0x5}, {0x2, 0x8}, {0x0, 0x6}, {0x6, 0x6}, {0x3, 0xa}, {0x6, 0xa}, {0x2, 0x5}, {0x1, 0x4}, {0x7, 0xa}, {0x1, 0x6}, {0x0, 0xa}, {0x5, 0x7}, {0x2, 0xa}, {0x1, 0x2}, {0x5, 0x9}, {0x1, 0x4}, {0x5, 0xa}, {0x5, 0x1}, {0x4, 0x3}, {0x3, 0x1}, {0x4, 0x6}, {0x5, 0x8}, {0x7, 0x4}, {0x1, 0x1}, {0x0, 0x4}, {0x2, 0xa}, {0x4, 0x3}, {0x2, 0x6}, {0x4, 0x2}, {0x5, 0xa}, {0x6, 0x1}, {0x4, 0x7}, {0x4, 0x7}, {0x0, 0x2}, {0x1, 0x7}, {0x1, 0x3}, {0x0, 0x3}, {0x6, 0x1}, {0x0, 0xa}, {0x3, 0x3}]}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x634}, 0x1, 0x0, 0x0, 0x20040040}, 0x4)
sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x40, r0, 0x801, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}]}]}, 0x40}}, 0x0)

3m32.85330258s ago: executing program 4 (id=2939):
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6067, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xfd, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0xc}}}}}]}}]}}, 0x0)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x100, 0xb, 0xfffffffffffffffd, 0x6, 0x10000, 0x800000, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0xfffffffffffffffe, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x241000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000100))
r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = openat$selinux_policy(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r7, 0x0)
write$selinux_load(r6, &(0x7f0000000000)=ANY=[], 0x190da)
write$dsp(r0, &(0x7f0000002000)='`', 0x88020)
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000500)='./cgroup\x00', &(0x7f0000000040)='efs\x00', 0x208000, 0x0)

3m29.597119325s ago: executing program 4 (id=3003):
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0)
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)={0x20, r5, 0x333, 0x0, 0x4, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}}, 0x0)
preadv(r0, &(0x7f0000000300)=[{&(0x7f00000023c0)=""/4096, 0x1000}], 0x1, 0xffffffff, 0x1)
r6 = inotify_init()
flistxattr(r6, &(0x7f00000000c0)=""/160, 0xa0)

3m28.528056924s ago: executing program 4 (id=3005):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
sendmsg$can_bcm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000000d00000000008000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x40000)
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000950000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r6)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140), 0x4)
read$char_usb(0xffffffffffffffff, &(0x7f0000000240)=""/22, 0x16)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
io_setup(0x7, &(0x7f00000001c0)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}])
write(r7, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0xf}, 0x5}, 0x1c)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[@ANYBLOB="13"], 0x48}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x581, 0x2, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x1f, 0x7fffffff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004003}, 0x0)

3m27.703768494s ago: executing program 4 (id=3006):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00'}, 0x10)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r3, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x4, "23900000aa82dc1ecf00"})
ioctl$TIOCGPGRP(r2, 0x5437, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbefa, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$netrom(0x6, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000140)={0x0, 'veth1_to_batadv\x00', {0x7}})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)
unshare(0x6a040000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

3m11.790716019s ago: executing program 32 (id=3006):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00'}, 0x10)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r3, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x4, "23900000aa82dc1ecf00"})
ioctl$TIOCGPGRP(r2, 0x5437, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbefa, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$netrom(0x6, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000140)={0x0, 'veth1_to_batadv\x00', {0x7}})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)
unshare(0x6a040000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

13.620510219s ago: executing program 5 (id=3344):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0x3, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000008c0)="89", 0x0}, 0x50)

13.50762422s ago: executing program 5 (id=3346):
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
faccessat(r0, &(0x7f0000000200)='./file0\x00', 0x110)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_vs_stats_percpu\x00')
lseek(r4, 0x4ffffff, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
mkdir(0x0, 0x0)
r6 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x4049, 0x400, 0x0, 0x4003, 0x0, r4}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000240)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x104, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x57})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x1, 0xeeef0000, 0xddcd0004, 0xb000], 0xdb, 0xc})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0)
sendmsg$nl_generic(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
sendmsg$nl_generic(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="3811000043000701fefffffffcdbdf25027c000004004580201101"], 0x1138}}, 0xc000)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', 0x0, 0x0)

12.401895798s ago: executing program 0 (id=3347):
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001300), 0x28200, 0x0)
r2 = dup(r1)
r3 = syz_io_uring_setup(0xc0f, &(0x7f00000000c0)={0x0, 0x6efd, 0x80, 0xffffffff, 0x1a}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r2, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r3, 0x47f5, 0x0, 0x0, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRESOCT, @ANYBLOB="26003300b098039beb6ee200000108021100000050505050505057f99eb3c401010005005c0200f90500cd"], 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000f1d566201e043c40d7cc000000010902120001000000000904"], 0x0)
syz_usb_control_io(r7, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io(r7, 0x0, 0x0)

12.401104208s ago: executing program 5 (id=3348):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
io_cancel(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, &(0x7f00000000c0)="c582dd6c955c70bcd798dd", 0xb, 0x2, 0x0, 0x2}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x800008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c020000", @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf250d000000060028000100000005002d000000000005002a000000000005002e000100000008003c000700000005002e000100000005002d0000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x40c9}, 0x15)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fcntl$dupfd(r3, 0x0, r3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r4, 0x0, 0x0)
sendmsg$inet6(r3, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x40001080)
syz_genetlink_get_family_id$nl80211(0x0, r4)
write(r2, &(0x7f0000000180), 0x0)
recvmmsg(r2, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000700)={0x640, r0, 0x0, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, [@beacon=[@NL80211_ATTR_IE={0xfc, 0x2a, [@mesh_id={0x72, 0x6}, @perr={0x84, 0xe8, {0x2, 0xe, [{{0x0, 0x1}, @broadcast, 0xc3, @value=@device_b, 0x3f}, {{}, @device_a, 0x446c, @void, 0x41}, {{0x0, 0x1}, @device_a, 0x1, @value=@device_b, 0xe}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0x39}, {{0x0, 0x1}, @device_b, 0x9, @value=@broadcast, 0x27}, {{}, @device_a, 0x9, @void, 0x1f}, {{0x0, 0x1}, @device_b, 0x702d, @value=@device_b, 0x3c}, {{}, @broadcast, 0x8, @void, 0x6}, {{}, @device_a, 0x6, @void, 0x33}, {{}, @device_a, 0x10001, @void, 0x1d}, {{0x0, 0x1}, @device_b, 0x10, @value=@broadcast, 0x36}, {{}, @device_b, 0x16, @void, 0x9}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x19}, {{0x0, 0x1}, @broadcast, 0x8001, @value=@broadcast, 0xf}]}}, @peer_mgmt={0x75, 0x4, {0x0, 0x64, @void, @void, @void}}]}, @NL80211_ATTR_PROBE_RESP={0x1ee, 0x91, "2060a2956603e0f76f8ad77949a1547f78bb58ea98e93da7f2301159fda08b3b2bd1d57b85380d1293d9def7298f682dc2fbce376abddf71bcf984c8abf61cdd518c36c0f511d7e779d0a52d52cad338aa40c1cbf65d4b0f664110059df61d761b2aa42fc1e74089962bece1265f91e702874820c7d190f564cc0069f8cba214a58a4be669f65e981231a8910680452b118b10f4c7b75ba4c55bc0a275a99bd54d3b0161b6a32bbf6dc33669eeefaa3d520dc4d3cdbcbf2e35eef86c48e16d8a4b69a5f09f3fb51335336ad4315966627cf9bf8b2ea0eac7c9519204ff2d6c0b43a7d0286a9a6b1fdb3b01f3c51bb063bdfe36f94012c5426625bafaf6f69f0c26c8e7c84a29878e6ffe7823dc94971e9f378e3e334ad3edeff8f2523782d43227095e56090e297d8f7dba432d12681dee4d9e97816788bb8ea07f27a3e7b76997a91a7d73e59aa7b064ddaf0f787f329c500c2ef7906969e64433e97964d8604096eb062d5a1d53aa46d1098ac6ce3e11e60ac595486d40072154582bd1a3812865e00ff9d680a09a8477acc58b25af739c70241993a93a86b33b993a6d2c991891da7643b105b83b82b4ff13a8e98d723a244519a3f597ab4e3ad755327198adac94d051ed5dc92bfb91114027786aa27ac6e3a144704176624f4983b6c4e56397a5c2c031f2dbb776"}, @NL80211_ATTR_BEACON_HEAD={0xef, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7fd1}, @device_a, @device_a, @from_mac=@device_b, {0xa, 0x81}, @value=@ver_80211n={0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x6, @random=0xfe01, 0x2000, @void, @val={0x1, 0x5, [{0x12}, {0x9}, {0x1}, {0x5}, {0x5}]}, @val={0x3, 0x1, 0x6}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x5, 0x0, {0x9e, 0xf8, 0x0, 0x7, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x300, 0x1, 0x8}}, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x3, 0xf5, 0x40, 0xd72}}, [{0xdd, 0x7a, "56cac8e1d671738b6c7a1cd5b73677195b10200ae0449113904bb3b5dd3a39a736731e11c46895db2436c9703bc4a1b85e552341dd9d26fcc63077aef4a9e53fc38526df6b1f358cc3f18b20ecb06f734a9b6a1605cdd94590937996f9caa23d3ef627a14a8d08ac25920520af719dca9acf5ca587bf36fe8696"}, {0xdd, 0xb, "b3f9cd861fea2e28d7207d"}]}}], @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2b, 0x2, [{0x2, 0x2}, {0x7, 0xa}, {0x1, 0x6}, {0x3, 0x3}, {0x7, 0xa}, {0x0, 0x5}, {0x2, 0x2}, {0x6, 0x1}, {0x3, 0x8}, {0x6, 0x8}, {0x3, 0x4}, {0x2, 0x2}, {0x1, 0x4}, {0x0, 0x2}, {0x0, 0x6}, {0x0, 0x8}, {0x7, 0x8}, {0x2, 0x2}, {0x1, 0x5}, {0x1, 0x9}, {0x5, 0xa}, {0x3, 0x4}, {0x5}, {0x0, 0x8}, {0x6, 0x6}, {0x2, 0x3}, {0x7, 0xa}, {0x5, 0x5}, {0x3}, {0x4, 0x7}, {0x5, 0x4}, {0x0, 0x7}, {0x0, 0x4}, {0x3, 0xa}, {0x2, 0x6}, {0x5, 0x1}, {0x3, 0x2}, {0x5, 0x8}, {0x0, 0x6}]}]}, @NL80211_BAND_60GHZ={0xc4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x6, 0x2, 0x12, 0x2, 0xe, 0x2, 0x1b, 0x48, 0x4, 0xc, 0x6, 0x48, 0x12, 0x16, 0x60, 0x1, 0x2, 0x1, 0x24, 0x48, 0x24, 0x3, 0xc, 0x6c, 0xc, 0x48]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x4, 0x4, 0x80, 0x40, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe00, 0x5, 0x800, 0x1, 0x6, 0xce6, 0x6, 0x5]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x60, 0x16, 0x60, 0xc62b9059808190b4, 0x5, 0x3, 0x16, 0x36, 0x16, 0x1b, 0x12, 0x6, 0x6c, 0x4, 0x9, 0x60, 0x36, 0x5, 0x0, 0x30, 0x1, 0x6c, 0x1b, 0x60, 0xc, 0x14, 0xb, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x4, 0x1, 0x3, 0x9fe, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x4, 0x1}, {0x2, 0x5}, {0x1, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0xff, 0x0, 0x8, 0x4, 0x8, 0x4, 0x1]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1, 0x2, 0x36, 0x48, 0x24, 0x24, 0x1, 0x36, 0x48, 0xb, 0x36, 0xb, 0x1, 0x1, 0x6c, 0x9, 0x24, 0x30, 0x3, 0x30]}]}, @NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8, 0xd6, 0x1, 0x2, 0x4, 0x4, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0xce, 0x200, 0x0, 0xf3, 0x1, 0x9]}}]}, @NL80211_BAND_6GHZ={0x90, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x7, 0x5000, 0xc, 0x617, 0x4, 0x8]}}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x36, 0x30, 0x5, 0x6, 0x6c, 0x3, 0x12, 0x0, 0x2, 0x4, 0x2, 0x30, 0x6c, 0x6, 0x30, 0x3, 0x3, 0x2, 0x30, 0x2, 0xb, 0x18, 0x18, 0x4, 0x36]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x0, 0x18, 0x4, 0x36, 0x34, 0x3, 0x48, 0x2, 0x6c, 0x24, 0x17, 0x1, 0x24]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff05, 0x401, 0x5, 0xfff, 0xa, 0x3, 0x1, 0x1]}}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x4, 0x48, 0xb, 0x30, 0x60, 0x60, 0x30, 0x6c, 0x12, 0x30, 0x5, 0xb, 0x0, 0x6, 0x2, 0xc, 0x3, 0x4, 0x36, 0x1, 0xc, 0x60, 0x24, 0x6, 0x1, 0x1b, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_6GHZ={0x68, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x16, 0x2, [{0x5, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x6}, {0x6, 0xa}, {0x4, 0x6}, {0x2, 0x9}, {0x1, 0xa}, {0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x1, 0x1}, {0x2, 0x3}, {0x1}, {0x6, 0x6}, {0x0, 0x1}, {0x1}, {0x4, 0x9}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa8f, 0x7, 0x7, 0xffff, 0x6, 0x9, 0x9, 0x94bd]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x7, 0x6}, {0x0, 0x9}, {0x7, 0x4}, {0x4, 0x4}, {0x1, 0x3}, {0x7, 0xa}, {0x0, 0x2}, {0x1, 0x5}, {0x2, 0x8}, {0x0, 0x6}, {0x6, 0x6}, {0x3, 0xa}, {0x6, 0xa}, {0x2, 0x5}, {0x1, 0x4}, {0x3, 0x7}, {0x7, 0xa}, {0x1, 0x6}, {0x0, 0xa}, {0x5, 0x7}, {0x2, 0xa}, {0x1, 0x2}, {0x5, 0x9}, {0x1, 0x4}, {0x5, 0xa}, {0x5, 0x1}, {0x4, 0x3}, {0x3, 0x1}, {0x4, 0x6}, {0x2, 0x1}, {0x5, 0x8}, {0x7, 0x4}, {0x1, 0x1}, {0x0, 0x4}, {0x2, 0xa}, {0x4, 0x3}, {0x2, 0x6}, {0x4, 0x2}, {0x5, 0xa}, {0x6, 0x1}, {0x4, 0x7}, {0x4, 0x7}, {0x0, 0x2}, {0x1, 0x7}, {0x1, 0x3}, {0x0, 0x3}, {0x6, 0x1}, {0x0, 0xa}, {0x3, 0x3}]}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x640}, 0x1, 0x0, 0x0, 0x20040040}, 0x4)
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x40, r0, 0x801, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}]}]}, 0x40}}, 0x0)

12.340717095s ago: executing program 2 (id=3349):
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000140)=@v2={0x2000000, [{0x75235eb1, 0x6}, {0x0, 0x3}]}, 0x14, 0x3)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x18, r1, 0x1, 0xfffffffb, 0x10002, {}, [@TIPC_NLA_NODE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4014}, 0x0)

12.142562465s ago: executing program 2 (id=3351):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
io_cancel(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x800008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x40c9}, 0x15)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fcntl$dupfd(r3, 0x0, r3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r4, 0x0, 0x0)
sendmsg$inet6(r3, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x40001080)
syz_genetlink_get_family_id$nl80211(0x0, r4)
recvmmsg(r2, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000700)={0x620, r0, 0x0, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_IE={0xfc, 0x2a, [@mesh_id={0x72, 0x6}, @perr={0x84, 0xe8, {0x2, 0xe, [{{0x0, 0x1}, @broadcast, 0xc3, @value=@device_b, 0x3f}, {{}, @device_a, 0x446c, @void, 0x41}, {{0x0, 0x1}, @device_a, 0x1, @value=@device_b, 0xe}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0x39}, {{0x0, 0x1}, @device_b, 0x9, @value=@broadcast, 0x27}, {{}, @device_a, 0x9, @void, 0x1f}, {{0x0, 0x1}, @device_b, 0x702d, @value=@device_b, 0x3c}, {{}, @broadcast, 0x8, @void, 0x6}, {{}, @device_a, 0x6, @void, 0x33}, {{}, @device_a, 0x10001, @void, 0x1d}, {{0x0, 0x1}, @device_b, 0x10, @value=@broadcast, 0x36}, {{}, @device_b, 0x16, @void, 0x9}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x19}, {{0x0, 0x1}, @broadcast, 0x8001, @value=@broadcast, 0xf}]}}, @peer_mgmt={0x75, 0x4, {0x0, 0x64, @void, @void, @void}}]}, @NL80211_ATTR_PROBE_RESP={0x1ee, 0x91, "2060a2956603e0f76f8ad77949a1547f78bb58ea98e93da7f2301159fda08b3b2bd1d57b85380d1293d9def7298f682dc2fbce376abddf71bcf984c8abf61cdd518c36c0f511d7e779d0a52d52cad338aa40c1cbf65d4b0f664110059df61d761b2aa42fc1e74089962bece1265f91e702874820c7d190f564cc0069f8cba214a58a4be669f65e981231a8910680452b118b10f4c7b75ba4c55bc0a275a99bd54d3b0161b6a32bbf6dc33669eeefaa3d520dc4d3cdbcbf2e35eef86c48e16d8a4b69a5f09f3fb51335336ad4315966627cf9bf8b2ea0eac7c9519204ff2d6c0b43a7d0286a9a6b1fdb3b01f3c51bb063bdfe36f94012c5426625bafaf6f69f0c26c8e7c84a29878e6ffe7823dc94971e9f378e3e334ad3edeff8f2523782d43227095e56090e297d8f7dba432d12681dee4d9e97816788bb8ea07f27a3e7b76997a91a7d73e59aa7b064ddaf0f787f329c500c2ef7906969e64433e97964d8604096eb062d5a1d53aa46d1098ac6ce3e11e60ac595486d40072154582bd1a3812865e00ff9d680a09a8477acc58b25af739c70241993a93a86b33b993a6d2c991891da7643b105b83b82b4ff13a8e98d723a244519a3f597ab4e3ad755327198adac94d051ed5dc92bfb91114027786aa27ac6e3a144704176624f4983b6c4e56397a5c2c031f2dbb776"}, @NL80211_ATTR_BEACON_HEAD={0xef, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7fd1}, @device_a, @device_a, @from_mac=@device_b, {0xa, 0x81}, @value=@ver_80211n={0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x6, @random=0xfe01, 0x2000, @void, @val={0x1, 0x5, [{0x12}, {0x9}, {0x1}, {0x5}, {0x5}]}, @val={0x3, 0x1, 0x6}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x5, 0x0, {0x9e, 0xf8, 0x0, 0x7, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x300, 0x1, 0x8}}, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x3, 0xf5, 0x40, 0xd72}}, [{0xdd, 0x7a, "56cac8e1d671738b6c7a1cd5b73677195b10200ae0449113904bb3b5dd3a39a736731e11c46895db2436c9703bc4a1b85e552341dd9d26fcc63077aef4a9e53fc38526df6b1f358cc3f18b20ecb06f734a9b6a1605cdd94590937996f9caa23d3ef627a14a8d08ac25920520af719dca9acf5ca587bf36fe8696"}, {0xdd, 0xb, "b3f9cd861fea2e28d7207d"}]}}], @NL80211_ATTR_TX_RATES={0x21c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2b, 0x2, [{0x2, 0x2}, {0x7, 0xa}, {0x1, 0x6}, {0x3, 0x3}, {0x7, 0xa}, {0x0, 0x5}, {0x2, 0x2}, {0x6, 0x1}, {0x3, 0x8}, {0x6, 0x8}, {0x3, 0x4}, {0x2, 0x2}, {0x1, 0x4}, {0x0, 0x2}, {0x0, 0x6}, {0x0, 0x8}, {0x7, 0x8}, {0x2, 0x2}, {0x1, 0x5}, {0x1, 0x9}, {0x5, 0xa}, {0x3, 0x4}, {0x5}, {0x0, 0x8}, {0x6, 0x6}, {0x2, 0x3}, {0x7, 0xa}, {0x5, 0x5}, {0x3}, {0x4, 0x7}, {0x5, 0x4}, {0x0, 0x7}, {0x0, 0x4}, {0x3, 0xa}, {0x2, 0x6}, {0x5, 0x1}, {0x3, 0x2}, {0x5, 0x8}, {0x0, 0x6}]}]}, @NL80211_BAND_60GHZ={0xc4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x6, 0x2, 0x12, 0x2, 0xe, 0x2, 0x1b, 0x48, 0x4, 0xc, 0x6, 0x48, 0x12, 0x16, 0x60, 0x1, 0x2, 0x1, 0x24, 0x48, 0x24, 0x3, 0xc, 0x6c, 0xc, 0x48]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x4, 0x4, 0x80, 0x40, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe00, 0x5, 0x800, 0x1, 0x6, 0xce6, 0x6, 0x5]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x60, 0x16, 0x60, 0xc62b9059808190b4, 0x5, 0x3, 0x16, 0x36, 0x16, 0x1b, 0x12, 0x6, 0x6c, 0x4, 0x9, 0x60, 0x36, 0x5, 0x0, 0x30, 0x1, 0x6c, 0x1b, 0x60, 0xc, 0x14, 0xb, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x4, 0x1, 0x3, 0x9fe, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x4, 0x1}, {0x2, 0x5}, {0x1, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0xff, 0x0, 0x8, 0x4, 0x8, 0x4, 0x1]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1, 0x2, 0x36, 0x48, 0x24, 0x24, 0x1, 0x36, 0x48, 0xb, 0x36, 0xb, 0x1, 0x1, 0x6c, 0x9, 0x24, 0x30, 0x3, 0x30]}]}, @NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8, 0xd6, 0x1, 0x2, 0x4, 0x4, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0xce, 0x200, 0x0, 0xf3, 0x1, 0x9]}}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x36, 0x30, 0x5, 0x6, 0x6c, 0x3, 0x12, 0x0, 0x2, 0x2, 0x30, 0x6c, 0x6, 0x30, 0x3, 0x3, 0x2, 0x30, 0x2, 0xb, 0x18, 0x4, 0x36]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x0, 0x18, 0x4, 0x36, 0x34, 0x3, 0x48, 0x2, 0x6c, 0x24, 0x17, 0x1, 0x24]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff05, 0x401, 0x5, 0xfff, 0xa, 0x3, 0x1, 0x1]}}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x12, 0x48, 0xb, 0x30, 0x60, 0x60, 0x30, 0x6c, 0x12, 0x5, 0xb, 0x0, 0x6, 0x2, 0xc, 0x3, 0x4, 0x36, 0xc, 0x60, 0x24, 0x6, 0x1, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x15, 0x2, [{0x5, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x6}, {0x4, 0x6}, {0x2, 0x9}, {0x1, 0xa}, {0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x1, 0x1}, {0x2, 0x3}, {0x1}, {0x6, 0x6}, {0x0, 0x1}, {0x1}, {0x4, 0x9}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa8f, 0x7, 0x7, 0xffff, 0x6, 0x9, 0x9, 0x94bd]}}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x7, 0x6}, {0x0, 0x9}, {0x7, 0x4}, {0x4, 0x4}, {0x1, 0x3}, {0x7, 0xa}, {0x0, 0x2}, {0x1, 0x5}, {0x2, 0x8}, {0x0, 0x6}, {0x6, 0x6}, {0x3, 0xa}, {0x6, 0xa}, {0x2, 0x5}, {0x1, 0x4}, {0x7, 0xa}, {0x1, 0x6}, {0x0, 0xa}, {0x5, 0x7}, {0x2, 0xa}, {0x1, 0x2}, {0x5, 0x9}, {0x1, 0x4}, {0x5, 0xa}, {0x5, 0x1}, {0x4, 0x3}, {0x3, 0x1}, {0x4, 0x6}, {0x5, 0x8}, {0x7, 0x4}, {0x1, 0x1}, {0x0, 0x4}, {0x2, 0xa}, {0x4, 0x3}, {0x2, 0x6}, {0x4, 0x2}, {0x5, 0xa}, {0x6, 0x1}, {0x4, 0x7}, {0x4, 0x7}, {0x0, 0x2}, {0x1, 0x7}, {0x1, 0x3}, {0x0, 0x3}, {0x6, 0x1}, {0x0, 0xa}, {0x3, 0x3}]}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x620}, 0x1, 0x0, 0x0, 0x20040040}, 0x4)
sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x40, r0, 0x801, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}]}]}, 0x40}}, 0x0)

10.401180098s ago: executing program 2 (id=3355):
setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x18d6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
chroot(&(0x7f0000000a40)='./file0\x00')
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x40001)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

10.214086995s ago: executing program 3 (id=3356):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0x3, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000008c0)="89", 0x0}, 0x50)

9.460896606s ago: executing program 2 (id=3357):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = getpid()
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x4d5, &(0x7f0000000480)={0x0, 0x404525, 0x80, 0x2, 0x1e}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000640)=<r5=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac0000000180a030000000000000000000a0000000900020073797a32000000000c00054000000000000000045000038008000240000003ff0800024000000003080002400000000408000140000000002c00038014000100697036674ea23000000000000000000014000100697036746e6c3000000000000000000008000740000000020900020073797a30000000000900010073797a30000000000900010073797a31000000000c00054000000000000000040c00054000000000000000012c000000140a050000000000000000000a0000070900010073797a30000000000c00064000000000000000042c000000140a01010000000000000000000000040900020073797a30000000000c000640000000000000000140000000020a010100000000000000000000000a08000240000000000c00044000000000000000040900010073797a30000000000900010073797a30000000009401000004ac000480100001800b0001006578746864720000340001800b0001006e756d67656e0000240002800800024000000010080004400000000008000240000000010800024000001000100001800b0001006f626a7265660000100001800b00010065787468647200002c0001800a000165720000001c00028010000580090001006d6574610000000008000440000000070c00018008000100667764000c0001800800010064757000770007404daff99d5c7d891350dac912bbbcadcf88b4a61057daf1a73c38f6022e8d7036d584ac3bf668982b46048919d171566cd59aafab83df302afff015a3345b38f0b57cb64fdf343d2e8055553490a070fd1c9934a73baa6dfe9b8fd4f747a08b676992d51dcdf9cc684a48eef6d1905acd8150010048000480140001800b00010074756e6e656c000004000280240001800b0001006c6f6f6b7570000014000280080004400000000308000540000000010c000180080001006475700008000b40000000020900010073797a310000000030000000020a010100000000000000000a00000208000240000000010900010073797a3000000000080002400000000238010000050a0500000000000000000007000004cf000c00257ef912fa183f338a480c6eeb58497ebb66ecef0237700ea753bd9ca2dfd480174edde982a0b72afd91d0dd3e9ab2aa2957aff092188151fd5a9c517f8c1358a592c9375db22c722da349f29d25cd8db848fc5abdebc8a28c4a81f4915b32d8807f547f275e8c04453ade7c3250f66711ad660fd878d9482c0d3210b98e84b4ed189d3096c7cc55878b045b35b61a096767fdd4c093ec3c26e6ce03a5123ba05943cf28e7076b7ce7d67c41f7f4406771487adad84d752e1e8c935a51800016822d5d932a0239ab05db650008000b40000000020900010073797a300000000008000b400000000108000a40000000020900010073797a30000000000900030073797a31000000000c00024000000000000000030b00070066696c7465720000140000001100010000000000000000000700000ada7803afe771b1afebca9224460aa737d0f3d30fea0d5bbcf9c9c014112da6091aefd800"/1183], 0x47c}, 0x1, 0x0, 0x0, 0x42}, 0x44880)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r6)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r8, &(0x7f0000000040)={0xa, 0x4001, 0x3, @local, 0xfff80000}, 0x1c)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r8, 0x6, 0x2, 0x0, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r7, &(0x7f0000000800)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000780)={0x80, 0x1, 0x3, 0x401, 0x0, 0x0, {0xa, 0x0, 0x100}, [@NFQA_CT={0x64, 0xb, 0x0, 0x1, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6390}, @CTA_FILTER={0x2c, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x11}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x100}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x104}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x330}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x490}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x3}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3c}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x80000000}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xffffffff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x8}]}, 0x80}, 0x1, 0x0, 0x0, 0x20008040}, 0x44000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0xda1a0b6210925d15, 0x0, @fd_index, 0x0, 0x0, 0x1, 0x1})
getresuid(&(0x7f0000000440), &(0x7f0000000500)=<r9=>0x0, &(0x7f0000000540))
statx(r8, &(0x7f0000000580)='./file0\x00', 0x400, 0x7ff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
chown(&(0x7f00000003c0)='./file0\x00', r9, r10)
io_uring_enter(r3, 0x22d0, 0x20, 0x0, 0x0, 0x0)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0xffffffffffffff31}], 0x2, &(0x7f0000008640)=[{&(0x7f00000000c0)=""/95, 0x5f}], 0x1, 0x0)

7.795219045s ago: executing program 3 (id=3358):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
io_setup(0x13, &(0x7f00000003c0))
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000380)={0x0, 0x8b8e, 0x80, 0x803, 0x7}, &(0x7f0000000340), &(0x7f0000000040))
r4 = getpgrp(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = getgid()
stat(&(0x7f0000008c00)='./file0\x00', &(0x7f0000008c40)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008e00)=[{{0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x20000000}}, {{&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000180)="cbe4f5", 0x3}, {&(0x7f00000004c0)="32e5dcecab95808faab2e95bffa5705c5cf409b417f02a049cebd3cc0c1939aba3647d31460fbe516ba5b0ab95845a522addd2554e3368804538a03ad47005686786611e0c309e9cb8edf7b9d344f0c2ec2704e5858f64aa4bd6a4735f7ea2f3332ea1244e7ea433a8a91a4afbc263ac71ebbb5e2904ced489086ab07c101fcbf612d1e7ae3e2ed30140456d994d4b8f31d58d893804bb3452fdf980324cc0900f1ff10ce139594ab096", 0xaa}], 0x2, &(0x7f0000000580)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c002000000000000100b23787c362ee3d98073a15a0474361c81196d630246f64cf10702574b54c07d9510f505bbefdadd395d43c05a22c8c196c899d52ac1374017f488e32988215035e83b16d", @ANYRES32=r4, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000058a0588403ac4c000001000000", @ANYRES32=r0, @ANYRES32=r7, @ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r3, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYRES32=r3, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xf0, 0xc048008}}, {{&(0x7f00000028c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000003a40)=[{&(0x7f0000000800)="1056c7b290f607ee405dda3ffe186c54bcdc60ae4a7c", 0x16}, {&(0x7f0000002940)="5e7542c52ec7a8324a36f62da4de5c21fa466d8259b44eb89fdca4f5ea275d28d0915c96463e1901ddfc36fb89bd86abe2bf896cdc824468e77a3c615a6a5e4d17ce03dabc2f6c7169680e1e453f875a6e59590be4783da029b0431e21c8284980861fafe10244398f9e95cc9f984bfba400b417ca0a849ad4d653acffb86de0d4b7b5a838a28c06dfd1e8af718140475ea9c616dd734fb5a4eed4430ee3871e7f76d28a1c15a8b171e216d9439ec0dcb32f36541078ee3cee30185edf995e0dd2659536ab0d8405d2a1a67c61f164162cb9caeea239e2686b0350e39dec0368f180005241ab1d0238ffd70f8f4c8fdd2734fa88558f62926e98423d1f56", 0xfe}, {&(0x7f0000002a40)="ecdb1e5b0591f824e6515cb41dfb3317fe6acbdf210778c2e771b846585feebd1327f443af169f7b16fbf0edf612c583b106335fb951adcf4f4e22936b19dcb153a31c0de8d75d736cb9011630a40442ed483f7a7c7eebc0f38e3a03a21756690d2c68e67aeeb558be7155ab468e520bd32ca93d03323791194889286c93d56868edcfd993025fdbda4bef8b93f45247e4581078f6424252d415da43a7a1a2857e50b34d90c6439d4a99ed660ba4ab9c2bb9f92e671af9d77470844faab5ccc5ee13d2e9f62950cbbeedf551c219b0b1e4b3e512c86707860ba2a1c69ceb134945f6646d1b429c4a0de4fc8fc6c5ed13e9c0d8497935bf1c4d2ff03adbe69efe150a518337e77d9db7932298329fdacea07bcb256fb2538dd8e21587d6f6665b8a82807dcf24cbae6d4d2c5bcb4cb43b230563dce9fabc18e2bf3cc4884b6f6f476580db75caa87481df452982ab77b6f152bc8962a5b4be22b63647e52f027a85b2760722afc821b720331960c4129dd78f861c34338d92fdb35b7c096e5fe3686972e857040f33c814d246af187694f1d5c9511efceada173ca559eae00c214abf153fe468acaa61f25b1aca0210fcde89352c8a30f0f3e169bab58e542431bcda9bfb72a0aa976c41101d9ba559cc7a06dedd6d90fd261e6becadbea3ed67668ceb879fce47d96ebb142206e34abd105bd3d7bdd0e68b1e50f3e017e54564e574ddeef12aa7a13226728ffbb89acd346a1ac97174d5aeb61672bbf740723f64d627d9a97485f534544406ecec2320257925b9603890ceff51eb185f333d353c75470ef9ec33bceff14f88536572a46acfbb103d083840b7bfff9c18d66c649210adc11b5aca9b0f7f6b5443194601e45192980f9b71b0926f668b784f8225c4ccd33532d3aea48deda0528fcff210ea9cc82c3904d45f82eaa83d608bc9ca380ee3b2287b6f56931953d6fdee23f96a8a3a91bdcf28a0399cf6fe32216b1d28466faf1b3f89ae6536150044e060f85e65189e2ea931c3e0f6697cb1700dc2ba49e072e0cd6cd8720df67fa211ead2c07604e2cae2211cee49febbc4a968c80dc4a9649e006e31240cb6fe84c282711ddea24409ea021c11b7751d44c77e88e1075311f2c23f949bab6735d5a7f156f24ae9f041b1fb9097d51ae1f2ff3668168ae740fbfd829db3fce0b2de4c4627f514bfc144b80880ebe02c2b6ef16488afbb52f3f7baa5f0d3da58313cf2a50cdf5e351c736fe8a27d2406414aaa75d18365ce61bcda4adffebecb32d82d8aa52b28a8bc30efec9163c9b1299dff3e39766b773df6e279563ec8142be9d841bb1cf4984557dd39910dca6039050068a9ace0915d4086f0e0c06db556c244be43adae62a4e2a9d18661c0b31e6fa3c4c961d14e6fa33dddf9d8b23d18942805ff98839afe6ecaa784151766e160af323591d5b5e94a778d830f4a64c9bed5a5465242f033958ef44f9bdfc24452a9f43e4cb9da14e4b3826e5d22d411c29e94f88ebfe5c1a2efe95eff885926d8c20f57e2ddd289be898a694cacf820c43cbc46c4ea62a410e288a1eda6dcf89723b12c9bd302b0eceb593ba75e6f27e409bf98f2c985c467cd695c0646964f71ae310ae30737df91f9641cf6c22bf32e6dca9a4ba81e2f9a4ca94a30e9d62a661562c61b7236a1a863abdb82b351058f0fa3a809317bb4452f2231153e652c01563cd4cbcab5b49f22784910791ea4524b014dfa3e78a0f8b236834f27f92ea6456a830f80e49578914d5f73021242ed61b3af652afd8874789d60e481f09da45ef23d0d7b36c37ade213b9d68ed64d083a89dbfcb6773b97317c61f054896ea29f3ce8dc2f20b731e3d5985b0e00625b3a153a4645708be16776365c69e8581d0614e426f31c58e0fc85b6bf608fb37c394d0cde7c09d6be0a579b34a67bcca2d05ca0a6d4e00a57e14adada3a461ba1a94cf0b3d170b9bee076bf21d7bb3ee6291a09f45db7787a76104086d7c6bf763042454cdf778908c89fbf210a31ef264d6e02532e81a2c1cea5c47119bb477ad3d57dbda337b5ab1e497bbafdec0f6f39852635c24726feb1ff60b6d70a21fa7631c3201e7292388c4f66e17ba684ec81d84b3c9a0357b439235421b5ad15b30ea95abb73d14846422b128252cb0412b9b291add68f46aeecedc29f9acda76e5190f32a6c08da0b3702f05fea2f364382c557d5028a8f9a953d834d55c0bdba96da07cef66d5b545a49f1a38ce50aaea7c0324f2d4fb469c0f5016a2df32ad87cff9d2dc6d9f903693dd73d2d768ab6af826a683d00b14f864b4c3171425926f74570dfba1e38e99ceaf8c70e8f70aaf59e088e652fcbf1e5c648dc72e3e52835b206084067e677005618d6193542e06bae7022656b6011bf6d5a7ea31685aafab9aca87d7f9fdb4bdd703240933d828dad82bde8b1f66b4ec8bf52ad6c2c9b68b8a1ce8208c3fd848253ca1bde25050b1462369e0782287a5bab8990be9d61862682cd1f83a82248ec31e1845c1e7bdf70608e259e678303fa5647a2abbc0e5d4a45b9592ae238c1fe41a8e25ae30b2b9e4d9e75b60b018fc81a823a2f43e65862793f6f1215b302da3002d030250452c7c216185de6602a418a12d7abbb25e99e22d217b4873e3fcf4d107408390a0c4dd75089fe77db27131466036a7ec5307b8f10ef6897e2cbf84ba0cadfe4f853e0119ff071502ccf2535f6d770eabac03fe45e0ef11123782c12b2c4db00eb3d29d8f914a958d2fcc7157955dca18c3d788cec2c3c297a794a9200fa7fb95607ab50819877c7812626b7ba885c44d6df7e51642e9270d6d20dfa871dec5245b562bd0f860a833a1dd5093b90db445557505141be27105ac8397cb5cb7fd4dacf9889a15ec24576c81d5d5bacdbd6e2415d3e03b5db4975dc8fb54423a20ae583737007f08029a43832a518a30455593ceece5c0117ee8740f6a98638cf1bc5bea39f0332c6c64ee656fbe5afe5e333bdbd7345e750a4288b3cc3dceddbce74d88b3c09516e53742bf26ed7ee1b669aab0f6843596409bede17730e8539be018a8850919b6f033d205f359161789a8bc25baf180d4bc5aa66b0c8c2ebd21f828af27f11adb35ad228798640b5ffb37ddada479fd31dbcc210d3f432efd083510e97d0b9fcdd8bafb5b58c13435396b0ab787b0aafc161546c1eedc64a09074a74e80cb693ea9456ad2aea7d7af3148807cb7b0d776c81838026ab2260d3bbbff3c772c6ad1e38cfc822b82fcc412adf846c40f710fead9154484f9deeda6e648fd40b16b5ac36884e9bd252a0404d739e35420210b48dae269c0cc0f6c819507daf255c63934068e2fc704a44c620a1fc3170be96eae90f3b18488041be51c2b41e3ba8e44ee3b822e174767899da1bbf2e34952443a725626dab4132c1269238e8adedf964659986e8a9bd2dd920166403c7cfa3a1220617605205d1968ced439471c765f3bbeffbf0d3907e96f7f920bdc486c634f19aa16599fa48ff09cfcbb22ac19e5af8d3e52539f7ad6e95c3cc9da8b02284c057a7f16646e3385bea90bd187b8bfffe2089a215b53724b3c77a59460ba7a50e0c72cfedaf487bde41a1d0b48fa6c03f8e5a959000ff125fe92880b3af02c688b20a6a33b29f85a7227ae4fde96ee87fc3b81c02d7fa33b13dd2e13839a9268318864922f04ef29602e64b34c81c93fe9b832fc79d9c3b1d60b0cee0d38373fe18925fb23bca1990e04a85e2cf80dc51b12c8863e56c18a0a31fe211f1742dc4b037d8259818837f5d9f3f2625255de7df5807864e55882a6380f744bf05d7ebb680307ed27c49aeeeba03070a8679f0085d034601fbc4da3aaac6da59181a2c372ccfcdb17c3d1bd0746cb725f519a91d9d004d7815af89a4cf33f58435a809c6fb5823bf316b60205c2d2f442f25c1f0a6dd82d7cf7db42e464fc525b741aa54d15264f19756b74eb9e96ae3cf028736860900939f0be9b92bf970979d539240524ed88fd182736e70f94aa08c8e764e77967d7706364642aaf5ff9dbad03cebe2a5d24cd0f17e3625ef97dc244d8d203360b69de3538a9dce5158ac249e277ec23e52387147eb113823959df1cc33c64b5a8f8e8cf4f9255c8b7d03ce2e7da5f96c1652cfca7d30772af8d7adaaa6034c1a3ad5e865f70d92e13136e9a30c0e7b64d87d066ee89812a653a8525630cea3007ab398acebab202ab19de57f892b10959397c05d878e58e66fbea80bc24f189136464b4658cafeb8f1eb699c4f0b8b385180494c31c28d7d21eee89b3190bf950551886171d42413ecc2e5412bd95108e3546e5c6b07b2c8073b1973319655a4f2d3988f4fe7fc8e702118b09d289c1003499298cba56b46cb1ee2963777758c4685fe77563ffc29b97d354ce61e3fdded50bf6220d6ffc3617b9da8f0b68e086b097194c8e88f6beb4f71324a0ff0211fff09b1a53c7e72d0ff7c642c7214623f415ac12113a1fbd298648a7e4e207f0d1f042427741a5a74ebec3de235b20c44008671085011bf54a20e20c33c4c7f0a89d88e68ed58c7a95ddae84e8f3e42f264a823df99670389e71c507ed32e554c44dd299d262102fa327a4720a5a3848affa070f0a7607ad7d3ec6cbbfa274e394ec9baa3f80a14de1739516b97130186a70873afc2b9c22c27b6d441c1c13e67719b27402bd73b1e734ce54988eca70aef29489715ce9d112f4535ba5e5613566f10b46fc444a3b4654ab1de3a38e99818f91c4d9ad950caf0b6fc6d22cf994b77e16ea7a26d2b6dd893074d8cfbb2a5acde63807726c4e928cd380dc218e309f25038d382d1fa4faa41f868d008f0c4bf0af36ac125ff1a7e531ea47eb0ecf210d3ce3fa20cec9c5f16eac8e5d49df613555a66c26a09f82fbc2929d4eb94491501f4a72e3fb98b78ef9b5106ad030ceddd532c273eb173cdfbf25700cd807b63ac934517ccfc917ba34016ba3dade3c939d65ee9b19e16b860f7fd2a11c9d74aca2da167c26952758e92700814521421b4c0c836d94b5bc7ca355fe6fbeb7e9d15f11bc2691d6a7e8df792f4d24bf1f02e86c2605698d903f2c6006a2e703edb3ca0c6effc3e5bc92b1784d2ef8c69a1a5798f5e7d469f2df189bd59728a69e1553adecb07fb3fb38bf88d1cc7d4fad3d95332dbc659ee5319ced0ae95ef171409497b433f2df0029bfede53770bc69281a010c001521b586aef2104e01c4a5747c698c617e10dfd149a861a0af762e0982a0e3bcbc659d1ac0d08f8b3b1fea58576215695db8585c8bcdfa7dd46adcaa9caed369a1b08fcab399b4127bd0216af828f9aaa1fa0f03218747b62fcd1c634dda6e703af850606118e37393acce7ed515a69442689f2f6533dbf3655da5dcbd27dc317270b50a651cecc871edbeca02dae210e729936a008c49e29fe4026b0f59a72c5f2f486defcdac15a1e80df29bbacf37340db535b237bb3eea97fef4c2d48376ad4123825e711ac1128db235c596189635b5dd87f6d20c05af931725504fd989d3422f687ddca4e5b2f5695fb298f1a16e4cd3b386357bd45a0ce405c905f39d0505d4548464d2466dd6ad756e1746573c5b7560a392959ee8825336395617226e2d1b4f971cd55b3567f444f3fdc6b57399efcd8e989f4bb696edd1905fd582b8ef442cdc68ee89ad7490df38d4dcf20d9c55af50409a441ec6c0d0a1a43b589c49e040ed6872568550db584748fb3c3affeabe0cf0762d52f5e22424423c4733c46461c102819437f6adc527300bd8c92a", 0x1000}], 0x3, &(0x7f0000003a80)=[@cred={{0x1c, 0x1, 0x2, {r5}}}], 0x20, 0x84}}, {{0x0, 0x0, &(0x7f0000003d40)=[{&(0x7f0000003ac0)="d2241fac8ce6b0b10903ac5480022916886c4f833630085e56304a2280d9", 0x1e}, {&(0x7f0000003b00)="29d454074cdd30aff97e2bbf6de6ea723e9d05f8dc9a152e2168b89c8ecb6bdb8e4f5e677dc02497bb5df21149f2577c536864cff9b625bfce6b7e36b9ce333fde724d09f96ac84c042b8ddd95d787384578c505e8461e7a751b21963d4070e9b9cb4f15a96aabd6c46648bed0bb6d120c74a05a3875fc1a79f5cb3093d5a17345e5e17752af3c1c079cb790e8b010f6b3379197ceb4af753130544ce83639a2dc0149b910156bcbac9d7f6dc54cc22bbb2bf5010e5c0c3947dfc313076dc24237f045bf69fe0e08191329f0ea471954cd1c3ea879", 0xd5}, {&(0x7f0000003c00)="8902b780f595b92ec3e407753aeeeea259e6e8fe32de40c2b989211078a17f822c594a28ce3f11bdfadb670fc03d72b85a80024d8b4ad938139a6495571d6d8ddcf851c31027b4938e6783c9509b34aca4c1538216d770dfcc6e8620aa6c345edb212d637b660e28661c108b4c9d28f95753580ba4d98748fc3237ef73a85e7547dd251b621942764f3494161e05ec32378a7ff62349c5b89f0d8f16dbeb7779c9d154489fce27286fe78bfae211534de272aed051e3f6cbdfa8624a696ecbab68da9f8c7e08991bf83640c052201bc2e1c19f301e9c4f4aaf9d", 0xda}, {&(0x7f0000003d00)="d11962897a8f3913b9d4a4c31bf1294df95e2af84f", 0x15}], 0x4, 0x0, 0x0, 0x8004}}, {{&(0x7f0000003d80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000005e00)=[{&(0x7f0000003e00)="60a8cacfc9b5f938a78244682ebbacc64b88b9f3b4d516db779241855a9309b6145e530d99ab986f8d83134595996e7ec8efc399399dc56f4adb52daecefe6207e3a4b2f5fd6260a98e91f3cb0f6f690e3835de490f4d82c870a34a994ff78fa6dd05c76380a2fa22f8d91ee7b77ea524093abf458447ad33230bcaeb11d503983cda45857f4729d92014d8b8013542d70b033330d9af0270dc28e245308fd750dd6008332d7bbe39e3af64a7a91d4b684b107d121b961a9689f8522d53d2cb15cb531bbd0d6f6b835640640df94be3b2906719a90dd0358dd708f850916feb288f7c0a7dec9d23960f481cce01964752a9f4a14d820c4806a43b08934203297e898ce512cb5837d791044cba35b23c14d15574001fa094621debce6452f0466d660f4849f515483a1c4556c4086880ac4706b8c55786eab76fb46567d85de2de8c6fdccb24dc6b65a91f4a6a7082e8e9a849e25b8628ea6002ea24dff95fe6ccad271ff3e77dcd65e654af7621e2189720e50dfa3915558706f9f4ee857dffa137d06634ed946c85e7c0af4c24c82e590a03a3135504535adbab6e019e8971d7e0ce5e0d8cfee723de5326df0c18e1e207a0a5e5e54041f5e04491fb197a15f0322d9012975116c4e4126cd1e07741c250414a702adfb121b4ea67c901428d5592ff3a3d21b5df97b2635472516a5148d746e3a70af1e1ad82e1baa3cc8a45e583bf297f64bce95d14e3a7c68dc837d01566379ba075410fb81aa60c4d99ce4146e311a21c3993965be2e0695e20e917ca87a560e19e18d975b99f9305c77b258becf9685a550dcba8cea81a89c1bc8bf1ceb16989fde27ea2f811838d1878e36645467dab29b36294496d109ac5b49f583c525d454525469a0eaa58b6cd435e8c61cea8a3b01e3dc84b535e757d6a7ead6174001144991a3b057f6e4a86c0120dcd09a085b5ade1fcdf667d710787aa1dbf176d4b0fb757d728fc76d69bcfbef7df043698ef734aceff2c5969be9e2f3af163245a348449d0af0d8eb6f41f7e9c95c6c9c754a8e1468d92790e54299858d62013ec3426abb0a4a894f238cb3ea8df7a1112c92bc55cf78963b107e290f5f0d145057f5373457710fb9958edf3332123350b1bf897402c289f48315c6ea8509c2f8241c76aaf444371d949496883c505820e153418218277a1294d2a151a2d2a7b64a25bb1f6b161fa2db3403608d6e17cc1b1c58382ffa24735c93d5a48ea45661e4f9bd14e52bdb000d1232aae908657728d8f419be0d2b2b137799a554527163f8e778df22db32bbc684be6ee8a2c98ec7cba3229757fefe12370686be0289fc96025b0cc21bf5fcd57d424c12db2fedb1875adac76af2e68ef22f0a3f5c94d4bfe767a34c3ddb1c7596fc60fa12650b8c6ca6c0a7feb2246d54d29824fb92bce1abf848ca49f3102702c0a66b6d3bd02c368050ee773b4ade41ac2df5ec56f5154bf1c19eee2a2ddd70824be861368962c343785a2590172eb2b4e448da14e14cc3dad71b7e529d1c586ef5de29dcdd551e979de03c694ec3a9220af677c1083ffb2b709ec26342b7f22add433ac8f385dff70959e77efb2659355ac307281e212c18d9e28fbffd1040a843d6a8c519fb1e5f7b43ecc1be0e9f8edb2540177f58b66f4fb2b73d87a2c6cf5775ead817b3d5a204caa483cfd68e44db59fe3a696cefb6d2a3af90d086a16e6bda25dd3b97cc2c9fa39324a2581f72c61238af844005f0fac56cf55ebac3dbf52629e6d0d5a2c3ec58812532f21d80d3773a137a541d0f57189de35b916e74ae69be03ed17c0cbc53e32200488a2a49c97e142ebcca1b3f3dfb5e4a507da302a1e3856e4ec4af8e0b46484c517bf6431621ba6dad1a6614e693310ff58269c7e41b4768a2bdbd842b1420e37dfb6defc58df679f20c0daa1e7698c8cda7693b0029788ed9bfc51fae934fe74c1e0028aea588b20e8bc134e7a69a0148a068c686cf758d9deaaa01a9c6c844212d62b2e4d98a0ea3571c853bf7a095552a527cb2b7d60f8d29a3988762ccad1594417712a1da0223c6ef50d1ae9465f04daeed24971cb5686c427e5cdc723ed645b46fc0f3087c13555e112cb7e9431b58bc95bce77b0d85c341faf07f09809d554692f48988ddfb74d82e5c78b3cecb7b08b687641c8db45f83fa6af179cf59298f532b0f2bb9af072cc8de0342ef581cbefb677c7cff372277c7a5dd19b729837e47086b20d15cb54ed441e8f80fa5c13205e44c72633467867084d1c577e532bbfc079d37058352323a38ba552363aa05c496a93b093d5a110c81923b46acd87a3899d588d9e398cbdf0e81362dbe4432cebeb21e1ede42b356e730a80cfc63eebd44381d8a49db982bb99ef09a09a81cb09572976f609cd0ea99028c9ccfe75b01e43ed85a0f4fd0ad74ada6f81c484215babf310260233784ff499e46db83934b2d97290ec829f9e09758cc5332d0c9f1ca5d54a82e094d024fe8c3ca2d14466ef9be6f6098fcb83d16745783bcfa5acde1920af40b45a524c894b5a127afb8ce567b0aa35cbfbcbe3563fe722960003cf588e2e53671c126f2104d78714f49101ef264b0ff9632141e753305636732c0b9a6c82e2b88f4046c644c27218dce7979858417b5055d07fa53077e8edc8da287f7dc1881800e962d5aca9dbd8de3df42bac7e7d358894f07efec8bb45feb1c1c2f33d7ae8316c71546dd9799b48758e0692fbb39445799fa1830ad9f562bc2c89ba0b048075fb34fda826e957787e23e9bfc897b6e36ff6121cb4a3429226b2b6cbda209c45f7f30c494e3062c60e0bb33713f8e21682f3b895ad6e7444a2a1a9324b6f9723ba3a75f9ced80a593becb446c07ff4a9e88f9f08e28f47f910926cfcdfc8a3c853f9fe3116d27fe616d6fbba43ecafa9676d35d0aa5eed69cdd657320730f9f2e198aa792c4c7edcfd1300e04f63a8492edeeeb5368c12de5060789fffa74318122932805c06ab9fa274a4274c3a303a7408d102307923a3455dd86034867390fc7f9641250a80e2fb8a1a3b17b1fae58ec99604a12ba6c895b4bcfaa0f1a4b103f2c11a7160f2296e3774cf0909ced6768b01d468358dbca6b9552cc5422bfc4ec6bbf9025e05b4223500f9124128a31987d950de618ab3c1e8b79a529e38c7ab8819c687822be61cc30b436a13ac5935e0076e2532748eb1fa2c9424f8241884f5fe396474ad5f19e52282d7e92819de53297f9a695ad56293152b3dc94d035278b868d4e105f717537ff19cd3c5ae9f9ed36db3da56a042c2c90ce0452028f85c071a3e6298211ca748e71e8ad098fb562570ad5a591df9a3e94a632ff7786e2d6a2b5807d178cdeb466fa88e73c7ea7a6eabbb2bab577dbc95546800948287fe532c15ab74b089ac0e8396ff823f7352bf7e64bc0b84b15418488e7fce0d55afce6e8bb61f38ca84db070a9a54c6f3ea45f170a7d31f3509a4f7b2c1980f1d3ccfc347801274533f1296a81697fb7cf3f733e1ef26dfdda2b3c1822b411105ee34822bb740c7a8ed9535178827ccb72987e282cc81dda8deb748be524519cb8a4ee0e7c17ae91cb78c2847b93d9eb7267908135ad6698ca29f2e86575f244edcfb5069f1e1d8f94c52dec2f3adbcfa64946c0c17742baacd1f59123819bda2ace7229e15a065abf5f9dd05c35ba21bb1f1b588b2a73ac3c6d99356b5ad8ad37150f448b7b3940aade9a9ca58d8e0080d354dbba000e10a3ae826374b56c7c1e8ab857d3a12c22d7977d84018aafcf0bccefd8a02154286e0df15b490f163d81eccebcae2990997b13468ac37c8fdeb446504fa9e956f984323daaf4eb367f0256aa1f81c477694da30f132e2fc0d17ee3f003d6b2457d12c9f461d1ca7947a12351c3d62d1226af7ddcb737d11d0db9cf3d6aed17fd67c64e73627bc3a2abe7943f94275f6ef151caec0518c29bba5cc5eb615747d21a372e4526a73b58b6572207b66180ff99f8c9cb26faffa78ac272cd9b2f4a5a3c1b1e7a57dfabb5845142b1cef38fd91efb511896dbe924f9da91a0d5413a3525fd88a1ed529dbe0981aea56293511c11fe548b07d7fcf8cddfdf1ea5da28d16281fd82673175b2b58c0760a2fc0981834892c84f9fcfaf66595565f5fd4da5484f785581e6141a358f7d60d60222431e9cec8fda08428edbafd8e7a4624ff92ac80fc9898a4b0372b566fbd0ccb16635bdfb2cb6923159de15fd026cda373c4332a2e99f1c665830b6a1a55abb11bad04e0b03645a05b1ae7399199d949e6827683406c4a428a6680a90a7e8ccd0a4a5a586cf1d07b832d15046bb4a016952bf9ba146081ea9c46f8748fa63728e9d160b5098c69016e317f5ca5026a8df8ec9c524e1fddb1c00067e0aa5891f3bc4d9056e6ff2ea4c77382cdf6aee87015a66fa6fecfdcb3d85dd9eb8902cecffdc009ec00d1d812c793071123feb0009f9d64bf14cf07dca31d68d94d5bdc3f7b87637afe9a1a20d4558fed2d8321a3eb42e653e33ebd13ba9ca24db7f574003a86497ed48b1b79035c544aac5fbf075de7f7c3621eb34e0efb5f0af2d731fab80940962ac6f07184b84460a42a5d0dad219d4305e917c0ead6868de44e60df65a13eaa026fb19cc3553fda68a558c0f4a28ee3f564c637033339b4255c7c72527d34abebeca3134076abe5ad051c223da28d7e331c3f83e3735380a563d0e88c290629ab46427ef7b3353875cc125b80bbfd00fc27a81096e944b579e3643cb062e3791dc29cef829c9d5ab6582a11c938b1788c0dbb68ce85ecc5c63823de602ac21e66505c056f7d2a38a29f774bf1a132ed3e6a458e9e2d05278d8917bffa3e2a0171837f02554f4595b3004f81e33d384a207b95d6791a6abb091cbc1f34dbf7f8dc51fd50625845bd5b0b081853995ed49da9b4f7599b773fa0d695d1c97ccd4073df9d82daecf950f4507abf10e02918bd9ede4c9cdc79bb6bd3ebf525e1abc9c8ffe611b6506bdded44233a33ea98c40220d0f23f1b4d16e7c8c87cf2dd7056e196e9ee25be31c82e6c807b05fefe30448491544a6bcc1aa3bad1338699823f4a9c3f5521c5d224a6720744adbf5334c39c0da801021e508d207e2e09849bae3642c7042b7d23d64f522c4abe27e524e6680526550245a8d84326345b23901d695d893f96e38a577a674eb80a59e5d67ee83af94c67f2b9dfdac8601c51563b7aa86cb4c01e89ab29f8170fab969179204f354003bc2fefed44f30bcf74931f494e205c49fbe76069f28dd1c5a481f5c7b904d5ae3c44cfc029db06d85c855ea575bc7c8a60ad9a3e50d6346f2d3ce1107bbc419f42c546abd090f647735b28b3d7bfb2a22bcaa73f8c77d7380b358e088613a1ae599e23d261455dc07d696c4f1e9ad34f9465fa75a6d02564eaa0d27594e4f7ea84c8249f60663985459428f734f5150d8fcc714501c77e5424dd8729625c2a2ba753b77306526ce5eb6a56a37539d0fd41dc86f5e5e173d097679113fc79cb3864314932cbc57ec8f3d3d111897b459d01e8f3aef56664d7e8a2c33aa9e16db2e9632fbb4b4fdbe21083901dc06631ac819f6786f136481c1a51536222b8029d04d3028e8d34c8718f10ae3bbc3eb7dca116e5481855bc4380ec202d05b7eee235c1ad988dd0edfc88c2e84524be7353d874e66f3774cca70b4ac4c8eb035aa990873b245510d173992eae658f7d1190e4d87847fa5273337fbd7ca448ad38cc0ce7d3c3fbabacb2300312e005d676f9f417f92fdb7998f71f51", 0x1000}, {&(0x7f0000004e00)="16f36fc7d406d10a7899a2312a14b21316bee3e3d4bd741a1f761aaf5e51c7d58091f2864b374431f7ec6000eda5870f73137b978440fb964086577daf6c77746879eb4b57c44fbd62d35140ee4827fceb9f89692c5fb5b246ca7dc7231755a2ddc6b16a1c8bad7f29ecfd5928ec6079fe0233850e0aa2c28ffc9b3645462c2a686834cad12d88051f3fccb8c988952a27e37fc0db2255bbd8f3ef57b4f61740e394b92149ef296f4cb1e0d49e567eb6444dd26c8d3c14e746db47e15f41d0801d0bdb469254c03798911efe47c46c349fc478333cb1343b64bc6704124ffd9acf81cdbfd4c5bd3a0621e7c79e07cbc4a4f734b36c50c551cd71503326cbcbe5db85b23dc3d7220ae152f47c7df77cd181a1541d611256a83fe7c7de133b8f6e54b601a92a808d041066ea75d71129868722bdbc2d8ac4bb082ff8968ff62c9ab1226d19bb57a240f40103c1eaff8b1148b80d5146cc6b1fe3c6bdf11363dd0cf3d623518eccbf1beccc1012f01b4c4bb8ea557edb618d75fe7d10dae1514ebca42aaa863c8110f52f74e7058ce9bc66fa66a91150c7126978efd73449dc850ff55f47b0090ded1a3aa1e6c228c58092868095a115f7e58fd323998298d9005f24f636369c498764c328ecca717c0136b2ca8c7bad1945f67fb4ac7051aae725373cc84c35cb3f6803d64c77b34e0b3c51ab22e3a51cdd12f74aa2d4e8cc0c82b3872df66105de963ecaf9131b6cf08a592f5d2723320f97d7885e3f4146e3802c2a32dc5985676779b281f68c78cb0d7fe49bd921727be07844e6a8f27b5ad7bf542ea48ff1867068ba5ffca96ffb0310aa168412ea321cd8eb2055c80003a105b87fe15717d7e3b985f8e806c677f3cad7baf80e02e6df91067b6e63b7f0cddcaa71a0b61f9384615f7efe806861c2d01fc22fc73818517b87f29771035d24dfe6b200d6a085753dc930c67d71d871ae7fc97410bfc034e5b7680ada7d685e5938eab12dc2770e7bd17cc16ff852ff62577c44403e0b16605e5e32119ea66a9ee6945ea8361e64364c6d75f8e7d40f09b6fda46e8a86175cf32d006eca8fefd10bcd6cd3ce8c2ac4d81e412b668250cf85f3ba3276ec247186ac5854ecec0e953475ef7be469a729f586a604ae7b8244a55e6e8d8dc1cc24e1b694458a139a8f4da4709fdfad8102600b85afbd3fffcef4089bf5554253e1b8ee86c87554d788c3e7d95c35f5146ecd689e4d45d2844259d5e1f4aebf16cb81630b249635cbaacc81e5789c07f7467c7b527f8d3e78ef9a669f2b7bdb9bb35af60df4ac0312e43d387d8669780c537f48dd97fd15a6ddec37f8cd41bf683bfbbb44295a7dcc48d2d05740d0daac00f5c9582526c92048aeb6c613ba37768c8bab5e13bdb4f7290cdeb9c651333b8b4863eb1bcd05a0d148f8e526bb9f97540e80b6517ef6ca6e516707b25ca5c0b942b555c6ee5d157066ade363b85e5f4d5d5ab71a2bc6a74706bc8f03b9daaf4d5e501dd556229ed822b02308c1dbe95cd665d850ecd4b2bf0df19339ccf6c5a2705969e251c66546b1314a8d7cf2a4cca434f351bb3ff286fbea69a0d4eb811ddbcc0af2b8ffad06e5eb0b0c6bcdcc9ccd0da9e530c6feaf74362e665c1638c84c77f084efa4b4b046a5a357f47d7f3c2c246eceda65fdcc1e3ff690b1eb435513569f7cf0af14bcfbc24b67b98551f773d511dd9b9e1a5e5cce8f0fa52579ed33e4c20ba04e48a402cadf5a27af6cb27b632d1016f3a5cbba4f6de5a63f99d60a8a2cc774808516eb3ba5f1dea2afc27de0d5ef79f2e4878448ce85ab30dc6185d4fe2829efa54937c577c672908a78224d8fd32f4cb64d5b18dba6dbc6d930ca1fcaaf6d2a28fec34bfcce0fd03b0dac9062bc7bc1c1856d81595927251235c94b5ebf25fbdd69bcb25f1ec0e452b9cf70c73371409770141d041919a7b67cebe6605ad40c0e7879b61ddf8cf85d07c93421f6dec795e27bd467f07612f7c22373115860b20ba40ee3c3bc28283a197ee0bd7b978a330255b6448204767fdf47b1d42b0dd933f2d5ba354cd304cdfc44991e14d1c737d8a4d51e815dcdf41f60122256b01fe174333dc23dcfbbf0fa513f0858406cf91425e8437c611ff5e82ecee3ba4e8ee34031597ae8c141f3f4cc177ed8ca8665c24f69c10e6aebf52e0b5a77d2041fcfd1be7c160f45136cd81dcafe59a6f637771a8f0647a11f917f417b73b69c4f956404212c96de525265dc28328864645435dd7c114d024a5b837197ab30c11c93097e53a715f8bf7a21b6809ddcb6f0692ed0c464bcc3819e956e2537b59087b0fe1ef781bd7778f413d7a2008b207b53143409bad7ba3c46bc58e70978197d9fb8929fdd28cb5f6fcd28fbc4fd2c13711995a11c90b2eecaaa72e8c20e42fdd1e4339f43c174a94224143b02906a005f2fdc3e5a09375522a8c94e8cd7147ece1cc3afe1894f296ac12c09f7531cafcf56aa62a41e5408843c7142c4f8fcf41c3fbac83f37f9e15b220d9c9cbd1f4c5b027f28ea2bd30597064a6b946f88df4360849ad17b93bce269031c3812711f7d2c9f4e8cbb35be01a0bcdfd59fa8ee9a3a42f9e92ef70dd20de36f8b89a9421b4fb47107d2d577285cef08efa708e97a4070826ef0f0b10dd96346872522a6a317524cd95346d52000f6b4a8c7cc5b39a1f3488bd64c4df9c0e2fef8660247d40c17f99d5d8351a9bf33a1516db6497a165f31d8caa8f54af24cbaa48439db030d39ecf8054ede94381886bae9f8097c2ecbf5c0dc7504a79a1b3a1c344fda6de50237b95c682a252d0a7495d69c7979d9e6fa1ee702955cecdcea456a9eaa614af12a9f579c46ec8d353d6258052853dd396e1fcd478e21031c2ebd5c8230f672f6fe4a44ad78c1a3d4e1c7aa96533e30bcb474bd2fa001dca069806537bfb7e735a31c2e4888db437c2673e8325294b16a628c5c7725b852e0c438150ba203bf2285754a4dedf601dbc62ad9178d824ca92e5ac814c86cf4746ee1ba2e6eabc9a93291d8dbe6e01834db198c44f2776294695c1e66b2ad3dcaf40e4ebd03d35330fa902cf6ddcd3b3b55b595b697acd92d438f7bafd6b686e8662ab6d20a7e5793717fda140379bc8af8eb66a1cde58160e001f1c4c8ff4ab9b66270d962374df32fb1835d139a16bf52efadbb00d88cdd83f430d55d3efdcf0b00b652ef8eaee3a1d1d9234852b5d3e6625ee83e62f4e9cf536bb70c131488f93b8e6b7741e87f56ffd1bb113894ebdf3dff5953152a113abfbfedf09dd5ded67132abf6831b6f16beac125249ca2b2c4194e405dc7b97172d6b58b24a074c7379909702a83f140e81e064fb612a95a4bc350a28e2bd8862bc6f2ba910039d78834925738f017593592ecdaccfb66008de699971ce30647aae2594be4fe4356ced8aacc21f17b0212591dd68536a1d9f94b73d573d154d1928873ac8ebb0aac6df5ed7d1e7604b341664f3d833a68ed80d329f4c4aefda01616f8c22dddc02111e0e0c44e538ce3a3347c6e4c8f5ff617d2ecc13032b957f06fed157d47c15b7b8f2f4900cef857ae178817f1c719f2179b700cc05eee0bb6b7ace6e3b9e70786b9c3aec4b9be0e1d4a14a4c452c9a43e33498e8a60cde3f3275d662ac53cf07148cd9c7391761cb9727e9131da74a74ad0dab25d06a158efdc0426f3e26b57097df3e454fcea6366fc9b1443f7f45afcc7fb8eae0e2ad33dbc86e86ff7e5952003f65019ad8bcd2a66ae8ec4ce4e565231a9d64a34bb6e95089cfcf897020e06d1528515904d380a8f6ad7001cb0aa85520dc407489793c7d9cb796ba332e56b4a0594117609ac364757531c9c777d4a0f7ec591d908ea5fd2b2d5fcca71570923ba04b16f4226bd93c556c3a11b81c9e620084a77aa12b589afa742293ea0eb03a32a067342525acfcdc9f920fd2ca4d6e89a069393314f6904f380505d7c9d84bc27f24995f5f96807d472ac5975bde0c6a1f6eac7ce1d299694997fee2fdb4bd97d0369a3b8fc3908970796ba6bfb5d08cb253169b56fb6d852811edb34b2b00fd39d3b30be76721099425110c18cf801da03a389df9a226d6c558c879813e38f7f9d35f38ad0497daa71bea5e96525a937a2bac137b92945a85c22bba5798ce11217f1262749663db1899b49d6175521a05cdf01b00ec01a8f7784e3f8338ed22857f8897fb1de29818c050d7eb8bbfc93bff9fc25732901f8535673ffb1ec66a7b5b9323e7d3cbd7fc162caff3d92cac6f7c7b6fd0906efba5516f7ea5a64a251f9b579bc6bd36024ddf40327fc5ed9270b6b44d4dade6c5c7503dd6b229243f7100b56e4979e96882df94dde5fc77980d6efe9ac1cf22a25b242dd7b569eb514f573ce6b029997e323f965f5f2c81d19bfbcb19418d95e85ded8e235eb1a96098a2d8917ccf7deca199b00f2c022bcc0327b36f7761358f4433958a77b4096c693c1a19729aec721bf1f30c5cb5d6209e05b19f6b22dbfa86fbeaf272232c21cc918d77aaa37ba8782c0d9f686543f3e28c94a05f34d8d2193f4f243441b49869d373268aca9d45e876befd0b03f1d702682dbc73c38b6897971aa2d82bf0c06414bb7269c21b7d6b691acd6216bc2a0dc7117d7471a39a606c370d1d08027e06734ffb18c73ddffc715b18d3c6838a99a91594196375ccbd800e96e71f1f2faad05078b1c323178f8ec71177a9157e5d018e5a6b74a649352af40570209cc3ae01916974fe258fdd6cdc4975186a6ff8c9f9683f4a230ea0c52aa5109a5f2138cf21f1c53d69347a6dbf5870cd3b4acad2d5ed870d1eb6f2a7717ae777c5aaf19c871205f7df7db90acaf169841f29da15b8fcec0b04360919d3f1c01a4da65738414163fcac4b73f2a1a9a743afde74e32de3731728a3b966df58cb68627dc695977c08813e6df72b4b67f3b55f55d2a2716cc9b1a0639eb1f03f3b43faeaab62a0dbc10b9e328382f5b0f532be6beb10273604fd1da03f972472653127dda920298513d74cbb34150998826f23074bf68e50e8196f35574ab0df50c0e8090a224110b1fcfb8d8d0d58fa22a6e85a2e4993a8ab42e2a84df6cdc2303d1390d9f025762e364ca35f62dae8de9ccd0c3f2a7062fae2f9cbe04ceb82f0c03d8a0b5065bf26754d70ede1f8a96afd2dcfd7ed1d6f9fac033084b8437181940cac4a7f401e677176a195878456765f10d219ef3648e228993aa2e6e1805b54d56e8017fc6825858a3776a079331d41ebe8a2235282cef8e409380116ff5a51a348804c74aab3f104ca3d6a750c5bf63565a57a050ede3e1082a08db5c31cfd21c891ecbbe407b523bc5492bd4cf5126498f05d010cfe9c05252d6e7568d421538bfd7988d1da80a595cd4d378dd7a92409693ec189baecaa65fb83393eda36078cdbbe1d191a865f58ab1548bce24198eb7138deb4d43d649325a7b0302512664c6ee9bbfc6ac6bf4e1267c330d9ec672158eb6e99e7d1d0ad0f966ff7f1e11ad37f8f25882938c2f63c3c64be48734bd73320e47f239b410bf0fb78dfc8892dd7a02866cf32c3c492bf4ccabb1b97136aadd9daac920dbaabcc8a8cf4771322bfd3ab59aa4608b776a77e305799c5c4ce3879803bb349932afda04589ce7c6324b7c31417c0382d5f76f85a86cc959b6e1b553afcb7d2a7f671afe45d8420a126022d8d0a05bdbbca8c6b7e1e483b26fcde49e8a7f00ceb2dd527837e6742b8bbd1319e6408aae77917cf171cab83ffc76f2a5cfce902245ffbada502f53a26eb9f01", 0x1000}], 0x2, &(0x7f0000006100)=[@cred={{0x1c, 0x1, 0x2, {r4}}}, @rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r4}}}], 0x50, 0x814}}, {{&(0x7f0000006180)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f00000063c0)=[{&(0x7f0000006200)="62e9440d538d40d398c392012017d750d01e9d39a6b000b9810cf54ab087fb", 0x1f}, {&(0x7f0000006240)="d432b4c4c369b117ba6adc1bd941e6ed5c", 0x11}, {&(0x7f0000006280)="2e733c7ef6065abc94f2ba1638756f339ff85eb06eecd9731da9a713dab20e2d7a4361cd4f5ba1c0532a5bde23b46d5cedb31f7b2ece716e4fcc8014e3d410ededcd62c971b901f92ba0cc66a51099081b7bfa30460a062b15021dc6ea31339bee773d8fc7e84a9664751ca14f", 0x6d}, {&(0x7f0000006300)="c5989e578a832cc7b7707bcbe668fb41a01d344b1dc4b1d2860a3450040b2c6e1c9a8888fb5809286fa1c425e628fa9400f1182e89a9fdf7171cee", 0x3b}, {&(0x7f0000006340)="05d3e0b24e76ca791aadedfd5344dd303cd8d0647e794cbee8e7604f80d7c96d38dab38bc0b07d9e63", 0x29}, {&(0x7f0000006380)="9ff10fcc368b4f360fd428504a9463ae84f1031d5c42f20c", 0x18}], 0x6, &(0x7f0000000880)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r8, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32, @ANYRES32=r9, @ANYBLOB="2fe22d33bf380309c341b4d02d96e029d322e1f55a751544b2a21052d42d4f7ac5e8bd89ed0a81a4d005fab38c15059510e1d2951e8a61f5d1731ab563fa84ab6021ffce0f19ba08321b428b71b79b83a37e271a7815164a3fc4b850ae15c7544bee2777968d6b255ae459d1a3a57b72b3eedbdf4dcad8abbf6de5dbeb8763c9e387c1ff94d0f099ddc449b1cba4f7cf9e1e3043bd4b0ed709a64a9496d9eb0d33a5396d5f9835937ed4ba8afae2198702e8be90afce907030614441ecf1ee3cdf8d438b6ada8d1b7fbd96e16c9375e139e5c69bd6acaadd510d1eea88a341ccaebb28db81a8379e40de0f6c0b340cfcfcd926bd38fcff7a2fa3893a3111170c6ac75c94f087668cf891ebe0a9dd3620aabb3ae9b0e2ea67d440ac207b3b903b64db6f6f23f54fc898752d20d762911bb66739c9822e3ef57398ee0212285c9125689c21b4bbda223e44c8e898c928c0ffc5fdc42d5bb49792ee9288db3b472ab4d21a048455307674c180dbb2d51d6eb2ce73a796fe6bb314f6f5d9c10261c4e71c6ccd801bb3fe658d0075e3fbd1867c321020c7667a1fa3af308daaf6"], 0x110, 0x20000001}}], 0x6, 0x84000)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xadc)
r10 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="0f8666f2a665f0ff0f0fc73666ba21003e0f01c5c4c1ed665a0aa00f06ea009000002c00c4c1b81516", 0x29}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

6.400830622s ago: executing program 1 (id=3359):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000"], 0x44}}, 0x0)

6.399212598s ago: executing program 5 (id=3360):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
write$vhost_msg_v2(r2, &(0x7f0000001f00)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418})

6.318735983s ago: executing program 0 (id=3361):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = getpid()
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x4d5, &(0x7f0000000480)={0x0, 0x404525, 0x80, 0x2, 0x1e}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000640)=<r5=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac0000000180a030000000000000000000a0000000900020073797a32000000000c00054000000000000000045000038008000240000003ff0800024000000003080002400000000408000140000000002c00038014000100697036674ea23000000000000000000014000100697036746e6c3000000000000000000008000740000000020900020073797a30000000000900010073797a30000000000900010073797a31000000000c00054000000000000000040c00054000000000000000012c000000140a050000000000000000000a0000070900010073797a30000000000c00064000000000000000042c000000140a01010000000000000000000000040900020073797a30000000000c000640000000000000000140000000020a010100000000000000000000000a08000240000000000c00044000000000000000040900010073797a30000000000900010073797a30000000009401000004ac000480100001800b0001006578746864720000340001800b0001006e756d67656e0000240002800800024000000010080004400000000008000240000000010800024000001000100001800b0001006f626a7265660000100001800b00010065787468647200002c0001800a000165720000001c00028010000580090001006d6574610000000008000440000000070c00018008000100667764000c0001800800010064757000770007404daff99d5c7d891350dac912bbbcadcf88b4a61057daf1a73c38f6022e8d7036d584ac3bf668982b46048919d171566cd59aafab83df302afff015a3345b38f0b57cb64fdf343d2e8055553490a070fd1c9934a73baa6dfe9b8fd4f747a08b676992d51dcdf9cc684a48eef6d1905acd8150010048000480140001800b00010074756e6e656c000004000280240001800b0001006c6f6f6b7570000014000280080004400000000308000540000000010c000180080001006475700008000b40000000020900010073797a310000000030000000020a010100000000000000000a00000208000240000000010900010073797a3000000000080002400000000238010000050a0500000000000000000007000004cf000c00257ef912fa183f338a480c6eeb58497ebb66ecef0237700ea753bd9ca2dfd480174edde982a0b72afd91d0dd3e9ab2aa2957aff092188151fd5a9c517f8c1358a592c9375db22c722da349f29d25cd8db848fc5abdebc8a28c4a81f4915b32d8807f547f275e8c04453ade7c3250f66711ad660fd878d9482c0d3210b98e84b4ed189d3096c7cc55878b045b35b61a096767fdd4c093ec3c26e6ce03a5123ba05943cf28e7076b7ce7d67c41f7f4406771487adad84d752e1e8c935a51800016822d5d932a0239ab05db650008000b40000000020900010073797a300000000008000b400000000108000a40000000020900010073797a30000000000900030073797a31000000000c00024000000000000000030b00070066696c7465720000140000001100010000000000000000000700000ada7803afe771b1afebca9224460aa737d0f3d30fea0d5bbcf9c9c014112da6091aefd800"/1183], 0x47c}, 0x1, 0x0, 0x0, 0x42}, 0x44880)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r6)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r8, &(0x7f0000000040)={0xa, 0x4001, 0x3, @local, 0xfff80000}, 0x1c)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r8, 0x6, 0x2, 0x0, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r7, &(0x7f0000000800)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000780)={0x80, 0x1, 0x3, 0x401, 0x0, 0x0, {0xa, 0x0, 0x100}, [@NFQA_CT={0x64, 0xb, 0x0, 0x1, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6390}, @CTA_FILTER={0x2c, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x11}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x100}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x104}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x330}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x490}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x3}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3c}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x80000000}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xffffffff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x8}]}, 0x80}, 0x1, 0x0, 0x0, 0x20008040}, 0x44000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0xda1a0b6210925d15, 0x0, @fd_index, 0x0, 0x0, 0x1, 0x1})
getresuid(&(0x7f0000000440), &(0x7f0000000500)=<r9=>0x0, &(0x7f0000000540))
statx(r8, &(0x7f0000000580)='./file0\x00', 0x400, 0x7ff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
chown(&(0x7f00000003c0)='./file0\x00', r9, r10)
io_uring_enter(r3, 0x22d0, 0x20, 0x0, 0x0, 0x0)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0xffffffffffffff31}], 0x2, &(0x7f0000008640)=[{&(0x7f00000000c0)=""/95, 0x5f}], 0x1, 0x0)

6.21883795s ago: executing program 3 (id=3362):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x188}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r4, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000000))
ioctl$SNDRV_PCM_IOCTL_DROP(r4, 0x4143, 0x0)
r5 = timerfd_create(0x9, 0x80000)
timerfd_settime(r5, 0x3, &(0x7f0000000280)={{0x0, 0x989680}, {0x77359400}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7345a78ff1209cb368f601d3cb46023925e80b183b2668f606e96c17a973d4295f1563d0d97c13c8c4eb63a898bba2c6f3f4da2d214eb28c0f7297668474a5b49345159f2b563fe0ac0a618623fcc2db61c4ee223096175fe84e59e30673c20a2033a8285a668e7e70fc72e6d7b0e3bf64724fa96737ddde6fe1bb72495714285a0512c5418589eb9dc60d73ce8f7c304951cf5376db08c8efdcdf6aa5a3d15be5a2044b0ecafbb1d36789137a8ab262359bc0c55f42d7b2dd040cc5214a6691370c969e7b834d8b7ca0bb22b5bcce3219f998998367fad2b7c6614bd73ecc1a894963d784bcd94f00c28e1c411e433f1a09aedaa96cadb8d457360442914ee8"], 0x7c}, 0x1, 0x0, 0x0, 0x44810}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000f00000a00000000180a00020000000000000000010000000000020073797a300000000000000000050a010200000000000000000500000700000a00020000024000000000000000010000070066696c746572000000000540fffffffa140000001100010000000000000000000000000a6396771b84fecd046a8991829c6b45dcc6132d59821adcabbfbee6da70e5f1d3e474e01fbf4ad8cc8bc8dc32af35ed8cc88d7c9c7f4d655d09bdb169dcb76c5325582a798cc4a595cc74f255954ecc9f7705808b3ace618333784ec3d37320105e2063595e8cf6ad"], 0xffffffc9}, 0x1, 0x0, 0x0, 0x40000}, 0x8040)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40101)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f00000001c0)={0x7, 0x0, 'client0\x00', 0x5, "d62e980da99179cf", "20e48560999fd132b6a5427180a8c27a00fcfffff0003336f794d20352340900", 0x0, 0xfffffffa})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
r7 = syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r7, 0xc25c4110, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0xa4, 0x0, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x60, 0x6, "a6764e594882de9dbc10200d81fa92462a921eeba03dbc015aa7725d5e61fb068e50c167a2e16a9fb5b92ed0bbab01a951ae2102e5b2119d894d1b401608260b8fe25c640015a976202890428a4ff53ecf893c297e00bee6f30ae629"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}]}, @NFT_MSG_DELSET={0x70, 0xb, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x1a}, @NFTA_SET_USERDATA={0x2a, 0xd, 0x1, 0x0, "ac5b0e368d090b213401baac0a3deaae767755aaef8cb7815ccf19ff19132edde8ae95ac7012"}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x7f}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x6}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x13c}}, 0x40040)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), &(0x7f00000002c0)={0x0, 0xfb, 0x31, 0x6, 0xff, "a082b7faa22631d6f8e397913c3b06e0", "b23921696c3716c29e1374cf5f25248e02494e4ae41aac34bdc3f712"}, 0x31, 0x3)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000040)={0x0, 0x6, "48587530eb03"})

5.965741719s ago: executing program 1 (id=3363):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
io_uring_setup(0x20c, &(0x7f0000000300)={0x0, 0x81fa, 0x2, 0x3, 0x3e})
socket$packet(0x11, 0x3, 0x300)
socket(0x15, 0x5, 0x0)
pipe2(&(0x7f00000000c0), 0x40000)
syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
socket(0x200000000000011, 0x4000000000080002, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x14, 0x2})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000080)={0x84, @local, 0x15, 0x3, 'sh\x00', 0x19, 0x5, 0x71}, 0x2c)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x2}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)

5.40994804s ago: executing program 1 (id=3364):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0xa0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x800)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
syz_emit_vhci(&(0x7f0000002800)=ANY=[@ANYBLOB="02c90010000cf6bb03824ec4fa16daa00a83e80900"], 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)

5.312151811s ago: executing program 1 (id=3365):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x400000000000000, 0x0, 0x0}, 0x40080)
r2 = fanotify_init(0x20, 0x80000)
fanotify_mark(r2, 0x1, 0x4000001a, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}, @typed={0x8, 0x7, 0x0, 0x0, @fd=r3}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004043}, 0x4040)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0x60000726)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
io_uring_setup(0x1b7b, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a30"], 0xf0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
pipe(&(0x7f0000000080))

5.287459173s ago: executing program 2 (id=3366):
unshare(0x44040000)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x7, 0x90, 0x3, [{{0x9, 0x4, 0x0, 0x10, 0x1, 0x7, 0x1, 0x2, 0x2, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x6, 0x1, 0xd}}}}}]}}]}}, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf09000000000000b60901000000002066000000646c6c2518010000646c6c2500000000002020207b9af8ff710000005d9100000000000037010000f8ffffffb702000008000000b70300000000000015000000060000003f93000000000000b5030000000000008500000076000000b7000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24008800)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, 0x0, 0xa0)
connect$inet(r4, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='highspeed', 0x9)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBSENT(r5, 0x4b49, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', 0xffffffffffffffff, 0x0, 0xd76}, 0x18)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x100000c01, 0x38, 0x0, 0x42, 0x6e})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'bond0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000200))
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000f00)=@nat={'nat\x00', 0x670, 0x5, 0x4f0, 0x2c8, 0x1b8, 0xffffffff, 0x0, 0x2c8, 0x458, 0x458, 0xffffffff, 0x458, 0x458, 0x5, 0x0, {[{{@uncond, 0x0, 0x180, 0x1b8, 0x48, {}, [@common=@unspec=@conntrack3={{0xc8}, {{@ipv4=@rand_addr=0x64010102, [0xffffff00, 0xff, 0xffffffff, 0xff000000], @ipv4=@rand_addr=0x64010100, [0xffffffff, 0x0, 0xffffff00, 0xffffff00], @ipv6=@local, [0xff, 0xff, 0xffffffff, 0xffffffff], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xffffffff, 0xff000000], 0xc9, 0x4, 0x0, 0x4e24, 0x4e24, 0x4e21, 0x4e22, 0x1800, 0x100}, 0x40, 0x800, 0x4e24, 0x4e24, 0x4e23, 0x4e22}}, @common=@unspec=@helper={{0x48}, {0x0, 'tftp-20000\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x19, @multicast2, @loopback, @icmp_id=0x66, @port=0x4e24}}}}, {{@ip={@broadcast, @remote, 0xff, 0xff, 'nicvf0\x00', 'ipvlan1\x00', {0xff}, {}, 0xc, 0x0, 0x30}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gre0\x00', {0x8, 0x5, 0xfffffffc, 0x8, 0x8, 0x51f2, 0x6dc0}, {0xff}}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x11, @ipv6=@mcast1, @ipv4=@loopback, @icmp_id=0x64, @port=0x4e23}}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'team_slave_0\x00'}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30}, {0x890, 0x218, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @gre_key}}}, {{@ip={@broadcast, @rand_addr=0x1, 0x0, 0x0, 'nicvf0\x00', 'pim6reg\x00', {}, {0xff}, 0x1}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x21, @broadcast, @dev={0xac, 0x14, 0x14, 0x1c}, @gre_key=0x40, @port=0x4e23}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x550)

4.179961641s ago: executing program 5 (id=3367):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.idle_time\x00', 0x26e1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
sendto$inet(r2, &(0x7f0000000140)="49f06d06545d0745d5d7939020abdf4c19ab805388477f937153c4426fd3a3a1af8fa339bc0cf073023f84e23af631234aa1fb689ca1ae46bb58450b9521354a2391", 0x42, 0x24044800, 0x0, 0x0)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
ioctl$SOUND_PCM_READ_CHANNELS(0xffffffffffffffff, 0x80045006, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r3, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
sendmsg$TIPC_NL_PEER_REMOVE(r1, 0x0, 0x0)
r4 = socket(0x29, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000806000086dd06100001aaaf8daaaabbfc010000000000000000000000000069c7bbbbbbbbbb1103000000000000000000000079000041"], 0x0)
recvmmsg(r0, &(0x7f0000001b80)=[{{0x0, 0x0, 0x0}, 0x7ff}], 0x1, 0x40010003, 0x0)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000000)=0x3, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004500001c0000000000119078020000000000000000004e20000890789fdb50ff64fc5b2114d4ae20e894e302ad1956387050da8a006bb84d61de1cf3fccc2471323834ea9973476fa3afbbb1f40c30faeda7f5d2df3d3adcb9335aa00dc7c659a5cf33c2063756cf92c86b47f696221f65cc4ac47ac075d3390ee4210d04ce4dee9096f7b9012d384b70859cd6ae6929c6b3e25c9ef645f2d7d156b9bf28e2e7819890f2438154e3a97ebb396f4fd55b923a17f12094a2929ee21206272750d6135d2c1704b1df302aa31ae029"], 0x0)

4.121244108s ago: executing program 0 (id=3368):
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
faccessat(r0, &(0x7f0000000200)='./file0\x00', 0x110)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_vs_stats_percpu\x00')
lseek(r4, 0x4ffffff, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
mkdir(0x0, 0x0)
r6 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x4049, 0x400, 0x0, 0x4003, 0x0, r4}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000240)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x104, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x57})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x1, 0xeeef0000, 0xddcd0004, 0xb000], 0xdb, 0xc})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0)
sendmsg$nl_generic(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
sendmsg$nl_generic(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="3811000043000701fefffffffcdbdf25027c000004004580201101"], 0x1138}}, 0xc000)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', 0x0, 0x0)

2.40335522s ago: executing program 0 (id=3369):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000180)={'veth1_vlan\x00', 0x8a})
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="aa0340110800450000380000000000019078971e0001ac1414aa097215fa120002282520000000000000332f00007f000001"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES64=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r5], 0x4c}}, 0x40000)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r6, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}, 0x24)
sendmsg$inet(r6, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x2, 0x18, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x0, @private0}}]}, 0x38}}, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r0, 0x0, 0x0)
getsockname$packet(r9, &(0x7f0000000180)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="54000000100037ea0200000029ffffff9c1fc100000000", @ANYRES32=r10, @ANYBLOB="0b1b040000000000340012800b0001006970366772650000240002800800140007000000040012001400060000000000000000000000000000000001"], 0x54}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendto$packet(r8, &(0x7f0000000000)="6f3d12caa129b05b93fadda088a8", 0xe, 0x4, &(0x7f0000000180)={0x11, 0x8100, r10, 0x1, 0xe9, 0x6, @link_local}, 0x75)
syz_open_dev$tty1(0xc, 0x4, 0x1)

2.28447389s ago: executing program 3 (id=3370):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
prlimit64(0x0, 0xc, &(0x7f0000000000)={0x3, 0x45}, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r1, 0x8004f50e, &(0x7f0000000040))
ftruncate(r1, 0xffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'gretap0\x00', &(0x7f00000000c0)={'syztnl1\x00', <r3=>0x0, 0x8000, 0x700, 0x6, 0x2, {{0x13, 0x4, 0x3, 0x4, 0x4c, 0x64, 0x0, 0x6, 0x2f, 0x0, @multicast1, @broadcast, {[@cipso={0x86, 0x2d, 0x1, [{0x5, 0xf, "2569db4b6327de10107014ccb7"}, {0x7, 0xa, "b80d42cc60cf65e9"}, {0x0, 0xe, "8bd2fa2af9f2f2690c414f8b"}]}, @lsrr={0x83, 0x7, 0x86, [@multicast1]}, @noop]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioperm(0x0, 0x40, 0x80)
prctl$PR_SET_MM_EXE_FILE(0x36, 0xd, 0xffffffffffffffff)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYRESOCT=r2, @ANYBLOB="2ddea16aa60f25a1813fdb0a1dd59e460bbf42ebf0a1cdfcfc9c8d93f8608347e190fe5277b41282d0a782ffaf8effb5857e2e3f7db7973bce0bef35f581889137d49314131f523a7b484b0a3525cecc2e27e14f7524c4d2b086a9b4f2610056bc39327c57a7f6b0d87f3a9997ff8a3c58c3b3e8ca4486ec02450b6b33db96a17e5a420dab31ede35c72a6dee4fc95212a82bab0df96f0146965165fd14019337a2de5d7d6bcca7ba4cf70b801c3c5377c1f0464ff9510ee9a0cfedb", @ANYRES8=r4, @ANYRESOCT=r0, @ANYRES64=r1, @ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRESOCT=r3, @ANYBLOB="089e5a028baa1197e3d65b11d32e8be1ed47551036391ac31ff55200384babc2170654ac8ebbe591b9bd482dd30c4e17171907f8b5aed169fb907e3ad373a8c6b4ec21fdc138582d57f081e2c5596ae7e1dcf70dd5bd97b8432cc9558835b91ce79a953e7591407555ea5dba4f61b4117292e8ea3215db178651c33d4cc4072a6d56e5f463c440eef661e63d4d282f74d05f6eedbef6be49986c2a995298793ee8a813ed4f3237be2505ddfb8bcbed9dc2e8cd90c3b10f34c9501a37856c122595fe787ebd74faef7849fef1b70db8045784699b534b46f5d7cf8d1a8d972996adbeb2e46b7ac68dad349c"], 0x20}}, 0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000200)=<r7=>0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@dellink={0x38, 0x11, 0x100, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x40040, 0x442}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x1}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_NET_NS_PID={0x8, 0x13, r7}]}, 0x38}}, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r8, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r8, 0x84, 0x71, &(0x7f0000000240), 0x8)
sendto$inet6(r8, &(0x7f0000000340)="80821e54e8ce488712b3b8f7f4e7fe53cfeb091a67c748f4e59d5f658daa1c713877b0d8805141a5ae7f8bdaf57affa0921f0f36a06d144369793bb4348931231ab7326b601de037724cb6c47864f942bbd81866b524b827a45912b3d3db53767e95369830d1fb78cf04cff09492d2986fe866522f0c9ad0037d2f1b7bd5d63624ae76886c9a1de3615cac279366ce30dd3cbdd67cc9a5087df51d6fdb4e38cee06f11036caef905092a71ed85e7d695e4f8c985a74c383d75d9a0cf46ebfdef542bc371128b8ce5d6d6", 0xca, 0xe0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0x0, 0x4000})

2.210000374s ago: executing program 1 (id=3371):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
io_cancel(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, &(0x7f00000000c0)="c582dd6c955c70bcd798dd", 0xb, 0x2, 0x0, 0x2}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x800008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c020000", @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf250d000000060028000100000005002d000000000005002a000000000005002e000100000008003c000700000005002e000100000005002d0000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x40c9}, 0x15)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fcntl$dupfd(r3, 0x0, r3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r4, 0x0, 0x0)
sendmsg$inet6(r3, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x40001080)
syz_genetlink_get_family_id$nl80211(0x0, r4)
write(r2, &(0x7f0000000180), 0x0)
recvmmsg(r2, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000700)={0x640, r0, 0x0, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, [@beacon=[@NL80211_ATTR_IE={0xfc, 0x2a, [@mesh_id={0x72, 0x6}, @perr={0x84, 0xe8, {0x2, 0xe, [{{0x0, 0x1}, @broadcast, 0xc3, @value=@device_b, 0x3f}, {{}, @device_a, 0x446c, @void, 0x41}, {{0x0, 0x1}, @device_a, 0x1, @value=@device_b, 0xe}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0x39}, {{0x0, 0x1}, @device_b, 0x9, @value=@broadcast, 0x27}, {{}, @device_a, 0x9, @void, 0x1f}, {{0x0, 0x1}, @device_b, 0x702d, @value=@device_b, 0x3c}, {{}, @broadcast, 0x8, @void, 0x6}, {{}, @device_a, 0x6, @void, 0x33}, {{}, @device_a, 0x10001, @void, 0x1d}, {{0x0, 0x1}, @device_b, 0x10, @value=@broadcast, 0x36}, {{}, @device_b, 0x16, @void, 0x9}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x19}, {{0x0, 0x1}, @broadcast, 0x8001, @value=@broadcast, 0xf}]}}, @peer_mgmt={0x75, 0x4, {0x0, 0x64, @void, @void, @void}}]}, @NL80211_ATTR_PROBE_RESP={0x1ee, 0x91, "2060a2956603e0f76f8ad77949a1547f78bb58ea98e93da7f2301159fda08b3b2bd1d57b85380d1293d9def7298f682dc2fbce376abddf71bcf984c8abf61cdd518c36c0f511d7e779d0a52d52cad338aa40c1cbf65d4b0f664110059df61d761b2aa42fc1e74089962bece1265f91e702874820c7d190f564cc0069f8cba214a58a4be669f65e981231a8910680452b118b10f4c7b75ba4c55bc0a275a99bd54d3b0161b6a32bbf6dc33669eeefaa3d520dc4d3cdbcbf2e35eef86c48e16d8a4b69a5f09f3fb51335336ad4315966627cf9bf8b2ea0eac7c9519204ff2d6c0b43a7d0286a9a6b1fdb3b01f3c51bb063bdfe36f94012c5426625bafaf6f69f0c26c8e7c84a29878e6ffe7823dc94971e9f378e3e334ad3edeff8f2523782d43227095e56090e297d8f7dba432d12681dee4d9e97816788bb8ea07f27a3e7b76997a91a7d73e59aa7b064ddaf0f787f329c500c2ef7906969e64433e97964d8604096eb062d5a1d53aa46d1098ac6ce3e11e60ac595486d40072154582bd1a3812865e00ff9d680a09a8477acc58b25af739c70241993a93a86b33b993a6d2c991891da7643b105b83b82b4ff13a8e98d723a244519a3f597ab4e3ad755327198adac94d051ed5dc92bfb91114027786aa27ac6e3a144704176624f4983b6c4e56397a5c2c031f2dbb776"}, @NL80211_ATTR_BEACON_HEAD={0xef, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7fd1}, @device_a, @device_a, @from_mac=@device_b, {0xa, 0x81}, @value=@ver_80211n={0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x6, @random=0xfe01, 0x2000, @void, @val={0x1, 0x5, [{0x12}, {0x9}, {0x1}, {0x5}, {0x5}]}, @val={0x3, 0x1, 0x6}, @void, @val={0x6, 0x2, 0x1}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0xc, 0x2, 0x5, 0x0, {0x9e, 0xf8, 0x0, 0x7, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x300, 0x1, 0x8}}, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x3, 0xf5, 0x40, 0xd72}}, [{0xdd, 0x7a, "56cac8e1d671738b6c7a1cd5b73677195b10200ae0449113904bb3b5dd3a39a736731e11c46895db2436c9703bc4a1b85e552341dd9d26fcc63077aef4a9e53fc38526df6b1f358cc3f18b20ecb06f734a9b6a1605cdd94590937996f9caa23d3ef627a14a8d08ac25920520af719dca9acf5ca587bf36fe8696"}, {0xdd, 0xb, "b3f9cd861fea2e28d7207d"}]}}], @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2b, 0x2, [{0x2, 0x2}, {0x7, 0xa}, {0x1, 0x6}, {0x3, 0x3}, {0x7, 0xa}, {0x0, 0x5}, {0x2, 0x2}, {0x6, 0x1}, {0x3, 0x8}, {0x6, 0x8}, {0x3, 0x4}, {0x2, 0x2}, {0x1, 0x4}, {0x0, 0x2}, {0x0, 0x6}, {0x0, 0x8}, {0x7, 0x8}, {0x2, 0x2}, {0x1, 0x5}, {0x1, 0x9}, {0x5, 0xa}, {0x3, 0x4}, {0x5}, {0x0, 0x8}, {0x6, 0x6}, {0x2, 0x3}, {0x7, 0xa}, {0x5, 0x5}, {0x3}, {0x4, 0x7}, {0x5, 0x4}, {0x0, 0x7}, {0x0, 0x4}, {0x3, 0xa}, {0x2, 0x6}, {0x5, 0x1}, {0x3, 0x2}, {0x5, 0x8}, {0x0, 0x6}]}]}, @NL80211_BAND_60GHZ={0xc4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x6, 0x2, 0x12, 0x2, 0xe, 0x2, 0x1b, 0x48, 0x4, 0xc, 0x6, 0x48, 0x12, 0x16, 0x60, 0x1, 0x2, 0x1, 0x24, 0x48, 0x24, 0x3, 0xc, 0x6c, 0xc, 0x48]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x4, 0x4, 0x80, 0x40, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe00, 0x5, 0x800, 0x1, 0x6, 0xce6, 0x6, 0x5]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x60, 0x16, 0x60, 0xc62b9059808190b4, 0x5, 0x3, 0x16, 0x36, 0x16, 0x1b, 0x12, 0x6, 0x6c, 0x4, 0x9, 0x60, 0x36, 0x5, 0x0, 0x30, 0x1, 0x6c, 0x1b, 0x60, 0xc, 0x14, 0xb, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x4, 0x1, 0x3, 0x9fe, 0x4, 0x7, 0x5]}}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x4, 0x1}, {0x2, 0x5}, {0x1, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0xff, 0x0, 0x8, 0x4, 0x8, 0x4, 0x1]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1, 0x2, 0x36, 0x48, 0x24, 0x24, 0x1, 0x36, 0x48, 0xb, 0x36, 0xb, 0x1, 0x1, 0x6c, 0x9, 0x24, 0x30, 0x3, 0x30]}]}, @NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8, 0xd6, 0x1, 0x2, 0x4, 0x4, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0xce, 0x200, 0x0, 0xf3, 0x1, 0x9]}}]}, @NL80211_BAND_6GHZ={0x90, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x7, 0x5000, 0xc, 0x617, 0x4, 0x8]}}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x36, 0x30, 0x5, 0x6, 0x6c, 0x3, 0x12, 0x0, 0x2, 0x4, 0x2, 0x30, 0x6c, 0x6, 0x30, 0x3, 0x3, 0x2, 0x30, 0x2, 0xb, 0x18, 0x18, 0x4, 0x36]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x0, 0x18, 0x4, 0x36, 0x34, 0x3, 0x48, 0x2, 0x6c, 0x24, 0x17, 0x1, 0x24]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff05, 0x401, 0x5, 0xfff, 0xa, 0x3, 0x1, 0x1]}}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x12, 0x48, 0xb, 0x30, 0x60, 0x60, 0x30, 0x6c, 0x12, 0x30, 0x5, 0xb, 0x0, 0x6, 0x2, 0xc, 0x3, 0x4, 0x36, 0x1, 0xc, 0x60, 0x24, 0x6, 0x1, 0x1b, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_6GHZ={0x68, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x16, 0x2, [{0x5, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x6}, {0x6, 0xa}, {0x4, 0x6}, {0x2, 0x9}, {0x1, 0xa}, {0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x1, 0x1}, {0x2, 0x3}, {0x1}, {0x6, 0x6}, {0x0, 0x1}, {0x1}, {0x4, 0x9}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa8f, 0x7, 0x7, 0xffff, 0x6, 0x9, 0x9, 0x94bd]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x7, 0x6}, {0x0, 0x9}, {0x7, 0x4}, {0x4, 0x4}, {0x1, 0x3}, {0x7, 0xa}, {0x0, 0x2}, {0x1, 0x5}, {0x2, 0x8}, {0x0, 0x6}, {0x6, 0x6}, {0x3, 0xa}, {0x6, 0xa}, {0x2, 0x5}, {0x1, 0x4}, {0x3, 0x7}, {0x7, 0xa}, {0x1, 0x6}, {0x0, 0xa}, {0x5, 0x7}, {0x2, 0xa}, {0x1, 0x2}, {0x5, 0x9}, {0x1, 0x4}, {0x5, 0xa}, {0x5, 0x1}, {0x4, 0x3}, {0x3, 0x1}, {0x4, 0x6}, {0x2, 0x1}, {0x5, 0x8}, {0x7, 0x4}, {0x1, 0x1}, {0x0, 0x4}, {0x2, 0xa}, {0x4, 0x3}, {0x2, 0x6}, {0x4, 0x2}, {0x5, 0xa}, {0x6, 0x1}, {0x4, 0x7}, {0x4, 0x7}, {0x0, 0x2}, {0x1, 0x7}, {0x1, 0x3}, {0x0, 0x3}, {0x6, 0x1}, {0x0, 0xa}, {0x3, 0x3}]}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x640}, 0x1, 0x0, 0x0, 0x20040040}, 0x4)
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x40, r0, 0x801, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}]}]}, 0x40}}, 0x0)

496.540443ms ago: executing program 1 (id=3372):
socket$netlink(0x10, 0x3, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4}, 0x50)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, [@RTA_OIF={0x8, 0x4, r6}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0xa}}]}, 0x38}}, 0x1000c840)

315.351959ms ago: executing program 3 (id=3373):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000"], 0x44}}, 0x0)

262.217037ms ago: executing program 5 (id=3374):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="010500"], 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="70000002", @ANYRES16=r1, @ANYBLOB="050004000000fedbdf250f00000008000300", @ANYRES32=r2, @ANYBLOB="3f000e0080000000080211000001080211000001080211000000000000000000000000000400000000060101010101013c040107050271070101000101f008000400fe0008000c006400000008000d0000000000"], 0x70}, 0x1, 0x0, 0x0, 0x40020}, 0x0)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
shutdown(0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x12, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="f8ffffff00000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$kcm(0x10, 0x400000002, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, 0x0, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2f, &(0x7f00000005c0)={0x7, {{0xa, 0x4e23, 0x2, @mcast2, 0x8000081}}, {{0xa, 0x4620, 0xfffffff8, @loopback, 0x8000}}}, 0x108)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000003a0001032dbd7000fadbdf2504000000b642937808fe54977b0a8f5007403b291934c755489359158fe3bf108f8e1e80dc6c9bb24130005450b553e44b4913945e88f02705f65cdc5963705f64d936a123a7c5b3bad3bf3d0e"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021d}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

215.038042ms ago: executing program 2 (id=3375):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
io_setup(0x13, &(0x7f00000003c0))
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000380)={0x0, 0x8b8e, 0x80, 0x803, 0x7}, &(0x7f0000000340), &(0x7f0000000040))
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = syz_open_procfs(0x0, 0x0)
getgid()
stat(&(0x7f0000008c00)='./file0\x00', &(0x7f0000008c40))
pread64(r6, 0x0, 0x0, 0xadc)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="0f8666f2a665f0ff0f0fc73666ba21003e0f01c5c4c1ed665a0aa00f06ea009000002c00c4c1b81516", 0x29}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

113.720559ms ago: executing program 0 (id=3376):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0xa0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x800)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
syz_emit_vhci(&(0x7f0000002800)=ANY=[@ANYBLOB="02c90010000cf6bb03824ec4fa16daa00a83e80900"], 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

112.847095ms ago: executing program 3 (id=3377):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x24}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl1\x00', <r1=>0x0, 0x29, 0xd, 0xfd, 0x6, 0x22, @loopback, @mcast2, 0x1, 0x8, 0x3, 0x81}})
r2 = syz_open_dev$swradio(&(0x7f00000000c0), 0x1, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x2, 0x0)
fcntl$setstatus(r6, 0x4, 0x2000)
vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000080)="1e10", 0x2}], 0x1, 0x8)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x18c6)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x58, 0x2, 0x6, 0x401, 0xe4340000, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="48000000090601080000000000000000050000000900020073797a3100000000050001000700000020000780060004404e21050005000700ff0000000c000180080001400a"], 0x48}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000080)={0x1, 0x5, 0x2})
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000140)={r1, 0x1, 0x6, @multicast}, 0x10)

0s ago: executing program 0 (id=3378):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
write$vhost_msg_v2(r2, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f0000004b00)=""/110, 0x6e, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r2, 0x0, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418})

kernel console output (not intermixed with test programs):

 disabled state
[ 1256.188024][T17238] bridge_slave_1: entered allmulticast mode
[ 1256.204616][T17238] bridge_slave_1: entered promiscuous mode
[ 1256.802167][ T5941] usb 3-1: new full-speed USB device number 97 using dummy_hcd
[ 1256.984023][ T5941] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1257.020073][ T5941] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1257.066608][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1257.114317][ T5941] usb 3-1: config 0 descriptor??
[ 1257.449415][T17238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1258.265293][T17342] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1258.298144][T17238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1258.301487][T17342] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1258.455846][T17238] team0: Port device team_slave_0 added
[ 1258.612366][T15942] usb 2-1: new full-speed USB device number 76 using dummy_hcd
[ 1258.788729][T15942] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1258.823844][T15942] usb 2-1: config 0 has no interface number 0
[ 1258.859487][T15942] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1258.928070][T15942] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 64
[ 1258.973266][T15942] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1259.031350][T15942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1259.099886][T15942] usb 2-1: config 0 descriptor??
[ 1259.140918][T17342] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1259.246603][T15942] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1259.486858][T17350] ip6t_srh: unknown srh invflags 7F00
[ 1259.693563][T15942] usb 2-1: USB disconnect, device number 76
[ 1259.810434][T17335] SELinux: failed to load policy
[ 1259.925056][T17238] team0: Port device team_slave_1 added
[ 1260.155299][ T5941] lenovo 0003:17EF:6067.000F: unknown main item tag 0x4
[ 1260.192696][ T5941] lenovo 0003:17EF:6067.000F: item fetching failed at offset 4/5
[ 1260.235079][ T5941] lenovo 0003:17EF:6067.000F: hid_parse failed
[ 1260.271181][ T5941] lenovo 0003:17EF:6067.000F: probe with driver lenovo failed with error -22
[ 1260.382369][T17238] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1260.389337][T17238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1260.432196][T17238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1260.512810][T17238] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1260.519883][T17238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1260.548065][T17238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1260.677659][T17238] hsr_slave_0: entered promiscuous mode
[ 1260.692863][T17238] hsr_slave_1: entered promiscuous mode
[ 1260.711623][T17238] debugfs: 'hsr0' already exists in 'hsr'
[ 1260.733070][T17238] Cannot create hsr debugfs directory
[ 1260.928915][T15942] usb 3-1: USB disconnect, device number 97
[ 1260.942165][ T7743] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1261.122522][ T7743] usb 2-1: Using ep0 maxpacket: 8
[ 1261.128642][T15261] hsr_slave_0: left promiscuous mode
[ 1261.130124][ T7743] usb 2-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1261.145669][T15261] hsr_slave_1: left promiscuous mode
[ 1261.154219][ T7743] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1261.162334][T15261] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1261.163212][ T7743] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1261.169922][T15261] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1261.179741][ T7743] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1261.196732][ T7743] usb 2-1: Product: syz
[ 1261.200898][ T7743] usb 2-1: Manufacturer: syz
[ 1261.206374][ T7743] usb 2-1: SerialNumber: syz
[ 1261.215004][T15261] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1261.224884][T17362] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1261.232313][T15261] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1261.254564][T15261] veth1_macvtap: left promiscuous mode
[ 1261.260328][T15261] veth0_macvtap: left promiscuous mode
[ 1261.267571][T15261] veth1_vlan: left promiscuous mode
[ 1261.273327][T15261] veth0_vlan: left promiscuous mode
[ 1261.402195][T15942] usb 3-1: new full-speed USB device number 98 using dummy_hcd
[ 1261.603949][T15942] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1261.610678][T15942] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1261.672576][T15942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1261.806068][T15942] usb 3-1: config 0 descriptor??
[ 1263.400886][T17378] SELinux: failed to load policy
[ 1263.506580][T15261] team0 (unregistering): Port device team_slave_1 removed
[ 1263.588002][T15942] lenovo 0003:17EF:6067.0010: unknown main item tag 0x4
[ 1263.609845][T15261] team0 (unregistering): Port device team_slave_0 removed
[ 1264.622495][   T30] audit: type=1326 audit(1767142108.968:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17382 comm="syz.4.2916" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f754c78f749 code=0x0
[ 1265.192146][T15942] lenovo 0003:17EF:6067.0010: item fetching failed at offset 4/5
[ 1265.205255][T15942] lenovo 0003:17EF:6067.0010: hid_parse failed
[ 1265.211581][T15942] lenovo 0003:17EF:6067.0010: probe with driver lenovo failed with error -22
[ 1265.339868][T17029] usb 3-1: USB disconnect, device number 98
[ 1265.511927][T17371] bond0: entered promiscuous mode
[ 1265.541500][T17371] bond_slave_0: entered promiscuous mode
[ 1265.559335][T17371] bond_slave_1: entered promiscuous mode
[ 1265.584849][T17371] batadv0: entered promiscuous mode
[ 1265.605996][T17371] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1265.620580][T17371] bond0: left promiscuous mode
[ 1265.626608][T17371] bond_slave_0: left promiscuous mode
[ 1265.633575][T17371] bond_slave_1: left promiscuous mode
[ 1265.746034][T17371] batadv0: left promiscuous mode
[ 1267.616374][T15261] IPVS: stop unused estimator thread 0...
[ 1267.863650][T17414] ip6t_srh: unknown srh invflags 7F00
[ 1270.454617][   T30] audit: type=1326 audit(1767142115.008:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17437 comm="syz.4.2927" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f754c78f749 code=0x0
[ 1270.652831][T17238] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1270.682671][ T5941] usb 2-1: USB disconnect, device number 77
[ 1271.092624][T17238] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1271.107551][T17238] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1271.129336][T17238] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1272.640839][T17238] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1272.662761][T17238] 8021q: adding VLAN 0 to HW filter on device team0
[ 1272.687215][  T156] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1272.694374][  T156] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1272.707274][  T156] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1272.714449][  T156] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1273.585954][T17238] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1273.739029][T17238] veth0_vlan: entered promiscuous mode
[ 1273.803300][T17238] veth1_vlan: entered promiscuous mode
[ 1274.103761][T17238] veth0_macvtap: entered promiscuous mode
[ 1274.188027][T17489] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2928'.
[ 1274.198413][T17489] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2928'.
[ 1274.557001][T17238] veth1_macvtap: entered promiscuous mode
[ 1274.622224][    T9] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 1274.640478][T17238] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1274.719352][T17238] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1274.947855][    T9] usb 2-1: Using ep0 maxpacket: 8
[ 1275.050299][    T9] usb 2-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1275.071421][ T3841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1275.079888][    T9] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1275.086917][ T3841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1275.098819][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1275.141844][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1275.149073][ T3841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1275.176571][    T9] usb 2-1: Product: syz
[ 1275.178333][ T3841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1275.191028][    T9] usb 2-1: Manufacturer: syz
[ 1276.322976][    T9] usb 2-1: SerialNumber: syz
[ 1276.346566][T17491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1276.553936][ T6453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1276.567551][ T6453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1276.881955][ T6453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1276.931578][ T6453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1277.061735][   T30] audit: type=1400 audit(1767142121.608:1591): avc:  denied  { mounton } for  pid=17238 comm="syz-executor" path="/root/syzkaller.NNwc4R/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 1277.135125][   T30] audit: type=1400 audit(1767142121.658:1592): avc:  denied  { mounton } for  pid=17238 comm="syz-executor" path="/root/syzkaller.NNwc4R/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1277.204718][   T30] audit: type=1400 audit(1767142121.678:1593): avc:  denied  { mounton } for  pid=17238 comm="syz-executor" path="/root/syzkaller.NNwc4R/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=66288 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1277.284167][   T30] audit: type=1400 audit(1767142121.718:1594): avc:  denied  { mounton } for  pid=17238 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1277.294642][T17491] bond0: entered promiscuous mode
[ 1277.312953][T17491] bond_slave_0: entered promiscuous mode
[ 1277.318780][T17491] bond_slave_1: entered promiscuous mode
[ 1277.326252][T17491] batadv0: entered promiscuous mode
[ 1277.332857][T17491] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1277.365294][T17491] bond0: left promiscuous mode
[ 1277.370136][T17491] bond_slave_0: left promiscuous mode
[ 1277.376028][T17491] bond_slave_1: left promiscuous mode
[ 1277.396240][T17491] batadv0: left promiscuous mode
[ 1277.425503][   T30] audit: type=1400 audit(1767142121.718:1595): avc:  denied  { mount } for  pid=17238 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1277.515394][   T30] audit: type=1400 audit(1767142121.718:1596): avc:  denied  { mounton } for  pid=17238 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1278.038836][    T9] usb 2-1: USB disconnect, device number 78
[ 1278.125473][   T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1278.138600][   T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1278.148367][   T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1278.157894][   T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1278.166318][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1278.614971][T17540] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2940'.
[ 1280.203584][ T5822] Bluetooth: hci2: command tx timeout
[ 1282.272169][ T5822] Bluetooth: hci2: command tx timeout
[ 1283.256093][T17601] tmpfs: Bad value for 'mpol'
[ 1283.274358][ T1085] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1283.323426][ T1085] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1283.553242][ T1085] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1283.597512][ T1085] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1283.795279][ T1085] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1283.817358][ T1085] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1283.944858][ T1085] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1283.976995][ T1085] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1283.988982][T15942] usb 2-1: new full-speed USB device number 79 using dummy_hcd
[ 1284.051074][T17532] chnl_net:caif_netlink_parms(): no params data found
[ 1284.173653][T15942] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1284.196663][T15942] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1284.236335][T15942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1284.267415][ T5941] usb 3-1: new full-speed USB device number 99 using dummy_hcd
[ 1284.284445][T15942] usb 2-1: config 0 descriptor??
[ 1284.318300][T17532] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1284.332299][T17532] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1284.348440][T17532] bridge_slave_0: entered allmulticast mode
[ 1284.352909][ T5822] Bluetooth: hci2: command tx timeout
[ 1284.365963][T17532] bridge_slave_0: entered promiscuous mode
[ 1284.403418][T17532] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1284.411759][T17532] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1284.421002][T17532] bridge_slave_1: entered allmulticast mode
[ 1284.430920][T17532] bridge_slave_1: entered promiscuous mode
[ 1284.455570][ T5941] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1284.477730][ T5941] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1284.487155][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1284.505514][ T1085] bridge_slave_1: left allmulticast mode
[ 1284.512364][ T1085] bridge_slave_1: left promiscuous mode
[ 1284.520822][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1284.825847][ T1085] bridge_slave_0: left allmulticast mode
[ 1284.834904][ T1085] bridge_slave_0: left promiscuous mode
[ 1284.852044][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1285.224315][T17613] SELinux: failed to load policy
[ 1285.576495][T15942] lenovo 0003:17EF:6067.0011: unknown main item tag 0x4
[ 1285.780336][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1285.801766][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1285.819511][ T1085] bond0 (unregistering): Released all slaves
[ 1286.031347][ T1085] tipc: Left network mode
[ 1286.126712][T17532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1286.310332][T17532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1286.432319][ T5822] Bluetooth: hci2: command tx timeout
[ 1286.803438][T15942] lenovo 0003:17EF:6067.0011: item fetching failed at offset 4/5
[ 1286.812629][T15942] lenovo 0003:17EF:6067.0011: hid_parse failed
[ 1286.819230][T15942] lenovo 0003:17EF:6067.0011: probe with driver lenovo failed with error -22
[ 1286.830673][ T5941] usb 3-1: config 0 descriptor??
[ 1286.867150][T17029] usb 2-1: USB disconnect, device number 79
[ 1286.911637][T17532] team0: Port device team_slave_0 added
[ 1286.995026][T17532] team0: Port device team_slave_1 added
[ 1287.054426][ T5941] usbhid 3-1:0.0: can't add hid device: -71
[ 1287.061057][ T5941] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1287.089424][ T5941] usb 3-1: USB disconnect, device number 99
[ 1287.454379][T17628] overlayfs: overlapping lowerdir path
[ 1288.307336][ T1085] hsr_slave_0: left promiscuous mode
[ 1288.437436][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1289.017709][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1289.115407][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1289.128727][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1289.169585][ T1085] veth1_macvtap: left promiscuous mode
[ 1289.182456][ T1085] veth0_macvtap: left promiscuous mode
[ 1289.197621][ T1085] veth1_vlan: left promiscuous mode
[ 1289.212307][ T1085] veth0_vlan: left promiscuous mode
[ 1290.342382][ T5941] usb 3-1: new full-speed USB device number 100 using dummy_hcd
[ 1290.503917][ T5941] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1290.522177][ T5941] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1290.542182][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1290.564975][ T5941] usb 3-1: config 0 descriptor??
[ 1291.272507][ T7743] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1291.442313][ T7743] usb 4-1: Using ep0 maxpacket: 8
[ 1291.459589][ T7743] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1291.496156][ T5941] lenovo 0003:17EF:6067.0012: unknown main item tag 0x4
[ 1291.503476][ T7743] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.516034][ T5941] lenovo 0003:17EF:6067.0012: item fetching failed at offset 4/5
[ 1291.528077][ T5941] lenovo 0003:17EF:6067.0012: hid_parse failed
[ 1291.535545][ T7743] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.546315][ T5941] lenovo 0003:17EF:6067.0012: probe with driver lenovo failed with error -22
[ 1291.565975][ T7743] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1291.617971][ T7743] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= 0.40
[ 1291.640703][ T7743] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1291.667447][ T7743] usb 4-1: SerialNumber: syz
[ 1291.721807][ T7743] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[ 1291.737171][ T7743] usbtest 4-1:1.0: Linux gadget zero
[ 1291.744217][ T7743] usbtest 4-1:1.0: high-speed {control in/out int-in} tests (+alt)
[ 1292.841287][ T1085] team0 (unregistering): Port device team_slave_1 removed
[ 1292.983610][ T1085] team0 (unregistering): Port device team_slave_0 removed
[ 1293.498976][ T7743] usb 3-1: USB disconnect, device number 100
[ 1294.351059][T17532] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1294.369332][T17532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1294.480137][T17532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1294.620429][T17658] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[ 1294.670023][T17532] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1294.692207][T17532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1294.769807][T17532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1294.914568][ T7743] usb 4-1: USB disconnect, device number 81
[ 1295.037979][T17668] FAULT_INJECTION: forcing a failure.
[ 1295.037979][T17668] name failslab, interval 1, probability 0, space 0, times 0
[ 1295.081917][T17668] CPU: 0 UID: 0 PID: 17668 Comm: syz.1.2961 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1295.081941][T17668] Tainted: [L]=SOFTLOCKUP
[ 1295.081945][T17668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1295.081953][T17668] Call Trace:
[ 1295.081957][T17668]  <TASK>
[ 1295.081962][T17668]  dump_stack_lvl+0x16c/0x1f0
[ 1295.081983][T17668]  should_fail_ex+0x512/0x640
[ 1295.081999][T17668]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1295.082018][T17668]  should_failslab+0xc2/0x120
[ 1295.082033][T17668]  kmem_cache_alloc_noprof+0x83/0x770
[ 1295.082045][T17668]  ? skb_clone+0x190/0x3f0
[ 1295.082059][T17668]  ? skb_clone+0x190/0x3f0
[ 1295.082069][T17668]  skb_clone+0x190/0x3f0
[ 1295.082088][T17668]  netlink_deliver_tap+0xabd/0xd30
[ 1295.082112][T17668]  netlink_unicast+0x64c/0x870
[ 1295.082138][T17668]  ? __pfx_netlink_unicast+0x10/0x10
[ 1295.082157][T17668]  netlink_sendmsg+0x8c8/0xdd0
[ 1295.082172][T17668]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1295.082192][T17668]  ____sys_sendmsg+0xa5d/0xc30
[ 1295.082206][T17668]  ? copy_msghdr_from_user+0x10a/0x160
[ 1295.082218][T17668]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1295.082239][T17668]  ___sys_sendmsg+0x134/0x1d0
[ 1295.082251][T17668]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1295.082281][T17668]  __sys_sendmsg+0x16d/0x220
[ 1295.082293][T17668]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1295.082314][T17668]  do_syscall_64+0xcd/0xf80
[ 1295.082330][T17668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1295.082341][T17668] RIP: 0033:0x7efced58f749
[ 1295.082351][T17668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1295.082362][T17668] RSP: 002b:00007efcee474038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1295.082373][T17668] RAX: ffffffffffffffda RBX: 00007efced7e5fa0 RCX: 00007efced58f749
[ 1295.082381][T17668] RDX: 0000000000000080 RSI: 0000200000000000 RDI: 000000000000000b
[ 1295.082387][T17668] RBP: 00007efcee474090 R08: 0000000000000000 R09: 0000000000000000
[ 1295.082394][T17668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1295.082400][T17668] R13: 00007efced7e6038 R14: 00007efced7e5fa0 R15: 00007ffeaf1cb218
[ 1295.082415][T17668]  </TASK>
[ 1295.093504][T17532] hsr_slave_0: entered promiscuous mode
[ 1295.327584][T17532] hsr_slave_1: entered promiscuous mode
[ 1295.778638][T17682] overlayfs: overlapping lowerdir path
[ 1296.010296][ T1085] IPVS: stop unused estimator thread 0...
[ 1296.505809][T17695] FAULT_INJECTION: forcing a failure.
[ 1296.505809][T17695] name failslab, interval 1, probability 0, space 0, times 0
[ 1296.581897][T17695] CPU: 1 UID: 0 PID: 17695 Comm: syz.1.2966 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1296.581926][T17695] Tainted: [L]=SOFTLOCKUP
[ 1296.581933][T17695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1296.581944][T17695] Call Trace:
[ 1296.581951][T17695]  <TASK>
[ 1296.581959][T17695]  dump_stack_lvl+0x16c/0x1f0
[ 1296.581986][T17695]  should_fail_ex+0x512/0x640
[ 1296.582012][T17695]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[ 1296.582036][T17695]  should_failslab+0xc2/0x120
[ 1296.582060][T17695]  kmem_cache_alloc_node_noprof+0x86/0x800
[ 1296.582082][T17695]  ? copy_process+0x4b5/0x7430
[ 1296.582111][T17695]  ? copy_process+0x4b5/0x7430
[ 1296.582134][T17695]  copy_process+0x4b5/0x7430
[ 1296.582172][T17695]  ? __pfx_copy_process+0x10/0x10
[ 1296.582201][T17695]  ? lockdep_init_map_type+0x5c/0x270
[ 1296.582224][T17695]  ? lockdep_init_map_type+0x5c/0x270
[ 1296.582244][T17695]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1296.582274][T17695]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1296.582300][T17695]  vhost_task_create+0x1d2/0x370
[ 1296.582325][T17695]  ? __pfx_vhost_task_create+0x10/0x10
[ 1296.582379][T17695]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1296.582407][T17695]  ? __pfx___mutex_lock+0x10/0x10
[ 1296.582438][T17695]  kvm_mmu_post_init_vm+0x1b7/0x380
[ 1296.582463][T17695]  kvm_arch_vcpu_ioctl_run+0x66/0x1860
[ 1296.582486][T17695]  ? kvm_vcpu_ioctl+0x14f8/0x16d0
[ 1296.582519][T17695]  kvm_vcpu_ioctl+0x76d/0x16d0
[ 1296.582549][T17695]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1296.582576][T17695]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1296.582599][T17695]  ? do_vfs_ioctl+0x128/0x14f0
[ 1296.582621][T17695]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1296.582642][T17695]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1296.582677][T17695]  ? hook_file_ioctl_common+0x144/0x410
[ 1296.582712][T17695]  ? selinux_file_ioctl+0x180/0x270
[ 1296.582733][T17695]  ? selinux_file_ioctl+0xb4/0x270
[ 1296.582757][T17695]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1296.582784][T17695]  __x64_sys_ioctl+0x18e/0x210
[ 1296.582804][T17695]  do_syscall_64+0xcd/0xf80
[ 1296.582824][T17695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1296.582843][T17695] RIP: 0033:0x7efced58f749
[ 1296.582858][T17695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1296.582874][T17695] RSP: 002b:00007efcee474038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1296.582891][T17695] RAX: ffffffffffffffda RBX: 00007efced7e5fa0 RCX: 00007efced58f749
[ 1296.582903][T17695] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1296.582913][T17695] RBP: 00007efcee474090 R08: 0000000000000000 R09: 0000000000000000
[ 1296.582924][T17695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1296.582934][T17695] R13: 00007efced7e6038 R14: 00007efced7e5fa0 R15: 00007ffeaf1cb218
[ 1296.582961][T17695]  </TASK>
[ 1298.211017][T17710] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2969'.
[ 1298.231006][T17710] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2969'.
[ 1299.800950][T17532] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1299.990176][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.007711][T17532] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1300.045376][T17532] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1300.266343][T17532] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1300.685367][T17532] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1300.755560][T17532] 8021q: adding VLAN 0 to HW filter on device team0
[ 1300.834675][ T6219] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1300.841814][ T6219] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1300.868215][ T6219] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1300.875371][ T6219] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1302.699317][T17532] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1305.033317][T17821] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2984'.
[ 1305.042565][T17821] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2984'.
[ 1307.140751][T17532] veth0_vlan: entered promiscuous mode
[ 1307.239332][T17532] veth1_vlan: entered promiscuous mode
[ 1307.403094][T17850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2988'.
[ 1308.040599][T17532] veth0_macvtap: entered promiscuous mode
[ 1308.065582][T17532] veth1_macvtap: entered promiscuous mode
[ 1308.134999][T17532] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1308.194346][T17532] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1308.308102][ T1085] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1308.326154][ T1085] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1308.378625][ T1085] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1308.438188][ T1085] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1309.023019][   T30] audit: type=1400 audit(1767142153.228:1597): avc:  denied  { write } for  pid=17861 comm="syz.0.2990" path="socket:[69307]" dev="sockfs" ino=69307 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1310.538675][T17876] comedi comedi3: pcl818: I/O port conflict (0x2,16)
[ 1310.550438][ T6219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1310.568891][ T6219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1310.765653][ T6219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1310.803411][ T6219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1314.818850][   T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1314.829277][   T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1314.837234][   T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1314.846359][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1314.861323][   T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1314.895333][   T30] audit: type=1326 audit(1767142159.448:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17912 comm="syz.4.3003" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f36e9b8f749 code=0x0
[ 1315.687268][T15692] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1315.822218][T15692] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 57814 - 0
[ 1316.046534][T15692] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1316.069129][T15692] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 57814 - 0
[ 1316.259768][T15692] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1316.286453][T15692] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 57814 - 0
[ 1316.384489][T15692] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1316.407775][T15692] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 57814 - 0
[ 1316.716612][T15692] bridge_slave_1: left allmulticast mode
[ 1316.732652][T15692] bridge_slave_1: left promiscuous mode
[ 1316.743049][T15692] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1316.764077][T15692] bridge_slave_0: left allmulticast mode
[ 1316.772525][T15692] bridge_slave_0: left promiscuous mode
[ 1316.791648][T15692] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1316.917867][   T52] Bluetooth: hci1: command tx timeout
[ 1317.441450][T15692] dvmrp0 (unregistering): left allmulticast mode
[ 1318.440044][T15942] libceph: connect (1)[c::]:6789 error -101
[ 1318.446698][T15942] libceph: mon0 (1)[c::]:6789 connect error
[ 1318.459043][T15692] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1318.469644][T15692] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1318.475404][T17951] binder: 17947:17951 ioctl c0306201 200000000080 returned -22
[ 1318.501651][T17951] binder: BINDER_SET_CONTEXT_MGR already set
[ 1318.508325][T17951] binder: 17947:17951 ioctl 4018620d 200000000040 returned -16
[ 1318.524473][T15692] bond0 (unregistering): Released all slaves
[ 1318.565993][T17909] chnl_net:caif_netlink_parms(): no params data found
[ 1318.648877][T15692] tipc: Left network mode
[ 1318.738518][T15942] libceph: connect (1)[c::]:6789 error -101
[ 1318.746826][T15942] libceph: mon0 (1)[c::]:6789 connect error
[ 1318.835105][T16271] usb 3-1: new full-speed USB device number 101 using dummy_hcd
[ 1318.857211][T17909] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1318.874787][T17909] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1318.881957][T17909] bridge_slave_0: entered allmulticast mode
[ 1318.899768][T17909] bridge_slave_0: entered promiscuous mode
[ 1318.942925][T17909] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1318.978846][T17909] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1318.992403][   T52] Bluetooth: hci1: command tx timeout
[ 1319.004002][T16271] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1319.011456][T16271] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1319.014791][T17909] bridge_slave_1: entered allmulticast mode
[ 1319.023698][T16271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1319.153260][T16271] usb 3-1: config 0 descriptor??
[ 1319.168838][T17909] bridge_slave_1: entered promiscuous mode
[ 1319.275559][T15942] libceph: connect (1)[c::]:6789 error -101
[ 1319.703270][T17948] ceph: No mds server is up or the cluster is laggy
[ 1319.711389][T15942] libceph: mon0 (1)[c::]:6789 connect error
[ 1320.390559][   T30] audit: type=1400 audit(1767142164.838:1599): avc:  denied  { setopt } for  pid=17975 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1321.072796][   T52] Bluetooth: hci1: command tx timeout
[ 1321.338462][T17972] SELinux: failed to load policy
[ 1321.410475][T16271] lenovo 0003:17EF:6067.0013: unknown main item tag 0x4
[ 1322.975314][T15692] hsr_slave_0: left promiscuous mode
[ 1322.982814][T16271] lenovo 0003:17EF:6067.0013: item fetching failed at offset 4/5
[ 1322.996105][T16271] lenovo 0003:17EF:6067.0013: hid_parse failed
[ 1323.005060][T16271] lenovo 0003:17EF:6067.0013: probe with driver lenovo failed with error -22
[ 1323.195035][   T52] Bluetooth: hci1: command tx timeout
[ 1323.419087][T15692] hsr_slave_1: left promiscuous mode
[ 1323.425726][T15692] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1323.479426][T15692] net_ratelimit: 10 callbacks suppressed
[ 1323.479445][T15692] batadv0: mtu less than device minimum
[ 1323.497644][T16271] usb 3-1: USB disconnect, device number 101
[ 1323.532833][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.544102][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.555063][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.566010][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.576956][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.587927][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.598872][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.609819][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.620764][T15692] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1323.740394][T15692] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1323.759329][T15692] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1323.803554][T15692] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1323.852254][T15692] batman_adv: batadv0: Interface deactivated: dummy0
[ 1323.859939][T15692] batman_adv: batadv0: Removing interface: dummy0
[ 1323.955420][T15692] veth1_macvtap: left promiscuous mode
[ 1323.960932][T15692] veth0_macvtap: left promiscuous mode
[ 1323.983211][T15692] veth1_vlan: left promiscuous mode
[ 1324.380045][T15692] team0 (unregistering): Port device batadv1 removed
[ 1324.695948][ T1085] smc: removing ib device syz2
[ 1325.157914][T18002] netlink: 'syz.0.3019': attribute type 9 has an invalid length.
[ 1328.164092][T18020] FAULT_INJECTION: forcing a failure.
[ 1328.164092][T18020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1328.177330][T18020] CPU: 1 UID: 0 PID: 18020 Comm: syz.2.3023 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1328.177363][T18020] Tainted: [L]=SOFTLOCKUP
[ 1328.177370][T18020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1328.177382][T18020] Call Trace:
[ 1328.177389][T18020]  <TASK>
[ 1328.177397][T18020]  dump_stack_lvl+0x16c/0x1f0
[ 1328.177425][T18020]  should_fail_ex+0x512/0x640
[ 1328.177456][T18020]  _copy_from_iter+0x2a4/0x16c0
[ 1328.177486][T18020]  ? __alloc_skb+0x220/0x410
[ 1328.177511][T18020]  ? __alloc_skb+0x35d/0x410
[ 1328.177536][T18020]  ? __pfx__copy_from_iter+0x10/0x10
[ 1328.177575][T18020]  netlink_sendmsg+0x820/0xdd0
[ 1328.177610][T18020]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1328.177643][T18020]  ____sys_sendmsg+0xa5d/0xc30
[ 1328.177667][T18020]  ? copy_msghdr_from_user+0x10a/0x160
[ 1328.177687][T18020]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1328.177714][T18020]  ? __schedule+0x114c/0x6150
[ 1328.177742][T18020]  ___sys_sendmsg+0x134/0x1d0
[ 1328.177763][T18020]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1328.177794][T18020]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1328.177817][T18020]  ? irqentry_exit+0x1dd/0x8c0
[ 1328.177857][T18020]  __sys_sendmsg+0x16d/0x220
[ 1328.177877][T18020]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1328.177895][T18020]  ? __pfx___schedule+0x10/0x10
[ 1328.177923][T18020]  ? rcu_is_watching+0x12/0xc0
[ 1328.177950][T18020]  do_syscall_64+0xcd/0xf80
[ 1328.177975][T18020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1328.177995][T18020] RIP: 0033:0x7f62e498f749
[ 1328.178011][T18020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1328.178029][T18020] RSP: 002b:00007f62e5866038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1328.178048][T18020] RAX: ffffffffffffffda RBX: 00007f62e4be6180 RCX: 00007f62e498f749
[ 1328.178061][T18020] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000006
[ 1328.178072][T18020] RBP: 00007f62e5866090 R08: 0000000000000000 R09: 0000000000000000
[ 1328.178084][T18020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1328.178095][T18020] R13: 00007f62e4be6218 R14: 00007f62e4be6180 R15: 00007ffc358375f8
[ 1328.178123][T18020]  </TASK>
[ 1328.179312][   T30] audit: type=1400 audit(1767142172.708:1600): avc:  denied  { append } for  pid=18017 comm="syz.2.3023" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1328.465542][T15692] team0 (unregistering): Port device team_slave_1 removed
[ 1329.462943][T15692] team0 (unregistering): Port device team_slave_0 removed
[ 1330.387996][T18035] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3026'.
[ 1330.398208][T18035] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3026'.
[ 1331.047725][T17909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1331.060056][T16271] infiniband syz0: ib_query_port failed (-19)
[ 1331.276558][T17909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1331.664819][T18050] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3027'.
[ 1333.893674][T18053] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1333.934589][T17909] team0: Port device team_slave_0 added
[ 1333.979751][ T5822] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1333.988619][ T5822] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1333.997062][ T5822] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1334.005743][ T5822] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1334.021936][ T5822] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1334.042814][T17909] team0: Port device team_slave_1 added
[ 1334.223430][T18066] FAULT_INJECTION: forcing a failure.
[ 1334.223430][T18066] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1334.272511][T18066] CPU: 0 UID: 0 PID: 18066 Comm: syz.0.3032 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1334.272542][T18066] Tainted: [L]=SOFTLOCKUP
[ 1334.272546][T18066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1334.272553][T18066] Call Trace:
[ 1334.272557][T18066]  <TASK>
[ 1334.272562][T18066]  dump_stack_lvl+0x16c/0x1f0
[ 1334.272581][T18066]  should_fail_ex+0x512/0x640
[ 1334.272600][T18066]  strncpy_from_user+0x3b/0x2e0
[ 1334.272617][T18066]  __do_sys_add_key+0xce/0x470
[ 1334.272629][T18066]  ? __pfx___do_sys_add_key+0x10/0x10
[ 1334.272639][T18066]  ? ksys_write+0x1ac/0x250
[ 1334.272659][T18066]  do_syscall_64+0xcd/0xf80
[ 1334.272674][T18066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1334.272686][T18066] RIP: 0033:0x7f39e958f749
[ 1334.272696][T18066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1334.272706][T18066] RSP: 002b:00007f39ea4b1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[ 1334.272717][T18066] RAX: ffffffffffffffda RBX: 00007f39e97e5fa0 RCX: 00007f39e958f749
[ 1334.272724][T18066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[ 1334.272731][T18066] RBP: 00007f39ea4b1090 R08: fffffffffffffffe R09: 0000000000000000
[ 1334.272738][T18066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1334.272744][T18066] R13: 00007f39e97e6038 R14: 00007f39e97e5fa0 R15: 00007ffcd04b47b8
[ 1334.272759][T18066]  </TASK>
[ 1335.277194][T17909] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1335.285684][T17909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1335.313511][T17909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1335.866522][T18077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3036'.
[ 1335.897920][T17909] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1335.919730][T17909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1335.946288][T17909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1336.218511][   T52] Bluetooth: hci3: command tx timeout
[ 1336.381426][T17909] hsr_slave_0: entered promiscuous mode
[ 1336.412760][T17909] hsr_slave_1: entered promiscuous mode
[ 1336.442711][T17909] debugfs: 'hsr0' already exists in 'hsr'
[ 1336.475015][T17909] Cannot create hsr debugfs directory
[ 1336.587779][   T30] audit: type=1400 audit(1767142181.138:1601): avc:  denied  { mount } for  pid=18082 comm="syz.2.3037" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1336.662513][T18090] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1336.798446][T18090] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[ 1336.809356][T18090] overlayfs: failed to look up (tracing) for ino (-66)
[ 1337.015902][   T30] audit: type=1326 audit(1767142181.398:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18082 comm="syz.2.3037" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f62e498f749 code=0x0
[ 1338.529790][   T52] Bluetooth: hci3: command tx timeout
[ 1338.790103][   T30] audit: type=1400 audit(1767142183.338:1603): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1339.987887][ T1085] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1340.258271][ T5988] usb 3-1: new full-speed USB device number 102 using dummy_hcd
[ 1340.284550][ T1085] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1340.454001][ T5988] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1340.463573][ T5988] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1340.566723][ T5988] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1340.611988][   T52] Bluetooth: hci3: command tx timeout
[ 1340.781467][ T5988] usb 3-1: config 0 descriptor??
[ 1340.851012][ T1085] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1340.900633][T18063] chnl_net:caif_netlink_parms(): no params data found
[ 1341.040242][ T1085] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1342.708801][   T52] Bluetooth: hci3: command tx timeout
[ 1343.449935][T18063] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1343.478656][T18063] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1343.521481][T18063] bridge_slave_0: entered allmulticast mode
[ 1343.590441][T18063] bridge_slave_0: entered promiscuous mode
[ 1343.672864][T18063] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1343.727427][T18063] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1343.777398][T18063] bridge_slave_1: entered allmulticast mode
[ 1343.838376][T18063] bridge_slave_1: entered promiscuous mode
[ 1343.860659][T18130] SELinux: failed to load policy
[ 1344.780608][T18063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1344.820989][T18155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3047'.
[ 1344.846414][T18063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1345.515136][T18063] team0: Port device team_slave_0 added
[ 1345.567234][ T5988] usbhid 3-1:0.0: can't add hid device: -71
[ 1345.577804][ T5988] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1345.584080][T18063] team0: Port device team_slave_1 added
[ 1345.589935][ T5988] usb 3-1: USB disconnect, device number 102
[ 1345.913099][ T1085] bridge_slave_1: left allmulticast mode
[ 1345.941309][ T1085] bridge_slave_1: left promiscuous mode
[ 1345.951235][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1345.969572][ T1085] bridge_slave_0: left allmulticast mode
[ 1346.066045][ T1085] bridge_slave_0: left promiscuous mode
[ 1346.081262][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1346.098060][   T30] audit: type=1400 audit(1767142190.648:1604): avc:  denied  { ioctl } for  pid=18162 comm="syz.2.3048" path="socket:[71454]" dev="sockfs" ino=71454 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1346.163927][   T30] audit: type=1400 audit(1767142190.678:1605): avc:  denied  { read } for  pid=18162 comm="syz.2.3048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1346.656543][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1346.668240][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1346.683987][ T1085] bond0 (unregistering): Released all slaves
[ 1346.762380][T18063] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1346.789133][T18063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1346.830298][T18063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1346.866570][T17909] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1346.908535][T18063] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1347.659304][T18063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1347.686072][T18063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1348.233868][T18199] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3050'.
[ 1348.453771][   T30] audit: type=1326 audit(1767142192.978:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18202 comm="syz.0.3051" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f39e958f749 code=0x0
[ 1348.702182][T17909] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1349.533671][T17909] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1349.550255][T17909] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1350.017003][T18063] hsr_slave_0: entered promiscuous mode
[ 1350.035371][T18063] hsr_slave_1: entered promiscuous mode
[ 1350.045152][T18063] debugfs: 'hsr0' already exists in 'hsr'
[ 1350.050903][T18063] Cannot create hsr debugfs directory
[ 1350.385375][ T1085] hsr_slave_0: left promiscuous mode
[ 1350.391896][ T1085] hsr_slave_1: left promiscuous mode
[ 1350.398156][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1350.406196][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1350.414227][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1350.421608][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1350.443597][ T1085] veth1_macvtap: left promiscuous mode
[ 1350.449156][ T1085] veth0_macvtap: left promiscuous mode
[ 1350.455009][ T1085] veth1_vlan: left promiscuous mode
[ 1350.460302][ T1085] veth0_vlan: left promiscuous mode
[ 1350.558732][T18236] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3056'.
[ 1350.568975][T18236] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3056'.
[ 1352.921681][ T1085] team0 (unregistering): Port device team_slave_1 removed
[ 1352.991488][ T1085] team0 (unregistering): Port device team_slave_0 removed
[ 1353.406668][   T30] audit: type=1400 audit(1767142197.958:1607): avc:  denied  { read write } for  pid=18245 comm="syz.0.3059" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1353.432461][   T30] audit: type=1400 audit(1767142197.958:1608): avc:  denied  { open } for  pid=18245 comm="syz.0.3059" path="/592/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1354.449352][ T7743] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1354.588537][T17909] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1354.625168][ T7743] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1354.638833][ T7743] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1354.666990][T17909] 8021q: adding VLAN 0 to HW filter on device team0
[ 1354.692525][T18063] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1354.730856][ T7743] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1354.744245][ T7743] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1354.745279][T18063] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1354.755336][ T7743] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1354.770664][ T7743] usb 3-1: config 0 descriptor??
[ 1354.827503][T15692] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1354.834678][T15692] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1354.861176][T18063] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1354.937032][T15692] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1354.944241][T15692] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1354.965433][T18277] input: syz1 as /devices/virtual/input/input11
[ 1354.974591][T18063] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1355.347627][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.463647][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.514284][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.538622][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.547664][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.595925][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.636488][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.641236][T17909] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1355.711587][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.762371][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.771087][ T7743] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1355.975387][ T7743] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1356.077280][ T7743] usb 3-1: USB disconnect, device number 103
[ 1356.245236][T18294] fido_id[18294]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1356.296671][T18063] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1356.381270][T18063] 8021q: adding VLAN 0 to HW filter on device team0
[ 1356.406906][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1356.414081][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1356.428056][T18298] bridge: RTM_NEWNEIGH with invalid ether address
[ 1356.443153][T18298] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3066'.
[ 1356.460663][ T7121] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1356.467863][ T7121] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1356.575853][T17909] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1356.650492][T17909] veth0_vlan: entered promiscuous mode
[ 1356.663552][ T7743] usb 3-1: new full-speed USB device number 104 using dummy_hcd
[ 1356.679528][T17909] veth1_vlan: entered promiscuous mode
[ 1356.728050][T17909] veth0_macvtap: entered promiscuous mode
[ 1356.740932][T17909] veth1_macvtap: entered promiscuous mode
[ 1356.808939][T17909] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1356.844535][ T7743] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1356.854392][ T7743] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1356.856456][T17909] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1356.876426][ T7743] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1356.897764][ T7121] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1356.908583][ T7743] usb 3-1: config 0 descriptor??
[ 1356.926247][T18321] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1356.933778][ T7121] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1356.966925][ T7121] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1356.978365][T18321] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1356.996444][ T7121] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1357.058667][T18063] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1357.380382][T18331] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3069'.
[ 1357.390375][T18331] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3069'.
[ 1357.745966][T18071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1357.760058][T18071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1357.979407][T15692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1358.065410][T15692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1359.311425][T18333] SELinux: failed to load policy
[ 1360.307477][ T7743] lenovo 0003:17EF:6067.0015: item fetching failed at offset 4/5
[ 1360.338903][ T7743] lenovo 0003:17EF:6067.0015: hid_parse failed
[ 1360.410473][ T7743] lenovo 0003:17EF:6067.0015: probe with driver lenovo failed with error -22
[ 1360.812858][T18063] veth0_vlan: entered promiscuous mode
[ 1360.864966][T18063] veth1_vlan: entered promiscuous mode
[ 1360.930614][T18063] veth0_macvtap: entered promiscuous mode
[ 1360.944344][T18063] veth1_macvtap: entered promiscuous mode
[ 1361.103428][ T6205] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1361.723509][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.879260][ T5964] usb 3-1: USB disconnect, device number 104
[ 1361.897313][T18063] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1361.932195][ T6205] usb 4-1: Using ep0 maxpacket: 16
[ 1361.960688][T18063] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1361.981827][ T6205] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1363.064558][T18366] net_ratelimit: 30 callbacks suppressed
[ 1363.064571][T18366] netlink: set zone limit has 4 unknown bytes
[ 1363.098775][T18363] netlink: zone id is out of range
[ 1363.122142][ T6205] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[ 1363.133689][ T6205] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1363.143082][ T7121] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1363.211062][ T6205] usb 4-1: config 0 descriptor??
[ 1363.232728][ T6205] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1363.282549][ T7121] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1363.326306][ T7121] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1363.378804][ T7121] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1363.588473][T15692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1363.602656][T18373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3078'.
[ 1363.614776][T15692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1363.646400][T18373] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3078'.
[ 1363.723567][ T4616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1363.764626][ T4616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1363.809632][T18373] No control pipe specified
[ 1364.208991][T18391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3079'.
[ 1364.493124][   T30] audit: type=1400 audit(1767142208.908:1609): avc:  denied  { shutdown } for  pid=18386 comm="syz.1.3079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1364.820659][ T7339] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1364.992939][ T7339] usb 6-1: Using ep0 maxpacket: 8
[ 1365.009914][ T7339] usb 6-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1365.043113][ T7339] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1365.054199][T18399] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[ 1365.061138][T18399] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1365.071758][ T7339] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1365.082692][ T7339] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1365.091858][T18399] vhci_hcd vhci_hcd.0: Device attached
[ 1365.100175][ T7339] usb 6-1: Product: syz
[ 1365.107698][ T7339] usb 6-1: Manufacturer: syz
[ 1365.117840][ T7339] usb 6-1: SerialNumber: syz
[ 1365.138855][T18393] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1365.317128][T18401] vhci_hcd: connection closed
[ 1365.333538][    T9] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[ 1365.371863][ T7121] vhci_hcd vhci_hcd.1: stop threads
[ 1365.404691][ T7121] vhci_hcd vhci_hcd.1: release socket
[ 1365.462617][ T7121] vhci_hcd vhci_hcd.1: disconnect device
[ 1365.891627][ T7339] usb 6-1: USB disconnect, device number 2
[ 1366.523582][ T5822] Bluetooth: hci3: command 0x0405 tx timeout
[ 1366.646871][T18423] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1366.658093][T18423] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1366.666813][T18423] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1366.678339][T18423] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1366.695235][T18423] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1366.870010][ T5988] usb 4-1: USB disconnect, device number 82
[ 1367.158996][   T30] audit: type=1400 audit(1767142211.708:1610): avc:  denied  { setattr } for  pid=18432 comm="syz.3.3084" name="ocfs2_control" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1368.388318][T18455] FAULT_INJECTION: forcing a failure.
[ 1368.388318][T18455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1368.401370][T18455] CPU: 1 UID: 0 PID: 18455 Comm: syz.1.3089 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1368.401390][T18455] Tainted: [L]=SOFTLOCKUP
[ 1368.401394][T18455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1368.401401][T18455] Call Trace:
[ 1368.401406][T18455]  <TASK>
[ 1368.401412][T18455]  dump_stack_lvl+0x16c/0x1f0
[ 1368.401430][T18455]  should_fail_ex+0x512/0x640
[ 1368.401449][T18455]  _copy_from_iter+0x2a4/0x16c0
[ 1368.401468][T18455]  ? __alloc_skb+0x220/0x410
[ 1368.401484][T18455]  ? __alloc_skb+0x35d/0x410
[ 1368.401499][T18455]  ? __pfx__copy_from_iter+0x10/0x10
[ 1368.401515][T18455]  ? netlink_autobind.isra.0+0x158/0x370
[ 1368.401534][T18455]  netlink_sendmsg+0x820/0xdd0
[ 1368.401550][T18455]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1368.401569][T18455]  ____sys_sendmsg+0xa5d/0xc30
[ 1368.401584][T18455]  ? copy_msghdr_from_user+0x10a/0x160
[ 1368.401595][T18455]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1368.401620][T18455]  ___sys_sendmsg+0x134/0x1d0
[ 1368.401632][T18455]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1368.401662][T18455]  __sys_sendmsg+0x16d/0x220
[ 1368.401673][T18455]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1368.401694][T18455]  do_syscall_64+0xcd/0xf80
[ 1368.401709][T18455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.401721][T18455] RIP: 0033:0x7fb6abf8f749
[ 1368.401731][T18455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1368.401742][T18455] RSP: 002b:00007fb6acd93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1368.401753][T18455] RAX: ffffffffffffffda RBX: 00007fb6ac1e5fa0 RCX: 00007fb6abf8f749
[ 1368.401761][T18455] RDX: 0000000000000010 RSI: 0000200000000380 RDI: 0000000000000006
[ 1368.401767][T18455] RBP: 00007fb6acd93090 R08: 0000000000000000 R09: 0000000000000000
[ 1368.401774][T18455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1368.401780][T18455] R13: 00007fb6ac1e6038 R14: 00007fb6ac1e5fa0 R15: 00007ffea5baad78
[ 1368.401796][T18455]  </TASK>
[ 1368.644030][T18423] Bluetooth: hci5: command 0x0406 tx timeout
[ 1368.752271][ T5822] Bluetooth: hci2: command tx timeout
[ 1369.031534][T18368] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1369.136768][T18422] usb 2-1: new full-speed USB device number 80 using dummy_hcd
[ 1369.178890][T18468] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3090'.
[ 1369.189103][T18468] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3090'.
[ 1369.471966][T18425] chnl_net:caif_netlink_parms(): no params data found
[ 1369.574033][T18368] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1369.634650][T18422] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1369.648700][T18422] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1369.743821][T18422] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1369.783222][T18422] usb 2-1: config 0 descriptor??
[ 1369.797215][ T5822] Bluetooth: hci5: unexpected event 0x2f length: 1017 > 260
[ 1370.502681][    T9] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1370.832202][ T5822] Bluetooth: hci2: command tx timeout
[ 1370.951693][T18368] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1372.136955][T18479] SELinux: failed to load policy
[ 1372.187440][T18495] FAULT_INJECTION: forcing a failure.
[ 1372.187440][T18495] name failslab, interval 1, probability 0, space 0, times 0
[ 1372.231332][T18495] CPU: 1 UID: 0 PID: 18495 Comm: syz.5.3096 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1372.231364][T18495] Tainted: [L]=SOFTLOCKUP
[ 1372.231370][T18495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1372.231389][T18495] Call Trace:
[ 1372.231396][T18495]  <TASK>
[ 1372.231404][T18495]  dump_stack_lvl+0x16c/0x1f0
[ 1372.231432][T18495]  should_fail_ex+0x512/0x640
[ 1372.231458][T18495]  ? __kmalloc_noprof+0xca/0x910
[ 1372.231488][T18495]  should_failslab+0xc2/0x120
[ 1372.231513][T18495]  __kmalloc_noprof+0xeb/0x910
[ 1372.231540][T18495]  ? comedi_alloc_devpriv+0x22/0x60
[ 1372.231571][T18495]  ? comedi_alloc_devpriv+0x22/0x60
[ 1372.231594][T18495]  comedi_alloc_devpriv+0x22/0x60
[ 1372.231618][T18495]  ? __pfx_das16m1_attach+0x10/0x10
[ 1372.231641][T18495]  das16m1_attach+0x2a/0xc10
[ 1372.231666][T18495]  comedi_device_attach+0x3b3/0x900
[ 1372.231700][T18495]  do_devconfig_ioctl+0x1b1/0x710
[ 1372.231722][T18495]  ? comedi_unlocked_ioctl+0x167/0x2eb0
[ 1372.231745][T18495]  ? __schedule+0x114c/0x6150
[ 1372.231765][T18495]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1372.231802][T18495]  ? __pfx___schedule+0x10/0x10
[ 1372.231822][T18495]  ? find_held_lock+0x2b/0x80
[ 1372.231854][T18495]  comedi_unlocked_ioctl+0x1582/0x2eb0
[ 1372.231880][T18495]  ? rcu_is_watching+0x12/0xc0
[ 1372.231903][T18495]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1372.231932][T18495]  ? do_vfs_ioctl+0xca/0x14f0
[ 1372.231954][T18495]  ? do_vfs_ioctl+0xdb7/0x14f0
[ 1372.231975][T18495]  ? do_vfs_ioctl+0x128/0x14f0
[ 1372.231996][T18495]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1372.232017][T18495]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1372.232052][T18495]  ? hook_file_ioctl_common+0x144/0x410
[ 1372.232087][T18495]  ? selinux_file_ioctl+0x180/0x270
[ 1372.232107][T18495]  ? selinux_file_ioctl+0xb4/0x270
[ 1372.232129][T18495]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1372.232155][T18495]  __x64_sys_ioctl+0x18e/0x210
[ 1372.232178][T18495]  do_syscall_64+0xcd/0xf80
[ 1372.232203][T18495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.232222][T18495] RIP: 0033:0x7fd23878f749
[ 1372.232239][T18495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1372.232257][T18495] RSP: 002b:00007fd239598038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1372.232275][T18495] RAX: ffffffffffffffda RBX: 00007fd2389e5fa0 RCX: 00007fd23878f749
[ 1372.232288][T18495] RDX: 0000200000000440 RSI: 0000000040946400 RDI: 0000000000000003
[ 1372.232300][T18495] RBP: 00007fd239598090 R08: 0000000000000000 R09: 0000000000000000
[ 1372.232312][T18495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1372.232323][T18495] R13: 00007fd2389e6038 R14: 00007fd2389e5fa0 R15: 00007fff26283a08
[ 1372.232352][T18495]  </TASK>
[ 1372.922680][ T5822] Bluetooth: hci2: command tx timeout
[ 1373.395313][T18422] hid_parser_main: 29 callbacks suppressed
[ 1373.395334][T18422] lenovo 0003:17EF:6067.0016: unknown main item tag 0x4
[ 1373.628741][T18422] lenovo 0003:17EF:6067.0016: item fetching failed at offset 4/5
[ 1373.652752][T18422] lenovo 0003:17EF:6067.0016: hid_parse failed
[ 1373.659032][T18422] lenovo 0003:17EF:6067.0016: probe with driver lenovo failed with error -22
[ 1373.747810][T18368] team0: Port device netdevsim0 removed
[ 1373.778992][T18368] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1373.860317][T18425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1373.885458][T18425] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1373.913486][T18425] bridge_slave_0: entered allmulticast mode
[ 1373.934206][T18425] bridge_slave_0: entered promiscuous mode
[ 1373.974987][ T7743] usb 2-1: USB disconnect, device number 80
[ 1373.977794][T18504] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1373.984041][T18425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1374.022350][T18504] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1374.069607][T18425] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1374.091387][T18425] bridge_slave_1: entered allmulticast mode
[ 1374.100302][T18425] bridge_slave_1: entered promiscuous mode
[ 1374.220608][T18425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1374.772132][ T5966] usb 4-1: new full-speed USB device number 83 using dummy_hcd
[ 1375.139097][ T5822] Bluetooth: hci2: command tx timeout
[ 1375.222855][T18425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1375.293870][ T5966] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1375.302324][ T5966] usb 4-1: config 0 has no interface number 0
[ 1375.309168][ T5966] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1375.331422][ T5966] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 64
[ 1375.394849][ T5966] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1375.866163][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1375.881910][ T5966] usb 4-1: config 0 descriptor??
[ 1375.890119][T18504] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1375.936286][ T5966] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1375.985990][T18368] bridge_slave_1: left allmulticast mode
[ 1376.001692][T18368] bridge_slave_1: left promiscuous mode
[ 1376.013721][T18368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1376.025339][T18525] input: syz1 as /devices/virtual/input/input12
[ 1376.145448][T18368] bridge_slave_0: left allmulticast mode
[ 1376.151117][T18368] bridge_slave_0: left promiscuous mode
[ 1376.179245][T18368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1376.214671][ T5966] usb 4-1: USB disconnect, device number 83
[ 1376.214728][    C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1376.434178][T18504] fuse: Bad value for 'user_id'
[ 1376.454552][T18504] fuse: Bad value for 'user_id'
[ 1376.547411][ T5988] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[ 1376.751291][ T5988] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1376.803025][ T5988] usb 6-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1376.865223][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1376.946669][ T5988] usb 6-1: config 0 descriptor??
[ 1378.154548][T18554] FAULT_INJECTION: forcing a failure.
[ 1378.154548][T18554] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1378.167829][T18554] CPU: 1 UID: 0 PID: 18554 Comm: syz.0.3112 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1378.167860][T18554] Tainted: [L]=SOFTLOCKUP
[ 1378.167867][T18554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1378.167886][T18554] Call Trace:
[ 1378.167895][T18554]  <TASK>
[ 1378.167903][T18554]  dump_stack_lvl+0x16c/0x1f0
[ 1378.167931][T18554]  should_fail_ex+0x512/0x640
[ 1378.167962][T18554]  _copy_from_iter+0x2a4/0x16c0
[ 1378.167991][T18554]  ? __alloc_skb+0x220/0x410
[ 1378.168016][T18554]  ? __alloc_skb+0x35d/0x410
[ 1378.168041][T18554]  ? __pfx__copy_from_iter+0x10/0x10
[ 1378.168079][T18554]  netlink_sendmsg+0x820/0xdd0
[ 1378.168107][T18554]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1378.168140][T18554]  ____sys_sendmsg+0xa5d/0xc30
[ 1378.168164][T18554]  ? copy_msghdr_from_user+0x10a/0x160
[ 1378.168183][T18554]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1378.168209][T18554]  ? __lock_acquire+0x436/0x2890
[ 1378.168238][T18554]  ___sys_sendmsg+0x134/0x1d0
[ 1378.168259][T18554]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1378.168278][T18554]  ? find_held_lock+0x2b/0x80
[ 1378.168336][T18554]  __sys_sendmsg+0x16d/0x220
[ 1378.168356][T18554]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1378.168374][T18554]  ? __pfx___schedule+0x10/0x10
[ 1378.168403][T18554]  ? rcu_is_watching+0x12/0xc0
[ 1378.168429][T18554]  do_syscall_64+0xcd/0xf80
[ 1378.168454][T18554]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1378.168474][T18554] RIP: 0033:0x7f39e958f749
[ 1378.168491][T18554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1378.168509][T18554] RSP: 002b:00007f39ea46f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1378.168528][T18554] RAX: ffffffffffffffda RBX: 00007f39e97e6180 RCX: 00007f39e958f749
[ 1378.168542][T18554] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[ 1378.168554][T18554] RBP: 00007f39ea46f090 R08: 0000000000000000 R09: 0000000000000000
[ 1378.168566][T18554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1378.168578][T18554] R13: 00007f39e97e6218 R14: 00007f39e97e6180 R15: 00007ffcd04b47b8
[ 1378.168607][T18554]  </TASK>
[ 1379.307571][   T30] audit: type=1400 audit(1767142223.848:1611): avc:  denied  { connect } for  pid=18560 comm="syz.0.3113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1380.444060][T18543] SELinux: failed to load policy
[ 1380.730192][ T5988] usbhid 6-1:0.0: can't add hid device: -71
[ 1380.758674][ T5988] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1380.810759][ T5988] usb 6-1: USB disconnect, device number 3
[ 1381.107119][T18368] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1381.212734][T18580] netlink: 'syz.3.3117': attribute type 10 has an invalid length.
[ 1381.233489][T18368] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1381.348113][T18368] bond0 (unregistering): Released all slaves
[ 1381.655998][T18425] team0: Port device team_slave_0 added
[ 1381.821312][T18425] team0: Port device team_slave_1 added
[ 1383.283079][T18588] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3118'.
[ 1383.523025][T18591] siw: device registration error -23
[ 1384.226806][T18580] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1384.343358][T18368] tipc: Left network mode
[ 1386.058938][T18425] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1386.065926][T18425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1386.092917][T18425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1386.109606][T18425] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1386.117269][T18425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1386.207987][T18425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1386.841192][T18425] hsr_slave_0: entered promiscuous mode
[ 1386.885755][T18425] hsr_slave_1: entered promiscuous mode
[ 1387.562182][T17029] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[ 1387.617453][T18368] hsr_slave_0: left promiscuous mode
[ 1387.662202][T18368] hsr_slave_1: left promiscuous mode
[ 1387.668375][T18368] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1387.676589][T18368] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1387.725881][T17029] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[ 1387.755706][T17029] usb 6-1: config 0 has no interface number 0
[ 1387.773821][T18368] veth1_macvtap: left promiscuous mode
[ 1387.779369][T18368] veth0_macvtap: left promiscuous mode
[ 1387.803649][T18368] veth1_vlan: left promiscuous mode
[ 1387.832837][T18368] : left promiscuous mode
[ 1387.837759][T17029] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1387.858111][T17029] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1387.896644][T17029] usb 6-1: Product: syz
[ 1387.900834][T17029] usb 6-1: Manufacturer: syz
[ 1387.936878][T17029] usb 6-1: SerialNumber: syz
[ 1387.975741][T17029] usb 6-1: config 0 descriptor??
[ 1388.148203][T18629] IPVS: set_ctl: invalid protocol: 33 172.20.20.11:21
[ 1388.816134][T17029] usb 6-1: Firmware: major: 52, minor: 105, hardware type: HULUSB (4)
[ 1389.058035][   T30] audit: type=1400 audit(1767142233.608:1612): avc:  denied  { bind } for  pid=18617 comm="syz.5.3125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1389.082247][T17029] usb 6-1: failed to fetch extended address, random address set
[ 1391.166494][T18659] netlink: zone id is out of range
[ 1391.171795][T18659] netlink: zone id is out of range
[ 1391.176989][T18659] netlink: get zone limit has 4 unknown bytes
[ 1391.817413][T18368] team0 (unregistering): Port device team_slave_1 removed
[ 1391.863199][T18368] team0 (unregistering): Port device team_slave_0 removed
[ 1392.349854][T17029] usb 6-1: USB disconnect, device number 4
[ 1395.292401][T18701] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1395.398308][   T30] audit: type=1400 audit(1767142239.868:1613): avc:  denied  { create } for  pid=18693 comm="syz.3.3139" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1395.605407][   T30] audit: type=1400 audit(1767142239.878:1614): avc:  denied  { link } for  pid=18693 comm="syz.3.3139" name="file1" dev="ramfs" ino=75120 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1395.642867][   T30] audit: type=1400 audit(1767142239.888:1615): avc:  denied  { rename } for  pid=18693 comm="syz.3.3139" name="file1" dev="overlay" ino=75120 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1395.691908][   T30] audit: type=1400 audit(1767142239.888:1616): avc:  denied  { unlink } for  pid=18693 comm="syz.3.3139" name="file0" dev="overlay" ino=75120 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1395.760232][   T30] audit: type=1400 audit(1767142239.918:1617): avc:  denied  { setattr } for  pid=18693 comm="syz.3.3139" name="#49" dev="tmpfs" ino=330 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1395.914847][   T30] audit: type=1400 audit(1767142240.458:1618): avc:  denied  { unmount } for  pid=17238 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 1398.115065][ T5822] Bluetooth: hci3: unexpected event for opcode 0x0024
[ 1399.441525][T18425] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1399.659354][T18425] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1399.720511][T18425] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1399.776877][T18425] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1400.501186][T18425] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1400.595434][T18425] 8021q: adding VLAN 0 to HW filter on device team0
[ 1400.640073][T15692] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1400.647260][T15692] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1400.709320][T15692] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1400.716523][T15692] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1400.944715][T18781] netlink: 108 bytes leftover after parsing attributes in process `syz.5.3151'.
[ 1401.253610][T18425] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1401.427293][T18425] veth0_vlan: entered promiscuous mode
[ 1401.450637][T18425] veth1_vlan: entered promiscuous mode
[ 1401.520910][T18425] veth0_macvtap: entered promiscuous mode
[ 1401.550937][T18425] veth1_macvtap: entered promiscuous mode
[ 1401.881835][T18425] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1401.908275][T18425] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1401.908694][T18797] FAULT_INJECTION: forcing a failure.
[ 1401.908694][T18797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1401.929477][ T7127] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1401.938922][T18797] CPU: 1 UID: 0 PID: 18797 Comm: syz.5.3153 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1401.938951][T18797] Tainted: [L]=SOFTLOCKUP
[ 1401.938958][T18797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1401.938968][T18797] Call Trace:
[ 1401.938975][T18797]  <TASK>
[ 1401.938982][T18797]  dump_stack_lvl+0x16c/0x1f0
[ 1401.939011][T18797]  should_fail_ex+0x512/0x640
[ 1401.939041][T18797]  _copy_from_iter+0x2a4/0x16c0
[ 1401.939070][T18797]  ? __alloc_skb+0x220/0x410
[ 1401.939092][T18797]  ? __alloc_skb+0x35d/0x410
[ 1401.939116][T18797]  ? __pfx__copy_from_iter+0x10/0x10
[ 1401.939141][T18797]  ? netlink_autobind.isra.0+0x158/0x370
[ 1401.939173][T18797]  netlink_sendmsg+0x820/0xdd0
[ 1401.939199][T18797]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1401.939232][T18797]  ____sys_sendmsg+0xa5d/0xc30
[ 1401.939255][T18797]  ? copy_msghdr_from_user+0x10a/0x160
[ 1401.939274][T18797]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1401.939309][T18797]  ___sys_sendmsg+0x134/0x1d0
[ 1401.939330][T18797]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1401.939377][T18797]  __sys_sendmsg+0x16d/0x220
[ 1401.939395][T18797]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1401.939428][T18797]  do_syscall_64+0xcd/0xf80
[ 1401.939449][T18797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1401.939467][T18797] RIP: 0033:0x7fd23878f749
[ 1401.939483][T18797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1401.939500][T18797] RSP: 002b:00007fd239598038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1401.939517][T18797] RAX: ffffffffffffffda RBX: 00007fd2389e5fa0 RCX: 00007fd23878f749
[ 1401.939537][T18797] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1401.939548][T18797] RBP: 00007fd239598090 R08: 0000000000000000 R09: 0000000000000000
[ 1401.939559][T18797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1401.939570][T18797] R13: 00007fd2389e6038 R14: 00007fd2389e5fa0 R15: 00007fff26283a08
[ 1401.939597][T18797]  </TASK>
[ 1402.230007][ T7127] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1402.330351][ T7127] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1402.372189][ T7127] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1403.078246][ T6753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1403.558375][ T6753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1404.175403][ T3841] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1404.212238][ T3841] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1404.476538][T18831] 9p: Bad value for 'rfdno'
[ 1405.964865][T15942] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1408.716890][T18849] ip6t_srh: unknown srh invflags 7F00
[ 1408.735238][T15942] usb 4-1: Using ep0 maxpacket: 16
[ 1409.476574][T15942] usb 4-1: device descriptor read/all, error -71
[ 1409.543004][T18423] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1409.553541][T18423] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1409.563928][T18423] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1409.572013][T18423] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1409.580847][T18423] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1411.480603][T18874] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1411.662321][ T5822] Bluetooth: hci4: command tx timeout
[ 1411.675155][T18876] 9p: Bad value for 'rfdno'
[ 1412.223993][T18882] overlayfs: overlapping lowerdir path
[ 1412.935899][ T7127] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1413.146033][ T7127] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1413.442300][T18422] usb 2-1: new full-speed USB device number 81 using dummy_hcd
[ 1413.618680][T18422] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1413.635009][T18422] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1413.678002][T18422] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1413.711551][T18422] usb 2-1: config 0 descriptor??
[ 1413.722515][ T5822] Bluetooth: hci4: command tx timeout
[ 1413.787478][ T7127] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1414.012433][T18851] usb 4-1: new full-speed USB device number 86 using dummy_hcd
[ 1414.250280][T18851] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1414.354457][T18908] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1414.390578][T18851] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1414.446410][T18905] SELinux:  policydb magic number 0x1 does not match expected magic number 0xf97cff8c
[ 1414.456308][T18905] SELinux: failed to load policy
[ 1414.464815][ T7127] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1414.535015][T18851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1414.832270][T18905] /dev/nullb0: Can't open blockdev
[ 1415.194081][T18851] usb 4-1: config 0 descriptor??
[ 1415.793722][ T5822] Bluetooth: hci4: command tx timeout
[ 1415.887830][T18913] SELinux:  policydb magic number 0x1 does not match expected magic number 0xf97cff8c
[ 1415.897641][T18913] SELinux: failed to load policy
[ 1417.578594][T18856] chnl_net:caif_netlink_parms(): no params data found
[ 1417.872159][ T5822] Bluetooth: hci4: command tx timeout
[ 1418.684186][T18918] block nbd2: not configured, cannot reconfigure
[ 1418.904197][T18422] usbhid 2-1:0.0: can't add hid device: -71
[ 1418.910254][T18422] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1418.927346][T18422] usb 2-1: USB disconnect, device number 81
[ 1420.290374][T18851] usbhid 4-1:0.0: can't add hid device: -71
[ 1420.296499][T18851] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1420.306803][T18851] usb 4-1: USB disconnect, device number 86
[ 1420.332489][T18834] usb 3-1: new full-speed USB device number 105 using dummy_hcd
[ 1420.493320][T18856] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1420.515091][T18856] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1420.533338][T18856] bridge_slave_0: entered allmulticast mode
[ 1420.541140][T18856] bridge_slave_0: entered promiscuous mode
[ 1420.593771][T18834] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1420.600437][T18834] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1420.609827][T18834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1420.620728][T18834] usb 3-1: config 0 descriptor??
[ 1420.818700][T18935] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3181'.
[ 1421.629139][T18856] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1421.665477][T18856] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1421.952453][T18856] bridge_slave_1: entered allmulticast mode
[ 1422.030908][T18856] bridge_slave_1: entered promiscuous mode
[ 1422.415226][ T7127] bridge0: port 3(batadv0) entered disabled state
[ 1423.672891][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.815210][ T7127] bridge_slave_1: left allmulticast mode
[ 1423.878216][ T7127] bridge_slave_1: left promiscuous mode
[ 1423.884254][ T7127] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1423.894425][ T7127] bridge_slave_0: left allmulticast mode
[ 1423.900132][ T7127] bridge_slave_0: left promiscuous mode
[ 1424.806119][T18952] netlink: set zone limit has 4 unknown bytes
[ 1424.825918][T18952] netlink: zone id is out of range
[ 1425.084788][ T7127] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1425.123357][T18834] usbhid 3-1:0.0: can't add hid device: -71
[ 1425.129345][T18834] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1425.202408][T18834] usb 3-1: USB disconnect, device number 105
[ 1427.377015][T18968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1427.633330][T18973] netlink: set zone limit has 4 unknown bytes
[ 1427.874594][T18834] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1428.582263][T18834] usb 6-1: device descriptor read/64, error -71
[ 1429.070437][T18980] netlink: zone id is out of range
[ 1429.082298][T18983] netlink: set zone limit has 4 unknown bytes
[ 1429.236580][T18834] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1430.224044][T18989] netlink: set zone limit has 4 unknown bytes
[ 1430.251580][T18987] netlink: zone id is out of range
[ 1430.428119][T18993] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1430.436768][    C0] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1430.513265][T18834] usb 6-1: device descriptor read/64, error -71
[ 1430.520172][ T7103] IPVS: starting estimator thread 0...
[ 1430.553651][T18993] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1430.571972][    C0] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1430.623555][T18834] usb usb6-port1: attempt power cycle
[ 1430.664283][T18994] IPVS: using max 34 ests per chain, 81600 per kthread
[ 1430.713239][ T7127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1430.793183][ T7127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1430.853643][ T7127] bond0 (unregistering): Released all slaves
[ 1430.914832][ T7127] bond1 (unregistering): Released all slaves
[ 1430.986692][T18856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1431.144604][T18856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1431.164813][ T7127] tipc: Left network mode
[ 1431.182682][T18995] syzkaller1: entered promiscuous mode
[ 1431.188146][T18995] syzkaller1: entered allmulticast mode
[ 1431.443641][T19005] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3194'.
[ 1431.463520][T19005] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3194'.
[ 1431.811738][T18856] team0: Port device team_slave_0 added
[ 1431.851487][T18856] team0: Port device team_slave_1 added
[ 1432.795724][T18856] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1433.283039][T18856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1433.311445][T18856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1433.404391][T18856] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1433.438739][T18856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1433.546178][T18856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1433.782205][ T7103] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1434.262677][ T5822] Bluetooth: hci5: unexpected event for opcode 0x0024
[ 1435.142172][ T7103] usb 6-1: Using ep0 maxpacket: 8
[ 1435.149447][ T7103] usb 6-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1435.162160][ T7103] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1435.184874][ T7103] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1435.202159][ T7103] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1435.210192][ T7103] usb 6-1: Product: syz
[ 1435.316906][ T7103] usb 6-1: Manufacturer: syz
[ 1435.333958][ T7103] usb 6-1: SerialNumber: syz
[ 1435.518484][T19032] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1435.945802][T18856] hsr_slave_0: entered promiscuous mode
[ 1436.113965][T18856] hsr_slave_1: entered promiscuous mode
[ 1436.161540][T18856] debugfs: 'hsr0' already exists in 'hsr'
[ 1436.167713][T18856] Cannot create hsr debugfs directory
[ 1436.438105][T19053] netlink: 'syz.3.3200': attribute type 1 has an invalid length.
[ 1436.516208][ T7127] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1436.524257][ T7127] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1436.534935][ T7127] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1436.546801][ T7127] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1436.562957][ T7127] batman_adv: batadv0: Removing interface: virt_wifi0
[ 1436.754873][ T7127] veth1_macvtap: left promiscuous mode
[ 1436.770517][ T7127] veth0_macvtap: left promiscuous mode
[ 1436.788465][ T7127] veth1_vlan: left promiscuous mode
[ 1436.806230][ T7127] veth0_vlan: left promiscuous mode
[ 1439.022325][    T9] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 1439.072484][ T7127] team0 (unregistering): Port device team_slave_1 removed
[ 1439.172213][    T9] usb 3-1: Using ep0 maxpacket: 8
[ 1439.183180][    T9] usb 3-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1439.207911][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1439.218440][ T7127] team0 (unregistering): Port device team_slave_0 removed
[ 1439.234248][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1439.252157][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1439.272204][    T9] usb 3-1: Product: syz
[ 1439.292123][    T9] usb 3-1: Manufacturer: syz
[ 1439.296781][    T9] usb 3-1: SerialNumber: syz
[ 1439.333460][T19077] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1440.272209][ T5822] Bluetooth: hci1: command 0x0406 tx timeout
[ 1440.425697][T19050] bond0: entered promiscuous mode
[ 1440.430757][T19050] bond_slave_0: entered promiscuous mode
[ 1440.504830][T19050] bond_slave_1: entered promiscuous mode
[ 1440.516203][T19050] batadv0: entered promiscuous mode
[ 1440.527764][T19050] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1440.544141][T19050] bond0: left promiscuous mode
[ 1440.550176][T19050] bond_slave_0: left promiscuous mode
[ 1440.556220][T19050] bond_slave_1: left promiscuous mode
[ 1440.564126][T19050] batadv0: left promiscuous mode
[ 1440.585077][T19053] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1441.199626][T19091] ip6t_srh: unknown srh invflags 7F00
[ 1442.292183][ T7103] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1442.374637][ T7127] IPVS: stop unused estimator thread 0...
[ 1442.519844][ T7103] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1442.554883][ T7103] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1442.613565][ T7103] usb 4-1: Product: syz
[ 1442.617784][ T7103] usb 4-1: Manufacturer: syz
[ 1442.646502][ T7103] usb 4-1: SerialNumber: syz
[ 1442.708058][T18422] usb 6-1: USB disconnect, device number 8
[ 1442.833240][    T9] usb 3-1: USB disconnect, device number 106
[ 1443.130611][ T7103] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1443.162823][T18422] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1443.175335][ T7103] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1443.322887][T19128] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3211'.
[ 1443.555700][T19132] siw: device registration error -23
[ 1444.138452][    T9] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1444.222789][T18422] usb 6-1: Using ep0 maxpacket: 8
[ 1444.229622][T18422] usb 6-1: config 0 has an invalid interface number: 52 but max is 0
[ 1444.238925][T18422] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1444.477764][T18856] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1444.513728][T18856] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1444.534734][T18856] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1444.564134][T18856] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1444.648325][ T7103] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 1444.661370][T18422] usb 6-1: config 0 has no interface number 0
[ 1444.668111][T18422] usb 6-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0x69, changing to 0x9
[ 1444.680902][ T7103] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1444.694470][T18422] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x9 has an invalid bInterval 38, changing to 9
[ 1444.706868][ T7103] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1444.716772][    T9] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1444.732147][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1444.740165][    T9] usb 3-1: Product: syz
[ 1444.745926][T18422] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x9 has invalid maxpacket 42740, setting to 1024
[ 1444.759596][ T7103] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[ 1444.768038][    T9] usb 3-1: Manufacturer: syz
[ 1444.776194][T18422] usb 6-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1444.793597][    T9] usb 3-1: SerialNumber: syz
[ 1444.799632][ T7103] usb 4-1: USB disconnect, device number 87
[ 1444.810796][    T9] usb 3-1: config 0 descriptor??
[ 1444.829117][T18422] usb 6-1: config 0 interface 52 has no altsetting 0
[ 1444.848323][T18422] usb 6-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[ 1444.858019][T18422] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1444.878865][T18422] usb 6-1: config 0 descriptor??
[ 1444.979574][T18856] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1444.996964][T18856] 8021q: adding VLAN 0 to HW filter on device team0
[ 1445.012921][T18007] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1445.020144][T18007] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1445.054567][T18007] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1445.061721][T18007] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1445.464702][ T5988] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[ 1445.561939][T18954] usb 6-1: USB disconnect, device number 9
[ 1445.638287][    T9] usb 3-1: USB disconnect, device number 107
[ 1445.692198][ T5988] usb 2-1: Using ep0 maxpacket: 32
[ 1445.724529][ T5988] usb 2-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config
[ 1445.779486][ T5988] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 9
[ 1445.823395][ T5988] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1445.852481][ T5988] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1445.900739][ T5988] usb 2-1: Product: syz
[ 1445.914146][ T5988] usb 2-1: Manufacturer: syz
[ 1445.940869][ T5988] usb 2-1: SerialNumber: syz
[ 1446.310391][   T30] audit: type=1400 audit(1767142290.858:1619): avc:  denied  { read } for  pid=19188 comm="syz.3.3215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1446.530980][T18856] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1446.635486][T18856] veth0_vlan: entered promiscuous mode
[ 1446.666703][T18856] veth1_vlan: entered promiscuous mode
[ 1446.810555][T18856] veth0_macvtap: entered promiscuous mode
[ 1447.041578][T18856] veth1_macvtap: entered promiscuous mode
[ 1447.579389][T18856] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1447.640186][T18856] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1447.683086][T18919] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1447.706827][T18919] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1447.750264][T18919] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1447.788458][ T5988] usb 2-1: USB disconnect, device number 82
[ 1447.914340][T18919] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1447.999472][   T30] audit: type=1400 audit(1767142292.548:1620): avc:  denied  { create } for  pid=19214 comm="syz.1.3222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[ 1448.046116][T19213] syzkaller0: entered promiscuous mode
[ 1448.052739][T19213] syzkaller0: entered allmulticast mode
[ 1448.092460][T18422] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1448.145704][T19213] tipc: Started in network mode
[ 1448.152463][T19213] tipc: Node identity ae846035ad35, cluster identity 4711
[ 1448.159768][T19213] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1448.190460][T15261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1448.202012][T19212] tipc: Resetting bearer <eth:syzkaller0>
[ 1448.217459][T15261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1448.239712][T19212] tipc: Disabling bearer <eth:syzkaller0>
[ 1448.252665][T18422] usb 6-1: Using ep0 maxpacket: 8
[ 1448.269129][T18422] usb 6-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1448.282150][    T9] usb 4-1: new full-speed USB device number 88 using dummy_hcd
[ 1448.290786][T18422] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1448.299964][T18422] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1448.309420][T18422] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1448.317815][T18422] usb 6-1: Product: syz
[ 1448.322109][T18422] usb 6-1: Manufacturer: syz
[ 1448.326709][T18422] usb 6-1: SerialNumber: syz
[ 1448.335570][T19211] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1448.365730][T18919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1448.385408][T18919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1448.454108][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1448.468770][    T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1448.488105][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1448.517904][    T9] usb 4-1: config 0 descriptor??
[ 1449.197052][T19232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3164'.
[ 1452.598152][T18422] usb 6-1: USB disconnect, device number 10
[ 1453.408791][T19259] input: syz1 as /devices/virtual/input/input13
[ 1453.433302][T19257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3227'.
[ 1453.488844][T19257] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3227'.
[ 1453.521256][T19254] 9pnet_fd: p9_fd_create_tcp (19254): problem connecting socket to 127.0.0.1
[ 1453.622224][ T5966] usb 2-1: new full-speed USB device number 83 using dummy_hcd
[ 1453.737715][    T9] usbhid 4-1:0.0: can't add hid device: -32
[ 1453.777854][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[ 1453.794950][ T5966] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1453.805763][ T5966] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1453.857311][ T5966] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1453.879175][ T5966] usb 2-1: config 0 descriptor??
[ 1453.910386][T19246] usb 4-1: USB disconnect, device number 88
[ 1454.697829][T19271] SELinux: failed to load policy
[ 1456.253612][ T5966] lenovo 0003:17EF:6067.0017: unknown main item tag 0x4
[ 1456.260605][ T5966] lenovo 0003:17EF:6067.0017: item fetching failed at offset 4/5
[ 1459.414382][ T5966] lenovo 0003:17EF:6067.0017: hid_parse failed
[ 1459.456375][ T5966] lenovo 0003:17EF:6067.0017: probe with driver lenovo failed with error -22
[ 1459.623688][ T5966] usb 2-1: USB disconnect, device number 83
[ 1460.484626][T19288] netlink: 'syz.3.3232': attribute type 1 has an invalid length.
[ 1461.235030][T19288] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1461.442215][ T5822] Bluetooth: hci3: command 0x0405 tx timeout
[ 1462.052368][T19296] ip6t_srh: unknown srh invflags 7F00
[ 1462.497196][T19300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3237'.
[ 1463.515380][T16343] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[ 1463.715414][T19303] netlink: set zone limit has 4 unknown bytes
[ 1463.727361][T19303] netlink: zone id is out of range
[ 1463.902173][T16343] usb 2-1: device descriptor read/64, error -71
[ 1464.678476][T16343] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[ 1464.843580][T16343] usb 2-1: device descriptor read/64, error -71
[ 1464.975082][T16343] usb usb2-port1: attempt power cycle
[ 1465.070331][T19327] fuse: Unknown parameter 'use00000000000000000000'
[ 1465.262700][   T30] audit: type=1400 audit(1767142309.818:1621): avc:  denied  { getopt } for  pid=19326 comm="syz.0.3240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1465.353395][T16343] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1465.405251][T16343] usb 2-1: device descriptor read/8, error -71
[ 1465.710125][T16343] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1465.757303][T19334] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3241'.
[ 1465.791550][   T30] audit: type=1326 audit(1767142310.338:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19336 comm="syz.3.3242" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb3bd38f749 code=0x0
[ 1466.007981][T16343] usb 2-1: device not accepting address 87, error -71
[ 1466.015161][T16343] usb usb2-port1: unable to enumerate USB device
[ 1466.049134][T19337] ip6tnl0: entered allmulticast mode
[ 1466.347686][T19348] input: syz1 as /devices/virtual/input/input14
[ 1466.400778][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.411033][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.421459][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.444067][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.524954][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.625142][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.683076][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.917546][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1466.962747][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1467.079154][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1467.090104][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1467.100267][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1467.172671][T19358] ip6t_srh: unknown srh invflags 7F00
[ 1467.262797][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1467.632559][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1467.828796][T19349] 9pnet_fd: p9_fd_create_tcp (19349): problem connecting socket to 127.0.0.1
[ 1469.251845][T19378] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3252'.
[ 1469.914541][T19387] block nbd2: not configured, cannot reconfigure
[ 1469.925959][T19383] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3253'.
[ 1470.323965][T19383] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3253'.
[ 1470.333116][T19383] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3253'.
[ 1470.588053][   T30] audit: type=1326 audit(1767142315.138:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19388 comm="syz.2.3256" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe08138f749 code=0x0
[ 1472.549708][T19407] syzkaller0: entered promiscuous mode
[ 1472.555365][T19407] syzkaller0: entered allmulticast mode
[ 1472.564448][T19407] FAULT_INJECTION: forcing a failure.
[ 1472.564448][T19407] name failslab, interval 1, probability 0, space 0, times 0
[ 1472.581951][T19407] CPU: 1 UID: 0 PID: 19407 Comm: syz.2.3260 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1472.581982][T19407] Tainted: [L]=SOFTLOCKUP
[ 1472.581989][T19407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1472.582001][T19407] Call Trace:
[ 1472.582008][T19407]  <TASK>
[ 1472.582016][T19407]  dump_stack_lvl+0x16c/0x1f0
[ 1472.582043][T19407]  should_fail_ex+0x512/0x640
[ 1472.582071][T19407]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[ 1472.582092][T19407]  should_failslab+0xc2/0x120
[ 1472.582113][T19407]  kmem_cache_alloc_node_noprof+0x86/0x800
[ 1472.582130][T19407]  ? __alloc_skb+0x156/0x410
[ 1472.582161][T19407]  ? __alloc_skb+0x156/0x410
[ 1472.582184][T19407]  __alloc_skb+0x156/0x410
[ 1472.582207][T19407]  ? __alloc_skb+0x35d/0x410
[ 1472.582231][T19407]  ? __pfx___alloc_skb+0x10/0x10
[ 1472.582257][T19407]  ? process_measurement+0x4a6/0x22d0
[ 1472.582288][T19407]  alloc_skb_with_frags+0xe0/0x860
[ 1472.582309][T19407]  ? __might_fault+0xe3/0x190
[ 1472.582326][T19407]  ? __might_fault+0x13b/0x190
[ 1472.582349][T19407]  sock_alloc_send_pskb+0x7f9/0x980
[ 1472.582376][T19407]  ? _copy_from_iter+0x161/0x16c0
[ 1472.582409][T19407]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1472.582435][T19407]  ? find_held_lock+0x2b/0x80
[ 1472.582461][T19407]  ? dev_get_by_index+0x17c/0x380
[ 1472.582488][T19407]  packet_sendmsg+0x1fe4/0x54a0
[ 1472.582524][T19407]  ? sock_has_perm+0x258/0x2f0
[ 1472.582543][T19407]  ? __pfx_sock_has_perm+0x10/0x10
[ 1472.582565][T19407]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1472.582607][T19407]  ____sys_sendmsg+0xa5d/0xc30
[ 1472.582630][T19407]  ? copy_msghdr_from_user+0x10a/0x160
[ 1472.582650][T19407]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1472.582685][T19407]  ___sys_sendmsg+0x134/0x1d0
[ 1472.582706][T19407]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1472.582759][T19407]  __sys_sendmsg+0x16d/0x220
[ 1472.582779][T19407]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1472.582815][T19407]  do_syscall_64+0xcd/0xf80
[ 1472.582840][T19407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1472.582860][T19407] RIP: 0033:0x7fe08138f749
[ 1472.582876][T19407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1472.582894][T19407] RSP: 002b:00007fe0822d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1472.582912][T19407] RAX: ffffffffffffffda RBX: 00007fe0815e5fa0 RCX: 00007fe08138f749
[ 1472.582926][T19407] RDX: 0000000000000005 RSI: 0000200000000280 RDI: 0000000000000007
[ 1472.582937][T19407] RBP: 00007fe0822d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1472.582949][T19407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1472.582960][T19407] R13: 00007fe0815e6038 R14: 00007fe0815e5fa0 R15: 00007ffd76ae3978
[ 1472.582987][T19407]  </TASK>
[ 1472.842279][ T5966] usb 4-1: new full-speed USB device number 89 using dummy_hcd
[ 1473.192300][T19415] ip6t_srh: unknown srh invflags 7F00
[ 1473.207669][ T5966] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1473.223831][ T5966] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1473.249671][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1473.278163][ T5966] usb 4-1: config 0 descriptor??
[ 1473.332505][ T5869] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1473.494932][ T5869] usb 6-1: Using ep0 maxpacket: 8
[ 1473.723129][ T5869] usb 6-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1473.742244][ T5869] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1473.834738][ T5869] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1473.844093][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1473.854759][ T5869] usb 6-1: Product: syz
[ 1473.861814][ T5869] usb 6-1: Manufacturer: syz
[ 1473.866833][ T5869] usb 6-1: SerialNumber: syz
[ 1473.876547][T19413] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1474.073169][T19408] SELinux: failed to load policy
[ 1474.190873][T19426] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1474.289735][T19426] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1474.713603][ T5869] usb 6-1: USB disconnect, device number 11
[ 1474.810634][   T30] audit: type=1326 audit(1767142319.358:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19435 comm="syz.1.3263" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb6abf8f749 code=0x0
[ 1474.812843][ T5941] usb 3-1: new full-speed USB device number 108 using dummy_hcd
[ 1475.057329][ T5941] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1475.066042][ T5941] usb 3-1: config 0 has no interface number 0
[ 1475.072225][ T5941] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1475.084172][ T5941] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 64
[ 1475.095181][ T5941] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1475.116756][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1475.139295][ T5941] usb 3-1: config 0 descriptor??
[ 1475.146584][T19426] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1475.165606][ T5941] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1475.393247][    C1] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1475.402680][ T5941] usb 3-1: USB disconnect, device number 108
[ 1475.418006][ T5966] usbhid 4-1:0.0: can't add hid device: -71
[ 1475.447048][ T5966] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1475.501679][ T5966] usb 4-1: USB disconnect, device number 89
[ 1476.549734][T19444] netlink: set zone limit has 4 unknown bytes
[ 1476.577402][T19443] netlink: zone id is out of range
[ 1476.615639][T19426] fuse: Unknown parameter '00000000000000000000'
[ 1478.934991][   T30] audit: type=1326 audit(1767142323.488:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19464 comm="syz.0.3274" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f506af8f749 code=0x0
[ 1479.213946][T19473] ip6t_srh: unknown srh invflags 7F00
[ 1480.657384][T19484] overlayfs: overlapping lowerdir path
[ 1481.332627][   T30] audit: type=1400 audit(1767142325.888:1626): avc:  denied  { read } for  pid=19489 comm="syz.0.3279" path="socket:[78754]" dev="sockfs" ino=78754 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1482.475605][   T30] audit: type=1400 audit(1767142326.178:1627): avc:  denied  { read } for  pid=19489 comm="syz.0.3279" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1483.019450][T19495] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[ 1483.816897][T19510] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1483.917582][T19503] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3283'.
[ 1483.962999][T19510] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1483.978905][   T30] audit: type=1326 audit(1767142328.528:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19514 comm="syz.2.3286" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe08138f749 code=0x0
[ 1484.246023][T19521] block nbd5: not configured, cannot reconfigure
[ 1484.303593][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.609591][T19516] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3284'.
[ 1484.662196][T15942] usb 4-1: new full-speed USB device number 90 using dummy_hcd
[ 1484.671062][T19520] netlink: 7 bytes leftover after parsing attributes in process `syz.1.3284'.
[ 1484.681287][T19520] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3284'.
[ 1484.874911][T15942] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1484.882970][T15942] usb 4-1: config 0 has no interface number 0
[ 1484.890241][T15942] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1484.914460][T15942] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 64
[ 1484.942395][T15942] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1484.951592][T15942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1484.965887][T15942] usb 4-1: config 0 descriptor??
[ 1485.032567][T19513] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1485.154708][T15942] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1485.271262][T19527] ip6t_srh: unknown srh invflags 7F00
[ 1485.590963][    C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1485.600363][ T7103] usb 4-1: USB disconnect, device number 90
[ 1487.803724][T19542] overlayfs: overlapping lowerdir path
[ 1488.167717][T15942] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1488.313946][T19537] netlink: 'syz.5.3289': attribute type 39 has an invalid length.
[ 1489.140295][T19561] block nbd2: not configured, cannot reconfigure
[ 1489.535184][ T5988] usb 2-1: new full-speed USB device number 88 using dummy_hcd
[ 1489.779373][ T5988] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1489.799714][ T5988] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1489.818553][ T5988] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1489.981288][ T5988] usb 2-1: config 0 descriptor??
[ 1490.456748][T19569] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1490.491432][T19569] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1491.472253][T18423] Bluetooth: hci2: command 0x0406 tx timeout
[ 1491.478811][T16343] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1491.802930][T16343] usb 3-1: Using ep0 maxpacket: 8
[ 1491.869739][T16343] usb 3-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1492.041431][T16343] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1492.278969][T16343] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1492.307830][T16343] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1492.338703][T16343] usb 3-1: Product: syz
[ 1492.354539][T16343] usb 3-1: Manufacturer: syz
[ 1492.380334][T16343] usb 3-1: SerialNumber: syz
[ 1492.473919][T19577] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1493.235467][T19571] SELinux: failed to load policy
[ 1493.918917][ T5988] lenovo 0003:17EF:6067.0018: unknown main item tag 0x4
[ 1493.962247][ T5988] lenovo 0003:17EF:6067.0018: item fetching failed at offset 4/5
[ 1495.292845][ T5988] lenovo 0003:17EF:6067.0018: hid_parse failed
[ 1495.299112][ T5988] lenovo 0003:17EF:6067.0018: probe with driver lenovo failed with error -22
[ 1495.421878][T16343] usb 3-1: USB disconnect, device number 109
[ 1496.743227][   T30] audit: type=1326 audit(1767142341.288:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19605 comm="syz.3.3310" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb3bd38f749 code=0x0
[ 1496.859071][T16343] usb 2-1: USB disconnect, device number 88
[ 1498.463021][T19619] block nbd1: not configured, cannot reconfigure
[ 1498.964816][T19613] netlink: set zone limit has 4 unknown bytes
[ 1499.109470][T19611] netlink: zone id is out of range
[ 1499.965410][T19633] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3316'.
[ 1500.685244][T19640] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3321'.
[ 1500.711372][T19640] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3321'.
[ 1501.867641][T19656] block nbd2: not configured, cannot reconfigure
[ 1502.369953][T19660] netlink: 'syz.3.3325': attribute type 14 has an invalid length.
[ 1502.378105][T19660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3325'.
[ 1502.396787][T19660] netlink: 'syz.3.3325': attribute type 14 has an invalid length.
[ 1502.404948][T19660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3325'.
[ 1503.001840][T17582] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1503.030237][T17582] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1503.054974][T17582] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1504.078673][T19665] netlink: zone id is out of range
[ 1504.098003][T19666] netlink: set zone limit has 4 unknown bytes
[ 1504.147380][T17582] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1505.637959][ T5822] Bluetooth: Unexpected start frame (len 16)
[ 1505.884786][T19688] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3334'.
[ 1506.625438][T19696] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1506.642682][T19695] ceph: No mds server is up or the cluster is laggy
[ 1506.653072][ T5988] libceph: connect (1)[c::]:6789 error -101
[ 1506.677097][ T5988] libceph: mon0 (1)[c::]:6789 connect error
[ 1507.952356][T15962] Bluetooth: hci4: command 0x0405 tx timeout
[ 1508.221693][T19712] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3337'.
[ 1508.967657][T19711] netlink: set zone limit has 4 unknown bytes
[ 1508.975424][T19711] netlink: zone id is out of range
[ 1511.735031][T19732] netlink: zone id is out of range
[ 1511.743932][T19734] netlink: set zone limit has 4 unknown bytes
[ 1512.823004][ T7103] IPVS: starting estimator thread 0...
[ 1512.942163][T19748] IPVS: using max 42 ests per chain, 100800 per kthread
[ 1513.482126][T19756] ip6t_srh: unknown srh invflags 7F00
[ 1513.858999][ T5822] Bluetooth: Unexpected start frame (len 16)
[ 1514.922287][ T7103] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1515.491089][ T7103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1515.636454][ T7103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1515.755244][ T7103] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1515.870547][ T7103] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1516.073340][ T7103] usb 2-1: config 0 descriptor??
[ 1516.672018][ T7103] cp2112 0003:10C4:EA90.0019: unknown main item tag 0x0
[ 1516.909647][ T7103] cp2112 0003:10C4:EA90.0019: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[ 1517.899168][ T7103] cp2112 0003:10C4:EA90.0019: error requesting version
[ 1517.924070][ T7103] cp2112 0003:10C4:EA90.0019: probe with driver cp2112 failed with error -71
[ 1517.955115][ T7103] usb 2-1: USB disconnect, device number 89
[ 1518.826837][ T5966] IPVS: starting estimator thread 0...
[ 1518.948223][ T5822] Bluetooth: Unexpected start frame (len 16)
[ 1519.001402][T19798] IPVS: using max 48 ests per chain, 115200 per kthread
[ 1519.586508][T19805] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3365'.
[ 1519.664277][T19805] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3365'.
[ 1520.042246][ T7103] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 1520.192248][ T7103] usb 3-1: Using ep0 maxpacket: 8
[ 1520.214961][ T7103] usb 3-1: config 1 interface 0 altsetting 16 bulk endpoint 0x1 has invalid maxpacket 64
[ 1520.252730][ T7103] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1520.272403][ T7103] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1520.291882][ T7103] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1521.288605][T19816] netlink: set zone limit has 4 unknown bytes
[ 1521.316859][T19815] netlink: zone id is out of range
[ 1521.339040][ T7103] usb 3-1: Product: syz
[ 1521.345169][ T7103] usb 3-1: Manufacturer: syz
[ 1521.349783][ T7103] usb 3-1: SerialNumber: syz
[ 1521.357953][T19808] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1523.033096][ T7103] usb 3-1: USB disconnect, device number 110
[ 1523.439725][T19841] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3369'.
[ 1523.552380][   T30] audit: type=1400 audit(1767142367.988:1630): avc:  denied  { connect } for  pid=19838 comm="syz.0.3369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1523.784917][T19812] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1523.792271][T19812] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1523.826122][T19812] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1523.832414][T19812] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1523.841916][T19812] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1523.848364][T19812] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1523.859537][T19812] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1523.866957][T19812] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1523.891182][T19812] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1523.897946][T19812] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1523.914234][T19812] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1524.192220][T15962] Bluetooth: hci5: command 0x0406 tx timeout
[ 1524.239683][T15962] Bluetooth: hci4: ACL packet for unknown connection handle 201
[ 1524.280252][T19848] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3374'.
[ 1630.372085][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1630.379057][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P19852/1:b..l P19859/1:b..l
[ 1630.388936][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=100769, q=370 ncpus=2)
[ 1630.396717][    C0] task:syz.1.3372      state:R  running task     stack:24312 pid:19859 tgid:19859 ppid:17909  task_flags:0x400640 flags:0x00080000
[ 1630.411257][    C0] Call Trace:
[ 1630.414524][    C0]  <TASK>
[ 1630.417448][    C0]  ? __schedule+0x10b9/0x6150
[ 1630.422115][    C0]  __schedule+0x1139/0x6150
[ 1630.426627][    C0]  ? __pfx___schedule+0x10/0x10
[ 1630.431555][    C0]  ? mark_held_locks+0x49/0x80
[ 1630.436302][    C0]  preempt_schedule_irq+0x51/0x90
[ 1630.441306][    C0]  irqentry_exit+0x1d8/0x8c0
[ 1630.445884][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1630.450639][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1630.456092][    C0] RIP: 0010:lock_acquire+0x62/0x330
[ 1630.461275][    C0] Code: b4 18 12 83 f8 07 0f 87 a2 02 00 00 89 c0 48 0f a3 05 22 bb ee 0e 0f 82 74 02 00 00 8b 35 ba eb ee 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 39 b4 18 12 0f 85 ad 02 00 00 48 83 c4
[ 1630.480863][    C0] RSP: 0018:ffffc9000bfde550 EFLAGS: 00000206
[ 1630.486908][    C0] RAX: 0000000000000046 RBX: ffffffff8e3c96a0 RCX: 000000006e132337
[ 1630.494859][    C0] RDX: 0000000000000000 RSI: ffffffff8daa7ee5 RDI: ffffffff8bf2b400
[ 1630.502817][    C0] RBP: 0000000000000002 R08: 00000000255d0eae R09: 00000000e255d0ea
[ 1630.510787][    C0] R10: 0000000000000002 R11: ffff88802bebd4b0 R12: 0000000000000000
[ 1630.518735][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1630.526692][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1630.531524][    C0]  ? post_alloc_hook+0x1af/0x220
[ 1630.536460][    C0]  ? get_page_from_freelist+0xd0b/0x31a0
[ 1630.542069][    C0]  ? __alloc_frozen_pages_noprof+0x25f/0x2430
[ 1630.548125][    C0]  __update_page_owner_handle+0x75/0x550
[ 1630.553734][    C0]  ? __update_page_owner_handle+0x64/0x550
[ 1630.559515][    C0]  ? elf_core_dump+0x29c3/0x3c10
[ 1630.564426][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.569346][    C0]  __set_page_owner+0x126/0x560
[ 1630.574178][    C0]  ? __pfx___set_page_owner+0x10/0x10
[ 1630.579544][    C0]  ? bad_range+0x261/0x4c0
[ 1630.583935][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1630.589131][    C0]  post_alloc_hook+0x1af/0x220
[ 1630.593879][    C0]  get_page_from_freelist+0xd0b/0x31a0
[ 1630.599315][    C0]  ? __pfx___might_resched+0x10/0x10
[ 1630.604578][    C0]  ? should_fail_alloc_page+0xee/0x130
[ 1630.610023][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2430
[ 1630.615891][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.620808][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.625727][    C0]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1630.632030][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1630.637037][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1630.642391][    C0]  ? find_held_lock+0x2b/0x80
[ 1630.647051][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.651963][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1630.657832][    C0]  ? policy_nodemask+0xea/0x4e0
[ 1630.662668][    C0]  alloc_pages_mpol+0x1fb/0x550
[ 1630.667498][    C0]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1630.672855][    C0]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1630.678208][    C0]  shmem_alloc_folio+0x135/0x160
[ 1630.683123][    C0]  shmem_alloc_and_add_folio+0x494/0xc20
[ 1630.688738][    C0]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1630.694871][    C0]  ? shmem_allowable_huge_orders+0xd4/0x3f0
[ 1630.700745][    C0]  shmem_get_folio_gfp+0x67f/0x1610
[ 1630.705929][    C0]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1630.711549][    C0]  shmem_write_begin+0x1a4/0x3b0
[ 1630.716460][    C0]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1630.721891][    C0]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 1630.728716][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1630.733896][    C0]  generic_perform_write+0x3c4/0x900
[ 1630.739165][    C0]  ? __pfx_generic_perform_write+0x10/0x10
[ 1630.744950][    C0]  ? file_update_time_flags+0x35c/0x520
[ 1630.750468][    C0]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1630.756247][    C0]  shmem_file_write_iter+0x10e/0x140
[ 1630.761595][    C0]  __kernel_write_iter+0x31a/0xb10
[ 1630.766683][    C0]  ? __pfx___kernel_write_iter+0x10/0x10
[ 1630.772291][    C0]  ? __up_read+0x2d1/0x700
[ 1630.776687][    C0]  ? dump_user_range+0x756/0xb70
[ 1630.781605][    C0]  dump_user_range+0x413/0xb70
[ 1630.786348][    C0]  ? __pfx_dump_user_range+0x10/0x10
[ 1630.791611][    C0]  ? elf_coredump_extra_notes_write+0xbd/0x500
[ 1630.797741][    C0]  ? __pfx_writenote+0x10/0x10
[ 1630.802481][    C0]  elf_core_dump+0x29c3/0x3c10
[ 1630.807230][    C0]  ? __pfx_elf_core_dump+0x10/0x10
[ 1630.812315][    C0]  ? kasan_save_stack+0x33/0x60
[ 1630.817140][    C0]  ? kasan_save_track+0x14/0x30
[ 1630.821959][    C0]  ? __kasan_kmalloc+0xaa/0xb0
[ 1630.826694][    C0]  ? __kvmalloc_node_noprof+0x3ac/0xa40
[ 1630.832213][    C0]  ? vfs_coredump+0x1dd9/0x55e0
[ 1630.837042][    C0]  ? arch_do_signal_or_restart+0x8f/0x7e0
[ 1630.842736][    C0]  ? irqentry_exit+0x38a/0x8c0
[ 1630.847475][    C0]  ? asm_exc_page_fault+0x26/0x30
[ 1630.852481][    C0]  ? 0xffffffffff600000
[ 1630.856632][    C0]  ? vfs_coredump+0x2b85/0x55e0
[ 1630.861461][    C0]  vfs_coredump+0x2b85/0x55e0
[ 1630.866123][    C0]  ? __pfx_vfs_coredump+0x10/0x10
[ 1630.871123][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.876042][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.880962][    C0]  ? lock_acquire+0x179/0x330
[ 1630.885615][    C0]  ? lock_acquire+0x179/0x330
[ 1630.890277][    C0]  ? arch_stack_walk+0xa6/0x100
[ 1630.895114][    C0]  ? stack_trace_save+0x8e/0xc0
[ 1630.899951][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1630.905299][    C0]  ? stack_depot_save_flags+0x29/0x9b0
[ 1630.910739][    C0]  ? __lock_acquire+0x436/0x2890
[ 1630.915657][    C0]  ? kasan_save_stack+0x42/0x60
[ 1630.920522][    C0]  ? proc_coredump_connector+0x2d1/0x4f0
[ 1630.926133][    C0]  ? __pfx_proc_coredump_connector+0x10/0x10
[ 1630.932099][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1630.936846][    C0]  get_signal+0x22e1/0x26d0
[ 1630.941341][    C0]  ? __pfx_get_signal+0x10/0x10
[ 1630.946236][    C0]  arch_do_signal_or_restart+0x8f/0x7e0
[ 1630.951856][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1630.957995][    C0]  ? __bad_area_nosemaphore+0x350/0x690
[ 1630.963522][    C0]  irqentry_exit+0x38a/0x8c0
[ 1630.968092][    C0]  asm_exc_page_fault+0x26/0x30
[ 1630.972918][    C0] RIP: 0033:0x7fb6abf8f751
[ 1630.977305][    C0] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217
[ 1630.983343][    C0] RAX: 0000000000000000 RBX: 00007fb6ac1e6090 RCX: 00007fb6abf8f749
[ 1630.991287][    C0] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000
[ 1630.999230][    C0] RBP: 00007fb6ac013f91 R08: 0000000000000000 R09: 0000000000000000
[ 1631.007179][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1631.015129][    C0] R13: 00007fb6ac1e6128 R14: 00007fb6ac1e6090 R15: 00007ffea5baad78
[ 1631.023089][    C0]  </TASK>
[ 1631.026082][    C0] task:syz.3.3377      state:R  running task     stack:26664 pid:19852 tgid:19852 ppid:17238  task_flags:0x40004c flags:0x00080000
[ 1631.039533][    C0] Call Trace:
[ 1631.042787][    C0]  <TASK>
[ 1631.045695][    C0]  ? __schedule+0x10b9/0x6150
[ 1631.050356][    C0]  __schedule+0x1139/0x6150
[ 1631.054840][    C0]  ? __lock_acquire+0x436/0x2890
[ 1631.059755][    C0]  ? __pfx___schedule+0x10/0x10
[ 1631.064608][    C0]  ? mark_held_locks+0x49/0x80
[ 1631.069352][    C0]  preempt_schedule_irq+0x51/0x90
[ 1631.074365][    C0]  irqentry_exit+0x1d8/0x8c0
[ 1631.078949][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1631.084910][    C0] RIP: 0010:unwind_next_frame+0x3e6/0x20b0
[ 1631.090700][    C0] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 3c 15 00 00 41 c7 45 00 00 00 00 00 31 ed e8 d2 3d 0b 0a 85 c0 0f 85 50 06 00 00 <48> c7 c7 a0 96 3c 8e 48 8d 35 00 00 00 00 e8 47 3b 2d 00 e8 c2 86
[ 1631.110284][    C0] RSP: 0018:ffffc9000bb775c0 EFLAGS: 00000202
[ 1631.116335][    C0] RAX: 0000000000000001 RBX: ffffc9000bb77a40 RCX: ffffc9000bb78001
[ 1631.124289][    C0] RDX: 0000000000000000 RSI: ffffffff8bf2b380 RDI: ffffffff8dd7bf20
[ 1631.132238][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000082393294
[ 1631.140195][    C0] R10: 0000000000000002 R11: 0000000000011d82 R12: ffffc9000bb77670
[ 1631.148159][    C0] R13: ffffc9000bb77630 R14: ffffc9000bb77a20 R15: ffffc9000bb77664
[ 1631.156137][    C0]  ? kmem_cache_free+0x2d8/0x770
[ 1631.161064][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1631.167214][    C0]  arch_stack_walk+0x94/0x100
[ 1631.171886][    C0]  ? unlink_anon_vmas+0x173/0x820
[ 1631.176894][    C0]  stack_trace_save+0x8e/0xc0
[ 1631.181550][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1631.186898][    C0]  ? __lock_acquire+0x436/0x2890
[ 1631.191813][    C0]  kasan_save_stack+0x33/0x60
[ 1631.196465][    C0]  ? kasan_save_stack+0x33/0x60
[ 1631.201288][    C0]  ? kasan_save_track+0x14/0x30
[ 1631.206112][    C0]  ? kasan_save_free_info+0x3b/0x60
[ 1631.211284][    C0]  ? __kasan_slab_free+0x5f/0x80
[ 1631.216199][    C0]  ? kmem_cache_free+0x2d8/0x770
[ 1631.221143][    C0]  kasan_save_track+0x14/0x30
[ 1631.225801][    C0]  kasan_save_free_info+0x3b/0x60
[ 1631.230800][    C0]  __kasan_slab_free+0x5f/0x80
[ 1631.235542][    C0]  kmem_cache_free+0x2d8/0x770
[ 1631.240284][    C0]  ? unlink_anon_vmas+0x173/0x820
[ 1631.245289][    C0]  ? unlink_anon_vmas+0x173/0x820
[ 1631.250289][    C0]  unlink_anon_vmas+0x173/0x820
[ 1631.255120][    C0]  free_pgtables+0x212/0xc10
[ 1631.259696][    C0]  ? __pfx_free_pgtables+0x10/0x10
[ 1631.264788][    C0]  ? __pfx_down_write+0x10/0x10
[ 1631.269620][    C0]  exit_mmap+0x3f1/0xb60
[ 1631.273840][    C0]  ? __pfx_exit_mmap+0x10/0x10
[ 1631.278589][    C0]  ? __lock_acquire+0x436/0x2890
[ 1631.283512][    C0]  ? arch_uprobe_clear_state+0x16/0x150
[ 1631.289214][    C0]  __mmput+0x12a/0x410
[ 1631.293263][    C0]  mmput+0x62/0x70
[ 1631.296962][    C0]  do_exit+0x7d7/0x2bd0
[ 1631.301094][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1631.305684][    C0]  ? preempt_schedule_thunk+0x16/0x30
[ 1631.311036][    C0]  do_group_exit+0xd3/0x2a0
[ 1631.315518][    C0]  __x64_sys_exit_group+0x3e/0x50
[ 1631.320522][    C0]  x64_sys_call+0x151c/0x1740
[ 1631.325185][    C0]  do_syscall_64+0xcd/0xf80
[ 1631.329677][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1631.335544][    C0] RIP: 0033:0x7fb3bd38f749
[ 1631.339933][    C0] RSP: 002b:00007ffe20dfaa68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1631.348319][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3bd38f749
[ 1631.356286][    C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 1631.364339][    C0] RBP: 00007ffe20dfaacc R08: 0000001120dfab5f R09: 00000000000927c0
[ 1631.372288][    C0] R10: 000000000001263c R11: 0000000000000246 R12: 000000000000006b
[ 1631.380236][    C0] R13: 00000000000927c0 R14: 0000000000174166 R15: 00007ffe20dfab20
[ 1631.388192][    C0]  </TASK>
[ 1631.391186][    C0] rcu: rcu_preempt kthread starved for 10600 jiffies! g100769 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1631.402443][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1631.412381][    C0] rcu: RCU grace-period kthread stack dump:
[ 1631.418239][    C0] task:rcu_preempt     state:R  running task     stack:28104 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1631.431695][    C0] Call Trace:
[ 1631.434957][    C0]  <TASK>
[ 1631.437866][    C0]  ? __schedule+0x10b9/0x6150
[ 1631.442517][    C0]  __schedule+0x1139/0x6150
[ 1631.446995][    C0]  ? __lock_acquire+0x436/0x2890
[ 1631.451908][    C0]  ? __mod_timer+0x8f2/0xd30
[ 1631.456477][    C0]  ? __pfx___schedule+0x10/0x10
[ 1631.461297][    C0]  ? find_held_lock+0x2b/0x80
[ 1631.465950][    C0]  ? schedule+0x2d7/0x3a0
[ 1631.470254][    C0]  schedule+0xe7/0x3a0
[ 1631.474299][    C0]  schedule_timeout+0x123/0x290
[ 1631.479119][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1631.484463][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1631.489728][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1631.495511][    C0]  ? prepare_to_swait_event+0xf5/0x480
[ 1631.500949][    C0]  rcu_gp_fqs_loop+0x1ea/0xaf0
[ 1631.505691][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1631.510957][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1631.516131][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1631.521053][    C0]  ? rcu_gp_cleanup+0x7c1/0xe90
[ 1631.525883][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1631.531669][    C0]  rcu_gp_kthread+0x26d/0x380
[ 1631.536328][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1631.541506][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1631.546243][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1631.551418][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1631.556414][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1631.561587][    C0]  kthread+0x3c5/0x780
[ 1631.565657][    C0]  ? __pfx_kthread+0x10/0x10
[ 1631.570220][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1631.574956][    C0]  ? __pfx_kthread+0x10/0x10
[ 1631.579523][    C0]  ret_from_fork+0x983/0xb10
[ 1631.584196][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1631.589285][    C0]  ? __switch_to+0x7af/0x10d0
[ 1631.593941][    C0]  ? __pfx_kthread+0x10/0x10
[ 1631.598508][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1631.603256][    C0]  </TASK>
[ 1631.606251][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1631.612565][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1631.617774][    C1] NMI backtrace for cpu 1
[ 1631.617790][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1631.617817][    C1] Tainted: [L]=SOFTLOCKUP
[ 1631.617824][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1631.617835][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1631.617862][    C1] Code: d6 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 59 12 00 fb f4 <e9> cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 1631.617880][    C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
[ 1631.617895][    C1] RAX: 0000000007045dbd RBX: 0000000000000001 RCX: ffffffff8b7806d9
[ 1631.617908][    C1] RDX: 0000000000000000 RSI: ffffffff8dacdf79 RDI: ffffffff8bf2b400
[ 1631.617920][    C1] RBP: ffffed1003b56498 R08: 0000000000000001 R09: ffffed10170a673d
[ 1631.617933][    C1] R10: ffff8880b85339eb R11: ffff88801dab2ff0 R12: 0000000000000001
[ 1631.617945][    C1] R13: ffff88801dab24c0 R14: ffffffff9088b6d0 R15: 0000000000000000
[ 1631.617958][    C1] FS:  0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
[ 1631.617975][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1631.617988][    C1] CR2: fffffffffffffe70 CR3: 000000007e18c000 CR4: 00000000003526f0
[ 1631.618011][    C1] Call Trace:
[ 1631.618017][    C1]  <TASK>
[ 1631.618024][    C1]  default_idle+0x13/0x20
[ 1631.618049][    C1]  default_idle_call+0x6c/0xb0
[ 1631.618075][    C1]  do_idle+0x38d/0x510
[ 1631.618103][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1631.618133][    C1]  cpu_startup_entry+0x4f/0x60
[ 1631.618160][    C1]  start_secondary+0x21d/0x2d0
[ 1631.618179][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1631.618201][    C1]  common_startup_64+0x13e/0x148
[ 1631.618231][    C1]  </TASK>