last executing test programs:

7m28.490964147s ago: executing program 0 (id=36):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000061c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000200)=ANY=[], 0x1c)

7m28.179245126s ago: executing program 0 (id=40):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1900000004000000040000000900000000000000", @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000010400"/28], 0x50)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, 0x0, 0x0)
bind$qrtr(r0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ptrace(0x10, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x3}]}}]}, 0x3c}}, 0x0)

7m22.367545037s ago: executing program 0 (id=50):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0xffffffff, 0xfffffffa, {0x0, 0x0, 0x0, r1, {0x0, 0xf}, {0x0, 0xffff}, {0xd, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8800)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0)
pwritev2(r2, 0x0, 0x0, 0x9, 0x0, 0x7)
r3 = socket(0x3, 0x2, 0x7e39)
sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0xa040)
ioctl$EVIOCGREP(r4, 0x80084503, &(0x7f0000000280)=""/108)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x180})
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$IPVS_CMD_ZERO(r3, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYRES16, @ANYRES16=0x0, @ANYRES16=r1], 0xac}, 0x1, 0x0, 0x0, 0x8007}, 0x8804)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={0x0, 0xffffffffffffffff, 0x0, 0x8000000080000000}, 0x18)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x42500, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={0x0, 0x74e8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
socket(0xf, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x80000100008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000032680)=""/102400, 0x19000)
bpf$MAP_CREATE(0x0, &(0x7f0000001c40)=ANY=[], 0x50)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000780)=""/57)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f00000016c0)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550)

7m19.868858359s ago: executing program 0 (id=58):
iopl(0x3)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
socket$kcm(0x29, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f00000003c0)={0x1, 0x6, 0x0, 0x0})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@private1={0xfc, 0x1, '\x00', 0xfd}, 0x8000000, 0x0, 0x3, 0x1, 0xfffc}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, 0x0}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='bdev\x00', 0x1a0c000, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

7m18.893375567s ago: executing program 0 (id=60):
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
munmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
brk(0x400000ffc020)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000240)=[{&(0x7f0000000200)="d93db731205681d52d10713337237ab8f409e9d0286ac4f933a70765062bd617b586b1232882b4bd1d68", 0xf000}, {0x0, 0xffffffc0}], 0x2)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r4 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB], 0xa)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r6, 0x301, 0x70bd2c, 0x5, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x20040004)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080))
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x3, &(0x7f0000000180))

7m15.894375817s ago: executing program 0 (id=69):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000, @void, @value}, 0x94)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x1000, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f4, 0x0, 0x0, 0x0, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000400)=ANY=[@ANYBLOB="0b00000073797a3100000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000004f6c33517b6994c9f80000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030007000500000009000000080000000300000011ef3000"/292], 0x11b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="189500000000804000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000007c0)='xprtrdma_frwr_dereg\x00'}, 0x18)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
close_range(r7, 0xffffffffffffffff, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000a40)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000380)=""/108, 0x6c, 0x7c31, 0xc2e, 0x5, 0x9, 0x9}}, 0x120)
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000540)=[0xf7, 0x3, 0x919, 0x0, 0x2, 0x5], &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0xffffffffffffffff})
syz_open_dev$evdev(&(0x7f0000000040), 0x4, 0x24a040)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=@gettaction={0xc4, 0x32, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x401}, @action_gd=@TCA_ACT_TAB={0x68, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffff0001}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xd}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x2c, 0x1, [{0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffff}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0xc4}}, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r8, 0xc0045516, &(0x7f0000000000)=0xffb)
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r10 = fsopen(&(0x7f0000000340)='gfs2meta\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x7e, 0x2, 0xffffffffffffffff, 0x4, 0x0, 0x20000000000003, 0x200}, 0x0, &(0x7f0000000240)={0x1b, 0x8000000000, 0x0, 0x0, 0x0, 0x8, 0x5}, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000005c0)={{0xffffffff, 0x5, 0x0, 0xfffffffc, 'syz0\x00'}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x20ff, 'syz0\x00', 0x0})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000300), 0x404001, 0x0)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000002c0)={{r9}, 0x7efd, 0x8000, 0x3ff})

7m0.416466027s ago: executing program 32 (id=69):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000, @void, @value}, 0x94)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x1000, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f4, 0x0, 0x0, 0x0, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000400)=ANY=[@ANYBLOB="0b00000073797a3100000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000004f6c33517b6994c9f80000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030007000500000009000000080000000300000011ef3000"/292], 0x11b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="189500000000804000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000007c0)='xprtrdma_frwr_dereg\x00'}, 0x18)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
close_range(r7, 0xffffffffffffffff, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000a40)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000380)=""/108, 0x6c, 0x7c31, 0xc2e, 0x5, 0x9, 0x9}}, 0x120)
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000540)=[0xf7, 0x3, 0x919, 0x0, 0x2, 0x5], &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0xffffffffffffffff})
syz_open_dev$evdev(&(0x7f0000000040), 0x4, 0x24a040)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=@gettaction={0xc4, 0x32, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x401}, @action_gd=@TCA_ACT_TAB={0x68, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffff0001}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xd}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x2c, 0x1, [{0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffff}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0xc4}}, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r8, 0xc0045516, &(0x7f0000000000)=0xffb)
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r10 = fsopen(&(0x7f0000000340)='gfs2meta\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x7e, 0x2, 0xffffffffffffffff, 0x4, 0x0, 0x20000000000003, 0x200}, 0x0, &(0x7f0000000240)={0x1b, 0x8000000000, 0x0, 0x0, 0x0, 0x8, 0x5}, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000005c0)={{0xffffffff, 0x5, 0x0, 0xfffffffc, 'syz0\x00'}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x20ff, 'syz0\x00', 0x0})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000300), 0x404001, 0x0)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000002c0)={{r9}, 0x7efd, 0x8000, 0x3ff})

6m37.667238079s ago: executing program 2 (id=184):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x10) (async)
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
read(r0, &(0x7f0000000140)=""/73, 0x49)
pipe(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) (async)
read$FUSE(r1, &(0x7f0000002200)={0x2020}, 0x2020)
write$binfmt_script(r2, &(0x7f0000020240), 0x10010) (async)
write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0x9}}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
writev(r3, &(0x7f0000000640)=[{&(0x7f0000000040)="89edee2c78daddb4b473fec988ca", 0xe}, {0x0}], 0x2) (async)
r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r4, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x0, 0x6, 0x1, 0x1}, 0x9, 0x7ff, 0x0, 0x80000, 0x0, 0xa}}) (async)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r5, 0x84, 0x80, &(0x7f0000000280)="1a3e000002000000", 0x8) (async, rerun: 64)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, 0x0, 0x0) (async, rerun: 64)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f00000002c0)={'#! ', './file0', [], 0xa, "00000086"}, 0xf)
write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r8, 0x0) (async, rerun: 64)
preadv(r8, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) (rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) (async)
fremovexattr(0xffffffffffffffff, &(0x7f0000000100)=@known='trusted.overlay.origin\x00')
ioctl$KVM_RUN(r9, 0xae80, 0x0)

6m36.431878898s ago: executing program 2 (id=192):
syz_open_pts(0xffffffffffffffff, 0x8000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x2, 0xfffffcee, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r4 = openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0)
write$binfmt_register(r4, &(0x7f0000000740)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x7, 0x3a, '#%\\h:@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\\\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a\xdd\x05\xdc\xb8\xc7\xb4v\x1f\xe3\xb6)\x1dM\x1e\xf9\x97\xffLW\x82\t\xf7\xb4\xe2fP\b\n\xdd\x03\x9d&\xd2\xce<f\xfb\xed\xdaP\xf0e\xb6\f\x9a\xa7\xe7c\xf3C\x9br\xf0L\xe5\xb3\xfbD\x1b\x88\xb7\b\x1b\xba}\xc9\va_\x9dYC\xffQ\x84 %(;\xac\x95\x90_\xe9\"\"\xf3\xe3#N\x0f\xdf\x7f\x90\x0f\x90S\x8cF\xff\xdb\x80\x9d\xf8A\xa9\x8f7F\x03\xc3T\xd8\xa4\xb9@\xa8\xa7\x94\xd0\x89)C\xfb\x1eV9\xceE', 0x3a, '', 0x3a, './file0'}, 0x1b0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0)

6m32.347827538s ago: executing program 2 (id=210):
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000440), r0)
r1 = socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00", @ANYBLOB, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
write$P9_RREMOVE(r6, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r9 = dup(r8)
connect$bt_rfcomm(r9, &(0x7f00000008c0)={0x1f, @none, 0x6}, 0xa)
bind$bt_l2cap(r8, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0076543ec886b1b7903095000020000103000000000000000002000000000000001a000000"], 0x1c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x68, 0x14, 0xf0b, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xfff1, 0x5}, {0x6, 0xffff}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}}, {0x4}}, {{0x1c, 0x1, {0xd, 0x4, 0xc, 0x487, 0x1, 0x0, 0xfffffffc}}, {0x4}}]}]}, 0x68}}, 0x0)
io_setup(0x281, &(0x7f0000000100))
memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\x00\x00\x00\x00\x00\x00\x00\t8f\xf2\xde\xa0xk>\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7)

6m30.753608477s ago: executing program 2 (id=213):
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {<r1=>0xffffffffffffffff}}, './file0\x00'})
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000140)={&(0x7f0000000040)=""/214, 0x151f000, 0x1800, 0x40}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xef2)
read$rfkill(r0, &(0x7f00000001c0), 0x8)
close_range(r1, r1, 0x2)
syz_80211_inject_frame(&(0x7f0000000200)=@device_b, &(0x7f0000000240)=@data_frame={@msdu=@type11={{0x0, 0x2, 0x6, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x7}, @broadcast, @device_a, @broadcast, {0x3, 0x1}, @device_b, @void, @value=@ver_80211n={0x0, 0xad8, 0x0, 0x3, 0x0, 0x1}}, @random="6185b1eaf17fd03e48d39ab5497e14b7083098fd7ade2d3baed39454acc169b2fb29fbab2290b9694a3c09155bc8162da381b5c331181e15fae88d2c592c1a6a82af9dd132d99271221c5e65bcc3b247d9d499f7f4b5dcee6481f5d811a039a487bfbd68004c41f56bf7d121635410f9a61cf7c86270a32f150348dcbda73ef4bfaac79820da50ced135e74f0f831d534437fa482dbbf1ac7f82b2483cbba6bf05204a188fc6461f532dfba9c3c996a342740f90527d995632f1c6268e110978f960e2ecb32d65aac3e0e40423b0201d50e74d51b12d545ff21cf028ef5d420363de521b7f2a839788fad069941a422eed87651abccb49f2f9e9306d35dccf78f1495e06564079e3b6328dab02cfb8d20a2aec91b0cb383871091d1798c68c9c2a07c2b2605249b554d4b22a9c97253ff0bb3314e6e08ca4b5ba947dbc856c613012d534b82cac96e2f320bcb45e23822ea7883674950e737df4886743197a8c785577b188039e9bf5cbb7bc787e5d34f25ec89a47f43395d804ba9a5743c65e2a4662a37e489dbfc1f8f5d96c5948a58105c45c779c3459c3e8c4cc2ef94c5aecda32e0a95405f85896deeaf33cb982a066af4685f1f497c22b6c3794506ae7c834f09a967f57c72ac6704597fc49bfd0cf31545511f2555942d2014b701bd3fa5ff068b381003817ee31d007623c6a4474232b92fdb5c2d05935bb1e96e47f65dc44cf72bee376e616f39fb9111f95540fa29945c6a267fdcfb37d92c767ff887afbab51d514ceebcdcdc2c3bab687b33ce59f75d0f27ad2c3900d47f564212e9bbbde422da2273f9f44f61e6beb7dcd33a8561668c26553ee3eb2365ce48407e0917ab644d3574717a9d2e658d082bc1153f28fb53e4d6e8920647ee130585dee09eb2b015e7dd2e21916636e7169e0e00a93bc9c5e97a84f244e0686c4cb551fd6f7360a0e5676214d818fe041262e85d1279685426a794e6eef8b2de141425dcfaf92c7e65f8e944dcf8ca4491103bffc530a3aaf6ccb72a22dedd5f0096a9868522fa6e0c48a4192e28569c4600bf4a81d24a42e80"}, 0x31a)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = syz_open_dev$I2C(&(0x7f00000007c0), 0x293, 0x101a00)
r4 = socket$igmp(0x2, 0x3, 0x2)
r5 = getpgid(0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000800)='./file0/file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x4000)
getresuid(&(0x7f00000008c0), &(0x7f0000000900), &(0x7f0000000940)=<r7=>0x0)
r8 = getgid()
r9 = socket$rxrpc(0x21, 0x2, 0xa)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000980)='/proc/asound/timers\x00', 0x0, 0x0)
sendmsg$unix(r2, &(0x7f0000000ac0)={&(0x7f0000000580)=@file={0x4669dc05b6749bd3, './file0\x00'}, 0x6e, &(0x7f0000000780)=[{&(0x7f0000000600)="7a75a22d25288a2451a893b678aa8c1f9b116f0c79d3eee3dcc72b39ff97904b7897e09a4181ef2feeaef3714245ee7d4560652f429872f4fb897fc3b344d86b932121b3bcfba32120139103f0cbb7a51338665fd59ccfcfa27cb614c2c06832418bc80bd8ad2908", 0x68}, {&(0x7f0000000680)="564b8c447d8b4bfe89909a0a6cb97ba5375a2b34213736300ae76de861d39f0bf716a4c65dbf63492ea4135203745866627a9ba8fa7164c04c0e87357b720f2ef5dfee63ffa3ac4f0dc0dbd1c3b03a3ed451722a9c861698b42aaa4530c1a939d412a4e66fe0345c039749ef9c025ae4100315a4d33edcd7f2d37dfa825be9278a5167b900caa91ae31f484886df17d73e7f2edadd4cf51cacfc1f5c6f018f8931ea627fbb39d3aa5d4bbc0c0a8a2eec6328368d0206b2050ec68af28338ec69c57ec53af849484b5d2d09e9eeb769a99fc3175abd68122e27f2fc4ffaa8", 0xde}], 0x2, &(0x7f00000009c0)=[@rights={{0x2c, 0x1, 0x1, [r1, r1, r1, r0, r0, r1, r0]}}, @rights={{0x30, 0x1, 0x1, [r1, r0, r3, r0, r1, r4, r0, r1]}}, @rights={{0x2c, 0x1, 0x1, [r0, r1, 0xffffffffffffffff, r0, r0, r1, r0]}}, @cred={{0x1c, 0x1, 0x2, {r5, 0xee01, r6}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r7, r8}}}, @rights={{0x28, 0x1, 0x1, [r1, r9, r0, r10, r0, r1]}}], 0xf8, 0x8094}, 0x1ec4d4889fb4777e)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r2, &(0x7f0000000b00)={0x2})
ioctl$IOCTL_VMCI_GET_CONTEXT_ID(r10, 0x7b3, &(0x7f0000000b40))
mknod(&(0x7f0000000b80)='./file0\x00', 0x8000, 0x6)
prlimit64(r5, 0x5, 0x0, &(0x7f0000000bc0))
openat$cgroup_subtree(r10, &(0x7f0000000c00), 0x2, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r1)
sendmsg$NL80211_CMD_AUTHENTICATE(r11, &(0x7f0000000d40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x28, r12, 0x400, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@key_params=[@NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_MAC={0xa}]]}, 0x28}, 0x1, 0x0, 0x0, 0x200488d4}, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r10, 0xc018aa06, &(0x7f0000000d80)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
ioctl$KVM_CAP_STEAL_TIME(r10, 0x4068aea3, &(0x7f0000000dc0))
pread64(r10, &(0x7f0000000e40)=""/29, 0x1d, 0x400)
syz_80211_inject_frame(&(0x7f0000000e80)=@broadcast, &(0x7f0000000ec0)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x20}, @device_b, @initial, @from_mac=@broadcast, {0x2, 0x2}, "", @void, @value=@ver_80211n={0x0, 0x3, 0x0, 0x1, 0x0, 0x3}}, @random="b9adccb48353479a56c4f00409a468bcf9e9df793669ed2685733dd095649061e059489a7da8d542bcf763858023f05d507d8e8eeadfb4c043b1c4f713e61f1be905a4095ef8b776b72b51c634b9dc859d86c8c70713f3b85555e16fc6f1f13a7a23c10bb630bba2c9f8f47f9384ad80fd5ea695503d55d06a94e60f974e28ad137807f4c1110c2c2cfa46bd72d63538a1422f3476fb218aad22dc693594697922cf743aa7917266ec26a93539c49e225dba0243e9cd03dcf8ff6e4f22d916f473f840141a66d76eb022abb69df6323df3f03513e91c21d7b7f6b80aafc1034e22c11ecc096c5030d43f3497a982d13ebbe41a2ade5e66a73aff47866b73bcf864461bb3326fc2b40b855877c4797df7a378a22fd8e0aedfb0834e28af4a44624c1525033bb6f1992b5c171fd18c968e617cdcf9cfc84c3ff6ab7e220f952f6acb383c1ab82080f4eb5fd44fd70287f5a91e5a1d72ab595fbabe1699beee233c342c5ab1f9f5c5bb98d92e38f69da35f1eec6bdcdef33aacf688ee25ecb7e8c1490e834b51c738ba37359fe341fbce84b259bea5eecfb60957ff31b09f503c4ce12fc50cd3f1f9c53c21356d951e53bdc9e768371564a7eefced79a5961cecd8bbc7dfbcca3308ce47c6612bcbbf188aa45b29f28582eedde3feac175eabcda6d56156c6b3e208ed1e9763ae3269202acc3950acfa40b7fa7977657479e88a2946e0b6eeee1795dc06388cd49c8f55ce134d7684d12a5beb8f248131b2103660c74c8a0abc99c21f107bdb83a58a4d8d97b144060e6d15afa234ca05f06f852471711b754ed751cc819c6d83db1a05240bc572645fe121ca4ffa9b41233dd140a375d3de70b945b023abc3203e27ab1c2514a5911ae61b4b2ed5aac39c86ff84b96687e984b336f7a45a0e6f48dc14393ed89c6d2a06877c6cfb2cb3c96116b78956631c9ea6456d35a9c565697cd6d9d2a9f7cd20c7aa4f1b1d91fc5e8759cee18bf31f68d10670e7f16d0c2a449cea37625c30fa1f0373632ed5f879f36d2c02ab50ea0491af1bd729bb1fed94e36ee90595cdc2d56db50ffa0098429ce342f94174f73d6da6a32122ad9f39180ae8e448239fbbf1f38edb7587afaeb284c9c6546191eaa9980c0d3adb1f27e54e2a51fc5f7326de707a16c8868b44a9d8704eb57e4d725f9eeaeed7cc7487c1ae41088c9cf9d3b47f8ccbc923d9f79713696a2779a4d421962c50a7725fbaa03574b945a4abbe1f99f63471d3726b828af8324b18e0470c8047a846f47b4f33156000955f57b1d1f22da2227c1d057846e0727bf2558eabfa73db414b04b55156c0d6e473d6c8f705002c4b4284548db80a062d5bf0c2e68243284956879a02e777bb4d67d113a27dfdf9d61659c41305e6f8baaeaef832da3ba8021216f347781f86c1513ebabb9b061a09d95b6f29e0c49eaf1269bfbc9aa9d7456796b7965aac2a62798a5ce45ca3919ac844bb25f0c6afc405eed2c3bf3b543ca0526ec63d2824f047e713d9867c0aba513acaf48c238ba7c313562fcb8e127977b9f565d3a5aa9f61788d29591762544b455c12ebf421be7a8a11699086c4589dbf694c6626b7e1ac4ace2f0c2551d2d9246ff101fcc044506044813ea9720ff579fcb91021a97652264e5dbb237c734be4ebd55787d21c0bad2f039e73c910a557380b9d52a6e4df5237af76496d77826e428692f935a9c3e4900ea829abef6b80acffaade1fabbe75d6de32b118d30cf30d9987a0de4236ec84499a225808465f35d94c43be9528d9b47fae4636d5b5db770aff0175eadeefe50028d0afe06f43d74603b36e957c3230690bb6c76842c61e10643b381d81e15b63554394fea7f288581028280bf4ff0ed63722692a351946dcf340d475db4b78c2f45ea5c6d93fceae637529207485e9c4e4db881211ba55d8a8cde71e979ee534cd7b3a0ff3845e66facf3d455e367b04f86cfb4c074b72ed152c7b197397f3673b1a602df1010abe1b52f920b8763eb5fc5472f89a3922d5295fd627c4c585ed47aafa48e7d3a69a1760136f15df62ae90693cede99def4c7508791f88b373cddcc6f1e0d73c0f77fb4c3fda5482032905dc9b7f62d70336f7dc29378c06825726daf70d4f5c2723fa87363d9ae8bd76763c44d4264bd77cbabfbeb0eab684aef38a8881da6b2dcecbd5e6e9c0a7e7eb01551cf165c3d08f5109e1c9853f19b2ac34ff1eefdcc905881f899fee9483d9614f1aaa576c068d3e08e2d7baec31e811df257b412961bffc7a0126b3950614c90f687e224969af7302253b893441846ebb21f0a9c850af84d22f60a9f38341d75e160253afaa4f2ca994423431fa3b404da99c9f7612af163a1dc20086707ae346d5b267bcf696e1a7fabc340ea50a430ecde9b28f9ef67bd3fe37a051eedf05a9fe458e43e5918f391f8efa2748f33454c2daac53e955732cea266a57e380f32d99cb04462d1174bb908f3a990441d277eb90f85f901357a1537c5ddb633e7aa24e42f23b327eaacca441ebc9eb5bea404dea2c5e5675cf60a39d022265faf861020af01cf2bfc8007fa9cd50b58f14ad45887211c37b6e70b5a03f5c1e4b63c5070c11fd7550a66662bf8b73de1dfbb95760098d4553d1fc9e0ab06e6ce02f48b5db57b93460c17264e01599952fe578f0d7c2f9906d62e198a26eb99d4c3a352463b6c8d9b4ebbcf0b1410456d9856c5dbdf5dc07ba7755b588414207315eaa77deb6e65306efeaaff80e794965d8890daff1356a590c0bc86f411dd38ae5cc21dfa3086746c362f295d68585bc5a3fb8f2caecaae061cc7e7dc4762b405f30a1c9261e40ff82ee455dbd5dbf1f9a535a8acc0f0449636ddc4806794e0096457086ca1b34b9732ec91741e3c8aae875ea351698d549dfbe"}, 0x82c)
ptrace$PTRACE_GETSIGMASK(0x420a, r5, 0x8, &(0x7f0000001700))
ioctl$MEDIA_REQUEST_IOC_REINIT(r1, 0x7c81, 0x0)

6m29.573653191s ago: executing program 2 (id=217):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x7e, 0x9e, 0xb4, 0x10, 0x54c, 0x38, 0x16f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0xc5, 0x38}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x8, 0x3}, 0x0, 0x0})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000003c0)={0x55, 0x8ea9, 0xfffd, {0x0, 0x1}, {0x4f, 0x2}, @cond=[{0x201, 0x5388, 0x6f5, 0x800, 0xca, 0x7}, {0xffff, 0x5, 0x1, 0x3, 0x6, 0xfd}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
syz_usb_control_io(r0, &(0x7f0000000840)={0x2c, &(0x7f00000006c0)={0x40, 0x30, 0x72, {0x72, 0x10, "4fbbcdc137ee880053843a26a2da8b716359754364688a039995ddc4d7657556852fa2b52769dbb48ef9a8c8aa8046cbda383b2fa6b2225c727a7021db056ca3a97aaa18a81ffc182ebc896c93fe48e59266374c5a573612a323c574625b8d04240fa43aa0b22ec9d64f71e9c313acdd"}}, &(0x7f0000000740)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x861}}, &(0x7f0000000780)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f00000007c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x18, 0xd, 0x1, "cbbc24ca", "dda7eabd"}}, &(0x7f0000000800)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x4, 0xfe, 0xfd, 0x10, 0x8000, 0x1000}}}, &(0x7f0000000d40)={0x84, &(0x7f0000000880)={0x0, 0xd, 0xe3, "195a7a95901dc5d000a57f34427fcc159fda6674e0c6d0265fc013a9e6a8b64d0b05af14a75ef7bc9d9a185f00e2aa66703c4ae29b214e1cf7ac3c1c0a09b7ffbb2a4d2fe2b84ee63ebd10c30d931a813519be343f07900154aec8a357b9ba003613654f9b520408337ce42c92712e54b411f6d43b52bd5036dbb9e593c2936c5170ea65e0d4e17bf3885ebbe0412679d2d41381f2edfc2e6206383617976f21cdfbb4a95a695df84262149d09a68d604df20c8d3b2661cae9d809c3344a15b699212fb05c2aee2214628fa507945f065e5f0c35e4d5b9bb2c66ec0eb498f4cc9aa8e4"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0xf8}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000000a40)={0x20, 0x0, 0x4, {0x60, 0x2}}, &(0x7f0000000a80)={0x40, 0x7, 0x2, 0x358}, &(0x7f0000000ac0)={0x40, 0x9, 0x1, 0xd}, &(0x7f0000000b00)={0x40, 0xb, 0x2, "3ec3"}, &(0x7f0000000b40)={0x40, 0xf, 0x2, 0x1}, &(0x7f0000000b80)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}}, &(0x7f0000000bc0)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000c00)={0x40, 0x19, 0x2, '?_'}, &(0x7f0000000c40)={0x40, 0x1a, 0x2}, &(0x7f0000000c80)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000cc0)={0x40, 0x1e, 0x1, 0xc}, &(0x7f0000000d00)={0x40, 0x21, 0x1, 0xff}})
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800a00010072616e67650000002c000280080001400000002408000240000000030c00038005000100430000000c000480050001003f0000000900010073797a30000000000900020073797a32"], 0x94}}, 0x0)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250)
r4 = syz_usb_connect$cdc_ecm(0x6, 0xdb, &(0x7f0000000280)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc9, 0x1, 0x1, 0x8, 0x20, 0x2, [{{0x9, 0x4, 0x0, 0x10, 0x3, 0x2, 0x6, 0x0, 0x2, {{0x8, 0x24, 0x6, 0x0, 0x0, "27a2b5"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xe, 0x6, 0x9, 0x2}, [@mdlm_detail={0x82, 0x24, 0x13, 0x9, "3a8903baf6d4171e3f1118ef11843e368ba4c94ed72b5016492b876ec7fa70d90c3fbb17da1589a4e298898d11a00825e705523dfb22490e28b565be21b42ffd90a99358d549f5e7f41c5394b262fd648a89cc085e30f0e40123693735b474160151fea04d6d22c90fe40a9ef0e6f1ca2d3884168b4084d80cdb2be6aeae"}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0x2, 0x6, 0x3c}}], {{0x9, 0x5, 0x82, 0x2, 0xc40, 0x8, 0x9, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x4, 0x81, 0x3}}}}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x250, 0x5, 0x5, 0x8, 0x40, 0x8}, 0x29, &(0x7f00000003c0)={0x5, 0xf, 0x29, 0x2, [@ssp_cap={0x10, 0x10, 0xa, 0x74, 0x1, 0x9, 0x0, 0x5, [0xf]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "077dd660cdd2f724890b28b198fc56bc"}]}, 0x6, [{0xbf, &(0x7f0000000400)=@string={0xbf, 0x3, "ea81ce4011b3fc2aec7f50c9d37ed405d590282a35008b11b7851789bd925d8e32e4f20675ec676ea9e45a899bbeb9443779e33f47af39d9174ede4b9dc8f322651db80fbcf946c3aa9452c7d8a5a12cfc22946f6b0a53d88fb88e6d0ee62a3ecca61f156c9587493679758d74b10798a3c398f42dc04d97648a023a14e952323b85556d68a754756aa4748299386b5d59ae4c24f07e785377ce79ba80408ef7affc84a2972eda4f51833d1caa0f0a91f458b7fb5711cab88a7a23c804"}}, {0x32, &(0x7f00000004c0)=@string={0x32, 0x3, "bb9fd246bd5f950dc50ec36bd66d6dccdb736fa1d51b78f2413f99d7ff936fe2cb312008e18a6981034810d3b3e206ce"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x44f}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x807}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x436}}, {0x42, &(0x7f00000005c0)=@string={0x42, 0x3, "141cd2f9590ec1e365c1510e0fe2c46830dfda409f96fd56949b7339d223a34b36142ad4acecec23fcd5699718359fe9da8d0aa780c2d36b0dd9f445e901c7ba"}}]})
syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000140)={0x14, &(0x7f0000000040)={0x40, 0x23, 0x20, {0x20, 0x9, "d7921c77952b578f8c6848c5e20987df76a0e5b8a312799ce7ab562ddf81"}}, &(0x7f00000000c0)={0x0, 0x3, 0x50, {0x1a}}}, &(0x7f0000000240)={0x1c, &(0x7f0000000180)={0x40, 0xe, 0xa, "270ae431ebd20861dee1"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0xf5}})

6m26.620790864s ago: executing program 2 (id=234):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="050000000100"/16, @ANYRES64=0x0, @ANYRES64], 0x38}, 0x300}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$hidraw(&(0x7f0000000080), 0x6, 0x40000)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
close(0x3)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="120110010928fc10ac0591022543010203010902"], 0x0)

6m10.624800308s ago: executing program 33 (id=234):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="050000000100"/16, @ANYRES64=0x0, @ANYRES64], 0x38}, 0x300}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$hidraw(&(0x7f0000000080), 0x6, 0x40000)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
close(0x3)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="120110010928fc10ac0591022543010203010902"], 0x0)

2m47.404317701s ago: executing program 5 (id=979):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000b80)='veth0_macvtap\x00')
r1 = socket(0x10, 0x80002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="bc1000002b000b000000000000000000070000000800030004000100a01001"], 0x10bc}}, 0x8000)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={<r3=>0x0}, &(0x7f0000000200)=0xc)
sched_setscheduler(r3, 0x3, &(0x7f0000001300)=0x2ea8)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}}, 0x0)
r4 = accept4$unix(r1, &(0x7f0000000140), &(0x7f0000000000)=0x6e, 0x1000)
recvmmsg$unix(r4, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}, {{&(0x7f0000000240)=@abs, 0x6e, 0x0}}], 0x2, 0x34000, 0x0)

2m47.136170055s ago: executing program 5 (id=982):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x1000, 0x2, 0x3, 0xeffffdff, 0x0, [{0x9b, 0x80, 0xfc}, {0x19, 0x5, 0x0, '\x00', 0xe}, {0xfc, 0x4, 0x0, '\x00', 0x5}, {0x5, 0xf9, 0x7f, '\x00', 0x2}, {0x8, 0x4, 0x5, '\x00', 0x9}, {}, {0x0, 0x85, 0xbe}, {0x0, 0x6, 0x0, '\x00', 0xeb}, {0x0, 0x0, 0x3, '\x00', 0x7f}, {0x8, 0x6, 0xfe, '\x00', 0x42}, {0x0, 0x2}, {0x0, 0x50, 0x3, '\x00', 0x1}, {0x4, 0x9, 0x4, '\x00', 0x3}, {0x1, 0x4e}, {0xfe, 0x2, 0x5, '\x00', 0x9}, {}, {0x1, 0xff, 0x1, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0xfd}, {0xb0, 0x4, 0x7, '\x00', 0x3}, {0x80, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x4}, {0x0, 0x0, 0x0, '\x00', 0x70}, {0x1, 0x0, 0x0, '\x00', 0xe}, {0x10, 0x4, 0xe}]}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$inet6(0xa, 0x3, 0x40)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x300, 0xffffffff, 0xffffffff, 0x300, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, [], [], 'wg1\x00', 'gre0\x00', {0xff}}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
syz_emit_ethernet(0x5e, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbbbad4f943162486dd6000000000033a"], 0x0)

2m46.083769402s ago: executing program 5 (id=985):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x4, 0x0, 0x45, 0xfffffffe, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}})
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0)
syz_open_dev$MSR(0x0, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r0, 0x0, 0x8000)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000200070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}}, 0x0)

2m44.379311856s ago: executing program 5 (id=989):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TCSETSW2(r2, 0x5453, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
iopl(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = getpgid(0x0)
r4 = syz_pidfd_open(r3, 0x0)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0)
pidfd_getfd(r4, r5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c00000000006113bf0000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163e0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

2m42.869930979s ago: executing program 5 (id=992):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}, 0x1, 0x200000000000000}, 0x0)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000200)=ANY=[], 0x1c)

2m41.379331013s ago: executing program 5 (id=996):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001600)=ANY=[@ANYBLOB="850000002f000000d7000000100000009500000000000000423d19f1e4e058f160906b507e5120a0425f48f9550dcf76fc596696e6f89a4a2b1d29eadfdabd5217ba2d02d98d17b488d5437e04555f3dc719afc000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1030, 0x4)
ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000100)={'veth0_vlan\x00', {0x2, 0x4e20, @empty}})
ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000100))
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x101301)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
r4 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000002c0)=@req3={0x8001, 0xfc, 0x1, 0x3, 0x8, 0xcb, 0x4}, 0x1c)
dup3(r4, r3, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000280)={&(0x7f0000000600)=[{0x1e, 0x211, 0x0, 0x0}, {0x8, 0x4020, 0x0, 0x0}], 0x2})
ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2fe, 0x0, 0xe0, 0x80000002, 0x0})

2m26.196842302s ago: executing program 34 (id=996):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001600)=ANY=[@ANYBLOB="850000002f000000d7000000100000009500000000000000423d19f1e4e058f160906b507e5120a0425f48f9550dcf76fc596696e6f89a4a2b1d29eadfdabd5217ba2d02d98d17b488d5437e04555f3dc719afc000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1030, 0x4)
ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000100)={'veth0_vlan\x00', {0x2, 0x4e20, @empty}})
ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000100))
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x101301)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
r4 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000002c0)=@req3={0x8001, 0xfc, 0x1, 0x3, 0x8, 0xcb, 0x4}, 0x1c)
dup3(r4, r3, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000280)={&(0x7f0000000600)=[{0x1e, 0x211, 0x0, 0x0}, {0x8, 0x4020, 0x0, 0x0}], 0x2})
ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2fe, 0x0, 0xe0, 0x80000002, 0x0})

2m13.636343398s ago: executing program 6 (id=921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r1, &(0x7f0000000040)=""/148, 0xffffff96)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x681, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r1, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]})

1m49.25464394s ago: executing program 6 (id=921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r1, &(0x7f0000000040)=""/148, 0xffffff96)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x681, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r1, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]})

1m32.128747522s ago: executing program 6 (id=921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r1, &(0x7f0000000040)=""/148, 0xffffff96)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x681, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r1, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]})

1m7.395654691s ago: executing program 6 (id=921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r1, &(0x7f0000000040)=""/148, 0xffffff96)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x681, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r1, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]})

39.345917342s ago: executing program 6 (id=921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r1, &(0x7f0000000040)=""/148, 0xffffff96)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x681, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r1, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]})

19.77844102s ago: executing program 7 (id=1445):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000feffff0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x190)

19.531072754s ago: executing program 7 (id=1448):
fsopen(&(0x7f00000002c0)='ufs\x00', 0x0)

19.403608306s ago: executing program 7 (id=1449):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value={0x0, 0x2e7}, 0x8)

19.270206151s ago: executing program 7 (id=1450):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61000000, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

19.099091965s ago: executing program 7 (id=1451):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4e7, 0x30, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
unlink(&(0x7f0000000140)='./cgroup\x00')
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket(0x10, 0x3, 0x0)
getsockopt$netlink(r5, 0x10e, 0x8, &(0x7f0000000180)=""/129, &(0x7f0000000040)=0x81)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc)
r7 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCSKEYCODE_V2(r7, 0x40284504, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, "4620f63a4e6b5c9b4410b99e0e549fcfdeb92566761ad1c34ca4a1abe476fa96"})
ioctl$VHOST_SET_VRING_BASE(r6, 0x4008af12, &(0x7f0000000240)={0x3, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="020a000202000000e4a17c45c8d260", 0xf}], 0x1}, 0x0)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)

17.139450368s ago: executing program 1 (id=1460):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000080)="a99c383d", 0x4, 0x0, &(0x7f0000000000)={0x11, 0x8100, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x40100, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000100)={0xc, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r3, 0x3ba0, &(0x7f0000000140)={0x48, 0xa, 0x0, 0x0, r4})

16.544567155s ago: executing program 1 (id=1462):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000010000000000000000000000a5000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x20000)
ioctl$IOC_PR_CLEAR(r2, 0x401070cd, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001740)={0x39, 0x8, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4c}, [@tail_call]}, &(0x7f0000000140)='syzkaller\x00', 0x6e, 0xffc, &(0x7f0000000740)=""/4092, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0xc, 0x106, 0xfffffffb}, 0x10, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000280)=[{0x0, 0x2, 0x6, 0x8}, {0x4, 0x4, 0x7, 0x4}, {0x1, 0x5, 0xc, 0xf}, {0x3, 0x5, 0x2, 0x1}, {0x2, 0x4, 0x10, 0xa}, {0x5, 0x3, 0x7, 0x6}, {0x3, 0x5, 0x2}, {0x0, 0x3, 0xe, 0x1}], 0x10, 0x1, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014001100b7030000000000698500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000640)='percpu_alloc_percpu\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$alg(0x26, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
dup(r6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r8, 0xc0105502, &(0x7f0000000340)={0x1, 0x1})
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="05"], 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000a40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r1, @ANYRES32=r9, @ANYBLOB="04000000000000000000a715", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
r10 = socket(0x1, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000240), &(0x7f00000000c0)=@tcp=r10, 0x2}, 0x20)
r11 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
syz_io_uring_setup(0x6d8a, &(0x7f0000000300)={0x0, 0x37b2, 0x10100}, &(0x7f0000000180)=<r12=>0x0, &(0x7f00000001c0)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f0000000380)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x8000})

15.901699713s ago: executing program 7 (id=1466):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
socket(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20800, 0x0)
ioctl$FICLONE(r1, 0x40049409, r0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'pim6reg1\x00', 0x2})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x1a0, 0x4c, 0x1a, 0x1a0, 0x73, 0x300, 0x258, 0x258, 0x300, 0x258, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0x0, 0x0, 0xff], [0x0, 0xffffff00], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x138, 0x1a0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@unspec=@rateest={{0x68}, {'veth1_vlan\x00', 'veth0\x00', 0x24, 0x3, 0x8, 0x2, 0x39, 0x80000001, {0x8001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xe, 0xb, 0xc, 0xc07, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@icmp6={{0x28}, {0xc, "fc84"}}, @common=@icmp6={{0x28}, {0x0, "e1f6", 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x8000, 0x7, 0x18d, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
pselect6(0x40, &(0x7f0000000000)={0x0, 0x40000000005, 0x8000000000000000, 0x8001f, 0x7fff, 0xfffffffffffffffe, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x9, 0x4, 0x2, 0x2000000, 0x1, 0x7}, 0x0, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
getrusage(0xffffffffffffffff, &(0x7f0000000380))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
ioctl$KVM_CAP_HYPERV_SEND_IPI(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)

15.510764831s ago: executing program 1 (id=1468):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x85100000, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

15.407143143s ago: executing program 1 (id=1470):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000ec0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xc}}, [@NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x54}, 0x1, 0x1e000000, 0x0, 0x20000000}, 0x44004)

15.380895053s ago: executing program 1 (id=1471):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8010)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_setup(0x24fa, &(0x7f0000000180)={0x0, 0xce1c, 0x10100, 0x4000000, 0x0, 0x0, r3}, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)={0x10, 0x2b, 0x1, 0x70bd27, 0x25dfdbfc}, 0x10}], 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32=r5], 0x48}}, 0x810)
close(r5)

15.121150091s ago: executing program 6 (id=921):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r1, &(0x7f0000000040)=""/148, 0xffffff96)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x681, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r1, 0xd7, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xfffffffffffffffb, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x0, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]})

13.936201711s ago: executing program 1 (id=1473):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
unshare(0x5a040240) (async)
openat$rdma_cm(0xffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000540)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) (async)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e20, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}}, 0x0, 0x0, 0x22, 0x0, "d686d221526d1b13555d3b19a5df662a0a12cbd6d9c1c3a4dddb1a2476e4b84b5b2b767b8d8f82bee70957e6193094b6ebad310a7873b01528c94c390778d2c074043e988daa7f3eac2a93f3e06b2ab0"}, 0xd8) (async)
bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x2, 0x13, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000000)=0x1, 0x4) (async)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x5, 0x0, 0x0) (async)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)

13.935884115s ago: executing program 35 (id=1473):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
unshare(0x5a040240) (async)
openat$rdma_cm(0xffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000540)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) (async)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e20, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}}, 0x0, 0x0, 0x22, 0x0, "d686d221526d1b13555d3b19a5df662a0a12cbd6d9c1c3a4dddb1a2476e4b84b5b2b767b8d8f82bee70957e6193094b6ebad310a7873b01528c94c390778d2c074043e988daa7f3eac2a93f3e06b2ab0"}, 0xd8) (async)
bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x2, 0x13, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000000)=0x1, 0x4) (async)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x5, 0x0, 0x0) (async)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)

13.183023293s ago: executing program 4 (id=1479):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4, 0xffffffff, 0xb51b, 0x10}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f00000000c0)={{0x6, @rose, 0x1}, [@null, @default, @netrom, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3000000011140100900000000000000008004b0013000000080001000000000008004f00010000000800030001"], 0x30}}, 0x40)
r3 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
syz_io_uring_setup(0x3046, &(0x7f0000000000)={0x0, 0x7083, 0x4, 0x3, 0x1b3, 0x0, r3}, &(0x7f0000000080), &(0x7f00000000c0))

12.764943991s ago: executing program 4 (id=1480):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x80004bf4, &(0x7f0000000000)={0x0, 0x1000000, 0x40, 0x3, 0x76}, &(0x7f0000000080), &(0x7f00000000c0))
r1 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0xebb6}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f00006b7000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r5 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c005af07677d18bc"}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x7, 0x0, 0x0, 0x7fdfffff}]})
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r6, 0x0, 0x0)
ioctl$UI_SET_SWBIT(r6, 0x4004556d, 0x0)
ioctl$UI_DEV_CREATE(r6, 0x5501)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, &(0x7f0000000280))
sched_getattr(0xffffffffffffffff, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
msgsnd(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000000000003e03f6d323b0ca0b7e9fd6b508ec804bd0f8e951925537f3f8c4e7d056bdc987af33a091e75ee73875a12608a326a81bce9eb7314508a05e547a3437b0dbb5e26a002ebd1b8f60c8b9535a1fed29fb4422f22cffd64083a4bf9b629b325ac29cf7aa32e75bdb8ac491f00e2c1374a13f2c897cfb65ebc87e2d74ad1508f639f17e41219a33ac2715a559aed54287a1f6d55989910cfcabf56c655bfffc1dcb56a749bf5f964cf517eda5b94c3f3f8cc0bc743f39f23600afdbc7a00fbabaf7939adb23e5b8b78505d3da042d593e9f9d10d5c1cdabe14c8c89a6a2"], 0xda, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="032e1414ac0000002000128008000100677265001400028008000600ac14142e08000700e000030a08000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800)

11.819333194s ago: executing program 4 (id=1481):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000000)={0xc0, "dee29d3ab474ac724b7f34e7e5bb037c9666127fd2e9b43d1a804abe058fe0292b5c4c300eef74d09ab48b0b96f7c644c0b7f7e7e4be6d6a76f0ecb71b299a197de8669bdfef89988db1df67e76e64df89661e21cf2bc0983e386e1a91fd3ac2f8eb38f94a11eb766c36a0ba4b01bbffbdbab52fcc2929b44eeafab85b692cb8dea5e1ea6ca30941c3e3a13a8f78f223d20d1fa854fc9bbe8aa50889a6cf5a5a08ed776d2e3cf3e94a1184711713b765ca1cb73ca6e299ac7c7782dd8ea521688b101e5afcea4f71313c97f07aec35943e76931d8ac842530000fd3fe6d7f7d656cc439588423542928f196f5ea3ad59c4a6374580edd6bb3f61fdf72df76ae02d6581ed980522b2d133c580a53d5b2b229dc1d263ca4a45983c0850a1af646ff4c7d499d3584843bdba8956eb7403bca38902abcbef3990b110a8869f6375a9879f74c0626a8e971022436f3cb34c6ec19a10c6d47fa2394c08b73c21b22cd56a217bbf631702cea7cbfa0a7f17b843636fbf247237dd5fd76956b4b84cc90cb163f70d3f6e6ec8079ff41781701ec4d1a1f9c7905697b36ec6d348c167030c0c90516a29628061ffbe37ce35a9213d45b0ebd6a69a6342cfbe997fca7ffea47aeaffa89484a0a6676eab74eace3bca97292c90cda13555b471116a679ca9f3e55ac738cdfc569f2bf34faea82e867f0707341ddfd13dae7c7da6ec70e2c78e"})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000280)=@updpolicy={0xb8, 0x19, 0x200, 0x70bd2a, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x20, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x4, 0x0, 0x0, 0xfff, 0xffffffffffffffff, 0x400000000}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0xfffffff, 0x0, 0x0, 0x1, 0x1, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x8004)
sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0)

11.709646774s ago: executing program 4 (id=1483):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8010)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_setup(0x24fa, &(0x7f0000000180)={0x0, 0xce1c, 0x10100, 0x4000000, 0x0, 0x0, r3}, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)={0x10, 0x2b, 0x1, 0x70bd27, 0x25dfdbfc}, 0x10}], 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32=r5], 0x48}}, 0x810)
close(r5)

10.690762465s ago: executing program 4 (id=1485):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x85200000, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

9.319381534s ago: executing program 4 (id=1487):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = gettid()
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f5, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r6, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
recvmmsg(r6, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r7)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x54, r8, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_SEC_DEVKEY={0x38, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000041}, 0x2000c0c0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="60010000", @ANYRES16=r8, @ANYBLOB="00042dbd7000fddbdf25180000000c00308005000200020000005000308024000300aa84df3f3ec0e0bffeeedfc201fc957a064e35441b1781310f28fd18189cf05b0500020082000000040001801c00018008000400feffffff050002000200000008000400db00000018003080140004009868706a187069d5c44644976cfdf4540c000600030000000000000098003080400001803c0003800600010002000000080002000000000006000300a3aa000008000200030000000c0004000200aaaaaaaaaaaa0c0004000000000000000080050002007f000000140004007b9f79ebf52d1d2746b87bd707a5757f28000180080004000b020000080001000100000005000200000000000c0005000700000000000000050002000800000005000200070000000c0030800500020001000000280030802400030083f0354d2ffa3fa67816fd30986218f0bac33a840c8b1d286a9919e7dee6b6a1"], 0x160}}, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYBLOB="b5"], 0x6c}}, 0x0)

9.181383517s ago: executing program 36 (id=1487):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = gettid()
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f5, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r6, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
recvmmsg(r6, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r7)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x54, r8, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_SEC_DEVKEY={0x38, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000041}, 0x2000c0c0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="60010000", @ANYRES16=r8, @ANYBLOB="00042dbd7000fddbdf25180000000c00308005000200020000005000308024000300aa84df3f3ec0e0bffeeedfc201fc957a064e35441b1781310f28fd18189cf05b0500020082000000040001801c00018008000400feffffff050002000200000008000400db00000018003080140004009868706a187069d5c44644976cfdf4540c000600030000000000000098003080400001803c0003800600010002000000080002000000000006000300a3aa000008000200030000000c0004000200aaaaaaaaaaaa0c0004000000000000000080050002007f000000140004007b9f79ebf52d1d2746b87bd707a5757f28000180080004000b020000080001000100000005000200000000000c0005000700000000000000050002000800000005000200070000000c0030800500020001000000280030802400030083f0354d2ffa3fa67816fd30986218f0bac33a840c8b1d286a9919e7dee6b6a1"], 0x160}}, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYBLOB="b5"], 0x6c}}, 0x0)

8.560087968s ago: executing program 3 (id=1491):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4041, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x20000010)
syz_usb_connect(0x3, 0xb5, &(0x7f0000001080)={{0x12, 0x1, 0x310, 0x87, 0x3, 0x85, 0x40, 0x10ab, 0x10c5, 0x275e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa3, 0x2, 0x4, 0x7, 0x50, 0x7, [{{0x9, 0x4, 0xbb, 0x0, 0x7, 0xcf, 0x92, 0xd0, 0x1, [], [{{0x9, 0x5, 0xd, 0x3, 0x3bf, 0x3, 0x80, 0x7}}, {{0x9, 0x5, 0xd, 0x1, 0x8, 0x18, 0x0, 0x8}}, {{0x9, 0x5, 0x2, 0x10, 0x400, 0x7, 0x1, 0x5}}, {{0x9, 0x5, 0x3, 0x13, 0x3ff, 0x0, 0x7f, 0x3, [@generic={0x35, 0xb, "505f6299608b5c669dd360fb38ee630a5f9889c650cf59d03f0eb1318f9b9847bad23ac880a742e6e20df8ad8bd2933e231bef"}]}}, {{0x9, 0x5, 0x0, 0x1, 0x10, 0x1, 0x7, 0xd, [@uac_iso={0x0, 0x25, 0x1, 0x3, 0xff, 0x80}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xf7}]}}, {{0x9, 0x5, 0x1, 0x10, 0x601, 0x1, 0xa, 0x9, [@generic={0x2, 0xd}]}}, {{0x9, 0x5, 0x3, 0x10, 0x200, 0x9, 0x3, 0xff}}]}}, {{0x9, 0x4, 0x37, 0x9, 0x0, 0x7c, 0xd0, 0x5, 0x15}}]}}]}}, &(0x7f0000001b80)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0x81, 0x2, 0x7f, 0x10, 0x10}, 0x46, 0x0})

7.097939182s ago: executing program 3 (id=1492):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x8b2, 0x640, 0x1, 0x1, 0x80, 0x19ef, 0x42, 0x4, 0x3, 0x78000, 0x2800, 0x3098, 0x2, 0xba2, 0xd, 0x23, {0x8, 0xffffffff}, 0xd0, 0x9}})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@bridge_setlink={0x20, 0x13, 0xa29}, 0x20}}, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
getsockopt$inet_buf(r5, 0x0, 0x29, &(0x7f0000000100)=""/180, &(0x7f00000001c0)=0xb4)

5.950808049s ago: executing program 3 (id=1493):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000000000142101fe8000000000000000000000000000bbfe8000000000050000000000000000aa00004e", @ANYRES32=0x41424344], 0x0)

5.791258704s ago: executing program 3 (id=1494):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8010)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_setup(0x24fa, &(0x7f0000000180)={0x0, 0xce1c, 0x10100, 0x4000000, 0x0, 0x0, r3}, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)={0x10, 0x2b, 0x1, 0x70bd27, 0x25dfdbfc}, 0x10}], 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32=r5], 0x48}}, 0x810)
close(r5)

4.892174127s ago: executing program 3 (id=1495):
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)={0x0, 0x31384142, 0x1, @stepwise={0x753, 0x9, 0x81, 0x9, 0x80000000, 0x89}})
semop(0x0, 0x0, 0x0)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x3)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
syz_usb_connect(0x0, 0x4d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000298962d08e2041414b9c50102030109023b00027f0130090904ab020002af27cf052406000005240008000d240f0106000000018002000d0904000a017e63abff09050a0440"], 0x0)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x803, 0x6)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r3, r1})
shutdown(r3, 0x1)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x18, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x6, 0x11, 0x0, 0x1, [@generic="2fe5"]}]}, 0x18}], 0x1}, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x8, @mcast2}, {0xa, 0x0, 0x7, @remote}, r6}}, 0x48)
write$RDMA_USER_CM_CMD_GET_EVENT(r5, &(0x7f0000000000)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
r7 = socket$inet(0x2, 0x1, 0x9)
connect$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10)
fsopen(&(0x7f00000002c0)='ufs\x00', 0x0)

4.721405686s ago: executing program 3 (id=1496):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000280), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000776b00000000000000000000950000009c00000018fa7b0c6771c2c558ae375ebaa03cce5a97818c5ea079e7b55d65056a6e5bb5a74364732c090f7cf437df6cb2383fa33b5cbda984dd8331895a88dd2a43"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000de1498403a090f05b7c2000000010902120001000000000904000000d8b96e00"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
readv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000080)=""/140, 0x8c}], 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000004000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)=ANY=[@ANYBLOB="040f0100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)

4.522592717s ago: executing program 37 (id=1496):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000280), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000776b00000000000000000000950000009c00000018fa7b0c6771c2c558ae375ebaa03cce5a97818c5ea079e7b55d65056a6e5bb5a74364732c090f7cf437df6cb2383fa33b5cbda984dd8331895a88dd2a43"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000de1498403a090f05b7c2000000010902120001000000000904000000d8b96e00"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
readv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000080)=""/140, 0x8c}], 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000004000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)=ANY=[@ANYBLOB="040f0100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)

1.144647997s ago: executing program 8 (id=1475):
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0, 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4000084)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x10, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f00000003c0)=0x1ff, 0x4)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)="5c00000014006b03000000d86e6c1d000a117ea6e070d6060000000000004e23250002000f00000017d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9767b4", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x80801)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x8000, 0x0)
kcmp(0x0, 0x0, 0x4, r1, r5)
syslog(0x4, 0x0, 0x0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk={@p, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfff8, 0x20000000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1.029362371s ago: executing program 8 (id=1498):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000100)={@loopback, @multicast1, 0x1d, 0x4}})
read$FUSE(0xffffffffffffffff, &(0x7f00000040c0)={0x2020}, 0x2020)
r2 = syz_open_dev$video4linux(&(0x7f0000000700), 0x4, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0205648, &(0x7f00000003c0)={0xf010001, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000410000000000000000000200000a20000000000a050000000000000000000100fffc0900010073797a300000000040000000030a0101000000f3ff000000010000000900030073797a310000000014000480080002401000000008000140000000000900010073797a300000000068000000060a010400000000000000000100000040000480240001800b00010072656a656374000014000280050002000800020008000140000000854c9138cf7bdd04006f7366000c000280080001400000001408000b40000000000900010073797a30"], 0xf0}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000800)=[{{&(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}}}], 0x20}}, {{&(0x7f00000000c0)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="34000000ba5cd76c182e988f07000000832304", @ANYRESOCT=r1, @ANYRES32=r1, @ANYRES8=r2, @ANYRES64=r0, @ANYBLOB="74ac2232e828e108cfee39003e407b00d98a1dc174b3e51f973b66e6b455ab3a5a770701b04982086b357459437b618797e367933941871aa2abd7988f3b20387885b3c6a0148f4b5f5b0a86fde5c4e1b3f92afcf51704dc7fe220c52fef6496a468a480e776d6e8448e019bb30a4c3ad8db1042662c84571ba061ebf644b3155c1f37bc50a8ee3f7d09bbfbf921352b2ae06bdc3579f0b19d7a818d34ac9bb6ea1dbe3b14475ab5c983405ef30dc79bebe527a470f8d72b718734ff46130c81b8415500a67bc3e9a9e7ee1acb8c59c5cfdd3afff788f038ee17c630f2e61890de773aa0aced975a57ee6f61ca3d0f1e4b7e3516573303cb2b80ca22fba6", @ANYRESDEC=r2, @ANYRES32=r2, @ANYRESDEC=r3, @ANYRES16=r1], 0x38}}], 0x2, 0x80)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r5=>0x0})
sendto$packet(r0, &(0x7f0000000080)="a99c383d", 0x4, 0x0, &(0x7f0000000000)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)

947.992707ms ago: executing program 8 (id=1499):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x54)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0))
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="140000000000000001000000"], 0x18, 0x4000000}, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
memfd_create(&(0x7f0000000280)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=g\xaa\xd5\xe9n\xd5\xeas\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9e\x86\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\x00\x00\x00\x00\x00\nj\x8c\xef\x90\x97X\x16:\xe2\xf08\xc0Z\xfa\x1a\xb3\xf0wV\x01\x00d\xf8N\x80\xd1g\xd8e\xc8\x16\xadba\x14\xb8O\xe3\x91\x93\x11\xf0\xc2!\x98\x1a\']\xe5\x1e\xa7\xa6\xcc\x9b\xc1R.\x8aGj+k', 0x2)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000025c0)=""/4114, 0x1012}], 0x1}}, {{0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000004c00)=""/4105, 0x1009}], 0x1}}], 0x2, 0xd076, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r5, &(0x7f0000000280)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, 0xf, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x1}]}, 0x1c}}, 0x80)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f0000000400000008ae3cfaeeb7e07bac22a900", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
futex_waitv(&(0x7f00000022c0), 0x0, 0x0, 0x0, 0x1)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="040000000000000000000000fabeb2ea96baf84a77a4", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r6, &(0x7f0000000100), &(0x7f0000000140)=@udp6=r1}, 0x20)
accept$alg(r3, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

900.188155ms ago: executing program 38 (id=1466):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
socket(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20800, 0x0)
ioctl$FICLONE(r1, 0x40049409, r0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'pim6reg1\x00', 0x2})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x1a0, 0x4c, 0x1a, 0x1a0, 0x73, 0x300, 0x258, 0x258, 0x300, 0x258, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0x0, 0x0, 0xff], [0x0, 0xffffff00], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x138, 0x1a0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@unspec=@rateest={{0x68}, {'veth1_vlan\x00', 'veth0\x00', 0x24, 0x3, 0x8, 0x2, 0x39, 0x80000001, {0x8001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xe, 0xb, 0xc, 0xc07, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@icmp6={{0x28}, {0xc, "fc84"}}, @common=@icmp6={{0x28}, {0x0, "e1f6", 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x8000, 0x7, 0x18d, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
pselect6(0x40, &(0x7f0000000000)={0x0, 0x40000000005, 0x8000000000000000, 0x8001f, 0x7fff, 0xfffffffffffffffe, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x9, 0x4, 0x2, 0x2000000, 0x1, 0x7}, 0x0, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
getrusage(0xffffffffffffffff, &(0x7f0000000380))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
ioctl$KVM_CAP_HYPERV_SEND_IPI(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 8 (id=1501):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1200000001000000080000000800000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket(0x1d, 0x3, 0x3)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
getpeername$packet(r1, 0x0, &(0x7f0000000400))
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x200000000000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0x1}, {&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f37b748b8f466fe29f40ec981d1431132bca9884654780b3205ed61f49c3b3b6229593e61d13a8505de19a8a", 0x9f}], 0x2}, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000001000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000200000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x480, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_netdev_private(r7, 0x89f0, &(0x7f0000000000)="f4543e5660579eca31839ede98ded8bf779c0201706d3452dff4505e09ad701f65fc12f1f44fdba0f05e09b28991fd5d6faa15c46be36fa718f7dfda1757d4f249d4df765bb07ce5b55d951fb0bce94513c231be7449eea2fb1a6abe01c745cb3e6ae3e0f97e2f07d17222dba72171ac499859213876f703bbda38c7aa314039dae3589d4aa1de8235f4c5a65021af6a0537e3015038c3cf1a091b916458b2261850971b8a154f8c973c5d4df095226e0e901bf195db75a471cd29bc30e8d8ef2f8cd5d0656a83b9721109d159902ce08bf9e5d805f0fa398eda47b43a678a199af66a0d6e99cdacd6da3780d8fe3ba8")
r8 = openat$selinux_policy(0xffffff9c, &(0x7f0000000900), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r8, 0x0)
ioctl$KVM_CAP_PMU_CAPABILITY(r6, 0x4068aea3, &(0x7f0000000dc0)={0xd4, 0x0, 0x8000})

kernel console output (not intermixed with test programs):

5 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1204" name="bus" dev="overlay" ino=1447 res=0 errno=0
[  434.807045][  T977] waltop 0003:172F:0034.0008: item fetching failed at offset 1/3
[  434.819168][  T977] waltop 0003:172F:0034.0008: probe with driver waltop failed with error -22
[  435.152297][ T5908] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  435.194975][ T5832] Bluetooth: hci3: command tx timeout
[  435.293257][ T5943] usb 8-1: USB disconnect, device number 4
[  435.386830][ T5908] usb 2-1: device descriptor read/64, error -71
[  435.433335][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  435.482225][T10144] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  435.514724][T10144] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  435.535171][T10144] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  435.558001][T10144] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  435.662405][ T5908] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  435.783520][ T3495] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  435.794231][ T3495] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  435.801355][T10144] 8021q: adding VLAN 0 to HW filter on device bond0
[  435.828553][ T5908] usb 2-1: device descriptor read/64, error -71
[  436.127657][ T5908] usb usb2-port1: attempt power cycle
[  436.128494][T10144] 8021q: adding VLAN 0 to HW filter on device team0
[  436.159869][ T6166] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.167018][ T6166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  436.280979][T10289] use of bytesused == 0 is deprecated and will be removed in the future,
[  436.289761][T10289] use the actual size instead.
[  436.423369][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  436.423400][   T30] audit: type=1400 audit(1749500522.554:877): avc:  denied  { write } for  pid=10285 comm="syz.3.1214" name="uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  436.618925][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  436.693513][ T6166] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.700711][ T6166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  436.741763][ T5908] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  436.773598][ T5908] usb 2-1: device descriptor read/8, error -71
[  436.884992][T10144] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  436.952323][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  436.970829][T10144] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  436.983999][T10301] netlink: 'syz.7.1216': attribute type 10 has an invalid length.
[  437.034347][ T6166] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  437.045079][ T6166] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.063395][ T5908] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  437.071659][T10301] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.079239][T10301] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.121674][ T5908] usb 2-1: device descriptor read/8, error -71
[  437.138376][T10301] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.145557][T10301] bridge0: port 2(bridge_slave_1) entered forwarding state
[  437.153022][T10301] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.160152][T10301] bridge0: port 1(bridge_slave_0) entered forwarding state
[  437.181861][T10301] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  437.242505][ T5908] usb usb2-port1: unable to enumerate USB device
[  437.639602][T10144] 8021q: adding VLAN 0 to HW filter on device batadv0
[  437.678968][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.891749][T10322] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1222'.
[  437.930747][T10322] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1222'.
[  438.724425][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.954772][   T30] audit: type=1326 audit(1749500524.554:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10324 comm="syz.1.1223" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3eec98e929 code=0x0
[  439.254786][T10144] veth0_vlan: entered promiscuous mode
[  439.564661][T10144] veth1_vlan: entered promiscuous mode
[  439.596055][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  439.602712][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  439.807876][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  439.872087][   T10] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  439.976603][T10144] veth0_macvtap: entered promiscuous mode
[  439.997218][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  440.008581][T10144] veth1_macvtap: entered promiscuous mode
[  440.167123][   T10] usb 2-1: config 241 has an invalid interface number: 0 but max is -1
[  440.178658][T10144] batman_adv: batadv0: Interface activated: batadv_slave_0
[  440.686918][   T10] usb 2-1: config 241 has 1 interface, different from the descriptor's value: 0
[  440.709361][   T10] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=db.e9
[  440.727530][T10144] batman_adv: batadv0: Interface activated: batadv_slave_1
[  440.731756][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.776961][T10144] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  440.804257][   T10] pcwd_usb: The device isn't a Human Interface Device
[  440.818204][T10144] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  440.832976][T10144] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  440.842201][T10144] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  440.875385][ T5943] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  441.012249][ T6397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.039574][   T30] audit: type=1400 audit(1749500527.364:879): avc:  denied  { write } for  pid=10339 comm="syz.1.1227" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  441.045145][ T6397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  441.106266][T10359] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1233'.
[  441.188715][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.203327][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  441.216065][   T10] usb 2-1: USB disconnect, device number 32
[  441.470975][T10368] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1236'.
[  441.502501][ T5943] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  441.512917][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  441.523689][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  441.538770][   T30] audit: type=1326 audit(1749500527.864:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10369 comm="syz.7.1237" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbb8a58e929 code=0x0
[  441.591677][T10371] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1237'.
[  441.633549][ T6397] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.675962][ T5943] usb 5-1: Using ep0 maxpacket: 16
[  441.695156][ T5943] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  441.741918][ T5943] usb 5-1: config 0 has no interface number 0
[  441.770821][ T5943] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  441.787964][ T5943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.799785][ T6397] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.810457][ T5943] usb 5-1: Product: syz
[  441.815090][ T5943] usb 5-1: Manufacturer: syz
[  441.819689][ T5943] usb 5-1: SerialNumber: syz
[  441.846516][ T5943] usb 5-1: config 0 descriptor??
[  441.857883][ T5943] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  441.886364][ T6397] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.914604][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.092270][ T6397] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.252865][ T6397] bridge_slave_1: left allmulticast mode
[  442.259136][ T6397] bridge_slave_1: left promiscuous mode
[  442.266545][   T30] audit: type=1400 audit(1749500528.584:881): avc:  denied  { write } for  pid=10361 comm="syz.4.1235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  442.286802][ T6397] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.297169][ T5943] gspca_spca1528: reg_w err -71
[  442.307556][ T6397] bridge_slave_0: left allmulticast mode
[  442.313971][ T6397] bridge_slave_0: left promiscuous mode
[  442.322434][ T5943] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71
[  442.331266][ T6397] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.339338][ T5943] usb 5-1: USB disconnect, device number 37
[  442.697751][T10390] fuse: Unknown parameter '·'
[  443.059834][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  443.069949][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  443.096419][   T30] audit: type=1400 audit(1749500529.024:882): avc:  denied  { mounton } for  pid=10385 comm="syz.4.1241" path="/263/file0" dev="tmpfs" ino=1382 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  443.100624][ T1333] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  443.129823][ T1333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  443.364997][T10398] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=10398 comm=syz.3.1240
[  443.824675][   T30] audit: type=1400 audit(1749500529.034:883): avc:  denied  { sqpoll } for  pid=10385 comm="syz.4.1241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  443.919078][T10388] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1240'.
[  444.022930][   T30] audit: type=1400 audit(1749500530.354:884): avc:  denied  { write } for  pid=10400 comm="syz.4.1243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  444.102530][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  444.143600][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  444.143976][   T30] audit: type=1400 audit(1749500530.474:885): avc:  denied  { setopt } for  pid=10400 comm="syz.4.1243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  444.337777][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  444.350411][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  444.370450][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  444.380793][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  444.419845][ T5833] Bluetooth: hci1: unexpected event for opcode 0x2016
[  445.609345][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.893315][ T6397] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  445.904256][ T6397] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  445.915894][ T6397] bond0 (unregistering): Released all slaves
[  445.993163][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  446.072569][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  446.111592][T10403] lo speed is unknown, defaulting to 1000
[  446.302054][   T30] audit: type=1400 audit(1749500532.624:886): avc:  denied  { unmount } for  pid=9640 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  446.542230][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  446.705120][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.134367][T10430] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1248'.
[  447.312994][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  447.323785][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.633142][T10436] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.641392][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.677319][T10439] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.753906][ T5832] Bluetooth: hci3: command tx timeout
[  447.992566][   T30] audit: type=1326 audit(1749500534.264:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10437 comm="syz.7.1252" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb8a58e929 code=0x0
[  448.472198][ T5832] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  448.481624][ T5832] Bluetooth: hci1: Injecting HCI hardware error event
[  448.490553][ T5833] Bluetooth: hci1: hardware error 0x00
[  448.671049][T10425] ptrace attach of "./syz-executor exec"[5813] was attempted by "./syz-executor exec"[10425]
[  448.860165][ T6397] hsr_slave_0: left promiscuous mode
[  449.052147][ T6397] hsr_slave_1: left promiscuous mode
[  449.096356][ T6397] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  449.202779][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  449.213526][   T12] net_ratelimit: 3 callbacks suppressed
[  449.213538][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.251111][ T6397] batman_adv: batadv0: Removing interface: batadv_slave_0
[  449.415173][    T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  449.424012][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.502415][ T6397] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  449.552300][ T6397] batman_adv: batadv0: Removing interface: batadv_slave_1
[  449.668278][    T9] usb 2-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[  449.687214][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.694629][ T6397] veth1_macvtap: left promiscuous mode
[  449.731797][ T6397] veth0_macvtap: left promiscuous mode
[  449.763499][ T6397] veth1_vlan: left promiscuous mode
[  449.795017][ T6397] veth0_vlan: left promiscuous mode
[  449.833274][ T5832] Bluetooth: hci3: command tx timeout
[  449.833481][    T9] usb 2-1: config 0 descriptor??
[  449.838831][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.910872][    T9] gspca_main: mars-2.14.0 probing 093a:050f
[  450.317155][   T30] audit: type=1400 audit(1749500536.644:888): avc:  denied  { mount } for  pid=10446 comm="syz.1.1253" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  451.109984][ T5833] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  451.132423][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  451.258710][T10472] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1253'.
[  451.364201][   T30] audit: type=1400 audit(1749500537.694:889): avc:  denied  { mounton } for  pid=10446 comm="syz.1.1253" path="/syzcgroup/unified/syz1" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[  451.862130][ T5818] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  451.886785][ T6397] team0 (unregistering): Port device team_slave_1 removed
[  451.913073][ T5833] Bluetooth: hci3: command tx timeout
[  452.006062][ T6397] team0 (unregistering): Port device team_slave_0 removed
[  452.063716][ T5818] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  452.074076][ T5818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.084953][ T5818] usb 5-1: config 0 descriptor??
[  452.152788][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  452.179504][ T5818] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  452.210616][T10483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1261'.
[  452.252164][   T30] audit: type=1400 audit(1749500538.474:890): avc:  denied  { connect } for  pid=10479 comm="syz.3.1261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  452.435126][   T30] audit: type=1400 audit(1749500538.534:891): avc:  denied  { shutdown } for  pid=10479 comm="syz.3.1261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  452.580402][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.037003][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  453.047857][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.265308][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.273998][ T5890] usb 2-1: USB disconnect, device number 33
[  453.347652][T10403] chnl_net:caif_netlink_parms(): no params data found
[  453.869371][T10502] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  453.992091][ T5832] Bluetooth: hci3: command tx timeout
[  454.057365][T10507] bond1: entered promiscuous mode
[  454.062593][T10507] bond1: entered allmulticast mode
[  454.069595][T10507] 8021q: adding VLAN 0 to HW filter on device bond1
[  454.185026][ T5818] usb 5-1: USB disconnect, device number 38
[  454.314473][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.548315][T10403] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.563112][T10403] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.571157][T10403] bridge_slave_0: entered allmulticast mode
[  454.587220][T10403] bridge_slave_0: entered promiscuous mode
[  454.598489][T10403] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.606379][T10403] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.614374][T10403] bridge_slave_1: entered allmulticast mode
[  454.630972][T10403] bridge_slave_1: entered promiscuous mode
[  454.674064][T10403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  454.685906][T10403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  454.752052][T10403] team0: Port device team_slave_0 added
[  454.761267][T10403] team0: Port device team_slave_1 added
[  454.857200][T10520] netlink: 'syz.4.1270': attribute type 1 has an invalid length.
[  454.865177][T10520] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1270'.
[  455.078256][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  455.088940][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.203011][T10403] batman_adv: batadv0: Adding interface: batadv_slave_0
[  455.352155][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.020766][T10528] netlink: 'syz.1.1272': attribute type 10 has an invalid length.
[  456.035327][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.040621][T10403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  456.069859][T10403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  456.080701][ T5832] Bluetooth: hci3: command 0x0405 tx timeout
[  456.089910][T10403] batman_adv: batadv0: Adding interface: batadv_slave_1
[  456.097184][T10403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  456.147426][T10403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  457.142301][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.148051][   T30] audit: type=1400 audit(1749500543.184:892): avc:  denied  { listen } for  pid=10531 comm="syz.1.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  457.156036][T10403] hsr_slave_0: entered promiscuous mode
[  457.230212][T10403] hsr_slave_1: entered promiscuous mode
[  457.264007][T10403] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  457.287628][T10403] Cannot create hsr debugfs directory
[  457.532342][ T5818] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  457.703621][ T5818] usb 4-1: New USB device found, idVendor=2040, idProduct=9301, bcdDevice=e4.fb
[  457.732553][ T5818] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.766581][ T5818] usb 4-1: config 0 descriptor??
[  457.787663][ T5818] dvb-usb: found a 'Hauppauge WinTV-NOVA-T usb2' in warm state.
[  457.802834][ T5818] dvb-usb: bulk message failed: -22 (3/0)
[  457.817631][ T5818] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  457.857470][ T5818] dvbdev: DVB: registering new adapter (Hauppauge WinTV-NOVA-T usb2)
[  457.872429][ T5818] usb 4-1: media controller created
[  457.892078][ T5818] dvb-usb: bulk message failed: -22 (5/0)
[  457.902116][ T5818] dvb-usb: MAC address reading failed.
[  457.938974][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  458.001853][ T5818] dvb-usb: bulk message failed: -22 (6/0)
[  458.020842][ T5818] dvb-usb: bulk message failed: -22 (6/0)
[  458.035307][ T5818] dvb-usb: no frontend was attached by 'Hauppauge WinTV-NOVA-T usb2'
[  458.131133][ T5818] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20
[  458.157403][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  458.298996][ T5818] dvb-usb: schedule remote query interval to 100 msecs.
[  458.302786][   T30] audit: type=1400 audit(1749500544.624:893): avc:  denied  { read } for  pid=5174 comm="acpid" name="event4" dev="devtmpfs" ino=3162 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  458.311426][ T5818] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully initialized and connected.
[  458.413749][ T1206] dvb-usb: bulk message failed: -22 (2/0)
[  458.420330][ T1206] dvb-usb: error while querying for an remote control event.
[  458.481138][   T30] audit: type=1400 audit(1749500544.624:894): avc:  denied  { open } for  pid=5174 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3162 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  458.492259][ T5818] usb 4-1: USB disconnect, device number 12
[  458.532634][ T5890] dvb-usb: bulk message failed: -22 (2/0)
[  458.578797][ T5890] dvb-usb: error while querying for an remote control event.
[  458.588911][   T30] audit: type=1400 audit(1749500544.624:895): avc:  denied  { ioctl } for  pid=5174 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3162 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  458.763516][ T5818] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully deinitialized and disconnected.
[  458.803379][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  458.814030][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.096623][T10567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1283'.
[  459.121692][T10403] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  459.128528][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.193527][T10403] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  459.200637][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.230226][T10403] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  459.332099][   T30] audit: type=1400 audit(1749500545.624:896): avc:  denied  { mount } for  pid=10553 comm="syz.7.1280" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  459.383390][T10569] overlayfs: conflicting lowerdir path
[  459.397598][T10403] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  459.441084][   T30] audit: type=1400 audit(1749500545.694:897): avc:  denied  { create } for  pid=10571 comm="syz.4.1284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  459.602182][ T5818] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  459.678747][T10403] 8021q: adding VLAN 0 to HW filter on device bond0
[  459.730870][T10403] 8021q: adding VLAN 0 to HW filter on device team0
[  459.752390][ T5818] usb 5-1: Using ep0 maxpacket: 16
[  459.769192][ T5818] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  459.778633][ T5818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.798614][ T6397] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.805786][ T6397] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.819143][ T5818] usb 5-1: Product: syz
[  459.826995][ T5818] usb 5-1: Manufacturer: syz
[  459.834500][ T5818] usb 5-1: SerialNumber: syz
[  459.870014][ T6397] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.877250][ T6397] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.886090][ T5818] usb 5-1: config 0 descriptor??
[  460.234054][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  460.422647][T10589] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  460.474604][ T5818] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  460.502541][T10574] Unsupported ieee802154 address type: 0
[  461.172800][ T1333] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  461.178566][ T5818] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  461.183544][ T1333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  461.193916][ T5818] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  461.211338][ T5818] usb 5-1: media controller created
[  461.224804][   T30] audit: type=1400 audit(1749500546.824:898): avc:  denied  { create } for  pid=10571 comm="syz.4.1284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  461.276259][   T30] audit: type=1400 audit(1749500546.834:899): avc:  denied  { bind } for  pid=10571 comm="syz.4.1284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  461.299875][T10393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  461.316374][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  461.337856][   T30] audit: type=1400 audit(1749500547.644:900): avc:  denied  { unmount } for  pid=9640 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  461.406099][T10594] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  461.440399][ T5818] zl10353_read_register: readreg error (reg=127, ret==0)
[  461.448857][T10403] 8021q: adding VLAN 0 to HW filter on device batadv0
[  461.457570][ T5818] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  461.473709][T10594] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=10594 comm=syz.3.1287
[  461.486477][ T5818] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  461.513470][ T5818] usb 5-1: USB disconnect, device number 39
[  461.710179][ T5818] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  461.892031][   T30] audit: type=1400 audit(1749500548.214:901): avc:  denied  { connect } for  pid=10609 comm="syz.1.1292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  461.992597][T10615] FAULT_INJECTION: forcing a failure.
[  461.992597][T10615] name failslab, interval 1, probability 0, space 0, times 0
[  462.005618][T10615] CPU: 1 UID: 0 PID: 10615 Comm: syz.4.1294 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  462.005642][T10615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.005653][T10615] Call Trace:
[  462.005660][T10615]  <TASK>
[  462.005667][T10615]  dump_stack_lvl+0x16c/0x1f0
[  462.005699][T10615]  should_fail_ex+0x512/0x640
[  462.005729][T10615]  should_failslab+0xc2/0x120
[  462.005755][T10615]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  462.005778][T10615]  ? lock_acquire+0x179/0x350
[  462.005805][T10615]  ? dst_alloc+0x99/0x1a0
[  462.005832][T10615]  ? __pfx_ip6_dst_gc+0x10/0x10
[  462.005855][T10615]  dst_alloc+0x99/0x1a0
[  462.005881][T10615]  ip6_pol_route+0x96b/0x1230
[  462.005905][T10615]  ? __pfx_ip6_pol_route+0x10/0x10
[  462.005929][T10615]  ? __skb_flow_dissect+0x11b2/0x7d90
[  462.005963][T10615]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  462.005984][T10615]  fib6_rule_lookup+0x386/0x720
[  462.006006][T10615]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  462.006031][T10615]  ? lock_acquire+0x179/0x350
[  462.006060][T10615]  ? __lock_acquire+0x622/0x1c90
[  462.006089][T10615]  ip6_route_output_flags+0x1d0/0x640
[  462.006112][T10615]  ip6_dst_lookup_tail.constprop.0+0xa52/0x2140
[  462.006144][T10615]  ? __pfx_ip6_dst_lookup_tail.constprop.0+0x10/0x10
[  462.006164][T10615]  ? __lock_acquire+0xb8a/0x1c90
[  462.006190][T10615]  ? is_bpf_text_address+0x8a/0x1a0
[  462.006211][T10615]  ? bpf_ksym_find+0x127/0x1c0
[  462.006243][T10615]  ip6_dst_lookup_flow+0x99/0x1d0
[  462.006265][T10615]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[  462.006290][T10615]  ? dst_cache_get_ip6+0x38c/0x930
[  462.006312][T10615]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[  462.006335][T10615]  udp_tunnel6_dst_lookup+0x2d0/0x4b0
[  462.006360][T10615]  ? __pfx_udp_tunnel6_dst_lookup+0x10/0x10
[  462.006391][T10615]  ? do_syscall_64+0xa0/0x4c0
[  462.006419][T10615]  geneve_xmit+0x96e/0x5610
[  462.006467][T10615]  ? __pfx_geneve_xmit+0x10/0x10
[  462.006505][T10615]  ? dev_hard_start_xmit+0x94/0x740
[  462.006531][T10615]  dev_hard_start_xmit+0x94/0x740
[  462.006560][T10615]  __dev_queue_xmit+0x7eb/0x43e0
[  462.006591][T10615]  ? find_held_lock+0x2b/0x80
[  462.006611][T10615]  ? __might_fault+0xe3/0x190
[  462.006631][T10615]  ? __might_fault+0xe3/0x190
[  462.006650][T10615]  ? __might_fault+0x13b/0x190
[  462.006671][T10615]  ? __pfx___dev_queue_xmit+0x10/0x10
[  462.006699][T10615]  ? _copy_from_iter+0x15d/0x16f0
[  462.006736][T10615]  ? packet_parse_headers+0x79a/0xb10
[  462.006758][T10615]  ? __asan_memset+0x23/0x50
[  462.006775][T10615]  ? packet_parse_headers+0x7a6/0xb10
[  462.006797][T10615]  ? packet_parse_headers+0x21d/0xb10
[  462.006827][T10615]  ? __pfx_packet_parse_headers+0x10/0x10
[  462.006850][T10615]  ? skb_copy_datagram_from_iter+0x4f0/0x740
[  462.006882][T10615]  packet_xmit+0x23e/0x360
[  462.006910][T10615]  packet_sendmsg+0x3729/0x5880
[  462.006936][T10615]  ? avc_has_perm+0xd0/0x1c0
[  462.006971][T10615]  ? sock_has_perm+0x259/0x2f0
[  462.006991][T10615]  ? __pfx_sock_has_perm+0x10/0x10
[  462.007017][T10615]  ? __pfx_packet_sendmsg+0x10/0x10
[  462.007062][T10615]  __sys_sendto+0x4a3/0x520
[  462.007088][T10615]  ? __pfx___sys_sendto+0x10/0x10
[  462.007140][T10615]  ? ksys_write+0x1ac/0x250
[  462.007163][T10615]  ? __pfx_ksys_write+0x10/0x10
[  462.007189][T10615]  __x64_sys_sendto+0xe0/0x1c0
[  462.007212][T10615]  ? do_syscall_64+0x91/0x4c0
[  462.007237][T10615]  ? lockdep_hardirqs_on+0x7c/0x110
[  462.007263][T10615]  do_syscall_64+0xcd/0x4c0
[  462.007292][T10615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.007310][T10615] RIP: 0033:0x7f41aeb8e929
[  462.007326][T10615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.007343][T10615] RSP: 002b:00007f41af9ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  462.007361][T10615] RAX: ffffffffffffffda RBX: 00007f41aedb5fa0 RCX: 00007f41aeb8e929
[  462.007373][T10615] RDX: 0000000000000004 RSI: 0000200000000080 RDI: 0000000000000003
[  462.007383][T10615] RBP: 00007f41af9ba090 R08: 0000200000000000 R09: 0000000000000014
[  462.007395][T10615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  462.007405][T10615] R13: 0000000000000000 R14: 00007f41aedb5fa0 R15: 00007ffdcaef7418
[  462.007434][T10615]  </TASK>
[  462.008066][T10615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  462.114379][T10403] veth0_vlan: entered promiscuous mode
[  462.277860][T10620] fuse: Bad value for 'fd'
[  462.352075][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  462.514776][   T30] audit: type=1400 audit(1749500548.604:902): avc:  denied  { create } for  pid=10619 comm="syz.1.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  462.614705][   T30] audit: type=1400 audit(1749500548.604:903): avc:  denied  { getopt } for  pid=10619 comm="syz.1.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  462.705109][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  463.058985][T10403] veth1_vlan: entered promiscuous mode
[  463.142307][   T30] audit: type=1400 audit(1749500548.834:904): avc:  denied  { bind } for  pid=10618 comm="syz.3.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  463.157399][T10403] veth0_macvtap: entered promiscuous mode
[  463.210060][T10403] veth1_macvtap: entered promiscuous mode
[  463.218019][   T30] audit: type=1400 audit(1749500549.114:905): avc:  denied  { write } for  pid=10619 comm="syz.1.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  463.241224][   T30] audit: type=1400 audit(1749500549.404:906): avc:  denied  { write } for  pid=10618 comm="syz.3.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  463.309166][T10403] batman_adv: batadv0: Interface activated: batadv_slave_0
[  463.438199][T10403] batman_adv: batadv0: Interface activated: batadv_slave_1
[  463.782582][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  463.966491][    T9] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  464.003625][T10638] geneve2: entered promiscuous mode
[  464.008868][T10638] geneve2: entered allmulticast mode
[  464.041616][T10403] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.065269][T10403] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  464.081158][T10403] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  464.090343][T10403] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  464.122040][    T9] usb 8-1: Using ep0 maxpacket: 8
[  464.293393][    T9] usb 8-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  464.309035][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.328197][    T9] usb 8-1: Product: syz
[  464.335918][    T9] usb 8-1: Manufacturer: syz
[  464.346577][    T9] usb 8-1: SerialNumber: syz
[  464.359628][T10642] netlink: 'syz.3.1301': attribute type 10 has an invalid length.
[  464.377721][    T9] usb 8-1: config 0 descriptor??
[  464.406088][    T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  464.431211][ T6166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.463419][    T9] usb 8-1: setting power ON
[  464.468359][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  464.476174][ T6166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.514462][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  464.539049][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.548739][    T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  464.582168][    T9] usb 8-1: media controller created
[  464.669372][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  464.747897][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.792370][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  464.811070][    T9] usb 8-1: selecting invalid altsetting 6
[  465.322056][    T9] usb 8-1: digital interface selection failed (-22)
[  465.328786][    T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  465.351874][    T9] usb 8-1: setting power OFF
[  465.357711][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.402241][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  465.437227][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  465.485036][    T9] (NULL device *): no alternate interface
[  465.515858][T10652] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1304'.
[  465.579382][T10652] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1304'.
[  465.613901][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  465.649590][T10645] ptrace attach of "./syz-executor exec"[5813] was attempted by "./syz-executor exec"[10645]
[  465.852278][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.863980][    T9] usb 8-1: USB disconnect, device number 5
[  465.901803][ T5890] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  465.919001][T10659] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1302'.
[  466.135464][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  466.279233][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  466.289575][ T5890] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  466.298814][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.313040][ T5890] usb 2-1: config 0 descriptor??
[  466.590504][ T6639] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.724306][ T6639] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.765940][ T5890] cp2112 0003:10C4:EA90.0009: unknown main item tag 0x0
[  466.788860][ T5890] cp2112 0003:10C4:EA90.0009: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  466.844015][ T6639] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.872743][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  466.939237][ T6639] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.960180][ T5890] cp2112 0003:10C4:EA90.0009: Part Number: 0x82 Device Version: 0xFE
[  467.083394][ T6639] bridge_slave_1: left allmulticast mode
[  467.089108][ T6639] bridge_slave_1: left promiscuous mode
[  467.096486][ T6639] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.105355][ T6639] bridge_slave_0: left allmulticast mode
[  467.111001][ T6639] bridge_slave_0: left promiscuous mode
[  467.113852][ T6166] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  467.118067][ T6639] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.127277][ T6166] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  468.072180][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  468.082119][T10655] netlink: 'syz.1.1305': attribute type 11 has an invalid length.
[  468.147463][T10655] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1305'.
[  468.302189][T10679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.322893][ T5891] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  468.326848][T10679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.399732][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  468.513853][ T5891] usb 4-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[  468.526313][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.653664][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  468.670258][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  468.679342][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  468.691783][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  468.699314][ T5891] usb 4-1: config 0 descriptor??
[  468.700973][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  468.708622][ T5891] gspca_main: mars-2.14.0 probing 093a:050f
[  468.754656][ T6639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  468.765540][ T6639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  468.777673][ T6639] bond0 (unregistering): Released all slaves
[  469.344100][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  469.447701][T10688] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1309'.
[  469.505264][T10690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.515454][T10690] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.756550][ T5890] cp2112 0003:10C4:EA90.0009: error reading lock byte: -71
[  469.827256][ T5890] usb 2-1: USB disconnect, device number 34
[  470.249758][T10682] lo speed is unknown, defaulting to 1000
[  470.393049][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.792282][ T5832] Bluetooth: hci3: command tx timeout
[  471.342421][T10712] netlink: 'syz.4.1318': attribute type 1 has an invalid length.
[  471.484487][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  471.492648][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  472.214008][ T6639] hsr_slave_0: left promiscuous mode
[  472.242087][ T6639] hsr_slave_1: left promiscuous mode
[  472.246623][    T9] usb 4-1: USB disconnect, device number 13
[  472.247965][ T6639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  472.295356][ T6639] batman_adv: batadv0: Removing interface: batadv_slave_0
[  472.336203][ T6639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  472.361377][ T6639] batman_adv: batadv0: Removing interface: batadv_slave_1
[  472.459745][ T6639] veth1_macvtap: left promiscuous mode
[  472.475487][ T6639] veth0_macvtap: left promiscuous mode
[  472.495314][ T6639] veth1_vlan: left promiscuous mode
[  472.500665][ T6639] veth0_vlan: left promiscuous mode
[  472.553914][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  472.602738][T10726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1319'.
[  472.877091][ T5832] Bluetooth: hci3: command tx timeout
[  472.894969][   T49] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  472.906029][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  473.340461][T10736] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  473.592694][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.656158][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.908984][ T5933] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.956319][ T5833] Bluetooth: hci3: command tx timeout
[  474.997836][ T6639] team0 (unregistering): Port device team_slave_1 removed
[  475.037606][ T6639] team0 (unregistering): Port device team_slave_0 removed
[  475.392808][T10727] bond2: entered promiscuous mode
[  475.398000][T10727] bond2: entered allmulticast mode
[  475.412369][T10727] 8021q: adding VLAN 0 to HW filter on device bond2
[  475.555396][T10682] chnl_net:caif_netlink_parms(): no params data found
[  475.677462][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  475.808901][T10682] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.989453][T10682] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.168889][T10682] bridge_slave_0: entered allmulticast mode
[  476.190244][T10682] bridge_slave_0: entered promiscuous mode
[  476.281846][T10682] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.325287][T10682] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.344881][T10682] bridge_slave_1: entered allmulticast mode
[  476.368228][T10682] bridge_slave_1: entered promiscuous mode
[  476.559421][T10682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.616417][T10682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.646760][T10792] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.1336'.
[  476.712958][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  476.791607][T10793] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1336'.
[  476.800977][   T30] audit: type=1400 audit(2000000000.090:907): avc:  denied  { read } for  pid=10791 comm="syz.4.1336" name="rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  477.070833][   T30] audit: type=1400 audit(2000000000.090:908): avc:  denied  { open } for  pid=10791 comm="syz.4.1336" path="/dev/rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  477.094500][ T5833] Bluetooth: hci3: command 0x0419 tx timeout
[  477.101124][   T30] audit: type=1400 audit(2000000000.100:909): avc:  denied  { ioctl } for  pid=10791 comm="syz.4.1336" path="/dev/rtc0" dev="devtmpfs" ino=922 ioctlcmd=0x7001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  477.143583][T10682] team0: Port device team_slave_0 added
[  477.169218][T10682] team0: Port device team_slave_1 added
[  477.193161][T10793] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.200527][T10793] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.866755][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.913854][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.963826][T10682] batman_adv: batadv0: Adding interface: batadv_slave_0
[  477.975157][T10682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.999205][T10809] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1340'.
[  478.004945][ T6639] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  478.020717][ T6639] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.029206][T10786] ptrace attach of "./syz-executor exec"[5813] was attempted by "./syz-executor exec"[10786]
[  478.040564][T10809] openvswitch: netlink: Flow actions attr not present in new flow.
[  478.040893][T10682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  478.140051][T10812] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  478.202734][T10682] batman_adv: batadv0: Adding interface: batadv_slave_1
[  478.209718][T10682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.308128][T10682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.724110][T10817] geneve3: entered promiscuous mode
[  478.729610][T10817] geneve3: entered allmulticast mode
[  478.838020][ T6397] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  478.848880][ T6397] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.872222][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.948016][T10682] hsr_slave_0: entered promiscuous mode
[  479.017862][T10682] hsr_slave_1: entered promiscuous mode
[  479.047526][T10682] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  479.059935][   T30] audit: type=1400 audit(2000000002.380:910): avc:  denied  { remount } for  pid=10821 comm="syz.3.1345" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  479.069873][T10682] Cannot create hsr debugfs directory
[  479.112292][ T5832] Bluetooth: hci3: command 0x0419 tx timeout
[  479.124838][   T30] audit: type=1400 audit(2000000002.440:911): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  479.656782][   T30] audit: type=1400 audit(2000000002.970:912): avc:  denied  { read } for  pid=10826 comm="syz.1.1348" path="socket:[34523]" dev="sockfs" ino=34523 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  479.922256][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  479.950946][T10829] x_tables: duplicate underflow at hook 1
[  480.063872][   T30] audit: type=1400 audit(2000000003.390:913): avc:  denied  { write } for  pid=10827 comm="syz.3.1347" path="socket:[33504]" dev="sockfs" ino=33504 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  480.362077][  T977] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  480.372027][ T1206] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  480.532354][  T977] usb 4-1: Using ep0 maxpacket: 32
[  480.538269][ T1206] usb 2-1: Using ep0 maxpacket: 16
[  480.550371][  T977] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  480.553380][ T1206] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  480.590905][  T977] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  480.607025][ T1206] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  480.607101][  T977] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  480.620788][ T1206] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  480.634536][  T977] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  480.698531][ T1206] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  480.702532][  T977] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  480.752497][T10860] netlink: 'syz.7.1354': attribute type 1 has an invalid length.
[  480.941257][ T1206] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  480.972831][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.980939][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.998549][  T977] usb 4-1: Product: syz
[  481.012144][  T977] usb 4-1: Manufacturer: syz
[  481.027023][ T1206] usb 2-1: config 0 has no interface number 0
[  481.045227][  T977] usb 4-1: SerialNumber: syz
[  481.050034][ T1206] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  481.081780][ T1206] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  481.093736][ T1206] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  481.095835][  T977] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input22
[  481.107029][ T1206] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  481.248596][T10868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.260853][T10868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.271518][T10868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.282957][T10868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.293130][T10868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.318232][T10869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.395494][T10869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  482.332030][ T1206] usb 2-1: config 0 interface 125 has no altsetting 0
[  482.342929][ T1206] usb 2-1: config 0 interface 125 has no altsetting 2
[  482.351630][ T1206] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  482.360789][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  482.372033][ T1206] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.386829][ T1206] usb 2-1: Product: syz
[  482.391101][ T1206] usb 2-1: Manufacturer: syz
[  482.396316][ T1206] usb 2-1: SerialNumber: syz
[  482.403064][ T1206] usb 2-1: config 0 descriptor??
[  482.410877][ T1206] usb 2-1: selecting invalid altsetting 2
[  482.414402][T10682] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  482.457043][  T977] usb 4-1: USB disconnect, device number 14
[  482.478134][T10682] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  482.506371][T10682] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  482.529280][T10682] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  482.542851][  T977] appletouch 4-1:1.0: input: appletouch disconnected
[  482.627213][   T30] audit: type=1400 audit(2000000005.950:914): avc:  denied  { create } for  pid=10841 comm="syz.1.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  482.757648][   T30] audit: type=1400 audit(2000000005.950:915): avc:  denied  { connect } for  pid=10841 comm="syz.1.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  482.780222][   T30] audit: type=1400 audit(2000000005.950:916): avc:  denied  { listen } for  pid=10841 comm="syz.1.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  482.800919][   T30] audit: type=1400 audit(2000000005.950:917): avc:  denied  { setopt } for  pid=10841 comm="syz.1.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  482.878491][ T5832] Bluetooth: hci5: Malformed Event: 0x02
[  482.885876][   T30] audit: type=1400 audit(2000000005.950:918): avc:  denied  { accept } for  pid=10841 comm="syz.1.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  482.906832][   T30] audit: type=1400 audit(2000000005.970:919): avc:  denied  { read } for  pid=10872 comm="syz.7.1358" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  482.927711][   T30] audit: type=1400 audit(2000000006.100:920): avc:  denied  { execute } for  pid=10872 comm="syz.7.1358" dev="tmpfs" ino=1235 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  482.949103][   T30] audit: type=1400 audit(2000000006.100:921): avc:  denied  { execute_no_trans } for  pid=10872 comm="syz.7.1358" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1235 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  482.979520][   T30] audit: type=1326 audit(2000000006.200:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10841 comm="syz.1.1350" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3eec98e929 code=0x0
[  483.834731][ T1206] get_1284_register timeout
[  483.839347][ T1206] uss720 2-1:0.125: probe with driver uss720 failed with error -5
[  483.847182][    C1] usb 2-1: async_complete: urb error -104
[  483.847265][    C1] usb 2-1: async_complete: urb error -104
[  483.847311][    C1] usb 2-1: async_complete: urb error -104
[  483.847357][    C1] usb 2-1: async_complete: urb error -104
[  484.215987][ T6639] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  484.256188][ T1206] usb 2-1: USB disconnect, device number 35
[  484.399039][ T6639] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  485.097889][   T30] audit: type=1326 audit(2000000008.140:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10895 comm="syz.1.1363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3eec98e929 code=0x0
[  485.249198][T10682] 8021q: adding VLAN 0 to HW filter on device bond0
[  485.300365][T10682] 8021q: adding VLAN 0 to HW filter on device team0
[  485.331422][ T6166] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.338606][ T6166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  485.357179][ T6166] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.364361][ T6166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  485.379644][T10910] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1366'.
[  485.493724][T10914] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1367'.
[  486.156642][T10920] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  486.163193][T10920] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  486.177547][T10920] vhci_hcd vhci_hcd.0: Device attached
[  486.205843][T10924] vhci_hcd: connection closed
[  486.207582][ T1333] vhci_hcd: stop threads
[  486.292572][ T1333] vhci_hcd: release socket
[  486.301315][ T1333] vhci_hcd: disconnect device
[  486.362299][ T1206] vhci_hcd: vhci_device speed not set
[  486.563494][ T5891] net_ratelimit: 7 callbacks suppressed
[  486.563509][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  487.192757][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  487.217223][T10682] 8021q: adding VLAN 0 to HW filter on device batadv0
[  487.592308][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  488.324045][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  488.324062][   T30] audit: type=1326 audit(2000000010.930:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10953 comm="syz.3.1377" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3d4f8e929 code=0x0
[  488.914850][   T30] audit: type=1326 audit(2000000012.180:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10952 comm="syz.1.1378" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3eec98e929 code=0x0
[  489.444748][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  489.522731][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  489.533412][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  489.680013][   T30] audit: type=1400 audit(2000000013.000:929): avc:  denied  { ioctl } for  pid=10969 comm="syz.1.1382" path="socket:[34819]" dev="sockfs" ino=34819 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  489.774390][T10682] veth0_vlan: entered promiscuous mode
[  489.906691][   T30] audit: type=1400 audit(2000000013.170:930): avc:  denied  { read } for  pid=10976 comm="syz.7.1383" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  489.920391][T10682] veth1_vlan: entered promiscuous mode
[  489.930928][T10978] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1384'.
[  490.176068][   T30] audit: type=1400 audit(2000000013.170:931): avc:  denied  { open } for  pid=10976 comm="syz.7.1383" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  490.200502][T10983] FAULT_INJECTION: forcing a failure.
[  490.200502][T10983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  490.222083][T10983] CPU: 1 UID: 0 PID: 10983 Comm: syz.3.1385 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  490.222110][T10983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  490.222121][T10983] Call Trace:
[  490.222127][T10983]  <TASK>
[  490.222134][T10983]  dump_stack_lvl+0x16c/0x1f0
[  490.222164][T10983]  should_fail_ex+0x512/0x640
[  490.222191][T10983]  _copy_from_user+0x2e/0xd0
[  490.222216][T10983]  video_usercopy+0xedd/0x1720
[  490.222240][T10983]  ? __pfx___video_do_ioctl+0x10/0x10
[  490.222261][T10983]  ? selinux_kernel_read_file+0x70/0x130
[  490.222289][T10983]  ? __pfx_video_usercopy+0x10/0x10
[  490.222330][T10983]  v4l2_ioctl+0x1ba/0x250
[  490.222350][T10983]  ? __pfx_v4l2_ioctl+0x10/0x10
[  490.222371][T10983]  __x64_sys_ioctl+0x18e/0x210
[  490.222393][T10983]  do_syscall_64+0xcd/0x4c0
[  490.222419][T10983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.222437][T10983] RIP: 0033:0x7fa3d4f8e929
[  490.222452][T10983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  490.222468][T10983] RSP: 002b:00007fa3d5eb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  490.222485][T10983] RAX: ffffffffffffffda RBX: 00007fa3d51b5fa0 RCX: 00007fa3d4f8e929
[  490.222496][T10983] RDX: 0000200000000040 RSI: 00000000c0845657 RDI: 0000000000000003
[  490.222507][T10983] RBP: 00007fa3d5eb6090 R08: 0000000000000000 R09: 0000000000000000
[  490.222517][T10983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  490.222527][T10983] R13: 0000000000000000 R14: 00007fa3d51b5fa0 R15: 00007fff59ca1018
[  490.222551][T10983]  </TASK>
[  490.392840][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.394675][   T30] audit: type=1400 audit(2000000013.170:932): avc:  denied  { ioctl } for  pid=10976 comm="syz.7.1383" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  490.450962][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.573434][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.607656][   T30] audit: type=1400 audit(2000000013.210:933): avc:  denied  { append } for  pid=10976 comm="syz.7.1383" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  490.692194][T10682] veth0_macvtap: entered promiscuous mode
[  490.729003][T10682] veth1_macvtap: entered promiscuous mode
[  490.776398][T10682] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.799658][ T6166] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  490.810275][ T6166] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.047286][T10682] batman_adv: batadv0: Interface activated: batadv_slave_1
[  491.081532][   T30] audit: type=1326 audit(2000000014.360:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10991 comm="syz.7.1390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb8a58e929 code=0x0
[  491.276327][T10682] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  491.534791][T10682] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  491.603065][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.689973][T10682] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  491.698902][T10682] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  492.075784][   T30] audit: type=1400 audit(2000000015.370:935): avc:  denied  { watch } for  pid=10999 comm="syz.1.1391" path="/313" dev="tmpfs" ino=1643 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  492.431228][   T30] audit: type=1400 audit(2000000015.380:936): avc:  denied  { watch } for  pid=10999 comm="syz.1.1391" path="/313" dev="tmpfs" ino=1643 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  492.536081][T11010] netlink: 'syz.4.1392': attribute type 1 has an invalid length.
[  492.544045][T11010] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1392'.
[  492.564710][ T6166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.574621][ T6166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.672483][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  492.722598][ T6166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.730450][ T6166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.275086][T11022] FAULT_INJECTION: forcing a failure.
[  493.275086][T11022] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.290281][T11022] CPU: 0 UID: 0 PID: 11022 Comm: syz.7.1397 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  493.290306][T11022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  493.290318][T11022] Call Trace:
[  493.290324][T11022]  <TASK>
[  493.290332][T11022]  dump_stack_lvl+0x16c/0x1f0
[  493.290364][T11022]  should_fail_ex+0x512/0x640
[  493.290393][T11022]  _copy_to_user+0x32/0xd0
[  493.290422][T11022]  simple_read_from_buffer+0xcb/0x170
[  493.290447][T11022]  proc_fail_nth_read+0x197/0x270
[  493.290471][T11022]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  493.290495][T11022]  ? rw_verify_area+0xcf/0x680
[  493.290515][T11022]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  493.290536][T11022]  vfs_read+0x1e1/0xc60
[  493.290562][T11022]  ? __pfx___mutex_lock+0x10/0x10
[  493.290589][T11022]  ? __pfx_vfs_read+0x10/0x10
[  493.290619][T11022]  ? __fget_files+0x20e/0x3c0
[  493.290652][T11022]  ksys_read+0x12a/0x250
[  493.290673][T11022]  ? __pfx_ksys_read+0x10/0x10
[  493.290703][T11022]  do_syscall_64+0xcd/0x4c0
[  493.290732][T11022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.290750][T11022] RIP: 0033:0x7fbb8a58d33c
[  493.290764][T11022] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  493.290782][T11022] RSP: 002b:00007fbb8b318030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  493.290799][T11022] RAX: ffffffffffffffda RBX: 00007fbb8a7b5fa0 RCX: 00007fbb8a58d33c
[  493.290811][T11022] RDX: 000000000000000f RSI: 00007fbb8b3180a0 RDI: 0000000000000004
[  493.290822][T11022] RBP: 00007fbb8b318090 R08: 0000000000000000 R09: 0000000000000000
[  493.290833][T11022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.290843][T11022] R13: 0000000000000000 R14: 00007fbb8a7b5fa0 R15: 00007ffd6c79c818
[  493.290869][T11022]  </TASK>
[  493.558794][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  493.650996][T11030] netlink: 'syz.1.1398': attribute type 1 has an invalid length.
[  493.750808][T11032] bond1: entered promiscuous mode
[  493.756316][T11032] bond1: entered allmulticast mode
[  493.762929][T11032] 8021q: adding VLAN 0 to HW filter on device bond1
[  493.803931][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  494.314906][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.332331][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  494.332348][   T30] audit: type=1400 audit(2000000017.410:938): avc:  denied  { getopt } for  pid=11035 comm="syz.7.1401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  494.358027][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.375823][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.397414][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.412587][   T30] audit: type=1400 audit(2000000017.430:939): avc:  denied  { setopt } for  pid=11035 comm="syz.7.1401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  494.432884][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.440352][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.462063][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.468350][ T6639] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.469610][   T30] audit: type=1400 audit(2000000017.450:940): avc:  denied  { read write } for  pid=11035 comm="syz.7.1401" name="uhid" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  494.512020][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.523841][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.542206][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.562210][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.569772][   T30] audit: type=1400 audit(2000000017.450:941): avc:  denied  { open } for  pid=11035 comm="syz.7.1401" path="/dev/uhid" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  494.593650][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.601126][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.625561][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.642630][   T62] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  494.653447][   T62] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  494.663277][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.674848][ T6639] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.677984][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.702567][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.710258][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.718611][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.726374][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.739212][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.747058][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.754897][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.762533][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.772270][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.779733][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.787651][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.795599][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.796936][ T6639] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.804816][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.844696][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.852813][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.860260][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.872966][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  494.897590][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.905914][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.909447][ T6639] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.914545][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.931348][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.939533][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.947258][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.956361][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.964030][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.971480][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.979015][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.986942][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  494.994662][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.002803][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.011004][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.018751][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.034588][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.045827][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.062131][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.070190][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.079120][ T6639] bridge_slave_1: left allmulticast mode
[  495.079395][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.088149][ T6639] bridge_slave_1: left promiscuous mode
[  495.097350][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.098563][ T6639] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.105930][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.122748][ T6639] bridge_slave_0: left allmulticast mode
[  495.123733][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.128392][ T6639] bridge_slave_0: left promiscuous mode
[  495.128561][ T6639] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.137320][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.157036][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.164527][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.172006][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.179461][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.186951][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.194426][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.202497][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.210143][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.217656][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.225315][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.232818][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.240251][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.248492][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.256006][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.263492][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.270910][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.278432][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.285896][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.293399][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.300839][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.308791][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.316266][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.323753][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.331211][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.338836][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.347291][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.354776][    T9] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  495.376975][    T9] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.03 Device [syz1] on syz1
[  495.940989][T11050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'.
[  496.104658][   T30] audit: type=1326 audit(2000000019.430:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11046 comm="syz.1.1403" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3eec98e929 code=0x0
[  496.192363][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.764776][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.893468][ T5977] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  496.904108][ T5977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.272275][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.410984][   T30] audit: type=1400 audit(2000000020.730:943): avc:  denied  { compute_member } for  pid=11058 comm="syz.7.1406" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  497.459022][ T6639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  497.472288][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  497.481394][ T6639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  497.490886][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  497.500325][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  497.501229][ T6639] bond0 (unregistering): Released all slaves
[  497.515514][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  497.527383][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  497.778289][   T30] audit: type=1400 audit(2000000021.080:944): avc:  denied  { setopt } for  pid=11065 comm="syz.7.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  497.871320][T11070] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  497.914481][   T30] audit: type=1400 audit(2000000021.180:945): avc:  denied  { setopt } for  pid=11065 comm="syz.7.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  498.313272][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.378952][T11061] lo speed is unknown, defaulting to 1000
[  498.547671][   T30] audit: type=1400 audit(2000000021.860:946): avc:  denied  { connect } for  pid=11072 comm="syz.1.1409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  498.597369][ T5933] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  498.623887][T11073] can: request_module (can-proto-3) failed.
[  498.862630][   T30] audit: type=1400 audit(2000000022.170:947): avc:  denied  { ioctl } for  pid=11078 comm="syz.7.1411" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  499.762290][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.094338][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.102645][ T5832] Bluetooth: hci3: command tx timeout
[  500.117609][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  500.138997][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  501.098421][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.105305][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.128680][ T7274] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  501.139334][ T7274] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  502.112002][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  502.792131][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  502.800340][ T5833] Bluetooth: hci3: command tx timeout
[  502.807286][   T30] audit: type=1400 audit(2000000023.430:948): avc:  denied  { ioctl } for  pid=11072 comm="syz.1.1409" path="socket:[35440]" dev="sockfs" ino=35440 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  502.852081][ T5933] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  502.861228][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.891215][ T5933] usb 4-1: config 0 descriptor??
[  502.913310][    C0] raw-gadget.1 gadget.3: ignoring, device is not running
[  502.932085][ T5933] usb 4-1: can't set config #0, error -32
[  502.954077][ T5933] usb 4-1: USB disconnect, device number 15
[  502.964725][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  502.975429][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  503.119884][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  503.832886][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  504.167327][   T30] audit: type=1400 audit(2000000027.490:949): avc:  denied  { getopt } for  pid=11093 comm="syz.7.1414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  504.873542][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  504.882353][ T5833] Bluetooth: hci3: command tx timeout
[  505.547238][T11106] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1418'.
[  505.824413][ T6639] hsr_slave_0: left promiscuous mode
[  505.830909][ T6639] hsr_slave_1: left promiscuous mode
[  505.842671][ T6639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  505.857357][ T6639] batman_adv: batadv0: Removing interface: batadv_slave_0
[  505.872611][ T6639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  505.880021][ T6639] batman_adv: batadv0: Removing interface: batadv_slave_1
[  505.913287][ T5890] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  505.921049][ T6639] veth1_macvtap: left promiscuous mode
[  505.930893][ T6639] veth0_macvtap: left promiscuous mode
[  505.936911][ T5891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  506.005323][ T6639] veth1_vlan: left promiscuous mode
[  506.027416][ T6639] veth0_vlan: left promiscuous mode
[  506.066690][T11115] netlink: 'syz.3.1420': attribute type 1 has an invalid length.
[  506.088950][ T5890] usb 8-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[  506.140332][ T5890] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.174196][ T5933] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  506.283043][ T5890] usb 8-1: config 0 descriptor??
[  506.388475][ T5890] gspca_main: mars-2.14.0 probing 093a:050f
[  506.589161][T11127] can: request_module (can-proto-3) failed.
[  506.953304][ T5833] Bluetooth: hci3: command tx timeout
[  507.015549][T11134] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1417'.
[  507.095115][T11135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.105241][T11135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.509527][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.072377][ T3495] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  508.083051][ T3495] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.286423][ T6639] team0 (unregistering): Port device team_slave_1 removed
[  508.317595][ T6639] team0 (unregistering): Port device team_slave_0 removed
[  508.569110][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.635948][T11119] bond3: entered promiscuous mode
[  508.641103][T11119] bond3: entered allmulticast mode
[  508.648623][T11119] 8021q: adding VLAN 0 to HW filter on device bond3
[  508.722810][ T6397] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  508.734735][ T6397] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.880499][ T5933] usb 8-1: USB disconnect, device number 6
[  509.393232][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.593822][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  510.100875][  T977] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  510.171813][   T30] audit: type=1400 audit(2000000033.490:950): avc:  denied  { write } for  pid=11156 comm="syz.7.1430" name="001" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  510.207924][T11061] chnl_net:caif_netlink_parms(): no params data found
[  510.221064][   T30] audit: type=1400 audit(2000000033.520:951): avc:  denied  { open } for  pid=11156 comm="syz.7.1430" path="/dev/ttyr3" dev="devtmpfs" ino=394 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  510.292229][  T977] usb 5-1: Using ep0 maxpacket: 32
[  510.300331][  T977] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  510.313052][  T977] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  510.321805][  T977] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  510.350425][  T977] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  510.553975][  T977] usb 5-1: config 1 has no interface number 0
[  510.560190][  T977] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[  510.583804][  T977] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  510.593201][  T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.642690][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  510.647995][  T977] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  510.799458][   T30] audit: type=1400 audit(2000000034.120:952): avc:  denied  { setopt } for  pid=11166 comm="syz.1.1434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  511.059672][T11061] bridge0: port 1(bridge_slave_0) entered blocking state
[  511.082829][T11061] bridge0: port 1(bridge_slave_0) entered disabled state
[  511.090367][T11061] bridge_slave_0: entered allmulticast mode
[  511.104347][T11061] bridge_slave_0: entered promiscuous mode
[  511.118305][T11061] bridge0: port 2(bridge_slave_1) entered blocking state
[  511.127996][T11061] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.141858][T11061] bridge_slave_1: entered allmulticast mode
[  511.159289][T11061] bridge_slave_1: entered promiscuous mode
[  511.267506][T11061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  511.285430][T11061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  511.322242][ T5818] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  511.370458][T11061] team0: Port device team_slave_0 added
[  511.379624][T11061] team0: Port device team_slave_1 added
[  511.416119][T11061] batman_adv: batadv0: Adding interface: batadv_slave_0
[  511.426730][T11061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  511.457365][T11061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  511.478945][T11061] batman_adv: batadv0: Adding interface: batadv_slave_1
[  511.486722][T11061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  511.517059][ T5818] usb 8-1: Using ep0 maxpacket: 8
[  511.522424][T11061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  511.539464][ T5818] usb 8-1: config 0 has an invalid interface number: 153 but max is 1
[  511.547948][ T5818] usb 8-1: config 0 has no interface number 0
[  511.558166][ T5818] usb 8-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=28.3e
[  511.574004][ T5818] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.598125][ T5818] usb 8-1: config 0 descriptor??
[  511.637960][T11061] hsr_slave_0: entered promiscuous mode
[  511.644337][T11061] hsr_slave_1: entered promiscuous mode
[  511.650436][T11061] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  511.658681][T11061] Cannot create hsr debugfs directory
[  511.672797][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  511.816916][T11173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.825747][T11173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.836977][ T5890] usb 8-1: USB disconnect, device number 7
[  512.095786][  T977] snd_usb_pod 5-1:1.1: set_interface failed
[  512.105057][  T977] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  512.122135][  T977] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -71
[  512.144628][  T977] usb 5-1: USB disconnect, device number 40
[  512.472370][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.522445][ T5933] usb 4-1: new low-speed USB device number 16 using dummy_hcd
[  512.530477][T11197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1441'.
[  512.712639][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.912203][ T5933] usb 4-1: Invalid ep0 maxpacket: 16
[  512.953530][T11061] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  513.040185][T11061] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  513.067537][T11061] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  513.069364][ T5933] usb 4-1: new low-speed USB device number 17 using dummy_hcd
[  513.089614][T11061] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  513.747968][ T5833] Bluetooth: hci5: command 0x0406 tx timeout
[  513.754334][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  513.772600][ T5933] usb 4-1: Invalid ep0 maxpacket: 16
[  513.792072][ T5933] usb usb4-port1: attempt power cycle
[  513.868197][ T5977] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  513.878982][ T5977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.211354][T11061] 8021q: adding VLAN 0 to HW filter on device bond0
[  514.283395][T11061] 8021q: adding VLAN 0 to HW filter on device team0
[  514.342260][ T5933] usb 4-1: new low-speed USB device number 18 using dummy_hcd
[  514.342558][ T1333] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.356899][ T1333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.372988][ T5933] usb 4-1: Invalid ep0 maxpacket: 16
[  514.427611][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.434784][ T5977] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.473465][ T3495] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  514.484512][ T3495] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.509974][ T5933] usb 4-1: new low-speed USB device number 19 using dummy_hcd
[  514.562724][ T5933] usb 4-1: Invalid ep0 maxpacket: 16
[  514.588998][ T5933] usb usb4-port1: unable to enumerate USB device
[  514.792366][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.889638][T11061] 8021q: adding VLAN 0 to HW filter on device batadv0
[  515.262299][ T1206] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  515.409126][T11061] veth0_vlan: entered promiscuous mode
[  515.434086][T11061] veth1_vlan: entered promiscuous mode
[  515.448305][ T1206] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.464300][T11254] rdma_op ffff888058aa21f0 conn xmit_rdma 0000000000000000
[  515.485826][ T1206] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  515.508569][ T1206] usb 8-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  515.522904][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  515.533720][T11061] veth0_macvtap: entered promiscuous mode
[  515.539914][ T1206] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.545235][T11061] veth1_macvtap: entered promiscuous mode
[  515.588849][T11061] batman_adv: batadv0: Interface activated: batadv_slave_0
[  515.593646][ T1206] usb 8-1: config 0 descriptor??
[  515.833111][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  515.976627][   T30] audit: type=1400 audit(2000000039.290:953): avc:  denied  { mount } for  pid=11238 comm="syz.7.1451" name="/" dev="autofs" ino=36729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  516.012113][T11264] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  516.054882][T11061] batman_adv: batadv0: Interface activated: batadv_slave_1
[  516.076310][T11061] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  516.090224][   T30] audit: type=1400 audit(2000000039.380:954): avc:  denied  { mounton } for  pid=11238 comm="syz.7.1451" path="/96/file1/file0" dev="autofs" ino=36733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  516.101975][T11061] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  516.121212][   T30] audit: type=1400 audit(2000000039.380:955): avc:  denied  { mount } for  pid=11238 comm="syz.7.1451" name="/" dev="hugetlbfs" ino=36734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  516.163935][T11061] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  516.172854][T11061] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  516.295610][ T3495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  516.399164][T11274] kvm: user requested TSC rate below hardware speed
[  516.410756][   T30] audit: type=1400 audit(2000000039.730:956): avc:  denied  { getopt } for  pid=11273 comm="syz.3.1459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  516.461831][ T3495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  516.590414][ T3495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  516.686024][ T3495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  517.072053][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  517.542577][    T9] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  517.725271][    T9] usb 5-1: Using ep0 maxpacket: 8
[  517.745559][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 16
[  517.795823][ T1206] usbhid 8-1:0.0: can't add hid device: -71
[  517.801770][ T1206] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  517.809657][   T30] audit: type=1400 audit(2000000041.120:957): avc:  denied  { unmount } for  pid=9640 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  517.846263][    T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00
[  517.859652][ T1206] usb 8-1: USB disconnect, device number 8
[  517.866274][   T30] audit: type=1400 audit(2000000041.120:958): avc:  denied  { unmount } for  pid=9640 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  517.872082][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.163148][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  518.198694][    T9] usb 5-1: config 0 descriptor??
[  518.335504][T11303] netlink: 'syz.3.1469': attribute type 11 has an invalid length.
[  518.348590][T11303] netlink: 448 bytes leftover after parsing attributes in process `syz.3.1469'.
[  518.368753][   T30] audit: type=1326 audit(2000000041.690:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11302 comm="syz.3.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d4f8e929 code=0x7ffc0000
[  518.398198][   T30] audit: type=1326 audit(2000000041.690:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11302 comm="syz.3.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d4f8e929 code=0x7ffc0000
[  518.426281][   T30] audit: type=1326 audit(2000000041.690:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11302 comm="syz.3.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fa3d4f8e929 code=0x7ffc0000
[  518.456733][   T30] audit: type=1326 audit(2000000041.690:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11302 comm="syz.3.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d4f8e929 code=0x7ffc0000
[  518.555657][ T6323] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  518.849582][    T9] wacom 0003:056A:0029.000B: unknown main item tag 0x4
[  518.952241][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  518.967121][    T9] wacom 0003:056A:0029.000B: item fetching failed at offset 2/5
[  519.056130][T11289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.059470][ T7274] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.076348][T11289] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.089868][    T9] wacom 0003:056A:0029.000B: parse failed
[  519.107529][    T9] wacom 0003:056A:0029.000B: probe with driver wacom failed with error -22
[  519.135798][T11289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.163642][T11289] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.202121][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  519.270589][ T7274] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.396077][ T1206] usb 5-1: USB disconnect, device number 41
[  519.416895][ T7274] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.503899][ T7274] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.596527][ T1333] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  519.607336][ T1333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  519.649800][ T7274] bridge_slave_1: left allmulticast mode
[  519.656446][ T7274] bridge_slave_1: left promiscuous mode
[  519.662618][ T7274] bridge0: port 2(bridge_slave_1) entered disabled state
[  519.671908][ T7274] bridge_slave_0: left allmulticast mode
[  519.679152][ T7274] bridge_slave_0: left promiscuous mode
[  519.685171][ T7274] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.431975][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  520.465266][ T1333] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  520.476057][ T1333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  520.629903][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  520.650862][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  520.661185][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  520.677773][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  520.688397][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  520.755270][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  520.777497][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  520.790418][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  520.800267][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  520.808647][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  520.819703][ T7274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  520.855801][ T7274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  520.875626][ T7274] bond0 (unregistering): Released all slaves
[  520.939952][T11327] lo speed is unknown, defaulting to 1000
[  521.443385][ T5890] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.592551][ T6323] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.705883][T11324] lo speed is unknown, defaulting to 1000
[  522.047075][T11327] chnl_net:caif_netlink_parms(): no params data found
[  522.079867][   T30] kauditd_printk_skb: 55 callbacks suppressed
[  522.079881][   T30] audit: type=1400 audit(2000000045.400:1018): avc:  denied  { getopt } for  pid=11338 comm="syz.3.1482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  522.695188][ T5818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.713868][ T5832] Bluetooth: hci3: command tx timeout
[  522.826469][T11327] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.838278][T11327] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.846595][T11327] bridge_slave_0: entered allmulticast mode
[  522.871597][T11327] bridge_slave_0: entered promiscuous mode
[  522.883307][ T5832] Bluetooth: hci4: command tx timeout
[  523.066820][T11327] bridge0: port 2(bridge_slave_1) entered blocking state
[  523.122956][T11327] bridge0: port 2(bridge_slave_1) entered disabled state
[  523.132151][T11327] bridge_slave_1: entered allmulticast mode
[  523.140670][T11327] bridge_slave_1: entered promiscuous mode
[  523.167116][ T7274] hsr_slave_0: left promiscuous mode
[  523.172899][ T7274] hsr_slave_1: left promiscuous mode
[  523.178743][ T7274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  523.191669][ T7274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  523.200582][ T7274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  523.209267][ T7274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  523.227986][ T7274] veth1_macvtap: left promiscuous mode
[  523.233843][ T7274] veth0_macvtap: left promiscuous mode
[  523.239581][ T7274] veth1_vlan: left promiscuous mode
[  523.245740][ T7274] veth0_vlan: left promiscuous mode
[  523.426408][   T30] audit: type=1400 audit(2000000046.750:1019): avc:  denied  { remount } for  pid=11352 comm="syz.3.1484" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  523.663168][ T7274] team0 (unregistering): Port device team_slave_1 removed
[  523.694942][ T7274] team0 (unregistering): Port device team_slave_0 removed
[  523.766005][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  524.048723][T11327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  524.080466][T11327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  524.196707][T11327] team0: Port device team_slave_0 added
[  524.209434][T11327] team0: Port device team_slave_1 added
[  524.223900][ T7486] pimreg: left allmulticast mode
[  524.288654][T11327] batman_adv: batadv0: Adding interface: batadv_slave_0
[  524.295872][T11327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.322563][T11327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  524.335551][T11327] batman_adv: batadv0: Adding interface: batadv_slave_1
[  524.342607][T11327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.372083][T11327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  524.399869][T11324] chnl_net:caif_netlink_parms(): no params data found
[  524.511077][T11327] hsr_slave_0: entered promiscuous mode
[  524.521599][T11327] hsr_slave_1: entered promiscuous mode
[  524.529891][T11327] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  524.541734][T11327] Cannot create hsr debugfs directory
[  524.710885][ T7274] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  524.761057][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  524.775005][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  524.777758][T11324] bridge0: port 1(bridge_slave_0) entered blocking state
[  524.791453][T11371] FAULT_INJECTION: forcing a failure.
[  524.791453][T11371] name failslab, interval 1, probability 0, space 0, times 0
[  524.793130][T11324] bridge0: port 1(bridge_slave_0) entered disabled state
[  524.809788][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  524.811712][T11324] bridge_slave_0: entered allmulticast mode
[  524.818526][ T5833] Bluetooth: hci3: command tx timeout
[  524.826692][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  524.833590][T11371] CPU: 1 UID: 0 PID: 11371 Comm: syz.3.1489 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  524.833612][T11371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  524.833622][T11371] Call Trace:
[  524.833629][T11371]  <TASK>
[  524.833635][T11371]  dump_stack_lvl+0x16c/0x1f0
[  524.833663][T11371]  should_fail_ex+0x512/0x640
[  524.833684][T11371]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  524.833706][T11371]  should_failslab+0xc2/0x120
[  524.833728][T11371]  __kmalloc_cache_noprof+0x6a/0x3e0
[  524.833747][T11371]  ? ufs_init_fs_context+0x47/0x310
[  524.833769][T11371]  ? __pfx_ufs_init_fs_context+0x10/0x10
[  524.833786][T11371]  ufs_init_fs_context+0x47/0x310
[  524.833804][T11371]  ? __pfx_ufs_init_fs_context+0x10/0x10
[  524.833822][T11371]  alloc_fs_context+0x54a/0x9c0
[  524.833849][T11371]  __x64_sys_fsopen+0xeb/0x240
[  524.833865][T11371]  do_syscall_64+0xcd/0x4c0
[  524.833890][T11371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.833907][T11371] RIP: 0033:0x7fa3d4f8e929
[  524.833920][T11371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.833935][T11371] RSP: 002b:00007fa3d5eb6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[  524.833950][T11371] RAX: ffffffffffffffda RBX: 00007fa3d51b5fa0 RCX: 00007fa3d4f8e929
[  524.833961][T11371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0
[  524.833970][T11371] RBP: 00007fa3d5eb6090 R08: 0000000000000000 R09: 0000000000000000
[  524.833984][T11371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  524.833994][T11371] R13: 0000000000000001 R14: 00007fa3d51b5fa0 R15: 00007fff59ca1018
[  524.834016][T11371]  </TASK>
[  524.836399][T11324] bridge_slave_0: entered promiscuous mode
[  524.838879][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  524.903488][T11324] bridge0: port 2(bridge_slave_1) entered blocking state
[  524.955131][ T5833] Bluetooth: hci4: command tx timeout
[  525.032821][T11324] bridge0: port 2(bridge_slave_1) entered disabled state
[  525.040129][T11324] bridge_slave_1: entered allmulticast mode
[  525.050290][T11324] bridge_slave_1: entered promiscuous mode
[  525.073983][ T7274] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.091310][T11373] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1490'.
[  525.183979][ T7274] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.203914][T11324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  525.215168][T11324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  525.270688][ T7274] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.298366][T11324] team0: Port device team_slave_0 added
[  525.316234][T11324] team0: Port device team_slave_1 added
[  525.357625][T11368] lo speed is unknown, defaulting to 1000
[  525.358632][T11324] batman_adv: batadv0: Adding interface: batadv_slave_0
[  525.370642][T11324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  525.401450][T11324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  525.422136][T11324] batman_adv: batadv0: Adding interface: batadv_slave_1
[  525.431713][T11324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  525.459147][T11324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  525.472217][ T6323] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  525.594864][T11324] hsr_slave_0: entered promiscuous mode
[  525.600914][T11324] hsr_slave_1: entered promiscuous mode
[  525.607132][T11324] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  525.615043][T11324] Cannot create hsr debugfs directory
[  525.633668][ T6323] usb 4-1: unable to get BOS descriptor or descriptor too short
[  525.649554][ T6323] usb 4-1: config 4 has an invalid interface number: 187 but max is 1
[  525.664043][ T6323] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  525.674317][ T6323] usb 4-1: config 4 has 1 interface, different from the descriptor's value: 2
[  525.683695][ T6323] usb 4-1: config 4 has no interface number 0
[  525.689849][ T6323] usb 4-1: config 4 interface 187 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  525.700846][ T6323] usb 4-1: config 4 interface 187 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  525.713779][T11327] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  525.720512][ T6323] usb 4-1: config 4 interface 187 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  525.732758][ T6323] usb 4-1: config 4 interface 187 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  525.762192][ T6323] usb 4-1: config 4 interface 187 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 7
[  525.777425][ T6323] usb 4-1: New USB device found, idVendor=10ab, idProduct=10c5, bcdDevice=27.5e
[  525.786670][ T6323] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.792971][T11327] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  525.794798][ T6323] usb 4-1: Product: syz
[  525.805656][ T6323] usb 4-1: Manufacturer: syz
[  525.809173][T11327] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  525.817219][ T6323] usb 4-1: SerialNumber: syz
[  525.850344][T11327] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  525.902159][ T7274] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.913327][ T7274] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  526.010077][ T7274] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.020658][ T7274] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  526.045382][ T6323] cp210x 4-1:4.187: cp210x converter detected
[  526.060159][ T6323] cp210x 4-1:4.187: failed to get vendor val 0x370b size 1: -71
[  526.069590][ T6323] cp210x 4-1:4.187: querying part number failed
[  526.098517][ T6323] usb 4-1: cp210x converter now attached to ttyUSB0
[  526.126404][ T6323] usb 4-1: USB disconnect, device number 20
[  526.128636][ T7274] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.137351][ T6323] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  526.143134][ T7274] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  526.156633][ T6323] cp210x 4-1:4.187: device disconnected
[  526.220458][ T7274] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.232159][ T7274] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  526.256422][T11368] chnl_net:caif_netlink_parms(): no params data found
[  526.336563][T11327] 8021q: adding VLAN 0 to HW filter on device bond0
[  526.381802][T11368] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.389093][T11368] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.402105][T11368] bridge_slave_0: entered allmulticast mode
[  526.408893][T11368] bridge_slave_0: entered promiscuous mode
[  526.418713][T11368] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.426071][T11368] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.434004][T11368] bridge_slave_1: entered allmulticast mode
[  526.440733][T11368] bridge_slave_1: entered promiscuous mode
[  526.459857][T11327] 8021q: adding VLAN 0 to HW filter on device team0
[  526.537108][T11368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.551727][ T6639] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.558834][ T6639] bridge0: port 1(bridge_slave_0) entered forwarding state
[  526.577936][T11368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.599479][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.606575][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  526.693036][ T7274] bridge_slave_1: left allmulticast mode
[  526.698795][ T7274] bridge_slave_1: left promiscuous mode
[  526.707207][ T7274] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.715887][ T7274] bridge_slave_0: left allmulticast mode
[  526.721507][ T7274] bridge_slave_0: left promiscuous mode
[  526.727693][ T7274] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.872386][ T5833] Bluetooth: hci3: command tx timeout
[  526.918510][ T7274] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  527.032138][ T5833] Bluetooth: hci4: command tx timeout
[  527.090270][ T7274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  527.100237][ T7274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  527.110652][ T7274] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  527.118628][ T5833] Bluetooth: hci0: command tx timeout
[  527.127742][ T7274] bond0 (unregistering): Released all slaves
[  527.212506][ T7274] bond1 (unregistering): Released all slaves
[  527.290380][ T7274] bond2 (unregistering): Released all slaves
[  527.301548][ T7274] bond3 (unregistering): Released all slaves
[  527.573837][ T7274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  527.584544][ T7274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  527.594926][ T7274] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  527.605331][ T7274] bond0 (unregistering): Released all slaves
[  527.685670][ T7274] bond1 (unregistering): Released all slaves
[  527.709420][T11368] team0: Port device team_slave_0 added
[  527.717492][T11368] team0: Port device team_slave_1 added
[  527.857289][ T7274] : left promiscuous mode
[  527.879091][T11368] batman_adv: batadv0: Adding interface: batadv_slave_0
[  527.886919][T11368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  527.928290][T11368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  527.977247][T11368] batman_adv: batadv0: Adding interface: batadv_slave_1
[  527.985521][T11368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  528.021690][T11368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  528.104346][T11324] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  528.123354][ T7274] tipc: Left network mode
[  528.127132][T11368] hsr_slave_0: entered promiscuous mode
[  528.635043][T11368] hsr_slave_1: entered promiscuous mode
[  528.641087][T11368] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  528.648767][T11368] Cannot create hsr debugfs directory
[  528.655650][T11324] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  528.679162][T11324] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  528.704537][T11324] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  528.954326][ T5833] Bluetooth: hci3: command tx timeout
[  529.112323][ T5833] Bluetooth: hci4: command tx timeout
[  529.192351][ T5833] Bluetooth: hci0: command tx timeout
[  529.289846][T11327] 8021q: adding VLAN 0 to HW filter on device batadv0
[  529.351903][T11368] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  529.365649][T11368] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  529.397818][T11368] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  529.416095][T11368] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  529.503955][T11324] 8021q: adding VLAN 0 to HW filter on device bond0
[  529.612140][T11324] 8021q: adding VLAN 0 to HW filter on device team0
[  529.636201][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  529.643353][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  529.667221][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  529.677254][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  529.685689][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  529.708060][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  529.713268][ T6397] bridge0: port 2(bridge_slave_1) entered blocking state
[  529.722137][ T6397] bridge0: port 2(bridge_slave_1) entered forwarding state
[  529.731043][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  529.881795][T11421] lo speed is unknown, defaulting to 1000
[  529.942507][T11368] 8021q: adding VLAN 0 to HW filter on device bond0
[  529.988538][T11327] veth0_vlan: entered promiscuous mode
[  530.042268][ T7274] hsr_slave_0: left promiscuous mode
[  530.056284][ T7274] hsr_slave_1: left promiscuous mode
[  530.071009][ T7274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  530.087258][ T7274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  530.095737][ T7274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  530.110645][ T7274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  530.119982][ T7274] hsr_slave_0: left promiscuous mode
[  530.128634][ T7274] hsr_slave_1: left promiscuous mode
[  530.134615][ T7274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  530.142467][ T7274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  530.150808][ T7274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  530.159248][ T7274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  530.189858][ T7274] veth1_macvtap: left promiscuous mode
[  530.195522][ T7274] veth0_macvtap: left promiscuous mode
[  530.416775][ T7274] team0 (unregistering): Port device team_slave_1 removed
[  530.448396][ T7274] team0 (unregistering): Port device team_slave_0 removed
[  530.915449][ T7274] team0 (unregistering): Port device team_slave_1 removed
[  530.948483][ T7274] team0 (unregistering): Port device team_slave_0 removed
[  531.239313][T11368] 8021q: adding VLAN 0 to HW filter on device team0
[  531.273275][T11327] veth1_vlan: entered promiscuous mode
[  531.282237][ T5832] Bluetooth: hci0: command tx timeout
[  531.301369][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  531.308492][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.370864][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.377969][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state
[  531.435901][T11324] 8021q: adding VLAN 0 to HW filter on device batadv0
[  531.471180][T11327] veth0_macvtap: entered promiscuous mode
[  531.535635][T11327] veth1_macvtap: entered promiscuous mode
[  531.618886][T11368] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  531.676313][T11327] batman_adv: batadv0: Interface activated: batadv_slave_0
[  531.708197][T11327] batman_adv: batadv0: Interface activated: batadv_slave_1
[  531.740129][T11421] chnl_net:caif_netlink_parms(): no params data found
[  531.772637][T11327] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  531.781384][T11327] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  531.790967][T11327] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  531.801759][T11327] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  531.835012][ T5832] Bluetooth: hci1: command tx timeout
[  531.955008][T11324] veth0_vlan: entered promiscuous mode
[  531.976407][T11421] bridge0: port 1(bridge_slave_0) entered blocking state
[  531.984307][T11421] bridge0: port 1(bridge_slave_0) entered disabled state
[  531.991426][T11421] bridge_slave_0: entered allmulticast mode
[  531.998693][T11421] bridge_slave_0: entered promiscuous mode
[  532.008115][T11421] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.015254][T11421] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.022574][T11421] bridge_slave_1: entered allmulticast mode
[  532.029583][T11421] bridge_slave_1: entered promiscuous mode
[  532.059625][T11421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  532.071497][T11421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  532.094826][T11324] veth1_vlan: entered promiscuous mode
[  532.135654][ T7274] IPVS: stop unused estimator thread 0...
[  532.147452][T11421] team0: Port device team_slave_0 added
[  532.170739][T11368] 8021q: adding VLAN 0 to HW filter on device batadv0
[  532.181244][T11421] team0: Port device team_slave_1 added
[  532.251162][T11421] batman_adv: batadv0: Adding interface: batadv_slave_0
[  532.258512][T11421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  532.286466][T11421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  532.309974][T11421] batman_adv: batadv0: Adding interface: batadv_slave_1
[  532.319565][T11421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  532.347474][T11421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  532.376284][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  532.387702][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  532.449139][T11324] veth0_macvtap: entered promiscuous mode
[  532.484216][T11324] veth1_macvtap: entered promiscuous mode
[  532.495867][T11421] hsr_slave_0: entered promiscuous mode
[  532.501868][T11421] hsr_slave_1: entered promiscuous mode
[  532.510645][ T5977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  532.519293][ T5977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  532.621579][T11324] batman_adv: batadv0: Interface activated: batadv_slave_0
[  532.750314][T11324] batman_adv: batadv0: Interface activated: batadv_slave_1
[  532.810540][T11324] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  532.824906][T11324] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  532.852595][T11324] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  532.861323][T11324] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  533.374419][ T5832] Bluetooth: hci0: command tx timeout
[  533.692506][T11368] veth0_vlan: entered promiscuous mode
[  533.703847][T11368] veth1_vlan: entered promiscuous mode
[  533.924752][ T5832] Bluetooth: hci1: command tx timeout
[  534.043513][T11368] veth0_macvtap: entered promiscuous mode
[  534.188051][T11368] veth1_macvtap: entered promiscuous mode
[  534.205258][T11460] can: request_module (can-proto-3) failed.
[  534.300362][T11368] batman_adv: batadv0: Interface activated: batadv_slave_0
[  534.312520][   T31] INFO: task kworker/1:0:24 blocked for more than 143 seconds.
[  534.320078][   T31]       Not tainted 6.16.0-rc1-syzkaller #0
[  534.329357][ T5833] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  534.340200][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  534.340558][ T5833] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  534.358030][ T5833] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  534.375989][ T5833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  534.383477][ T5833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  534.427098][   T30] audit: type=1400 audit(2000000057.690:1020): avc:  denied  { write } for  pid=5802 comm="syz-executor" path="pipe:[4548]" dev="pipefs" ino=4548 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  534.433956][   T31] task:kworker/1:0     state:D stack:22408 pid:24    tgid:24    ppid:2      task_flags:0x4208060 flags:0x00004000
[  534.462849][   T31] Workqueue: usb_hub_wq hub_event
[  534.467906][   T31] Call Trace:
[  534.471181][   T31]  <TASK>
[  534.474191][   T31]  __schedule+0x116a/0x5de0
[  534.478736][   T31]  ? __lock_acquire+0x622/0x1c90
[  534.485058][   T31]  ? __pfx___schedule+0x10/0x10
[  534.489948][   T31]  ? find_held_lock+0x2b/0x80
[  534.494949][   T31]  ? schedule+0x2d7/0x3a0
[  534.499302][   T31]  schedule+0xe7/0x3a0
[  534.518844][   T31]  schedule_timeout+0x257/0x290
[  534.523990][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  534.529598][   T31]  ? mark_held_locks+0x49/0x80
[  534.538547][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  534.543991][   T31]  __wait_for_common+0x2fc/0x4e0
[  534.548950][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  534.554657][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  534.560121][   T31]  ? __pfx_device_del+0x10/0x10
[  534.565415][   T31]  ? kobject_put+0xab/0x5a0
[  534.569922][   T31]  i2c_del_adapter+0x546/0x6f0
[  534.574704][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  534.579987][   T31]  ? kfree+0x2b4/0x4d0
[  534.584085][   T31]  ? media_device_cleanup+0x53/0x80
[  534.589284][   T31]  ? dvb_usbv2_exit.isra.0+0x3c6/0x9f0
[  534.594815][   T31]  dvb_usbv2_exit.isra.0+0x45b/0x9f0
[  534.600102][   T31]  dvb_usbv2_probe+0x1f61/0x3e50
[  534.605089][   T31]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[  534.610377][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  534.615589][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  534.621394][   T31]  ? __pm_runtime_set_status+0x13c/0xa80
[  534.627056][   T31]  usb_probe_interface+0x303/0x9c0
[  534.632530][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  534.638175][   T31]  really_probe+0x23e/0xa90
[  534.642813][   T31]  __driver_probe_device+0x1de/0x440
[  534.648110][   T31]  driver_probe_device+0x4c/0x1b0
[  534.653194][   T31]  __device_attach_driver+0x1df/0x310
[  534.658565][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  534.664479][   T31]  bus_for_each_drv+0x156/0x1e0
[  534.669664][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  534.675103][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  534.680301][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  534.686151][   T31]  __device_attach+0x1e4/0x4b0
[  534.690914][   T31]  ? __pfx___device_attach+0x10/0x10
[  534.696231][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  534.701428][   T31]  bus_probe_device+0x17f/0x1c0
[  534.706315][   T31]  device_add+0x1148/0x1a70
[  534.710808][   T31]  ? __pfx_device_add+0x10/0x10
[  534.715738][   T31]  ? mark_held_locks+0x49/0x80
[  534.720509][   T31]  usb_set_configuration+0x1187/0x1e20
[  534.726016][   T31]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[  534.732333][   T31]  usb_generic_driver_probe+0xb1/0x110
[  534.737792][   T31]  usb_probe_device+0xef/0x3e0
[  534.742577][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  534.747945][   T31]  really_probe+0x23e/0xa90
[  534.752779][   T31]  __driver_probe_device+0x1de/0x440
[  534.758068][   T31]  ? usb_driver_applicable+0x1c7/0x220
[  534.763564][   T31]  driver_probe_device+0x4c/0x1b0
[  534.769306][   T31]  __device_attach_driver+0x1df/0x310
[  534.774731][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  534.780629][   T31]  bus_for_each_drv+0x156/0x1e0
[  534.785554][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  534.790932][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  534.796181][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  534.802036][   T31]  __device_attach+0x1e4/0x4b0
[  534.806801][   T31]  ? __pfx___device_attach+0x10/0x10
[  534.812112][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  534.817308][   T31]  bus_probe_device+0x17f/0x1c0
[  534.822198][   T31]  device_add+0x1148/0x1a70
[  534.826700][   T31]  ? __pfx_device_add+0x10/0x10
[  534.831528][   T31]  ? add_device_randomness+0xb7/0xf0
[  534.837091][   T31]  ? __usb_get_extra_descriptor+0x158/0x1c0
[  534.843025][   T31]  usb_new_device+0xd07/0x1a20
[  534.847793][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[  534.852851][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  534.858043][   T31]  ? mark_held_locks+0x49/0x80
[  534.862949][   T31]  hub_event+0x2eb7/0x4fa0
[  534.867379][   T31]  ? __pfx_hub_event+0x10/0x10
[  534.872965][   T31]  ? assoc_array_insert+0x3d0/0x3970
[  534.878261][   T31]  ? finish_task_switch.isra.0+0x221/0xc10
[  534.884106][   T31]  ? rcu_is_watching+0x12/0xc0
[  534.888881][   T31]  process_one_work+0x9cf/0x1b70
[  534.893940][   T31]  ? __pfx_process_one_work+0x10/0x10
[  534.899323][   T31]  ? assign_work+0x1a0/0x250
[  534.903948][   T31]  worker_thread+0x6c8/0xf10
[  534.908538][   T31]  ? __pfx_worker_thread+0x10/0x10
[  534.913700][   T31]  kthread+0x3c5/0x780
[  534.917762][   T31]  ? __pfx_kthread+0x10/0x10
[  534.922374][   T31]  ? rcu_is_watching+0x12/0xc0
[  534.927152][   T31]  ? __pfx_kthread+0x10/0x10
[  534.931719][   T31]  ret_from_fork+0x5d4/0x6f0
[  534.936551][   T31]  ? __pfx_kthread+0x10/0x10
[  534.941140][   T31]  ret_from_fork_asm+0x1a/0x30
[  534.945927][   T31]  </TASK>
[  534.949040][   T31] INFO: task syz.5.996:9464 blocked for more than 143 seconds.
[  534.956936][   T31]       Not tainted 6.16.0-rc1-syzkaller #0
[  534.962851][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  534.971501][   T31] task:syz.5.996       state:D stack:26472 pid:9464  tgid:9463  ppid:6361   task_flags:0x400140 flags:0x00004004
[  534.984047][   T31] Call Trace:
[  534.987323][   T31]  <TASK>
[  534.990234][   T31]  __schedule+0x116a/0x5de0
[  534.994807][   T31]  ? __lock_acquire+0x622/0x1c90
[  534.999752][   T31]  ? __pfx___schedule+0x10/0x10
[  535.004639][   T31]  ? find_held_lock+0x2b/0x80
[  535.009322][   T31]  ? schedule+0x2d7/0x3a0
[  535.013706][   T31]  schedule+0xe7/0x3a0
[  535.017785][   T31]  schedule_preempt_disabled+0x13/0x30
[  535.023272][   T31]  __mutex_lock+0x6c7/0xb90
[  535.027780][   T31]  ? usbdev_ioctl+0x1a8/0x4070
[  535.032652][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  535.037962][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  535.043310][   T31]  ? find_held_lock+0x2b/0x80
[  535.047999][   T31]  ? usbdev_ioctl+0x1a8/0x4070
[  535.052867][   T31]  usbdev_ioctl+0x1a8/0x4070
[  535.057463][   T31]  ? __pfx_usbdev_ioctl+0x10/0x10
[  535.062512][   T31]  ? do_vfs_ioctl+0x523/0x1a60
[  535.067271][   T31]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  535.072388][   T31]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  535.079165][   T31]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  535.085795][   T31]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  535.092692][   T31]  ? hook_file_ioctl_common+0x145/0x410
[  535.098230][   T31]  ? selinux_file_ioctl+0x180/0x270
[  535.103466][   T31]  ? selinux_file_ioctl+0xb4/0x270
[  535.108576][   T31]  ? __pfx_usbdev_ioctl+0x10/0x10
[  535.113619][   T31]  __x64_sys_ioctl+0x18e/0x210
[  535.118378][   T31]  do_syscall_64+0xcd/0x4c0
[  535.122933][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.128826][   T31] RIP: 0033:0x7fd1f998e929
[  535.133443][   T31] RSP: 002b:00007fd1fa834038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  535.143162][   T31] RAX: ffffffffffffffda RBX: 00007fd1f9bb5fa0 RCX: 00007fd1f998e929
[  535.151145][   T31] RDX: 0000200000000000 RSI: 00000000c0105500 RDI: 0000000000000006
[  535.159136][   T31] RBP: 00007fd1f9a10b39 R08: 0000000000000000 R09: 0000000000000000
[  535.167162][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  535.175150][   T31] R13: 0000000000000000 R14: 00007fd1f9bb5fa0 R15: 00007ffc01c8d938
[  535.183627][   T31]  </TASK>
[  535.186759][   T31] 
[  535.186759][   T31] Showing all locks held in the system:
[  535.211218][   T31] 3 locks held by kworker/0:0/9:
[  535.217963][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  535.228757][   T31]  #1: ffffc900000e7d10 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  535.240981][   T31]  #2: ffff888056ab3240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1bb/0x2e80
[  535.251670][   T31] 5 locks held by kworker/1:0/24:
[  535.256822][   T31]  #0: ffff888023eeb148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  535.268176][   T31]  #1: ffffc900001e7d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  535.279735][   T31]  #2: ffff88814474f198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0
[  535.289210][   T31]  #3: ffff88802b245198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  535.298555][   T31]  #4: ffff8880288c7160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  535.307865][   T31] 1 lock held by khungtaskd/31:
[  535.312733][   T31]  #0: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  535.322698][   T31] 2 locks held by getty/5577:
[  535.327370][   T31]  #0: ffff888037de20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  535.337154][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  535.347435][   T31] 3 locks held by kworker/u8:11/6639:
[  535.354391][   T31]  #0: ffff888032653148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  535.365508][   T31]  #1: ffffc90003f8fd10 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  535.377711][   T31]  #2: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0
[  535.387681][   T31] 3 locks held by kworker/u8:12/7274:
[  535.393094][   T31]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  535.404312][   T31]  #1: ffffc90003fdfd10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  535.414705][   T31]  #2: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  535.423800][   T31] 5 locks held by kworker/u8:13/7627:
[  535.429162][   T31]  #0: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  535.440603][   T31]  #1: ffff8880b8524088 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2c1/0x8e0
[  535.452238][   T31]  #2: ffff888060ce0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0x99/0x550
[  535.462456][   T31]  #3: ffff8880b8524088 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_change+0x1a2/0x2d0
[  535.473937][   T31]  #4: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x20a0
[  535.483632][   T31] 4 locks held by udevd/8256:
[  535.488595][   T31]  #0: ffff8880419b0790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[  535.497527][   T31]  #1: ffff88805e54d088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240
[  535.506951][   T31]  #2: ffff88807bc03d28 (kn->active#25){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240
[  535.516812][   T31]  #3: ffff88802b245198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  535.526151][   T31] 1 lock held by syz.5.996/9464:
[  535.531056][   T31]  #0: ffff88814474f198 (&dev->mutex){....}-{4:4}, at: usbdev_ioctl+0x1a8/0x4070
[  535.540211][   T31] 2 locks held by syz-executor/9640:
[  535.545514][   T31]  #0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  535.554759][   T31]  #1: ffffffff8e5cfe38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  535.564814][   T31] 1 lock held by syz-executor/11324:
[  535.570087][   T31]  #0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  535.579679][   T31] 1 lock held by syz-executor/11368:
[  535.584978][   T31]  #0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  535.595045][   T31] 7 locks held by syz-executor/11421:
[  535.600405][   T31]  #0: ffff888038296428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  535.609418][   T31]  #1: ffff88805bd54488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  535.619196][   T31]  #2: ffff888143be2968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  535.629211][   T31]  #3: ffffffff8f8e9a08 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  535.639546][   T31]  #4: ffff888029c690e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620
[  535.650080][   T31]  #5: ffff888029c6b250 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1d0
[  535.660299][   T31]  #6: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x146/0x360
[  535.669789][   T31] 1 lock held by syz.8.1501/11462:
[  535.675505][   T31]  #0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x1a1/0x10e0
[  535.684531][   T31] 1 lock held by syz-executor/11466:
[  535.690271][   T31]  #0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540
[  535.701407][   T31] 
[  535.704017][   T31] =============================================
[  535.704017][   T31] 
[  535.715121][   T31] NMI backtrace for cpu 0
[  535.715133][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  535.715154][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  535.715164][   T31] Call Trace:
[  535.715170][   T31]  <TASK>
[  535.715177][   T31]  dump_stack_lvl+0x116/0x1f0
[  535.715208][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  535.715228][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  535.715253][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  535.715278][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  535.715302][   T31]  watchdog+0xf70/0x12c0
[  535.715327][   T31]  ? __pfx_watchdog+0x10/0x10
[  535.715351][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  535.715377][   T31]  ? __kthread_parkme+0x19e/0x250
[  535.715404][   T31]  ? __pfx_watchdog+0x10/0x10
[  535.715423][   T31]  kthread+0x3c5/0x780
[  535.715440][   T31]  ? __pfx_kthread+0x10/0x10
[  535.715457][   T31]  ? rcu_is_watching+0x12/0xc0
[  535.715479][   T31]  ? __pfx_kthread+0x10/0x10
[  535.715495][   T31]  ret_from_fork+0x5d4/0x6f0
[  535.715519][   T31]  ? __pfx_kthread+0x10/0x10
[  535.715535][   T31]  ret_from_fork_asm+0x1a/0x30
[  535.715566][   T31]  </TASK>
[  535.715572][   T31] Sending NMI from CPU 0 to CPUs 1:
[  535.839176][    C1] NMI backtrace for cpu 1
[  535.839191][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  535.839208][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  535.839216][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  535.839239][    C1] Code: bb 72 02 e9 03 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 4f 2a 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  535.839253][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
[  535.839265][    C1] RAX: 0000000001e72c9f RBX: 0000000000000001 RCX: ffffffff8b7fbc99
[  535.839274][    C1] RDX: 0000000000000000 RSI: ffffffff8de18f45 RDI: ffffffff8c157020
[  535.839284][    C1] RBP: ffffed1003cd7488 R08: 0000000000000001 R09: ffffed10170a6645
[  535.839292][    C1] R10: ffff8880b853322b R11: 0000000000000001 R12: 0000000000000001
[  535.839301][    C1] R13: ffff88801e6ba440 R14: ffffffff90a80c50 R15: 0000000000000000
[  535.839310][    C1] FS:  0000000000000000(0000) GS:ffff888124854000(0000) knlGS:0000000000000000
[  535.839324][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  535.839334][    C1] CR2: 00005650cce0cb40 CR3: 000000000e382000 CR4: 00000000003526f0
[  535.839343][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  535.839351][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  535.839360][    C1] Call Trace:
[  535.839365][    C1]  <TASK>
[  535.839370][    C1]  default_idle+0x13/0x20
[  535.839384][    C1]  default_idle_call+0x6d/0xb0
[  535.839396][    C1]  do_idle+0x391/0x510
[  535.839415][    C1]  ? __pfx_do_idle+0x10/0x10
[  535.839431][    C1]  ? trace_sched_exit_tp+0x31/0x130
[  535.839451][    C1]  cpu_startup_entry+0x4f/0x60
[  535.839466][    C1]  start_secondary+0x21d/0x2b0
[  535.839484][    C1]  ? __pfx_start_secondary+0x10/0x10
[  535.839503][    C1]  common_startup_64+0x13e/0x148
[  535.839521][    C1]  </TASK>
[  535.840545][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  536.033276][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  536.043324][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  536.053361][   T31] Call Trace:
[  536.056623][   T31]  <TASK>
[  536.059539][   T31]  dump_stack_lvl+0x3d/0x1f0
[  536.064129][   T31]  panic+0x71c/0x800
[  536.068014][   T31]  ? __pfx_panic+0x10/0x10
[  536.072421][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  536.077782][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  536.083752][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  536.089111][   T31]  ? watchdog+0xdda/0x12c0
[  536.093517][   T31]  ? watchdog+0xdcd/0x12c0
[  536.097923][   T31]  watchdog+0xdeb/0x12c0
[  536.102158][   T31]  ? __pfx_watchdog+0x10/0x10
[  536.106822][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  536.112014][   T31]  ? __kthread_parkme+0x19e/0x250
[  536.117028][   T31]  ? __pfx_watchdog+0x10/0x10
[  536.121689][   T31]  kthread+0x3c5/0x780
[  536.125759][   T31]  ? __pfx_kthread+0x10/0x10
[  536.130334][   T31]  ? rcu_is_watching+0x12/0xc0
[  536.135101][   T31]  ? __pfx_kthread+0x10/0x10
[  536.139673][   T31]  ret_from_fork+0x5d4/0x6f0
[  536.144253][   T31]  ? __pfx_kthread+0x10/0x10
[  536.148824][   T31]  ret_from_fork_asm+0x1a/0x30
[  536.153589][   T31]  </TASK>
[  536.156779][   T31] Kernel Offset: disabled
[  536.161082][   T31] Rebooting in 86400 seconds..