last executing test programs:

5m3.990123657s ago: executing program 1 (id=410):
r0 = syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
ioctl$FE_GET_PROPERTY(r0, 0x80106f53, 0x0)

5m3.988560438s ago: executing program 1 (id=411):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
write(r0, &(0x7f0000000280)="6aa6bcf414c89222141ffd6e3e0fee102e9d9772441fc60ce66d7f1c697456e500d6483dc075eac161fd5e4b93f919bd659621ce33b0de8c9d7a9ce08facf651ff0e07e0097110aa0a993e5b4a0c75b2a3ce02d21a7aea6c05b69e7e948f00d7153d42ead4bdb3eb38c7755129f53424a0144d8a5f673849314c166c2fd393595e12e1fef9a3dba456c1a6b36c74f3d520de6a5841d259e0abfd2297735558b0eb001295f78d7dccc703b154b9cb3052e91713a5f0ca9127ed08eba9a24f4605b0c3be3cdc9bdc8430545b465052fc4cbf360ea070455d691af90ded22f98528ddd64bbd70ba7c103abba61dc95714fcedfcdad372288cf27409731a14c9baaefcfbaacffdc50b353b43b79de31f9db9ab378f464f63fbfb4f0cfa3f7b037077f3069f04501dceabd334ff7fa65bc3847e5fc29a2827f950040d91c5c90192e0b9304cf2740f20b6d84593fa50a5a63b06ef078f86f478e3fde6dc98b64138bdbbb0bb3c594c0518579d26f1e694e5f449a2bf2c3fd37fe1814e3b1de331f6866dc951a9b40b1ac58ab951d046a88e4e870024bc375ee1a9dee616504e12a2e4914960632a3db9b6897f7a10f763939ad309392a31aef396da1de95dbbaddb1eb30537a1cf201f48058421d010650ed8042a906293c477a18ae8c412038bf1880f932b25effe8c06a786ec1522211a8fb2962bd92943ee9d684752ed3e5e8e0023f8c40f7cd97a6071f73cc25fe534d41a05e4bbf2e3063567e6b910515bd436dfd856e8811943ca0fb52438acf20bb3af0cf5457b63444a6d580336ef462155758c722605d4d950bce91bbd0fbc872af07402691224c47ca15ee930e2061111e1c2e41c5718178d03fb551aa7a551665b5323005c2058ec86d7b990653d79e6cb91df80a12a95e0dee099cf16fcee5c1d8e97845a9298b740269ae17d3dfa8e5c8ee12d2e4808eb431d41605cc4c545b2941c7bdd15aabe6c28fe0f9ff73aa8d816f40ee8e49a2b5e506f1352efd27b32008f9709076a51951cf050a3a3bf6deae62889056e68cd62309b3086f66012677aec6cf849df3704ca1d5f6b7ad20590c42b2266a710b6a11a9c0cb96eb17718379eb4d90e0168695da1de11a6ebe598d941c056cf68368ac32d09634ea7946ded79c62ede825dc31ca34731321ae88afac966fff8747f051376cd8d04420f524f60e54e92c64d5930043086ca6a83269a44002e1d59ffbf59fbcc507fc0bc48710934805314679afe3ad01d181c456dfa57731d2acb2c2186565fec29c1f8468d2c08a89a7a9aed70a563d0a9dda88d6a810b937b4870fdd321ea862378007d641d6722a72c06d220b5f8a1958181f66ed176c7e32e015c9319e4a385ec844b974233e167c51c799a6d524449763f4483aa44a324ccf40ae7ec36f832f1466d0ea360e8e61847b47981ea4229daf25cc8de17a9b2ff68b77fda15c2fe15a60ec9ef5cd1593dead48b7757ba948c647d50d96ed5f95707ec8a2db143207ef00f283bd485ce71f21e4ed5309555d6b728981369c5bae52ae4af32c6684bc2cc7fb5d3f3aaee96ddc65801b42b1c046608165fdcbfc8f2374596f26316ba9e85880b5637e43553c1e5786a4c2724b69f959e598a4dc31d231dbe36e7c329cccc51633fd3d76175388424bc46a50e7f3784b8b332dc81eb3684092db51f58d4ce1d90d3932f58f7eacfe60303f1973459c36181757f3a342f02283a5d9ef3fcdcd4196e2d9620cfb4d915247f221d6bb7162b18e45e7747a4fc136a834e33a693cddb0805d63bdb0d1ba5c86a74f3c04ed54e3cd1a8f0d25c64f5d9deae086e8d867943bc2c53716c91b58e7a0cfda7edbc02d7d7416c859c3b439eca468c10be650de7e375404aec23dddbd154028d68d738b24143ee9bd423ba7e5b27f6683e3214040bb2a4f2e9f4020f9d413b505291aad83a9abaa438f76265bb22dd941d9ea6cb39ebc0315c94e6740409029f365ecacbad074c6cdd841382cd9acfb9238d0e658869cf21e140c0066819de1256c61ac93ecc4be07b4cfaf24a4ae81dd286e59d01c4a2ce4466883ab37f8adcfa69619002b18958b744cab35382b2547ccacc9501c893a1ce2e3df95876ba3969d72c8c8b58614cf03b2f7411a8e315b2444233c07ed8123514a1763b2c2cdc34fd4fe79c801facd8e03c8f4e8decf33eb3f3b55e78d4f7a57c1aee7b73308965fb57ef0b9f5a55cd00aa9a3200f882f285fe36b93e0788fe37a895e314bdcb544210518b07423455d41014d4044649fb777b989a275b364f4da4a4c18402e8c406112cadbeb10da969ce17d29c56e15f1c8007aa94d8a579c36fb91f4faf41116d7815a13242c71de7c297b82487f2af5f999e517b783f8b2b594317237187e1bba0772b424ef9069073876fb4dbab910c9a0e742d6329a7d44eaf1e664f4f25e8e6c25dcab7da14db58eb516e1d0f6505bf997437044a3e30ae17da783852e91b2457e3c5e5b7be8d6424bc8142878bcc160064edce9ad115f7761a1f281a9a6af7740f41690e963f4257969400faf9c4d1e216f5770a7bbfe43f81e6c146b7a035683599ad04f9cdb6778c6f6f0d5e7e6a85862c6e0f2ee22529bc506baf981d9de2943186ab8412a12ce417ba5199304b1528c6e34f4ffb9c7a88c7c5951e49b34c418bfab79a45278352c9f3906f3d49cd58012f1e9f5ef84924cf43449d62f45748161974e0bc613a00ab5f6ea61e555b8ae17d2eebfbc294ecbbb2f0cae712dae140164d6245aab56b0d8bafbaf6bfac2ad03438ed08a011c8aa052e3c3ce4d5a82ed29b21093909d2fbfb6cedccb41fad1dfb136ffa4f5df5530e546e2fd16ca0c0a3e1cf51b37cb2aa315bdff880acc1b2e7c7f87f94cd3e9b93994da69655cdb0ce49e6cc0741c1023cfaa17f08f838b210ae741e7af6d62170fb635b54d394a04d2f4e467237c1343a3e1183363730c93a7c3336c60fee47a8d9e48b0bf6dee7785e4a5e5736d2a0651df4da515e616d43bcc02689dc5910f3ef4fe817e8954873bc2f8c8aeb0874bb034911ff12c516829f33b533a2f68252598bc62d556cb356fc1e49f92a491d5136ca9c99ad964f9f18ab8852454ebd77b4b1b770e063cd16d302fc0f96983204ad684580ad023d76669a07ea6b3a6df64fb5cb226d6adbdddea2bc2072ad1f8b644abd438e6a80d34b5e91c25859813c0cd966e15552efe519fa319207817d46bdb308ce23e719ff2f0d2995ca9f233113168070abef10aced576c0603811a4625a5e8b40a8330d9751d357b25a8105161e3874165c2f08d2489cd0acb64f331d60022f4c80a99eb8b60fd5e4db0fa86245a36db19fd1680f80a975a829131ce33a5fb8b6fe3ac824a7342d47155faba0088eb4f619fcb7bd9fb037d20705a0aecb320cb2edd0d52ee7b14cb0cd1cabb72a47e7a34ab721a7c6cea2dc0126690b1d7f64cb381dbc385df4473b67ab5cdea53687f2edf1cfb232b4db5365c090f10e5fccc98a7461c65ce9f77975d5dc823f71b92c238fcf511acc28a3c342efd658dff997b6e9afa7c3c9a064442f16429c73e158ca584f5b408c0cbc204b8f0e32b2fc26c37d01ed114bdc57ec3346d11a5c5e2b063fe666274b7de00d82ad3eb09d62c9a7b24499af6f87dcead864883618abe5c3955cbfb7e573e4e20a37c3f2e97a7ef83be03fc1ed92aff1f73489f06d18f9589ae7bbadc137910f7e155651cdae29ccce4dd79789e65991d25ca1cd93c515920b2f669167b83957491f55c8091e48713af7af0f876f95442e1556e4807f460ce2a3ca135ed4b8d400c09ccf5dab6abfde6ef4db233fa1b07ba3f743ce3ec2a9bfa3a0ee3367a4556e0d3c1c4a5c6e19b22d8bc4ab5290e474ff85ff9fce461e01a024cf1598a800c18611135f62e57d8bb9c29c6df6581bf8787892cba54052fc59619c636c54f6194272ec560ecabdc449ca03d5a051a807b6da19a9b0f25394da321ce24535eb1c7e2d5562673e5edda64016a5f22196ece7a89b72c4397755902eb57166a2bee39eb9340a41928dd0da12a8c41af97d05db056a60fedf9de69d7fe2db1e1ac7d6531fba7d4f477af89de88e372de183428f56ce68c86d2ac79d235e57ea1e6b3644a70058d47d489f927139e92a02ca5c6f3d8e4c1f7a778a0d404be02425e4773b855913dd0fff9b9b69d9e933bfc87c7316303d1f4b3c17edff9e50db68c4cd6eee470c853d0d71d44ae50b7a8cf4011e15cad130665ac17fcd4bfc8d59a68523cac7fc42ac26e33097e60bd665c4ac88a058faf2bdacaf2370814f4a077e750395f7f796dd6e1f34a755d39ec40042e7e7b96458fcbc7d768c8edf2916124908c529d6734b66b55b372c145bcb1bc79ebd9f1e8e8abe2e2eb10c3f59b57476c34078850a8b23170d63f865d5aad1c5262b2d25530beacd2c1a9ea5804b450c041db85687b24c9fd3bebbbf32fa4e1eb76d6c18a85587515ec5340c172b6420814fe43122602f6f613c82e634d4f6cfce7abfac3ea802955f4a66adde0c1cf220621708bb17b657c9df3dde90261d19013be2720d35aae747393b017a432dedd2c4d3ee66ec0979ff857984aa7d3b117f2c721c1217382cd865b29d44d1c60366d61ed919b1a152708f44ab91c177bbec085b47424f9ecabd53f6cac4ba769539580e0455a29c1ba40ea3b0e0fa83126c475426ba408d01b012eacd77f4321d8f042205d262bee9f93b27d1701d8b11cef854e82c815d16ea2a5cb4bc5c8c91e8a20d02040c0677e0bb2f029765bdfcef560c2dd56d778c8899d754bacbc4143802813bf010c024972ff04ef728430bd61dc77958db5716d1e090f0f52e06bc3c1cdfd34707232da1656b263dae184bc91cc2b87aa9c5cf8e16bde998e3b895790275013ebc78eca7f81e81a75b01f8078ac315d858fe43d7acaa4bf957fc7028bba931c9782e38cfd57058f30d85bd34a12dac4b81b396ad5ddd639315a38fc87f7556895ab6daae125edca01f2e3540e5123e43913bbea2cc6f68c17648b341451c284731eb3a24873d2a7a8d36e9ab79852", 0xe00)

5m3.918754312s ago: executing program 1 (id=412):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8c, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0x4, 0x20b, 0x0, 0x3, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x0, {0x45, 0x80}, 0xcd, 0x3}})

5m3.918097197s ago: executing program 1 (id=413):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x60880, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x220008e8}, 0x804)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597", 0xf}], 0x1, 0x0, 0x0, 0x40054}, 0x4040884)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x9)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

5m3.455421554s ago: executing program 1 (id=418):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
r2 = eventfd(0x5ef)
ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0x4000, 0x0, r2})

5m3.194972896s ago: executing program 1 (id=421):
r0 = syz_open_dev$vim2m(&(0x7f0000000f40), 0x7, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000000)={0xe68, 0x40, 0x1, {0x1, @raw_data="af5a5118dacbe8944af439c6666a0d7ccd2d17414f3f5cf9a4bc27e28e9bd63aa1f1d5a18c7416d4a58d6bff2aa098306ecd73b5ecc5d3a2e19af3af5cc4cac455114132422395e2af1221ce1474b17bea05381a9f99b354e129e2869aae0d98fbc839951b4fe79a4dc5485b4595e2fd71f3b057154ce36cc16ec21e154573ce590570e5e77204cac3f3dc9ce2d5d66d57a7e3c198988d0e4e8c59b38e8e766a153e801fa655346d51a8c79b30ad0e912a4d2c4fbcfa54d1971714c1edb4858a986149cd998fbee2"}, 0x80000001})
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local, 0x4}, 0x10)

4m48.00994906s ago: executing program 32 (id=421):
r0 = syz_open_dev$vim2m(&(0x7f0000000f40), 0x7, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000000)={0xe68, 0x40, 0x1, {0x1, @raw_data="af5a5118dacbe8944af439c6666a0d7ccd2d17414f3f5cf9a4bc27e28e9bd63aa1f1d5a18c7416d4a58d6bff2aa098306ecd73b5ecc5d3a2e19af3af5cc4cac455114132422395e2af1221ce1474b17bea05381a9f99b354e129e2869aae0d98fbc839951b4fe79a4dc5485b4595e2fd71f3b057154ce36cc16ec21e154573ce590570e5e77204cac3f3dc9ce2d5d66d57a7e3c198988d0e4e8c59b38e8e766a153e801fa655346d51a8c79b30ad0e912a4d2c4fbcfa54d1971714c1edb4858a986149cd998fbee2"}, 0x80000001})
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local, 0x4}, 0x10)

4m22.627239999s ago: executing program 5 (id=701):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r0, r0, 0x3, 0x0, 0x0, 0x9, 0xae, 0x4f3, 0x7fff, 0xc336, 0x3, 0xb, 'syz0\x00'})

4m22.019252291s ago: executing program 5 (id=702):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
close(r1)

4m21.918640038s ago: executing program 5 (id=706):
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=@newsa={0x164, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in=@private=0xa010102, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0xa, 0x0, 0x0, 0x8}, {@in6=@private1, 0xfe, 0x32}, @in6=@empty, {0x0, 0x0, 0xfffffffffffffffd, 0x8, 0x1, 0x9, 0x7fffffff, 0x543}, {0x4, 0x7fffffffffffffff, 0xfffffffffffffffc, 0xebe5}, {0x2}, 0x70bd2c, 0x0, 0xa, 0x1, 0x0, 0x50}, [@encap={0x1c, 0x4, {0x7, 0x4e24, 0x4e20, @in=@dev={0xac, 0x14, 0x14, 0x2e}}}, @algo_aead={0x56, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x50, 0x60, "210466d38547aa140db9"}}]}, 0x164}, 0x1, 0x0, 0x0, 0x2004c805}, 0x40880)

4m21.62794206s ago: executing program 5 (id=711):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0xfffe, @none}, 0xe)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r5)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)="a6", 0x1}], 0x1}, 0x4803)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0xbf9, 0x1000, 0x0, 0x2000000000000, 0x4, 0x2}, &(0x7f0000000180)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x8}, 0x0, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffc}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)
bind$inet(0xffffffffffffffff, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000001380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/234, 0xea}, 0x4}], 0x1, 0x60010000, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="05072bbd7c00ffdbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x40008d0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)

4m20.624397725s ago: executing program 5 (id=718):
syz_emit_ethernet(0x48, &(0x7f0000000940)={@broadcast, @local, @void, {@llc={0x8864, {@snap={0xab, 0xaa, '\x00', "fd27a7", 0x21}}}}}, 0x0) (async)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000180)='securityfs\x00', 0x5, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b3307386d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129afde2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f144b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0960600daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c2990f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
setxattr$incfs_id(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)={'0000000000000000000000000000000', 0x33}, 0x20, 0x2)

4m20.331598594s ago: executing program 5 (id=720):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="840000001000010029bd7000ffdbdf2500000000", @ANYRES32=0x0], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x8, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfd, 0x7}, {0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, 0x0, 0x0, 0xfb}], 0x1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xfffffdad, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xa}, {0x4}}}]}, 0x34}}, 0x20000080)
msgget$private(0x0, 0x4a0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000020000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c0002800600010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

4m5.305630993s ago: executing program 33 (id=720):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="840000001000010029bd7000ffdbdf2500000000", @ANYRES32=0x0], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x8, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfd, 0x7}, {0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, 0x0, 0x0, 0xfb}], 0x1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xfffffdad, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xa}, {0x4}}}]}, 0x34}}, 0x20000080)
msgget$private(0x0, 0x4a0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000020000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c0002800600010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

20.765787124s ago: executing program 4 (id=1787):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20) (async)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
socket(0xa, 0x1, 0x84) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) (async)
r2 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r2, 0x4236}], 0x1, 0x0, 0x0, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
keyctl$clear(0x7, 0xfffffffffffffffd)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
r5 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff)
r6 = add_key$user(&(0x7f0000000040), &(0x7f0000002840)={'syz', 0x2}, &(0x7f00000011c0)="f40fc24077021c9b084c60ffc26f26db12b9e78d629870bb26edb4a5e1cc0942ed8c58ca4fe84b94a0e31ea64089ee9ca1efb52945ffebbfea11dd3d0df936a10285eacab940ab5c96cb5d81dac1ad2243d878ddea08b78f666b96206bafe0ab1bd5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4dec1f2ab58762b3494250b9557f5b606a43e50874c90143034142cd5f7bd9b4dd876b97b7feb751d21b2", 0xc0, 0xfffffffffffffffb)
keyctl$dh_compute(0x17, &(0x7f0000001340)={r6, r6, r5}, &(0x7f0000001780)=""/4097, 0x1001, 0x0)

19.583427306s ago: executing program 4 (id=1791):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@mangle={'mangle\x00', 0x1f, 0x6, 0x520, 0x438, 0x320, 0x438, 0x438, 0x508, 0x628, 0x628, 0x628, 0x628, 0x628, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xe, 'syz1\x00', {0x9}}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xffffffff, 0xff000000, 0xffffff00], [0xffffffff, 0xff, 0xffffffff], 'veth1_to_hsr\x00', 'team_slave_1\x00', {0xff}, {}, 0x16, 0x2, 0xa, 0x41}, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x3e, 0x50}}}, {{@ipv6={@rand_addr=' \x01\x00', @private2, [0xffffff00, 0xffffff00, 0xffffffff, 0xff000000], [0xff, 0xff, 0xff, 0xffffffff], 'lo\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x21, 0xe, 0x0, 0x48}, 0x0, 0xa8, 0xf0, 0x0, {0x2003}}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x38}, @ipv4=@dev={0xac, 0x14, 0x14, 0xb}, 0x22, 0x1a, 0xfc01}}}, {{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xff, 0xffffff00, 0xffffff00, 0xffffff00], [0x0, 0xffffffff, 0xff000000, 0xff000000], 'batadv_slave_0\x00', 'xfrm0\x00', {}, {0x7f}, 0x32, 0x4, 0x0, 0x5a}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@mcast1, @private0, [0x0, 0xff000000, 0xffffff00, 0xff], [0xff, 0x0, 0x0, 0xffffffff], 'gre0\x00', 'pimreg1\x00', {0xff}, {0x7f}, 0x0, 0x8, 0x4, 0x4}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)

19.170751542s ago: executing program 4 (id=1793):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd1b, 0x25dfdc00, {0x7, 0x0, 0x0, r2, 0x40, 0x0, 0x9}, [@NDA_LLADDR={0xa, 0x2, @multicast}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)

18.695445485s ago: executing program 4 (id=1795):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="20131d000000", @ANYRESDEC=r0, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x810)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x1c, 0x21, 0x9, 0x70bd29, 0x25dfdbff, {0x3}, [@typed={0x8, 0x8, 0x0, 0x0, @fd=r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000280)={0x20, 0x15, 0x2, "ab37"}, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)

17.355386751s ago: executing program 3 (id=1801):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x4, &(0x7f0000000380)={{r7}, &(0x7f0000000300), 0x0}, 0x20)
syz_open_procfs(0x0, &(0x7f0000000140)='net/protocols\x00')
r8 = syz_open_procfs$userns(0x0, &(0x7f0000006140))
setns(r8, 0x40000000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00', <r9=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r9], 0x68}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x1, 0x6}, {0xd}, {0x11, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0)

16.216321147s ago: executing program 3 (id=1803):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0, 0xf00}], 0x1, 0x11, 0x0, 0x0)

15.695549208s ago: executing program 0 (id=1808):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0xfffe, @none}, 0xe)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)="a6", 0x1}], 0x1}, 0x4803)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0xbf9, 0x1000, 0x0, 0x2000000000000, 0x4, 0x2}, &(0x7f0000000180)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x8}, 0x0, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffc}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)
bind$inet(0xffffffffffffffff, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000001380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/234, 0xea}, 0x4}], 0x1, 0x60010000, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="05072bbd7c00ffdbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x40008d0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)

14.967420545s ago: executing program 4 (id=1811):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
gettid()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r0, 0x0, 0x7, 0x4)
write$eventfd(r2, &(0x7f0000000240), 0xffffff14)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x40, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0xe}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x7}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x8}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0xf6}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c084}, 0x20008010)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0xa00848, &(0x7f0000000040))
chdir(&(0x7f00000003c0)='./bus\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000002cc0), 0x2, 0x0)
r3 = socket$inet(0x2, 0x3, 0x4)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x10)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="8907040400", 0x5)
r4 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f49a9}], 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r5)
sendmsg$NL80211_CMD_TDLS_OPER(r4, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='Vo>\x00', @ANYRES16=r8, @ANYBLOB="00012dbd7000fbdbdf255100000008000300", @ANYRES32=r7, @ANYBLOB="0c009900030000003b00000005008a000300000005008a000000000005008a000000000005008a00000000000a000600ffffffffffff00000a000600ffffffffffff0000"], 0x60}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)={0x94, r6, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac}, 0x200000000000000, @default, 0x0, @val={0x0, 0x11, @random="29a7e466d7071286f1e0cfde7d8eeca5e0"}, @void, @void, @void, @void, @void, @void, @void, @val={0x3c, 0x4, {0x1, 0x7, 0x3c, 0x2}}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x14, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x9, 0x2, "6378e4330e"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_SMPS_MODE={0x5}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x94}}, 0x0)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)

14.820075344s ago: executing program 2 (id=1812):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10)
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4800)
r6 = fcntl$dupfd(r4, 0x406, r5)
write$FUSE_ATTR(r6, &(0x7f0000000280)={0x78, 0xfffffffffffffff5, 0x0, {0x2, 0x3, 0x0, {0x0, 0x6, 0x400000000000000b, 0x0, 0x7ff, 0x2, 0x2, 0xd, 0x5, 0xa000, 0xa40, 0x0, 0x0, 0x3001, 0x2}}}, 0xffffff03)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

14.599885757s ago: executing program 0 (id=1813):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000a40)='attr\x00')
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r3, 0x540a, 0x0) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000010c0)=0x1) (async)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
timer_settime(r4, 0x1, &(0x7f0000000040), 0x0)
r5 = dup2(r2, r1) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x200000020000009, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
mount$overlay(0x0, 0x0, 0x0, 0x40000, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) (async)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f000001aa40)=""/102392, 0x18ff8) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, 0x0) (async)
ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0x4, 0x100000, 0x81, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "0adb3fb8"}, 0x5}) (async)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="a364cfc15ce4952bb47186890f649ec6be7d246bb9eb97bd06e816a461ebbf333b73e9aca55c14d1096345d905b3ba26964e1b483a26396de156191a0e3fa2a20e3f6bf8a74481650c80d5aa9f2824bd1681586f6367fc99c787558ecc99737c97eabbb07d97f4", @ANYRES16=r8, @ANYBLOB="010026bd7000fcdbdf25140000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b00ff000000060011003a0000000800150000000000"], 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x940) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x3, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff7ffc}, {0x6, 0x4, 0x39, 0x9}, {0x2, 0xf6, 0x6, 0xfffffff7}]}) (async)
fgetxattr(r9, &(0x7f00000000c0)=ANY=[@ANYBLOB="5b7b0000000079896b1de5"], 0x0, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000140)=0x20) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b702000000000080bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000008e17f199a68b061b93d83298a8cdda1ce784909b849d5550ad855dab54d8877a6db61d69f2ffcaa10350e11cb97ce8df1bc9a0c4eeceb9971e43405d621ffbc9b0d8ca56b50f0c010d631f6dbc8486bc5d5bf2ca8285056892db03cf1c62d57c08a90b189d190c341035de53a9a53608c10556e5734eb84049761451ce540c772e069f80cb201b2de17dfdb4b60939d5d6aed4062049b87e03e2cd18a77dda613e0c64497fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8000000000000000b91c61bd99dc89f12907af7dccd106cb937b450f859ce8292a79c3e40000b59b0fc46d6cec3c080a882add4e1179bd4a44f231a2d73148be4248cdc138408ba953df4aece69311687f4122073a236c3a32efa04137d46f0247d2638da3261c8162bb7c7824be6195a66d2e17e122040e11001131ce319045e5b3334e68475ac3f46aa2837f9004600daded9b19b35eebe52613c346e255421b23a278fd00004270b1cd5fc9aa2286ccca37db965d9dd366598f5ec993cb0cf127e2a46cfbdf63eea190d86a4d1b75ae98480100bd5828954a7d093a54f7e75b3753508ca3c41685d1e407315e59d626c23b3f89a926e9382966853774e7dd1f1a2177cdf2802237c177d543e8da47a01f05e113e53518270239b69c117e2637c31085f4d8a596b6edab26afaf6605b231199f38a6fc7eb83714387450ea18eafbace8eec18a4b2c442e7b88a7611c1283bec84e1715fb9f4fcaf52c08058fc4f21c0ad71adabdd850aed3eeec6eaab347bdf474e17b9aa345d1e6e3bb83f90230bdf53e7d0e5c3f914d905422b83f30936674ba8f0bffaf2305c0972df71fe5f4e01506471e897bced7798509e64df360d95f9a4099f86438ac2bbcbdbd1d9db21a1d5c065567fd70aae68096827fa5c2d9bd20292344c7dcf6241447cfbb05b5d0fdb4e08afbac5397b64aa369922ed7ed8918f97294b6854210d2b93aaf92159dbaa2f186d4a420c68d6baf1c31de4f0bf478bfd51bb1e96ea849a80ae5a89be7e38474c7aade344d68324f9e12a6b9770e6bd12ae69efffaee58040753701af84c2924c1b5aea1650f42c9ae9820a33095f062fb88313d035ea405515a61a4be64f9fa0985c5be592090cc48291004609fdac2ab6100000000000000a84570c7c00d647daf8af334050b61e9b2d3f0adad1d1ff47be19b8da2799e9ecef8efabe73f92dbd0760f8bbd9c590bd1371e2b5d9a2ea2190f5e4f5cd641cdfe5d89f84a368ef7e6ff1eacdc0ec9e97b8f9c9e314661ea0aa8a104008d188b66b3a4aedeed9df4238a08fc2fb1007233cc2c87fcaa0cccd8ec03444471c1dd660c87acc17bff740d199a7c0c52c63c0408b5158e0000000c275eedb02f141113cf2c55b2c08c2c68cc99d2bb5840fba332e1c82862ec9b90106248f81d32a47ac94ddee815dba8aeb5d3121cf247a81aef7805b020e9eec44cbe3055be69fe066824ba2292b9cdce41635fc00df96fb10a3a8cc60c4a76c65ebbb0640e0a29de94edf5cbefac1c5fa96e7080af804b22cabce10ea52f1018527f4aa39cdafa3eff63de2a7f50d042667820f6f86f276afb2b8134301e031351ee13013137e9d5cec0c84d7e3f82c6fd12eb98f9ea654bcb9ce59a2015183c6e65bb0537e611b830d74c30fb8207fca0990acdbb51e4e234026e00000000b3ebae3eb52c140953a350fcf0124b1a30b1afc29ea56f8413686d912eb8118d73ef9c6d3843ebcb555301c0205dd3bd9b1d742e334319c8979c322e92"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, r5}, 0x94)

14.385918711s ago: executing program 6 (id=1814):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000409000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000409000/0x2000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x0, r1}, 0x68)
brk(0x200000ff8000)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0x8, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x388, 0x41d9fda7)
io_uring_setup(0xd71, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, 0x4}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r6 = openat2$dir(0xffffff9c, 0x0, &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="01e7ff0400000080030000000000010000000000fbffffff0000000000000000"])
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)

14.239596822s ago: executing program 0 (id=1815):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f00000000c0)="b3", &(0x7f0000000140)=@udp6, 0x2}, 0x20)
r1 = socket(0xa, 0x5, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
fcntl$notify(r2, 0x402, 0x80000018)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
r3 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000001000000000000926b5d92"], 0x0, 0x26, 0x0, 0x1, 0x80000001}, 0x28)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@newlink={0x38, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x7fffffff}, &(0x7f0000000000)=0x8)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000040)=""/203)

14.239184949s ago: executing program 3 (id=1816):
mremap(&(0x7f000012e000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000a8b000/0x4000)=nil)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='macvlan0\x00', 0x10)
listen(r0, 0x5)
syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100f5ffffffffffffff02000000010102fe8000000000000000000000000000aaa5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"], 0x0)

13.716662486s ago: executing program 3 (id=1817):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet6(0xa, 0x80802, 0x0)
sendmmsg$inet6(r2, &(0x7f00000013c0)=[{{&(0x7f0000000440)={0xa, 0x4e24, 0x400, @loopback, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000002600)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x21, 0x0, 0x0, 0x9d}}}], 0x18}}], 0x1, 0x1c000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f00000021c0)={0x20, 0x2, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x28}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@ipv4_newaddr={0x3c, 0x14, 0x503, 0x800000, 0x25dfdbff, {0x2, 0x7, 0x51, 0xff, r6}, [@IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_BROADCAST={0x8, 0x4, @multicast2}, @IFA_LABEL={0x14, 0x3, 'veth0_to_bridge\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc090}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = dup(r7)
syz_usb_connect(0x1, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0xe9, 0x77, 0xf5, 0x8, 0xbc7, 0x2, 0x9e7c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0xf, 0x1, 0xe0, 0x10, [{{0x9, 0x4, 0x9a, 0x7, 0x2, 0x77, 0x33, 0x3d, 0x0, [], [{{0x9, 0x5, 0x9, 0x3, 0x400, 0x4, 0x2, 0x40}}, {{0x9, 0x5, 0xb, 0x8, 0x18133bf73d99a82b, 0x5, 0x5, 0x9}}]}}]}}]}}, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080))
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc82c00fe8000000000000000000000000000aaff02000000000000000000000000000106"], 0xffe)

13.658669249s ago: executing program 0 (id=1818):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597", 0xf}], 0x1, 0x0, 0x0, 0x40054}, 0x4040884)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x9)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

13.461199196s ago: executing program 2 (id=1819):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1, 0x4, &(0x7f00000010c0)=ANY=[@ANYBLOB="8500000008000000350000008400000085000000070000009500000000000000fed023d1d405000000c7d4012507000000c71adb05d72768b8242dd90d17e4c52505750482b009546a5f3f00573f31b53fd3e52bd87184446d165ae2939bbca322a415a98c885faad395f3e4e0635559362ed862ce7c69ad133037af3a000000000000000000000058c122dff93c54caec3751652d11fd4f66711918d3604b92666d60c88b658fe57bb5d365c5b89625385f230ba21f570635837c7bc74be573bfd68aaaf06d842085f84b96c4709e2c9449f0818f6fc5657572fb3e5bb8ff6f643e52f4964c62a70a011ede8b504c8a30381b8eff01d7615e1789bb4b3b7ef3668a98a785a80aa2d1ab149b9316091fb3025f0716799d8280acb3880a882f28dd3111e02c3b0b2818bf5bb902cc9c1666f5fdd2e43901ca4796f04db25c3df35cdfc17c54936202b45b7a09816aa76e8b9bbe24022007aae367025040e8b2255ced48a4b2db3f280dc6fd2f5374548c499ae74631f3be04e28d601369f9488fb074eb35540df5e053376ea29125d6bb916496b04b8e359c1edef91677414729967cffa736d7789c14e918b77518ee8e5d5aff9148be69267fff35"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/148, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x8b63bfea1a14a3c7}, 0x16)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001280)=@raw={'raw\x00', 0x3c1, 0x3, 0x570, 0x0, 0x8, 0x7f02ae, 0x368, 0x200, 0x4a0, 0x2e8, 0x2e8, 0x4a0, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x340, 0x368, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r1}}, @common=@inet=@iprange={{0x68}, {@ipv4, @ipv4=@remote, @ipv6=@mcast2, @ipv4=@remote}}]}, @common=@unspec=@CLASSIFY={0x28}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0xfc}, @private2, [], [0x0, 0xff000000], 'veth0_to_team\x00', 'netdevsim0\x00', {}, {0xff}, 0x0, 0x0, 0x1}, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@mh={{0x28}, {"a27d"}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x13, 0xec, 0x5, 0x500, 'snmp\x00', 'syz0\x00', {0xffffffff8cdbbefd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d0)

13.368234454s ago: executing program 6 (id=1820):
mount(&(0x7f0000000540)=@sr0, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='adfs\x00', 0x3008085, 0x0)

13.187605638s ago: executing program 6 (id=1821):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9e", 0x31}], 0x1}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000005c0)="f2b314c96d500b66f7", 0x9}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000300), 0xf01c, 0x524f01)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13.179442123s ago: executing program 2 (id=1822):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='ub\xce\x00\x00\x00')
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
close_range(r1, 0xffffffffffffffff, 0x4d3b3d00)

12.935855302s ago: executing program 2 (id=1823):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xc0, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x2}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xc0}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001900674c000000000000000003000000000000000000000000000000e000000200000000000000000000000000000000000000000a"], 0xb8}}, 0x0)

12.821699931s ago: executing program 4 (id=1824):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\xc5%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x7)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="200000002c00070100000000ffdbdf25097c0000080001"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0xc010)
lchown(0x0, 0x0, 0xee01)
syz_usb_connect(0x5, 0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001d4f86540d804830047da010203010902380001020840b3090400b2010202019405"], 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="2c0000000a0a0500"], 0x2c}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)
bind$nfc_llcp(r2, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x1000000000003f}, 0x60)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = add_key$fscrypt_v1(&(0x7f0000002a00), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000007c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa00", 0x28}, 0x48, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, r6, r6, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f00000002c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
close_range(r3, r3, 0x0)

12.719712909s ago: executing program 0 (id=1825):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bridge_slave_0\x00', <r2=>0x0})
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_socket_connect_nvme_tcp()
r4 = fsopen(&(0x7f0000000240)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f0000000040)='E\xe1\x85\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
unshare(0x22020600)
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x4)
r7 = openat$cgroup_ro(r6, &(0x7f0000001300)='cgroup.events\x00', 0x5000000, 0x0)
readv(r7, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1)
r8 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_TIMEOUT(r9, 0x0, 0x48a, &(0x7f0000003080)={0x6, 0x0, 0x6e}, 0xc)
ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x9, 0x8, 0x8c3, 0x9, 0x200, 0x8, 0x4, 0x8, 0x4}}}}, @TCA_RATE={0x6, 0x5, {0x5}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)

12.719250595s ago: executing program 2 (id=1826):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800002)
ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f00000003c0)={{0x54000, 0x54000, 0x3, 0x6e, 0x4, 0xc, 0x4, 0x4, 0x0, 0x27, 0x5, 0x4}, {0x1, 0x40000, 0xf, 0x0, 0x6, 0x0, 0x7, 0x1, 0x6, 0x2, 0x58, 0x6}, {0x8000000, 0x100000, 0xf, 0xa7, 0x5, 0xb9, 0x63, 0x3, 0x7, 0xf5, 0xb, 0xc}, {0xeeee0000, 0x70000, 0xc, 0xfe, 0x5, 0x4, 0x1, 0x40, 0x3f, 0x47, 0x82, 0x9}, {0xeeef0000, 0xeeee3000, 0x4, 0x5, 0x53, 0x40, 0x80, 0x0, 0x78, 0x0, 0x90, 0x9}, {0x50000, 0x70000, 0x0, 0x7, 0x1, 0xb, 0x3, 0x9, 0x3, 0xff, 0x9, 0x7}, {0x25000, 0x2000, 0xb, 0xa0, 0x7f, 0x81, 0xc, 0x81, 0x4, 0x9, 0x8e, 0x6a}, {0x30000, 0x5000, 0x0, 0x3, 0x9, 0x8, 0x9, 0x4, 0xfc, 0x1, 0x7, 0x85}, {0x6000, 0x2}, {0x2000, 0xd}, 0xe0010009, 0x0, 0x6000, 0x0, 0x6, 0x0, 0x70000, 0x0, [0xcbf, 0x7, 0x0, 0x5]})
openat$kvm(0xffffffffffffff9c, 0x0, 0x18b401, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000200)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9, 0xfffffffffffffffe})
r5 = syz_open_dev$video(&(0x7f0000000280), 0x7fffffff, 0x8280)
ioctl$VIDIOC_G_CROP(r5, 0xc014563b, &(0x7f00000001c0)={0x7, {0xe, 0x7, 0xc647, 0xfff}})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0xcb, &(0x7f0000000000)=0x1e, 0x4)
sendto$inet6(r7, &(0x7f00000000c0)="f429fdd281ab4ad0e8135b1c07eae285e6bfd21f7faf4aac17d36d1fca2debaa312bf5408e9e67392b8b0b6143fa26b91047f61c08eeed80034469d59d39019b29c740801877ccf9ad211223bef1c346603476fe181ccf8d53e740921641272e45e948abb7a9", 0x66, 0x80, 0x0, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
recvmmsg(r8, &(0x7f00000062c0)=[{{0x0, 0x0, 0x0}, 0xc64}], 0x1, 0x1, 0x0)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r6)
sendmsg$NL802154_CMD_SET_CHANNEL(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002abd7000fccbdf250900000005000700030000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

12.697795047s ago: executing program 6 (id=1827):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1b, 0x7ff, 0x6}}}}]}, 0x48}}, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d000000a100010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

12.497139548s ago: executing program 2 (id=1828):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000300000000000000000000008500000087000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0xfffffffd)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0xf5, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x3000000, {0x7}}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000000001000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000001a00)=ANY=[@ANYBLOB="1d00000004000000020000000000000001020000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000500"/28], 0x50)
kexec_load(0x0, 0x10, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x3e0000000000}], 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r7, &(0x7f0000003180)={0x0, 0x0, &(0x7f0000003140)={&(0x7f0000003080)=ANY=[@ANYBLOB="1e000000", @ANYRES16=r6, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x90)
sendto$inet(r1, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0)
fsopen(0x0, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)

12.283789522s ago: executing program 6 (id=1829):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

12.109066495s ago: executing program 6 (id=1830):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$read(0xb, 0x0, 0x0, 0x0)
timer_create(0x3, 0x0, &(0x7f0000044000))
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
timer_delete(0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r2 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x0, 0x800, 0x10000006, 0x1}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
r5 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x41e501, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r6, 0x3b87, &(0x7f0000000180)={0x18, 0x0, 0x1, 0x0, 0x0, 0x7})
landlock_restrict_self(r5, 0x5)
r7 = syz_usb_connect(0x2, 0x3f, 0x0, 0x0)
syz_usb_control_io$lan78xx(r7, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x10000, 0x0, 0x0, 0x10, 0x1, "0c92791cb531b961e2b2d1dbc6ee69bbc7b0e7f34051b53cdf6820cf4983c9dee96d7fafeb2b617b41bf19f67d2c1a9364d52e6e577c5a27a8ea788a61f0e24d", "55fc9a951710e683ec55ee268fc6b80c1836eab12b869c3e8e32101d9a79d533248443d425caa7c5344e3431aa0d6f37b180524f3ccaf5644c8eb0bb7628b5be", "bdce2fcdb5db45ac459b70b910f99ceda8154388a76f9507ff4ec551e99c0e78", [0x3, 0x1]})
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r2, 0x3516, 0x2000, 0x0, 0x0, 0xfffffdcf)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x20})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

11.885921727s ago: executing program 3 (id=1831):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000409000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000409000/0x2000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x0, r1}, 0x68)
brk(0x200000ff8000)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0x8, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x388, 0x41d9fda7)
io_uring_setup(0xd71, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, 0x4}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
openat2$dir(0xffffff9c, 0x0, &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)

10.028999851s ago: executing program 0 (id=1832):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000409000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000409000/0x2000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x0, r1}, 0x68)
brk(0x200000ff8000)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0x8, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x388, 0x41d9fda7)
io_uring_setup(0xd71, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, 0x4}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
openat2$dir(0xffffff9c, 0x0, &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)

0s ago: executing program 3 (id=1833):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='ub\xce\x00\x00\x00')
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r4, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r5, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})

kernel console output (not intermixed with test programs):

 has an invalid interface number: 188 but max is 0
[  269.150116][   T10] usb 1-1: config 0 has no interface number 0
[  269.156531][   T10] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  269.176475][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  269.265408][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.273657][   T10] usb 1-1: Product: syz
[  269.287669][   T10] usb 1-1: Manufacturer: syz
[  269.292328][   T10] usb 1-1: SerialNumber: syz
[  269.313268][   T10] usb 1-1: config 0 descriptor??
[  269.319097][ T9166] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  269.329706][ T9186] binder: 9184:9186 ioctl c0306201 0 returned -14
[  269.372954][ T6624] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  269.380647][ T6632] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  269.548617][ T9164] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  269.562789][ T6624] usb 4-1: Using ep0 maxpacket: 16
[  269.568068][ T6632] usb 7-1: Using ep0 maxpacket: 16
[  269.580228][ T6624] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  269.591855][ T6624] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.600584][ T6624] usb 4-1: Product: syz
[  269.605624][ T6632] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00
[  269.616360][ T6624] usb 4-1: Manufacturer: syz
[  269.621023][ T6632] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.634519][ T6624] usb 4-1: SerialNumber: syz
[  269.640683][ T6632] usb 7-1: Product: syz
[  269.646978][ T6624] usb 4-1: config 0 descriptor??
[  269.653344][ T6632] usb 7-1: Manufacturer: syz
[  269.658155][ T6632] usb 7-1: SerialNumber: syz
[  269.664867][ T6624] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  269.676422][ T6632] usb 7-1: config 0 descriptor??
[  269.685463][ T6632] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  269.695783][ T6632] usb 7-1: Detected FT232B
[  269.983229][ T6624] ssu100 4-1:0.0: probe with driver ssu100 failed with error -110
[  270.433963][ T9213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  270.466818][ T9213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  270.503774][ T9213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  270.551536][ T9213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.084192][ T9175] comedi comedi2: reset error (fatal)
[  272.149946][ T9246] overlayfs: failed to resolve './bus': -2
[  272.660773][ T6632] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  272.668665][ T6632] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  272.680972][ T6632] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  272.701719][ T6632] usb 7-1: USB disconnect, device number 4
[  272.713416][ T6632] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  272.723634][ T6632] ftdi_sio 7-1:0.0: device disconnected
[  272.894471][ T9252] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input16
[  273.495585][ T6632] usb 4-1: USB disconnect, device number 12
[  273.530842][   T10] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  273.553244][   T10] asix 1-1:0.188: probe with driver asix failed with error -71
[  273.591897][   T10] usb 1-1: USB disconnect, device number 18
[  273.632134][ T9264] binder: 9263:9264 ioctl c0306201 0 returned -14
[  274.266158][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1037'.
[  274.356983][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1037'.
[  274.367610][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1037'.
[  274.379571][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1037'.
[  274.833129][ T6632] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  275.137419][ T6632] usb 3-1: config 0 has no interfaces?
[  275.137552][ T6632] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  275.137603][ T6632] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.234620][ T5890] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  275.272323][ T6632] usb 3-1: config 0 descriptor??
[  276.622980][ T5890] usb 5-1: Using ep0 maxpacket: 8
[  276.671105][ T5890] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  276.694790][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.723839][ T5890] usb 5-1: Product: syz
[  276.728023][ T5890] usb 5-1: Manufacturer: syz
[  276.732640][ T5890] usb 5-1: SerialNumber: syz
[  276.741129][ T9315] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1047'.
[  276.755705][ T5890] usb 5-1: config 0 descriptor??
[  276.768997][ T5890] gspca_main: se401-2.14.0 probing 047d:5003
[  276.817283][ T9315] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  276.888424][ T6632] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  277.047011][ T6624] usb 3-1: USB disconnect, device number 13
[  277.055884][ T6632] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  277.077740][ T6632] usb 4-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  277.094783][ T9324] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  277.098975][ T6632] usb 4-1: config 2 interface 0 has no altsetting 0
[  277.110445][ T6632] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  277.120202][ T6632] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  277.128407][ T6632] usb 4-1: SerialNumber: syz
[  277.370942][ T6632] ims_pcu 4-1:2.0: Missing CDC union descriptor
[  277.377450][ T6632] ims_pcu 4-1:2.0: probe with driver ims_pcu failed with error -22
[  277.397475][ T6632] usb 4-1: USB disconnect, device number 13
[  277.537588][ T9336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  277.923770][   T29] audit: type=1400 audit(1770912028.483:498): avc:  denied  { sys_admin } for  pid=9328 comm="syz.0.1048" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  277.961768][ T9336] bond0: (slave bond_slave_1): Releasing backup interface
[  278.014260][ T5890] gspca_se401: write req failed req 0x57 val 0x00 error -110
[  278.024936][ T9338] lo speed is unknown, defaulting to 1000
[  278.025399][ T5890] se401 5-1:0.0: probe with driver se401 failed with error -110
[  278.086574][ T9345] loop8: detected capacity change from 0 to 7
[  278.099002][ T9345] Dev loop8: unable to read RDB block 7
[  278.106738][ T9345]  loop8: unable to read partition table
[  278.114511][ T9345] loop8: partition table beyond EOD, truncated
[  278.120898][ T9345] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  278.216016][ T9351] fuse: Unknown parameter 'grou00000000000000000000'
[  278.338798][ T9355] binder: 9352:9355 ioctl c0306201 2000000003c0 returned -14
[  279.039474][ T6620] usb 5-1: USB disconnect, device number 18
[  281.092648][ T9398] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1069'.
[  281.195715][ T9398] netem: unknown loss type 13
[  281.263090][ T9398] netem: change failed
[  281.562302][ T9418] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1073'.
[  281.761584][ T9421] overlayfs: failed to resolve './bus': -2
[  281.896368][   T29] audit: type=1400 audit(1770912032.413:499): avc:  denied  { connect } for  pid=9411 comm="syz.6.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  282.152601][ T9418] kvm: requested 6704 ns i8254 timer period limited to 200000 ns
[  282.839608][ T9412] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  282.975365][ T5814] Bluetooth: hci2: command 0x2016 tx timeout
[  283.183284][ T9443] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1078'.
[  283.940539][ T9463] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1082'.
[  283.949747][ T9463] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1082'.
[  283.960019][ T9463] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1082'.
[  283.969760][ T9463] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1082'.
[  283.978840][ T9463] netlink: 84 bytes leftover after parsing attributes in process `syz.6.1082'.
[  284.549462][ T9473] syzkaller0: entered promiscuous mode
[  284.556093][ T9473] syzkaller0: entered allmulticast mode
[  284.633467][ T9473] tipc: Started in network mode
[  284.638375][ T9473] tipc: Node identity 96bab95dd35f, cluster identity 4711
[  284.715520][ T9473] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  284.836426][ T9471] tipc: Resetting bearer <eth:syzkaller0>
[  284.903071][ T6624] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  285.154277][ T9492] ceph: No mds server is up or the cluster is laggy
[  285.169157][ T6632] libceph: connect (1)[c::]:6789 error -22
[  285.208421][ T6632] libceph: mon0 (1)[c::]:6789 connect error
[  285.262691][ T6624] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  285.318729][ T6624] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  285.330508][ T6624] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  285.367869][ T6624] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  285.377617][ T6624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.401424][ T9471] tipc: Disabling bearer <eth:syzkaller0>
[  285.406436][ T6624] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  285.664809][ T6624] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -2
[  285.695555][ T9499] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1091'.
[  285.871376][ T6624] usb 4-1: USB disconnect, device number 14
[  287.344888][ T9511] fuse: Bad value for 'fd'
[  287.520232][ T9520] fuse: Bad value for 'fd'
[  287.800957][   T29] audit: type=1400 audit(1770912038.353:500): avc:  denied  { listen } for  pid=9531 comm="syz.2.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  287.821614][ T9536] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1102'.
[  288.633574][ T9542] syzkaller0: entered promiscuous mode
[  288.716809][ T9542] syzkaller0: entered allmulticast mode
[  288.724072][ T9554] fuse: Bad value for 'fd'
[  288.804912][ T9558] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  289.156261][ T9565] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1108'.
[  289.759984][ T9565] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1108'.
[  291.562835][   T29] audit: type=1400 audit(1770912042.113:501): avc:  denied  { write } for  pid=9581 comm="syz.4.1111" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  291.933182][  T790] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  292.095748][  T790] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  292.120244][  T790] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  292.146531][  T790] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  292.182840][  T790] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  292.191937][  T790] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.225216][  T790] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  292.326240][  T790] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[  292.404446][ T9570] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1109'.
[  292.413640][ T9570] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1109'.
[  292.422941][ T9570] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1109'.
[  292.431925][ T9570] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1109'.
[  292.442414][ T9570] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1109'.
[  292.442470][ T6624] usb 5-1: USB disconnect, device number 19
[  292.463137][ T9577] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1110'.
[  292.472089][ T9577] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1110'.
[  292.607416][ T9589] vlan3: entered promiscuous mode
[  292.612835][ T9589] vlan3: entered allmulticast mode
[  292.618025][ T9589] hsr_slave_1: entered allmulticast mode
[  292.852176][ T9603] fuse: Bad value for 'fd'
[  294.069431][ T9612] __nla_validate_parse: 3 callbacks suppressed
[  294.069450][ T9612] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1119'.
[  294.680686][ T9624] fuse: Bad value for 'user_id'
[  294.690912][ T9624] fuse: Bad value for 'user_id'
[  294.710419][ T9627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1125'.
[  295.460931][   T29] audit: type=1400 audit(1770912046.013:502): avc:  denied  { ioctl } for  pid=9645 comm="syz.3.1129" path="socket:[32393]" dev="sockfs" ino=32393 ioctlcmd=0x9419 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  295.553132][ T6632] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  295.594598][   T29] audit: type=1400 audit(1770912046.153:503): avc:  denied  { create } for  pid=9645 comm="syz.3.1129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  295.642569][   T29] audit: type=1400 audit(1770912046.153:504): avc:  denied  { bind } for  pid=9645 comm="syz.3.1129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  295.784530][ T6632] usb 7-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x36, changing to 0x6
[  295.851773][ T6632] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x6 has invalid wMaxPacketSize 0
[  295.874421][ T6632] usb 7-1: config 0 interface 0 has no altsetting 0
[  296.321185][ T6632] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  296.337209][ T6632] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  296.352675][ T6632] usb 7-1: Product: syz
[  296.361104][ T6632] usb 7-1: Manufacturer: syz
[  296.365867][ T6632] usb 7-1: SerialNumber: syz
[  296.382136][ T6632] usb 7-1: config 0 descriptor??
[  296.409174][ T6632] usb 7-1: selecting invalid altsetting 0
[  296.695388][ T9641] JFS: charset not found
[  296.795130][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1133'.
[  296.804196][ T9682] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1133'.
[  296.814522][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1133'.
[  296.823916][ T9682] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1133'.
[  296.832970][ T9682] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1133'.
[  297.157419][  T790] usb 7-1: USB disconnect, device number 5
[  297.329546][ T9689] fuse: Bad value for 'user_id'
[  297.334979][ T9689] fuse: Bad value for 'user_id'
[  297.873898][  T790] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  298.084407][  T790] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  298.102071][  T790] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.131937][  T790] usb 3-1: config 0 descriptor??
[  298.159595][  T790] cp210x 3-1:0.0: cp210x converter detected
[  298.912199][ T9735] overlayfs: failed to clone upperpath
[  298.931965][   T29] audit: type=1400 audit(1770912049.153:505): avc:  denied  { setcheckreqprot } for  pid=9722 comm="syz.6.1143" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  299.056128][  T790] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -121
[  299.955075][  T790] cp210x 3-1:0.0: failed to get vendor val 0x370c size 15: -71
[  299.962625][  T790] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  300.018195][  T790] usb 3-1: cp210x converter now attached to ttyUSB0
[  300.063255][  T790] usb 3-1: USB disconnect, device number 14
[  300.065257][ T9749] fuse: Bad value for 'user_id'
[  300.083733][ T9749] fuse: Bad value for 'user_id'
[  300.125017][  T790] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  300.147199][ T9754] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1147'.
[  300.165765][  T790] cp210x 3-1:0.0: device disconnected
[  300.710105][   T29] audit: type=1400 audit(1770912051.241:506): avc:  denied  { map } for  pid=9769 comm="syz.3.1152" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  300.783081][   T29] audit: type=1400 audit(1770912051.241:507): avc:  denied  { execute } for  pid=9769 comm="syz.3.1152" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  300.926644][   T29] audit: type=1400 audit(1770912051.456:508): avc:  denied  { mount } for  pid=9769 comm="syz.3.1152" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  301.156914][ T9776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1153'.
[  302.814257][ T9809] binder: 9808:9809 unknown command 0
[  302.847916][ T9809] binder: 9808:9809 ioctl c0306201 200000000080 returned -22
[  303.164725][ T9812] syzkaller1: entered promiscuous mode
[  303.187396][ T9812] syzkaller1: entered allmulticast mode
[  303.275882][   T29] audit: type=1400 audit(1770912053.664:509): avc:  denied  { read } for  pid=9769 comm="syz.3.1152" name="/" dev="configfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  303.407142][   T29] audit: type=1400 audit(1770912053.682:510): avc:  denied  { open } for  pid=9769 comm="syz.3.1152" path="/226/file0" dev="configfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  303.513103][   T29] audit: type=1400 audit(1770912053.682:511): avc:  denied  { write } for  pid=9769 comm="syz.3.1152" name="/" dev="configfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  304.512652][ T9839] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  304.556131][ T9838] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1166'.
[  304.585453][   T29] audit: type=1400 audit(1770912054.889:512): avc:  denied  { unmount } for  pid=5802 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  305.296127][ T9853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1169'.
[  305.597460][ T9853] bond0: (slave bond_slave_1): Releasing backup interface
[  305.611613][ T9856] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1170'.
[  305.621322][ T9856] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1170'.
[  305.630596][ T9856] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1170'.
[  305.639795][ T9856] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1170'.
[  305.648903][ T9856] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1170'.
[  306.730269][ T9886] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1176'.
[  306.819250][ T9886] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1176'.
[  307.103042][ T9908] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1179'.
[  307.206082][ T9914] comedi comedi3: pcl812: I/O port conflict (0x8001,16)
[  308.797123][ T9922] fuse: Bad value for 'fd'
[  309.142264][ T5814] Bluetooth: hci1: command 0x0406 tx timeout
[  309.335088][ T6632] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  310.038946][ T6632] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  310.054869][ T6632] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  310.077968][ T6632] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  310.105466][ T6632] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  310.123042][ T6632] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.252810][ T6632] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  310.285457][ T6632] usb 7-1: invalid MIDI out EP 0
[  310.849705][   T29] audit: type=1400 audit(1770912060.745:513): avc:  denied  { connect } for  pid=9953 comm="syz.0.1194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  311.176779][ T6632] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[  311.235033][ T6632] usb 7-1: USB disconnect, device number 6
[  311.357099][ T5814] Bluetooth: hci1: command 0x0406 tx timeout
[  311.490718][ T9974] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1196'.
[  311.704207][ T5890] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  311.883403][ T5890] usb 3-1: config 0 interface 0 altsetting 69 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  311.916215][ T5890] usb 3-1: config 0 interface 0 altsetting 69 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  312.283362][ T5890] usb 3-1: config 0 interface 0 has no altsetting 0
[  312.296031][ T5890] usb 3-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  312.307329][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.331064][ T5890] usb 3-1: config 0 descriptor??
[  312.339523][ T9968] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  312.828634][ T5890] dragonrise 0003:0079:0006.0001: unknown main item tag 0x2
[  312.941092][ T9988] binder: 9987:9988 ioctl c0306201 2000000003c0 returned -14
[  312.959344][ T5890] dragonrise 0003:0079:0006.0001: collection stack underflow
[  312.959389][ T9988] binder: 9987:9988 ioctl c0306201 0 returned -14
[  312.988366][ T5890] dragonrise 0003:0079:0006.0001: item 0 0 0 12 parsing failed
[  313.011974][ T5890] dragonrise 0003:0079:0006.0001: parse failed
[  313.025873][ T9990] fuse: Unknown parameter 'use00000000000000000000'
[  313.032598][ T5890] dragonrise 0003:0079:0006.0001: probe with driver dragonrise failed with error -22
[  313.080344][ T5890] usb 3-1: USB disconnect, device number 15
[  313.193467][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  313.205819][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  313.214831][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  313.224309][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  313.233576][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  313.363576][T10004] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1209'.
[  313.501029][T10009] overlayfs: failed to clone upperpath
[  314.279388][T10017] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1212'.
[  314.288527][T10017] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1212'.
[  314.298652][T10017] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1212'.
[  314.861682][  T790] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  315.602566][  T790] usb 7-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  315.611801][  T790] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.619779][  T790] usb 7-1: Product: syz
[  315.638059][  T790] usb 7-1: Manufacturer: syz
[  315.643111][  T790] usb 7-1: SerialNumber: syz
[  315.649042][  T790] usb 7-1: config 0 descriptor??
[  315.664718][  T790] hub 7-1:0.0: bad descriptor, ignoring hub
[  315.670684][  T790] hub 7-1:0.0: probe with driver hub failed with error -5
[  315.701877][T10029] netlink: 'syz.2.1216': attribute type 1 has an invalid length.
[  315.802301][T10029] gre1: entered promiscuous mode
[  315.817258][T10029] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  315.845276][T10029] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  315.881019][  T790] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  315.889495][   T29] audit: type=1400 audit(1770912065.469:514): avc:  denied  { accept } for  pid=10028 comm="syz.2.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  315.902033][T10029] bond1: (slave gre1): making interface the new active one
[  315.918707][  T790] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  315.939471][  T790] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  315.949043][T10029] bond1: (slave gre1): Enslaving as an active interface with an up link
[  315.960858][T10037] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=10037 comm=syz.2.1216
[  315.971395][  T790] usb 7-1: media controller created
[  315.987258][  T790] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  316.111177][  T790] DVB: Unable to find symbol dib7000p_attach()
[  316.117671][  T790] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  316.262161][  T790] rc_core: IR keymap rc-dib0700-rc5 not found
[  316.286786][  T790] Registered IR keymap rc-empty
[  316.325072][  T790] dvb-usb: could not initialize remote control.
[  316.337462][  T790] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  316.358041][T10014] dib0700: tx buffer length is larger than 4. Not supported.
[  316.401176][  T790] usb 7-1: USB disconnect, device number 7
[  316.412119][T10013] delete_channel: no stack
[  316.486197][  T790] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  316.657353][T10057] overlayfs: failed to clone upperpath
[  316.689284][T10057] overlayfs: failed to clone upperpath
[  316.737587][   T29] audit: type=1400 audit(1770912066.254:515): avc:  denied  { name_connect } for  pid=10058 comm="syz.2.1226" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  316.777875][   T29] audit: type=1400 audit(1770912066.273:516): avc:  denied  { accept } for  pid=10058 comm="syz.2.1226" lport=59461 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  317.098985][T10080] __nla_validate_parse: 11 callbacks suppressed
[  317.099004][T10080] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1233'.
[  317.882465][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  317.890210][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  318.690803][T10096] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1239'.
[  318.866286][   T29] audit: type=1400 audit(1770912068.247:517): avc:  denied  { append } for  pid=10101 comm="syz.3.1242" name="sg0" dev="devtmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  319.148773][ T6624] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  319.330334][ T6632] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  319.337865][ T6624] usb 4-1: Using ep0 maxpacket: 32
[  319.345063][ T6624] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  319.355190][ T6624] usb 4-1: config 0 has no interface number 0
[  319.366383][ T6624] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  319.375569][ T6624] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.383604][ T6624] usb 4-1: Product: syz
[  319.388263][ T6624] usb 4-1: Manufacturer: syz
[  319.392929][ T6624] usb 4-1: SerialNumber: syz
[  319.407560][ T6624] usb 4-1: config 0 descriptor??
[  319.418589][ T6624] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  319.512071][ T6632] usb 7-1: Using ep0 maxpacket: 8
[  319.723386][   T29] audit: type=1400 audit(1770912068.920:518): avc:  denied  { create } for  pid=10116 comm="syz.0.1247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  319.752729][ T6632] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  319.774752][ T6632] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  319.805939][ T6632] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  319.839813][ T6632] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  319.851911][ T6632] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  319.883517][ T6632] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  319.893407][ T6632] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.904603][T10122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1248'.
[  319.944104][ T6632] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22
[  320.121254][T10125] overlayfs: failed to clone upperpath
[  320.137460][ T6624] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  320.157174][ T6624] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  320.354635][   T29] audit: type=1400 audit(1770912069.640:519): avc:  denied  { map } for  pid=10101 comm="syz.3.1242" path="/dev/sg0" dev="devtmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  320.355606][T10102] fuse: Bad value for 'rootmode'
[  320.384115][   T29] audit: type=1400 audit(1770912069.640:520): avc:  denied  { execute } for  pid=10101 comm="syz.3.1242" path="/dev/sg0" dev="devtmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  320.446616][T10127] binder: 10101:10127 ioctl c0306201 200000000640 returned -22
[  320.461261][T10127] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1242'.
[  320.518324][T10129] fuse: Unknown parameter 'user_i00000000000000000000'
[  320.591322][   T29] audit: type=1400 audit(1770912069.856:521): avc:  denied  { mount } for  pid=10131 comm="syz.4.1252" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  320.631547][T10133] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  320.641848][T10133] capability: warning: `syz.4.1252' uses 32-bit capabilities (legacy support in use)
[  320.667491][   T29] audit: type=1400 audit(1770912069.940:522): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  321.030880][ T5806] Bluetooth: hci4: command 0x0406 tx timeout
[  321.172220][T10139] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1253'.
[  321.920878][T10147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1255'.
[  321.931757][T10145] syzkaller0: entered promiscuous mode
[  321.937477][T10145] syzkaller0: entered allmulticast mode
[  322.018317][T10149] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  322.043126][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  322.052930][ T6632] usb 4-1: USB disconnect, device number 15
[  322.121613][ T6632] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  322.246299][ T6632] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  322.263006][ T6632] quatech2 4-1:0.51: device disconnected
[  322.294806][T10155] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1258'.
[  322.303895][T10155] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1258'.
[  322.314284][T10155] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1258'.
[  322.323679][T10155] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1258'.
[  322.401814][ T6624] usb 7-1: USB disconnect, device number 8
[  323.327563][T10159] syzkaller0: entered promiscuous mode
[  323.458934][T10161] overlayfs: failed to clone upperpath
[  323.486722][T10159] syzkaller0: entered allmulticast mode
[  323.820377][ T5806] Bluetooth: hci4: command 0x0406 tx timeout
[  324.395624][   T29] audit: type=1400 audit(1770912073.419:523): avc:  denied  { getopt } for  pid=10179 comm="syz.3.1268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  324.422315][T10177] __nla_validate_parse: 1 callbacks suppressed
[  324.422331][T10177] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1264'.
[  324.531767][T10185] overlayfs: failed to clone upperpath
[  324.687752][T10189] fuse: Unknown parameter 'user_i00000000000000000000'
[  324.793243][ T6620] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  325.501100][ T6620] usb 4-1: unable to get BOS descriptor or descriptor too short
[  325.512214][ T6620] usb 4-1: config 1 has an invalid descriptor of length 24, skipping remainder of the config
[  325.539745][ T6620] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  325.578928][ T6620] usb 4-1: string descriptor 0 read error: -22
[  325.585693][ T6620] usb 4-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.40
[  325.605807][ T6620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.624958][T10198] delete_channel: no stack
[  325.917158][T10201] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.1273'.
[  326.125066][   T29] audit: type=1400 audit(1770912075.038:524): avc:  denied  { create } for  pid=10204 comm="syz.6.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  326.575250][   T29] audit: type=1400 audit(1770912075.346:525): avc:  denied  { shutdown } for  pid=10204 comm="syz.6.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  327.593054][ T6620] usbhid 4-1:1.0: can't add hid device: -71
[  327.599122][ T6620] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  327.624174][ T6620] usb 4-1: USB disconnect, device number 16
[  327.683543][T10220] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1000 sclass=netlink_route_socket pid=10220 comm=syz.4.1278
[  327.707798][T10222] fuse: Unknown parameter 'user_id00000000000000000000'
[  327.869415][T10229] overlayfs: failed to clone upperpath
[  328.773907][   T29] audit: type=1400 audit(1770912077.479:526): avc:  denied  { mount } for  pid=10239 comm="syz.4.1286" name="/" dev="autofs" ino=34700 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  328.846617][   T10] IPVS: starting estimator thread 0...
[  328.943497][T10249] IPVS: using max 44 ests per chain, 105600 per kthread
[  329.165902][T10257] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1290'.
[  329.587982][T10266] fuse: Unknown parameter 'user_id00000000000000000000'
[  329.910495][   T29] audit: type=1400 audit(1770912078.573:527): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  331.067961][T10302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1303'.
[  331.356366][T10301] fuse: Unknown parameter 'user_id00000000000000000000'
[  333.198840][   T29] audit: type=1400 audit(1770912081.660:528): avc:  denied  { create } for  pid=10334 comm="syz.3.1312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  333.264857][   T29] audit: type=1400 audit(1770912081.679:529): avc:  denied  { ioctl } for  pid=10334 comm="syz.3.1312" path="socket:[34802]" dev="sockfs" ino=34802 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  333.477924][T10342] overlayfs: failed to clone upperpath
[  333.519317][T10343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1312'.
[  335.332922][T10357] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1318'.
[  335.764093][T10359] fuse: Bad value for 'fd'
[  337.005943][T10387] lo speed is unknown, defaulting to 1000
[  337.738730][T10407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1331'.
[  338.171070][T10409] fuse: Bad value for 'fd'
[  338.700426][ T5947] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  339.058079][  T790] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  339.430891][ T5947] usb 4-1: config 0 has no interfaces?
[  339.441946][ T5947] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  339.477157][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.507296][ T5947] usb 4-1: config 0 descriptor??
[  339.617115][  T790] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  339.651032][  T790] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.671780][  T790] usb 3-1: Product: syz
[  339.695563][  T790] usb 3-1: Manufacturer: syz
[  339.711821][  T790] usb 3-1: SerialNumber: syz
[  339.741838][  T790] usb 3-1: config 0 descriptor??
[  339.876590][  T790] hub 3-1:0.0: bad descriptor, ignoring hub
[  339.902660][  T790] hub 3-1:0.0: probe with driver hub failed with error -5
[  340.189736][T10443] 9p: Bad value for 'rfdno'
[  340.925380][   T29] audit: type=1400 audit(1770912088.199:530): avc:  denied  { create } for  pid=10438 comm="syz.0.1344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  340.985116][   T29] audit: type=1400 audit(1770912088.208:531): avc:  denied  { ioctl } for  pid=10438 comm="syz.0.1344" path="socket:[36109]" dev="sockfs" ino=36109 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  341.084948][  T790] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  341.090287][T10445] fuse: Bad value for 'fd'
[  341.118027][T10418] delete_channel: no stack
[  341.163895][  T790] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  341.165879][ T6632] usb 4-1: USB disconnect, device number 17
[  341.182132][  T790] dib0700: firmware download failed at 7 with -22
[  341.244190][  T790] usb 3-1: USB disconnect, device number 16
[  341.332437][T10449] Invalid source name
[  341.336475][   T29] audit: type=1400 audit(1770912089.265:532): avc:  denied  { mounton } for  pid=10448 comm="syz.6.1347" path="/syzcgroup/unified/syz6" dev="cgroup2" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  341.390905][T10447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'.
[  341.417467][T10449] UBIFS error (pid: 10449): cannot open "/dev/loop6", error -22
[  341.419476][T10447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'.
[  341.436170][T10447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'.
[  341.445466][T10447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'.
[  341.454380][T10447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'.
[  341.877665][ T6632] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  342.037206][ T5947] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  342.048439][ T6632] usb 5-1: Using ep0 maxpacket: 8
[  342.055726][ T6632] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  342.063981][ T6632] usb 5-1: config 0 has no interface number 0
[  342.073671][ T6632] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  342.088980][ T6632] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 18, changing to 8
[  342.101227][ T6632] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  342.608281][ T6632] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  342.619377][ T6632] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  342.634211][ T6632] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  342.643698][ T6632] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.652093][ T6632] usb 5-1: Product: syz
[  342.656299][ T6632] usb 5-1: Manufacturer: syz
[  342.661093][ T6632] usb 5-1: SerialNumber: syz
[  342.668152][ T6632] usb 5-1: config 0 descriptor??
[  342.680114][ T5947] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  342.704515][ T5947] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  342.723650][ T5947] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  342.750110][ T5947] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  342.769518][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.872735][ T5947] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  343.032543][T10481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1355'.
[  343.355016][T10458] FAULT_INJECTION: forcing a failure.
[  343.355016][T10458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.393552][ T6632] iowarrior 5-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  343.685364][T10458] CPU: 1 UID: 0 PID: 10458 Comm: syz.4.1351 Not tainted syzkaller #0 PREEMPT(full) 
[  343.685390][T10458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  343.685400][T10458] Call Trace:
[  343.685406][T10458]  <TASK>
[  343.685413][T10458]  dump_stack_lvl+0x100/0x190
[  343.685443][T10458]  should_fail_ex.cold+0x5/0xa
[  343.685465][T10458]  _copy_to_user+0x32/0xd0
[  343.685482][T10458]  simple_read_from_buffer+0xcb/0x170
[  343.685503][T10458]  proc_fail_nth_read+0x1af/0x230
[  343.685527][T10458]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  343.685550][T10458]  ? rw_verify_area+0xce/0x6d0
[  343.685574][T10458]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  343.685595][T10458]  vfs_read+0x1e4/0xb30
[  343.685615][T10458]  ? __pfx_vfs_read+0x10/0x10
[  343.685631][T10458]  ? __fget_files+0x215/0x3d0
[  343.685655][T10458]  ? __fget_files+0x21f/0x3d0
[  343.685680][T10458]  ksys_read+0x12a/0x250
[  343.685696][T10458]  ? __pfx_ksys_read+0x10/0x10
[  343.685719][T10458]  do_syscall_64+0x106/0xf80
[  343.685744][T10458]  ? clear_bhb_loop+0x40/0x90
[  343.685765][T10458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.685782][T10458] RIP: 0033:0x7f92ea55c84e
[  343.685796][T10458] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  343.685813][T10458] RSP: 002b:00007f92eb3f8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  343.685830][T10458] RAX: ffffffffffffffda RBX: 00007f92eb3f96c0 RCX: 00007f92ea55c84e
[  343.685842][T10458] RDX: 000000000000000f RSI: 00007f92eb3f90a0 RDI: 0000000000000004
[  343.685852][T10458] RBP: 00007f92eb3f9090 R08: 0000000000000000 R09: 0000000000000000
[  343.685862][T10458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.685872][T10458] R13: 00007f92ea816038 R14: 00007f92ea815fa0 R15: 00007fff8aa5d8c8
[  343.685897][T10458]  </TASK>
[  344.365785][T10488] xt_TPROXY: Can be used only with -p tcp or -p udp
[  344.744812][T10496] fuse: Unknown parameter '0x0000000000000003'
[  344.790645][ T5856] usb 5-1: USB disconnect, device number 20
[  344.856420][ T6017] udevd[6017]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  344.884490][ T5947] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12
[  344.929695][ T5947] usb 4-1: USB disconnect, device number 18
[  345.043272][T10503] delete_channel: no stack
[  345.068928][T10507] netlink: 'syz.6.1359': attribute type 1 has an invalid length.
[  345.084197][T10507] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1359'.
[  345.479986][  T790] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  345.618592][ T5856] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  345.672482][  T790] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  345.714737][  T790] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  345.734562][  T790] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  345.744687][  T790] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  345.755524][  T790] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.772297][  T790] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  345.791677][ T5856] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.807310][ T5856] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  345.839499][T10521] overlayfs: failed to clone upperpath
[  345.851653][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.904560][ T5856] usb 4-1: Product: syz
[  345.921700][ T5856] usb 4-1: Manufacturer: syz
[  345.929536][T10524] netlink: 100 bytes leftover after parsing attributes in process `syz.6.1368'.
[  345.944074][ T5856] usb 4-1: SerialNumber: syz
[  345.959370][ T5856] usb 4-1: config 0 descriptor??
[  346.017040][  T790] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -12
[  346.038129][T10527] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1369'.
[  346.051976][  T790] usb 3-1: USB disconnect, device number 17
[  346.071368][T10524] kvm: requested 6704 ns i8254 timer period limited to 200000 ns
[  346.209924][ T5856] usb 4-1: USB disconnect, device number 19
[  346.216849][ T5806] Bluetooth: hci1: unexpected event for opcode 0x0c38
[  346.331082][T10532] fuse: Unknown parameter '0x0000000000000003'
[  346.646010][T10536] vxcan1 speed is unknown, defaulting to 1000
[  346.658753][T10536] vxcan1 speed is unknown, defaulting to 1000
[  346.669991][T10536] vxcan1 speed is unknown, defaulting to 1000
[  347.125172][   T29] audit: type=1400 audit(1770912094.223:533): avc:  denied  { connect } for  pid=10533 comm="syz.4.1372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  347.143832][T10536] infiniband syz2: set active
[  347.144963][   T29] audit: type=1326 audit(1770912094.288:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  347.149513][T10536] infiniband syz2: added vxcan1
[  347.195875][ T5856] vxcan1 speed is unknown, defaulting to 1000
[  347.220896][T10536] RDS/IB: syz2: added
[  347.225313][T10536] smc: adding ib device syz2 with port count 1
[  347.231561][T10536] smc:    ib device syz2 port 1 has no pnetid
[  347.239715][T10536] vxcan1 speed is unknown, defaulting to 1000
[  347.336807][T10536] vxcan1 speed is unknown, defaulting to 1000
[  347.426830][T10536] vxcan1 speed is unknown, defaulting to 1000
[  347.514109][T10536] vxcan1 speed is unknown, defaulting to 1000
[  347.601386][T10536] vxcan1 speed is unknown, defaulting to 1000
[  347.628652][ T5856] vxcan1 speed is unknown, defaulting to 1000
[  347.671524][   T29] audit: type=1326 audit(1770912094.288:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  347.707854][   T29] audit: type=1326 audit(1770912094.288:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  347.731578][   T29] audit: type=1326 audit(1770912094.288:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  347.761232][   T29] audit: type=1326 audit(1770912094.288:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  348.076334][   T29] audit: type=1326 audit(1770912094.288:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  348.102609][   T29] audit: type=1326 audit(1770912094.288:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  348.127152][   T29] audit: type=1326 audit(1770912094.288:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  348.192280][   T29] audit: type=1326 audit(1770912094.288:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10533 comm="syz.4.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f92ea59bf79 code=0x7ffc0000
[  348.563006][T10569] fuse: Unknown parameter 'user_i00000000000000000000'
[  348.619029][T10571] fuse: Unknown parameter '0x0000000000000003'
[  348.985869][ T5875] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  350.536234][ T5875] usb 5-1: Using ep0 maxpacket: 32
[  350.542684][ T5875] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  350.610117][ T5875] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  350.622302][T10584] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  350.643571][ T5875] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  350.739977][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.815814][ T5875] usb 5-1: Product: syz
[  350.830159][ T5875] usb 5-1: Manufacturer: syz
[  350.846935][ T5875] usb 5-1: SerialNumber: syz
[  350.892951][ T5875] usb 5-1: config 0 descriptor??
[  350.911979][T10588] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  350.936229][T10588] erofs (device loop3): cannot find valid erofs superblock
[  351.233865][T10568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.251330][T10597] fuse: Unknown parameter 'user_id00000000000000000000'
[  351.831719][T10568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.019946][T10605] fuse: Unknown parameter '0x0000000000000003'
[  352.486998][   T29] kauditd_printk_skb: 6 callbacks suppressed
[  352.487013][   T29] audit: type=1400 audit(1770912099.695:549): avc:  denied  { bind } for  pid=10610 comm="syz.3.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  352.512659][   T29] audit: type=1400 audit(1770912099.704:550): avc:  denied  { write } for  pid=10610 comm="syz.3.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  352.512953][T10611] syz.3.1396(10611): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  352.533771][   T29] audit: type=1400 audit(1770912099.714:551): avc:  denied  { read } for  pid=10610 comm="syz.3.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  353.270655][ T6632] usb 5-1: USB disconnect, device number 21
[  353.448678][T10626] delete_channel: no stack
[  353.468426][T10631] fuse: Unknown parameter 'user_id00000000000000000000'
[  353.708316][T10637] fuse: Unknown parameter '0x0000000000000003'
[  354.261970][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1407'.
[  354.756448][T10653] binder: 10651:10653 ioctl c0306201 2000000003c0 returned -14
[  355.928076][T10665] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1416'.
[  355.930268][T10667] fuse: Unknown parameter 'user_id00000000000000000000'
[  356.069496][   T29] audit: type=1400 audit(1770912103.015:552): avc:  denied  { setopt } for  pid=10661 comm="syz.6.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  356.366298][ T6632] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  356.407737][T10671] delete_channel: no stack
[  356.567872][ T6632] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  356.599553][ T6632] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  356.623747][ T6632] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  356.637973][ T6632] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  356.657583][ T6632] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.711123][ T6632] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  356.916357][ T6632] usb 3-1: invalid MIDI out EP 0
[  357.096843][ T6632] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  357.109093][ T6632] usb 3-1: USB disconnect, device number 18
[  357.319430][T10689] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1422'.
[  357.328477][T10689] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1422'.
[  357.338463][T10689] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1422'.
[  357.347885][T10689] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1422'.
[  357.356965][T10689] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1422'.
[  358.133857][ T5806] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  358.143611][ T5806] CPU: 1 UID: 0 PID: 5806 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  358.143637][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  358.143650][ T5806] Workqueue: hci1 hci_rx_work
[  358.143671][ T5806] Call Trace:
[  358.143677][ T5806]  <TASK>
[  358.143684][ T5806]  dump_stack_lvl+0x100/0x190
[  358.143715][ T5806]  sysfs_warn_dup.cold+0x1c/0x28
[  358.143739][ T5806]  sysfs_create_dir_ns+0x24b/0x2b0
[  358.143762][ T5806]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  358.143785][ T5806]  ? find_held_lock+0x2b/0x80
[  358.143802][ T5806]  ? kobject_add_internal+0x25f/0x930
[  358.143823][ T5806]  ? kobject_add_internal+0x25f/0x930
[  358.143844][ T5806]  ? do_raw_spin_unlock+0x145/0x1e0
[  358.143872][ T5806]  kobject_add_internal+0x2c8/0x930
[  358.143895][ T5806]  kobject_add+0x16a/0x1e0
[  358.143915][ T5806]  ? __pfx_kobject_add+0x10/0x10
[  358.143931][ T5806]  ? class_to_subsys+0x10f/0x150
[  358.143960][ T5806]  ? kobject_put+0xb9/0x640
[  358.143976][ T5806]  ? _raw_spin_unlock+0x28/0x50
[  358.144019][ T5806]  device_add+0x294/0x1950
[  358.144046][ T5806]  ? __pfx_dev_set_name+0x10/0x10
[  358.144065][ T5806]  ? __pfx_device_add+0x10/0x10
[  358.144092][ T5806]  ? mgmt_send_event_skb+0x2fb/0x460
[  358.144120][ T5806]  hci_conn_add_sysfs+0x1a3/0x260
[  358.144143][ T5806]  le_conn_complete_evt+0x11cb/0x1f40
[  358.144167][ T5806]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  358.144205][ T5806]  hci_le_conn_complete_evt+0x23c/0x3a0
[  358.144225][ T5806]  ? skb_pull_data+0x15f/0x1e0
[  358.144255][ T5806]  hci_le_meta_evt+0x34a/0x5f0
[  358.144275][ T5806]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  358.144296][ T5806]  hci_event_packet+0x682/0x11c0
[  358.144314][ T5806]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  358.144334][ T5806]  ? __pfx_hci_event_packet+0x10/0x10
[  358.144354][ T5806]  ? kcov_remote_start+0x374/0x660
[  358.144373][ T5806]  ? lockdep_hardirqs_on+0x78/0x100
[  358.144407][ T5806]  hci_rx_work+0x451/0xfc0
[  358.144430][ T5806]  process_one_work+0x9c2/0x1840
[  358.144467][ T5806]  ? __pfx_process_one_work+0x10/0x10
[  358.144501][ T5806]  ? __pfx_hci_rx_work+0x10/0x10
[  358.144522][ T5806]  worker_thread+0x5da/0xe40
[  358.144556][ T5806]  ? __pfx_worker_thread+0x10/0x10
[  358.144583][ T5806]  ? kthread+0x13a/0x450
[  358.144606][ T5806]  ? __pfx_worker_thread+0x10/0x10
[  358.144631][ T5806]  kthread+0x370/0x450
[  358.144655][ T5806]  ? __pfx_kthread+0x10/0x10
[  358.144681][ T5806]  ret_from_fork+0x754/0xd80
[  358.144708][ T5806]  ? __pfx_ret_from_fork+0x10/0x10
[  358.144736][ T5806]  ? rcu_is_watching+0x12/0xc0
[  358.144753][ T5806]  ? __switch_to+0x7b4/0x10c0
[  358.144770][ T5806]  ? __pfx_kthread+0x10/0x10
[  358.144797][ T5806]  ret_from_fork_asm+0x1a/0x30
[  358.144830][ T5806]  </TASK>
[  358.144853][ T5806] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  358.428593][ T5806] Bluetooth: hci1: failed to register connection device
[  358.439028][ T5806] Bluetooth: hci1: unexpected event for opcode 0x0c47
[  358.452928][T10701] fuse: Bad value for 'fd'
[  358.776067][T10709] delete_channel: no stack
[  358.793220][T10713] binder: 10712:10713 unknown command 0
[  358.798787][T10713] binder: 10712:10713 ioctl c0306201 200000000080 returned -22
[  358.866363][T10715] loop8: detected capacity change from 0 to 7
[  358.906344][T10715] Dev loop8: unable to read RDB block 7
[  358.918763][T10715]  loop8: unable to read partition table
[  358.943064][T10715] loop8: partition table beyond EOD, truncated
[  360.291355][T10715] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  360.662386][   T29] audit: type=1400 audit(1770912107.337:553): avc:  denied  { getopt } for  pid=10733 comm="syz.2.1440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  360.692608][T10731] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.1439'.
[  360.727654][   T29] audit: type=1400 audit(1770912107.337:554): avc:  denied  { lock } for  pid=10733 comm="syz.2.1440" path="socket:[36759]" dev="sockfs" ino=36759 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  360.968235][T10743] fuse: Bad value for 'fd'
[  361.181727][   T29] audit: type=1400 audit(1770912107.814:555): avc:  denied  { create } for  pid=10738 comm="syz.4.1442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  361.726764][T10747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1445'.
[  361.847923][T10755] PKCS7: Unknown OID: [4] 2.19.1.0.0.0.4.0.0.0.0
[  361.854707][T10755] PKCS7: Only support pkcs7_signedData type
[  361.914046][   T29] audit: type=1400 audit(1770912108.516:556): avc:  denied  { map } for  pid=10727 comm="syz.6.1438" path="socket:[37302]" dev="sockfs" ino=37302 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  361.920754][T10756] FAULT_INJECTION: forcing a failure.
[  361.920754][T10756] name failslab, interval 1, probability 0, space 0, times 0
[  362.080092][T10756] CPU: 0 UID: 0 PID: 10756 Comm: syz.4.1447 Not tainted syzkaller #0 PREEMPT(full) 
[  362.080119][T10756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  362.080129][T10756] Call Trace:
[  362.080135][T10756]  <TASK>
[  362.080142][T10756]  dump_stack_lvl+0x100/0x190
[  362.080172][T10756]  should_fail_ex.cold+0x5/0xa
[  362.080194][T10756]  should_failslab+0xc2/0x120
[  362.080214][T10756]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  362.080231][T10756]  ? alloc_empty_file+0x55/0x1c0
[  362.080258][T10756]  alloc_empty_file+0x55/0x1c0
[  362.080280][T10756]  alloc_file_pseudo+0x13a/0x230
[  362.080303][T10756]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  362.080324][T10756]  ? inode_init_always_gfp+0xd0e/0x1040
[  362.080351][T10756]  sock_alloc_file+0x50/0x210
[  362.080373][T10756]  do_accept+0x242/0x530
[  362.080388][T10756]  ? do_raw_spin_lock+0x128/0x260
[  362.080414][T10756]  ? __pfx_do_accept+0x10/0x10
[  362.080443][T10756]  __sys_accept4+0x108/0x200
[  362.080460][T10756]  ? __pfx___sys_accept4+0x10/0x10
[  362.080474][T10756]  ? ksys_write+0x1ac/0x250
[  362.080489][T10756]  ? __pfx_ksys_write+0x10/0x10
[  362.080505][T10756]  ? do_user_addr_fault+0x8d6/0x12f0
[  362.080523][T10756]  __x64_sys_accept+0x74/0xb0
[  362.080539][T10756]  ? lockdep_hardirqs_on+0x78/0x100
[  362.080563][T10756]  do_syscall_64+0x106/0xf80
[  362.080576][T10756]  ? clear_bhb_loop+0x40/0x90
[  362.080598][T10756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.080614][T10756] RIP: 0033:0x7f92ea59bf79
[  362.080627][T10756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  362.080643][T10756] RSP: 002b:00007f92eb3d8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  362.080661][T10756] RAX: ffffffffffffffda RBX: 00007f92ea816090 RCX: 00007f92ea59bf79
[  362.080671][T10756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  362.080681][T10756] RBP: 00007f92eb3d8090 R08: 0000000000000000 R09: 0000000000000000
[  362.080691][T10756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  362.080701][T10756] R13: 00007f92ea816128 R14: 00007f92ea816090 R15: 00007fff8aa5d8c8
[  362.080724][T10756]  </TASK>
[  362.354376][T10760] delete_channel: no stack
[  362.872630][T10772] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.1454'.
[  362.980471][ T5875] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  362.996342][ T5947] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  363.172534][ T5875] usb 3-1: Using ep0 maxpacket: 8
[  363.178964][ T5875] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  363.189085][ T5875] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  363.200234][ T5875] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  363.276548][ T5875] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  363.289607][ T5947] usb 4-1: Using ep0 maxpacket: 8
[  363.290856][T10779] syzkaller0: entered promiscuous mode
[  363.295500][ T5875] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  363.310206][ T5947] usb 4-1: unable to get BOS descriptor or descriptor too short
[  363.321749][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.332591][ T5947] usb 4-1: config 4 interface 0 has no altsetting 0
[  363.353376][ T5947] usb 4-1: string descriptor 0 read error: -22
[  363.361418][ T5947] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  363.365746][T10779] syzkaller0: entered allmulticast mode
[  363.376107][ T5947] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  363.439415][ T5947] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  363.466670][ T5947] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  363.480127][ T5947] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  363.489319][ T5947] usb 4-1: media controller created
[  363.619132][ T5875] usb 3-1: usb_control_msg returned -32
[  363.705806][ T5875] usbtmc 3-1:16.0: can't read capabilities
[  363.712863][ T5947] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  363.728630][   T29] audit: type=1400 audit(1770912110.199:557): avc:  denied  { bind } for  pid=10765 comm="syz.3.1451" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  363.764600][ T5875] usb 3-1: USB disconnect, device number 19
[  363.845789][   T29] audit: type=1400 audit(1770912110.284:558): avc:  denied  { write } for  pid=10765 comm="syz.3.1451" path="socket:[37350]" dev="sockfs" ino=37350 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  364.146712][   T29] audit: type=1400 audit(1770912110.358:559): avc:  denied  { watch watch_reads } for  pid=10765 comm="syz.3.1451" path="/271/file0" dev="tmpfs" ino=1506 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  364.252153][T10791] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1459'.
[  364.261224][T10791] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1459'.
[  364.271726][T10791] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1459'.
[  364.281235][T10791] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1459'.
[  364.290329][T10791] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1459'.
[  365.054209][ T5806] Bluetooth: hci1: command 0x0406 tx timeout
[  365.121588][ T5947] zl10353_read_register: readreg error (reg=127, ret==0)
[  365.246717][ T5947] usb 4-1: USB disconnect, device number 20
[  366.997691][T10813] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.1467'.
[  367.074572][T10811] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1463'.
[  368.742452][ T5875] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  368.771629][T10840] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  368.881458][ T5947] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  368.952375][ T5875] usb 7-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  368.970153][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.970992][T10843] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1476'.
[  368.996688][ T5875] usb 7-1: Product: syz
[  369.065805][ T5947] usb 5-1: Using ep0 maxpacket: 16
[  369.241918][ T5875] usb 7-1: Manufacturer: syz
[  369.270871][ T5947] usb 5-1: config 1 has an invalid descriptor of length 163, skipping remainder of the config
[  369.282021][ T5875] usb 7-1: SerialNumber: syz
[  369.289900][ T5947] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  369.300735][ T5875] usb 7-1: config 0 descriptor??
[  369.309838][ T5875] hub 7-1:0.0: bad descriptor, ignoring hub
[  369.321201][ T5875] hub 7-1:0.0: probe with driver hub failed with error -5
[  369.331471][ T5947] usb 5-1: New USB device found, idVendor=ddf4, idProduct=c05a, bcdDevice=6c.6d
[  369.343399][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.378542][ T5947] usb 5-1: Product: syz
[  369.388909][ T5947] usb 5-1: Manufacturer: syz
[  369.446994][ T5947] usb 5-1: SerialNumber: syz
[  369.589060][ T5875] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  369.623852][ T5875] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  369.634495][ T5875] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  369.643539][ T5875] usb 7-1: media controller created
[  369.664847][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  369.743413][ T5875] DVB: Unable to find symbol dib7000p_attach()
[  369.750457][ T5875] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  369.811871][T10835] dib0700: tx buffer length is larger than 4. Not supported.
[  369.820924][T10834] delete_channel: no stack
[  369.832738][ T5875] rc_core: IR keymap rc-dib0700-rc5 not found
[  369.838811][ T5875] Registered IR keymap rc-empty
[  369.848398][ T5875] dvb-usb: could not initialize remote control.
[  369.866779][ T5875] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  369.882054][ T5875] usb 7-1: USB disconnect, device number 9
[  369.916035][ T5875] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  371.036140][T10867] comedi comedi3: pcl812: I/O port conflict (0x8001,16)
[  373.366194][  T790] usb 5-1: USB disconnect, device number 22
[  373.603963][T10878] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1487'.
[  373.660102][   T29] audit: type=1400 audit(1770912119.497:560): avc:  denied  { ioctl } for  pid=10877 comm="syz.2.1487" path="socket:[37995]" dev="sockfs" ino=37995 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  373.849333][   T29] audit: type=1400 audit(1770912119.497:561): avc:  denied  { setopt } for  pid=10877 comm="syz.2.1487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  373.921145][T10885] binder: 10883:10885 ioctl c0306201 2000000003c0 returned -14
[  374.270384][T10897] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1490'.
[  374.284054][T10897] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1490'.
[  374.763733][T10914] binder: 10912:10914 ioctl c0306201 2000000003c0 returned -14
[  375.068834][T10916] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1496'.
[  375.122570][T10916] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10916 comm=syz.0.1496
[  375.272880][T10924] fuse: Bad value for 'fd'
[  376.211490][T10950] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1506'.
[  376.524818][T10952] binder: 10946:10952 ioctl c0306201 2000000003c0 returned -14
[  377.949626][T10970] fuse: Bad value for 'fd'
[  378.573532][T10990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1519'.
[  378.775847][T10995] FAULT_INJECTION: forcing a failure.
[  378.775847][T10995] name failslab, interval 1, probability 0, space 0, times 0
[  378.802205][T10995] CPU: 1 UID: 0 PID: 10995 Comm: syz.6.1521 Not tainted syzkaller #0 PREEMPT(full) 
[  378.802228][T10995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  378.802238][T10995] Call Trace:
[  378.802244][T10995]  <TASK>
[  378.802251][T10995]  dump_stack_lvl+0x100/0x190
[  378.802281][T10995]  should_fail_ex.cold+0x5/0xa
[  378.802303][T10995]  should_failslab+0xc2/0x120
[  378.802323][T10995]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  378.802340][T10995]  ? security_file_alloc+0x34/0x2c0
[  378.802369][T10995]  security_file_alloc+0x34/0x2c0
[  378.802393][T10995]  init_file+0x95/0x480
[  378.802414][T10995]  alloc_empty_file+0x73/0x1c0
[  378.802437][T10995]  alloc_file_pseudo+0x13a/0x230
[  378.802461][T10995]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  378.802482][T10995]  ? inode_init_always_gfp+0xd0e/0x1040
[  378.802509][T10995]  sock_alloc_file+0x50/0x210
[  378.802532][T10995]  do_accept+0x242/0x530
[  378.802547][T10995]  ? do_raw_spin_lock+0x128/0x260
[  378.802574][T10995]  ? __pfx_do_accept+0x10/0x10
[  378.802604][T10995]  __sys_accept4+0x108/0x200
[  378.802621][T10995]  ? __pfx___sys_accept4+0x10/0x10
[  378.802636][T10995]  ? ksys_write+0x1ac/0x250
[  378.802652][T10995]  ? __pfx_ksys_write+0x10/0x10
[  378.802672][T10995]  __x64_sys_accept+0x74/0xb0
[  378.802687][T10995]  ? lockdep_hardirqs_on+0x78/0x100
[  378.802714][T10995]  do_syscall_64+0x106/0xf80
[  378.802728][T10995]  ? clear_bhb_loop+0x40/0x90
[  378.802748][T10995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.802765][T10995] RIP: 0033:0x7fa9b119bf79
[  378.802780][T10995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  378.802796][T10995] RSP: 002b:00007fa9b2059028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  378.802813][T10995] RAX: ffffffffffffffda RBX: 00007fa9b1415fa0 RCX: 00007fa9b119bf79
[  378.802823][T10995] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  378.802833][T10995] RBP: 00007fa9b2059090 R08: 0000000000000000 R09: 0000000000000000
[  378.802843][T10995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.802853][T10995] R13: 00007fa9b1416038 R14: 00007fa9b1415fa0 R15: 00007ffd71412d88
[  378.802876][T10995]  </TASK>
[  379.273949][T11006] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1525'.
[  379.914434][   T29] audit: type=1400 audit(1770912125.147:562): avc:  denied  { write } for  pid=10996 comm="syz.4.1520" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  379.959641][   T29] audit: type=1400 audit(1770912125.390:563): avc:  denied  { connect } for  pid=10996 comm="syz.4.1520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  379.981717][   T10] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  380.224093][   T10] usb 7-1: Using ep0 maxpacket: 8
[  380.264792][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  380.544820][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  380.565814][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  380.579898][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  380.674353][T11025] fuse: Unknown parameter 'racerPid:	0
[  380.674353][T11025] Uid:	0	0	0	0
[  380.674353][T11025] Gid:	0	0	0	0
[  380.674353][T11025] FDSize:	256
[  380.674353][T11025] Groups:	0 10 
[  380.674353][T11025] NStgid:	975
[  380.674353][T11025] NSpid:	976
[  380.674353][T11025] NSpgid:	975
[  380.674353][T11025] NSsid:	0
[  380.674353][T11025] Kthread:	0
[  380.674353][T11025] VmPeak:	  102220 kB
[  380.674353][T11025] VmSize:	  102220 kB
[  380.674353][T11025] VmLck:	       0 kB
[  380.674353][T11025] VmPin:	       0 kB
[  380.674353][T11025] VmHWM:	   24216 kB
[  380.674353][T11025] VmRSS:	   24216 kB
[  380.674353][T11025] RssAnon:	    1420 kB
[  380.674353][T11025] RssFile:	   22796 kB
[  380.674353][T11025] RssShmem:	       0 kB
[  380.674353][T11025] VmData:	   36584 kB
[  380.674353][T11025] VmStk:	     132 kB
[  380.674353][T11025] VmExe:	    1772 kB
[  380.674353][T11025] VmLib:	       8 kB
[  380.674353][T11025] VmPTE:	     132 kB
[  380.674353][T11025] VmSwap:	       0 kB
[  380.674353][T11025] HugetlbPages:	       0 kB
[  380.674353][T11025] CoreDumping:	0
[  380.674353][T11025] THP_enabled:	1
[  380.674353][T11025] untag_mask:	0xffffffffffffffff
[  380.674353][T11025] Threads:	2
[  380.674353][T11025] SigQ:	0/12961
[  380.674353][T11025] SigPnd:	0000000000000000
[  380.674353][T11025] ShdPnd:	0000000000000000
[  380.674353][T11025] SigBlk:	0000000000000000
[  380.674353][T11025] SigIgn:	fffffffefffaba35
[  380.674353][T11025] SigCgt:	0000000100010440
[  380.674353][T11025] CapInh:	0000000000000000
[  380.674353][T11025] CapPrm:	000001ffff77ffff
[  380.674353][T11025] CapEff:	000001ffff77ffff
[  380.674353][T11025] CapBnd:	000001ffffffffff
[  380.674353][T11025] CapAmb:	0000000000000000
[  380.674353][T11025] NoNewPrivs:	0
[  380.674353][T11025] Seccomp:	0
[  380.674353][T11025] Seccomp_filters:	0
[  380.674353][T11025] Speculation_Store_Bypass:	thread vulnerable
[  380.674353][T11025] SpeculationIndirectBranch:	conditional enabled
[  380.674353][T11025] Cpus_allowed:	3
[  380.857029][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  380.866196][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.956784][T11028] binder: 11027:11028 unknown command 0
[  380.962943][T11028] binder: 11027:11028 ioctl c0306201 200000000080 returned -22
[  381.046087][T11031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1529'.
[  381.388488][   T10] usb 7-1: GET_CAPABILITIES returned 0
[  381.394462][   T10] usbtmc 7-1:16.0: can't read capabilities
[  381.435983][ T6620] usb 7-1: USB disconnect, device number 10
[  381.628031][T11044] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1536'.
[  381.897246][T11052] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1537'.
[  381.906360][T11052] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1537'.
[  381.916552][T11052] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1537'.
[  381.926021][T11052] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1537'.
[  381.935139][T11052] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1537'.
[  382.097001][   T29] audit: type=1400 audit(1770912127.317:564): avc:  denied  { ioctl } for  pid=11047 comm="syz.2.1538" path="mnt:[4026532797]" dev="nsfs" ino=4026532797 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  382.901746][T11057] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1539'.
[  382.911870][T11057] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1539'.
[  383.066438][ T5814] Bluetooth: hci6: unexpected event for opcode 0x0c20
[  383.371277][ T6620] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  383.530322][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  383.537507][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  383.549297][ T6620] usb 5-1: Using ep0 maxpacket: 8
[  383.556043][ T6620] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  383.566453][ T6620] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  383.576405][ T6620] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  383.586707][ T6620] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  383.600656][ T6620] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  383.616434][ T5947] usb 7-1: new full-speed USB device number 11 using dummy_hcd
[  383.635490][ T6620] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.814315][ T5947] usb 7-1: too many configurations: 190, using maximum allowed: 8
[  383.899592][T11070] bond0: (slave bond_slave_1): Releasing backup interface
[  383.962097][ T6620] usb 5-1: usb_control_msg returned -32
[  383.985245][ T5947] usb 7-1: unable to read config index 0 descriptor/start: -61
[  384.026038][ T6620] usbtmc 5-1:16.0: can't read capabilities
[  384.036759][ T5947] usb 7-1: can't read configurations, error -61
[  384.060175][ T6620] usb 5-1: USB disconnect, device number 23
[  384.200959][ T5947] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  384.372786][ T5947] usb 7-1: too many configurations: 190, using maximum allowed: 8
[  384.480713][ T5947] usb 7-1: unable to read config index 0 descriptor/start: -61
[  384.510127][ T5947] usb 7-1: can't read configurations, error -61
[  384.518599][ T5947] usb usb7-port1: attempt power cycle
[  384.896860][ T5947] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  384.940998][ T5947] usb 7-1: too many configurations: 190, using maximum allowed: 8
[  384.957797][ T5947] usb 7-1: unable to read config index 0 descriptor/start: -61
[  385.196404][ T5947] usb 7-1: can't read configurations, error -61
[  385.206459][T11095] fuse: Bad value for 'fd'
[  385.366254][ T5947] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  385.399581][ T5947] usb 7-1: too many configurations: 190, using maximum allowed: 8
[  385.411856][ T5947] usb 7-1: unable to read config index 0 descriptor/start: -61
[  385.421089][ T5947] usb 7-1: can't read configurations, error -61
[  385.433496][ T5947] usb usb7-port1: unable to enumerate USB device
[  385.558653][ T5856] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  386.180396][ T5856] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  386.201479][ T5856] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  386.224614][ T5856] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  386.238400][ T5856] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  386.247498][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.265405][ T5856] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  386.272689][ T5856] usb 4-1: invalid MIDI out EP 0
[  386.427648][ T5856] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  386.488937][ T5856] usb 4-1: USB disconnect, device number 21
[  386.496299][T11108] FAULT_INJECTION: forcing a failure.
[  386.496299][T11108] name failslab, interval 1, probability 0, space 0, times 0
[  386.513550][T11108] CPU: 0 UID: 0 PID: 11108 Comm: syz.2.1555 Not tainted syzkaller #0 PREEMPT(full) 
[  386.513580][T11108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  386.513591][T11108] Call Trace:
[  386.513596][T11108]  <TASK>
[  386.513602][T11108]  dump_stack_lvl+0x100/0x190
[  386.513633][T11108]  should_fail_ex.cold+0x5/0xa
[  386.513654][T11108]  should_failslab+0xc2/0x120
[  386.513673][T11108]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  386.513691][T11108]  ? __alloc_skb+0x156/0x410
[  386.513707][T11108]  ? rcu_is_watching+0x12/0xc0
[  386.513726][T11108]  __alloc_skb+0x156/0x410
[  386.513741][T11108]  ? __alloc_skb+0x35d/0x410
[  386.513757][T11108]  ? __pfx___alloc_skb+0x10/0x10
[  386.513774][T11108]  ? netlink_autobind.isra.0+0xd0/0x370
[  386.513802][T11108]  netlink_alloc_large_skb+0x69/0x150
[  386.513824][T11108]  netlink_sendmsg+0x680/0xda0
[  386.513849][T11108]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.513869][T11108]  ? __might_fault+0x70/0x140
[  386.513904][T11108]  ____sys_sendmsg+0xa54/0xc30
[  386.513931][T11108]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.513965][T11108]  ___sys_sendmsg+0x190/0x1e0
[  386.513991][T11108]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.514043][T11108]  __sys_sendmsg+0x170/0x220
[  386.514061][T11108]  ? __pfx___sys_sendmsg+0x10/0x10
[  386.514082][T11108]  do_syscall_64+0x106/0xf80
[  386.514093][T11108]  ? clear_bhb_loop+0x40/0x90
[  386.514106][T11108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.514117][T11108] RIP: 0033:0x7fc02f19bf79
[  386.514126][T11108] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  386.514137][T11108] RSP: 002b:00007fc02ffe3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.514148][T11108] RAX: ffffffffffffffda RBX: 00007fc02f415fa0 RCX: 00007fc02f19bf79
[  386.514155][T11108] RDX: 0000000024040040 RSI: 00002000000004c0 RDI: 0000000000000003
[  386.514161][T11108] RBP: 00007fc02ffe3090 R08: 0000000000000000 R09: 0000000000000000
[  386.514167][T11108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.514173][T11108] R13: 00007fc02f416038 R14: 00007fc02f415fa0 R15: 00007ffcb9155088
[  386.514187][T11108]  </TASK>
[  386.753156][T11112] __nla_validate_parse: 2 callbacks suppressed
[  386.753172][T11112] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1554'.
[  386.792110][T11114] tmpfs: Bad value for 'mpol'
[  387.237130][ T5947] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  387.333574][T11123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1558'.
[  387.437262][ T5947] usb 7-1: config 0 has no interfaces?
[  387.451045][ T5947] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  387.651484][ T5947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.691645][ T5947] usb 7-1: config 0 descriptor??
[  388.669879][T11143] binder: 11139:11143 ioctl c0306201 2000000003c0 returned -14
[  388.958307][   T29] audit: type=1400 audit(1770912133.809:565): avc:  denied  { read append } for  pid=11146 comm="syz.3.1566" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  389.009226][   T29] audit: type=1400 audit(1770912133.809:566): avc:  denied  { open } for  pid=11146 comm="syz.3.1566" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  389.862554][   T29] audit: type=1400 audit(1770912133.856:567): avc:  denied  { accept } for  pid=11146 comm="syz.3.1566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  390.051260][T11153] binder: 11152:11153 ioctl c0306201 2000000003c0 returned -14
[  390.116468][ T5856] usb 7-1: USB disconnect, device number 15
[  390.197511][T11155] bridge2: entered allmulticast mode
[  390.361402][   T29] audit: type=1400 audit(1770912135.118:568): avc:  denied  { mount } for  pid=11156 comm="syz.2.1570" name="/" dev="ramfs" ino=38824 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  391.780327][   T29] audit: type=1400 audit(1770912136.447:569): avc:  denied  { name_bind } for  pid=11188 comm="syz.4.1571" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  392.547052][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1587'.
[  392.563914][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1587'.
[  392.573135][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1587'.
[  392.582115][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1587'.
[  392.591597][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1587'.
[  392.678623][ T5856] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  392.835226][ T5856] usb 4-1: device descriptor read/64, error -71
[  393.254723][ T5856] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  393.279924][   T29] audit: type=1400 audit(1770912137.859:570): avc:  denied  { read } for  pid=11217 comm="syz.6.1591" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  393.409926][ T5856] usb 4-1: device descriptor read/64, error -71
[  393.555588][ T5856] usb usb4-port1: attempt power cycle
[  393.712850][T11234] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1594'.
[  393.915791][T11234] bond0: (slave bond_slave_1): Releasing backup interface
[  393.955772][ T5856] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  394.026592][ T5856] usb 4-1: device descriptor read/8, error -71
[  394.303643][ T5856] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  394.849248][ T5856] usb 4-1: device descriptor read/8, error -71
[  394.909160][T11244] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1598'.
[  394.996377][ T5856] usb usb4-port1: unable to enumerate USB device
[  395.084803][T11247] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  395.158937][ T5856] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  395.216329][T11259] binder: 11258:11259 unknown command 0
[  395.221900][T11259] binder: 11258:11259 ioctl c0306201 200000000080 returned -22
[  395.319191][ T5856] usb 3-1: Using ep0 maxpacket: 32
[  395.363009][ T5856] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  395.371212][ T5856] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  395.391279][ T5856] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  395.403119][ T5856] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  395.418799][ T5856] usb 3-1: config 0 interface 0 has no altsetting 0
[  395.477178][T11265] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1605'.
[  395.486355][T11265] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1605'.
[  395.496656][T11265] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1605'.
[  395.580541][ T5856] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  395.610317][ T5856] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  395.643967][ T5856] usb 3-1: Product: syz
[  395.648158][ T5856] usb 3-1: Manufacturer: syz
[  396.164752][   T29] audit: type=1400 audit(1770912140.263:571): avc:  denied  { append } for  pid=11270 comm="syz.6.1609" name="usbmon3" dev="devtmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  396.257865][ T5856] usb 3-1: SerialNumber: syz
[  396.279417][ T5856] usb 3-1: config 0 descriptor??
[  396.316236][ T5856] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  396.335135][ T5814] Bluetooth: hci6: link tx timeout
[  396.402816][ T5814] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  396.473431][ T5856] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  396.570153][ T5814] Bluetooth: hci6: link tx timeout
[  396.575357][ T5814] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  397.562082][   T29] audit: type=1400 audit(1770912141.853:572): avc:  denied  { wake_alarm } for  pid=11243 comm="syz.2.1599" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  397.727664][T11302] comedi comedi3: pcl812: I/O port conflict (0x8001,16)
[  398.582188][ T5814] Bluetooth: hci6: command 0x0405 tx timeout
[  398.938707][   T29] audit: type=1400 audit(1770912143.144:573): avc:  denied  { write } for  pid=11307 comm="syz.6.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  399.109470][T11314] __nla_validate_parse: 2 callbacks suppressed
[  399.109487][T11314] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1618'.
[  399.220754][T11316] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1621'.
[  399.229827][T11316] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1621'.
[  399.240375][T11316] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1621'.
[  399.250082][T11316] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1621'.
[  399.259208][T11316] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1621'.
[  399.352737][   T29] audit: type=1400 audit(1770912143.144:574): avc:  denied  { ioctl } for  pid=11307 comm="syz.6.1619" path="/dev/cpu/1/msr" dev="devtmpfs" ino=89 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  399.510104][   T29] audit: type=1400 audit(1770912143.341:575): avc:  denied  { map } for  pid=11307 comm="syz.6.1619" path="socket:[39772]" dev="sockfs" ino=39772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  399.533571][   T29] audit: type=1400 audit(1770912143.341:576): avc:  denied  { read accept } for  pid=11307 comm="syz.6.1619" path="socket:[39772]" dev="sockfs" ino=39772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  400.114886][ T5947] usb 3-1: USB disconnect, device number 20
[  400.135334][ T5947] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  400.845882][   T29] audit: type=1400 audit(1770912144.931:577): avc:  denied  { shutdown } for  pid=11331 comm="syz.6.1626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  400.940677][   T29] audit: type=1400 audit(1770912144.987:578): avc:  denied  { bind } for  pid=11331 comm="syz.6.1626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  401.083223][   T29] audit: type=1400 audit(1770912144.996:579): avc:  denied  { ioctl } for  pid=11331 comm="syz.6.1626" path="socket:[39877]" dev="sockfs" ino=39877 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  402.419108][T11354] FAULT_INJECTION: forcing a failure.
[  402.419108][T11354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  402.476752][T11354] CPU: 1 UID: 0 PID: 11354 Comm: syz.2.1631 Not tainted syzkaller #0 PREEMPT(full) 
[  402.476779][T11354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  402.476788][T11354] Call Trace:
[  402.476794][T11354]  <TASK>
[  402.476801][T11354]  dump_stack_lvl+0x100/0x190
[  402.476832][T11354]  should_fail_ex.cold+0x5/0xa
[  402.476854][T11354]  _copy_from_user+0x2e/0xd0
[  402.476879][T11354]  copy_msghdr_from_user+0x9f/0x4f0
[  402.476906][T11354]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  402.476941][T11354]  ___sys_sendmsg+0x106/0x1e0
[  402.476966][T11354]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.477019][T11354]  __sys_sendmsg+0x170/0x220
[  402.477040][T11354]  ? __pfx___sys_sendmsg+0x10/0x10
[  402.477073][T11354]  do_syscall_64+0x106/0xf80
[  402.477089][T11354]  ? clear_bhb_loop+0x40/0x90
[  402.477110][T11354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.477127][T11354] RIP: 0033:0x7fc02f19bf79
[  402.477141][T11354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  402.477157][T11354] RSP: 002b:00007fc02ffe3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  402.477174][T11354] RAX: ffffffffffffffda RBX: 00007fc02f415fa0 RCX: 00007fc02f19bf79
[  402.477184][T11354] RDX: 0000000000002014 RSI: 0000200000000000 RDI: 0000000000000003
[  402.477195][T11354] RBP: 00007fc02ffe3090 R08: 0000000000000000 R09: 0000000000000000
[  402.477205][T11354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.477214][T11354] R13: 00007fc02f416038 R14: 00007fc02f415fa0 R15: 00007ffcb9155088
[  402.477234][T11354]  </TASK>
[  402.941812][ T5814] Bluetooth: hci6: command 0x0405 tx timeout
[  403.435342][T11372] can0: slcan on ttyS3.
[  403.590759][   T29] audit: type=1400 audit(1770912147.316:580): avc:  denied  { create } for  pid=11362 comm="syz.3.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  403.771851][   T29] audit: type=1400 audit(1770912147.410:581): avc:  denied  { ioctl } for  pid=11362 comm="syz.3.1634" path="socket:[39934]" dev="sockfs" ino=39934 ioctlcmd=0x8940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  403.797280][   T29] audit: type=1400 audit(1770912147.438:582): avc:  denied  { mount } for  pid=11362 comm="syz.3.1634" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  403.898933][T11376] FAULT_INJECTION: forcing a failure.
[  403.898933][T11376] name failslab, interval 1, probability 0, space 0, times 0
[  403.933517][T11376] CPU: 0 UID: 0 PID: 11376 Comm: syz.4.1637 Not tainted syzkaller #0 PREEMPT(full) 
[  403.933545][T11376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  403.933554][T11376] Call Trace:
[  403.933560][T11376]  <TASK>
[  403.933567][T11376]  dump_stack_lvl+0x100/0x190
[  403.933599][T11376]  should_fail_ex.cold+0x5/0xa
[  403.933622][T11376]  should_failslab+0xc2/0x120
[  403.933643][T11376]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  403.933660][T11376]  ? __alloc_skb+0x156/0x410
[  403.933677][T11376]  ? rcu_is_watching+0x12/0xc0
[  403.933704][T11376]  __alloc_skb+0x156/0x410
[  403.933721][T11376]  ? __alloc_skb+0x35d/0x410
[  403.933737][T11376]  ? __pfx___alloc_skb+0x10/0x10
[  403.933755][T11376]  ? netlink_autobind.isra.0+0xd0/0x370
[  403.933784][T11376]  netlink_alloc_large_skb+0x69/0x150
[  403.933808][T11376]  netlink_sendmsg+0x680/0xda0
[  403.933834][T11376]  ? __pfx_netlink_sendmsg+0x10/0x10
[  403.933854][T11376]  ? __might_fault+0x70/0x140
[  403.933888][T11376]  ____sys_sendmsg+0xa54/0xc30
[  403.933914][T11376]  ? __pfx_____sys_sendmsg+0x10/0x10
[  403.933949][T11376]  ___sys_sendmsg+0x190/0x1e0
[  403.933976][T11376]  ? __pfx____sys_sendmsg+0x10/0x10
[  403.934030][T11376]  __sys_sendmsg+0x170/0x220
[  403.934050][T11376]  ? __pfx___sys_sendmsg+0x10/0x10
[  403.934077][T11376]  ? fput+0x79/0x100
[  403.934097][T11376]  ? __sys_getsockname+0xce/0x110
[  403.934118][T11376]  do_syscall_64+0x106/0xf80
[  403.934133][T11376]  ? clear_bhb_loop+0x40/0x90
[  403.934153][T11376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.934171][T11376] RIP: 0033:0x7f92ea59bf79
[  403.934186][T11376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  403.934202][T11376] RSP: 002b:00007f92eb3f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  403.934219][T11376] RAX: ffffffffffffffda RBX: 00007f92ea815fa0 RCX: 00007f92ea59bf79
[  403.934231][T11376] RDX: 0000000000000002 RSI: 0000200000000280 RDI: 0000000000000003
[  403.934241][T11376] RBP: 00007f92eb3f9090 R08: 0000000000000000 R09: 0000000000000000
[  403.934251][T11376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.934261][T11376] R13: 00007f92ea816038 R14: 00007f92ea815fa0 R15: 00007fff8aa5d8c8
[  403.934284][T11376]  </TASK>
[  404.661396][T11391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1640'.
[  405.716849][   T29] audit: type=1326 audit(1770912149.486:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11415 comm="syz.2.1646" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc02f19bf79 code=0x80000000
[  406.689966][T11431] netlink: 'syz.3.1650': attribute type 10 has an invalid length.
[  406.701338][T11431] bond0: (slave bridge0): Releasing backup interface
[  407.759764][T11448] FAULT_INJECTION: forcing a failure.
[  407.759764][T11448] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.772962][T11448] CPU: 1 UID: 0 PID: 11448 Comm: syz.6.1656 Not tainted syzkaller #0 PREEMPT(full) 
[  407.772985][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  407.772995][T11448] Call Trace:
[  407.773001][T11448]  <TASK>
[  407.773007][T11448]  dump_stack_lvl+0x100/0x190
[  407.773037][T11448]  should_fail_ex.cold+0x5/0xa
[  407.773059][T11448]  _copy_to_user+0x32/0xd0
[  407.773077][T11448]  simple_read_from_buffer+0xcb/0x170
[  407.773098][T11448]  proc_fail_nth_read+0x1af/0x230
[  407.773122][T11448]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  407.773145][T11448]  ? rw_verify_area+0xce/0x6d0
[  407.773169][T11448]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  407.773191][T11448]  vfs_read+0x1e4/0xb30
[  407.773211][T11448]  ? __pfx_vfs_read+0x10/0x10
[  407.773226][T11448]  ? __fget_files+0x215/0x3d0
[  407.773251][T11448]  ? __fget_files+0x21f/0x3d0
[  407.773277][T11448]  ksys_read+0x12a/0x250
[  407.773293][T11448]  ? __pfx_ksys_read+0x10/0x10
[  407.773317][T11448]  do_syscall_64+0x106/0xf80
[  407.773332][T11448]  ? clear_bhb_loop+0x40/0x90
[  407.773353][T11448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.773370][T11448] RIP: 0033:0x7fa9b115c84e
[  407.773384][T11448] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  407.773400][T11448] RSP: 002b:00007fa9b2016fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  407.773417][T11448] RAX: ffffffffffffffda RBX: 00007fa9b20176c0 RCX: 00007fa9b115c84e
[  407.773429][T11448] RDX: 000000000000000f RSI: 00007fa9b20170a0 RDI: 0000000000000007
[  407.773444][T11448] RBP: 00007fa9b2017090 R08: 0000000000000000 R09: 0000000000000000
[  407.773454][T11448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.773464][T11448] R13: 00007fa9b1416218 R14: 00007fa9b1416180 R15: 00007ffd71412d88
[  407.773490][T11448]  </TASK>
[  408.165450][   T29] audit: type=1400 audit(1770912151.778:584): avc:  denied  { read } for  pid=11451 comm="syz.4.1660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  408.223948][T11456] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1661'.
[  408.342371][   T29] audit: type=1400 audit(1770912151.918:585): avc:  denied  { write } for  pid=11451 comm="syz.4.1660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  409.346067][T11472] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1664'.
[  409.470319][T11474] overlayfs: regular lower layers cannot follow data lower layers
[  409.869444][T11478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1666'.
[  409.880746][T11478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1666'.
[  409.890208][T11478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1666'.
[  409.899400][T11478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1666'.
[  409.908354][T11478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1666'.
[  410.199073][ T5806] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  410.526033][T11494] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1673'.
[  410.773982][T11500] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1675'.
[  411.208121][T11507] syzkaller1: entered promiscuous mode
[  411.214986][T11507] syzkaller1: entered allmulticast mode
[  411.620995][T11516] PKCS7: Unknown OID: [4] 2.19.1.0.0.0.4.0.0.0.0
[  411.627471][T11516] PKCS7: Only support pkcs7_signedData type
[  411.693099][T11514] netlink: 'syz.6.1678': attribute type 13 has an invalid length.
[  412.686429][T11527] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input19
[  412.741695][   T29] audit: type=1400 audit(1770912156.053:586): avc:  denied  { setopt } for  pid=11522 comm="syz.2.1682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  413.442781][  T790] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  413.446328][T11546] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.1686'.
[  413.693431][  T790] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  413.702761][  T790] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.710994][  T790] usb 5-1: Product: syz
[  413.716119][  T790] usb 5-1: Manufacturer: syz
[  413.721506][  T790] usb 5-1: SerialNumber: syz
[  413.741332][  T790] usb 5-1: config 0 descriptor??
[  413.749794][  T790] hub 5-1:0.0: bad descriptor, ignoring hub
[  413.757056][  T790] hub 5-1:0.0: probe with driver hub failed with error -5
[  413.831435][T11552] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1689'.
[  413.908963][T11556] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1687'.
[  413.974001][  T790] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  414.134087][  T790] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  414.149670][  T790] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  414.166802][  T790] usb 5-1: media controller created
[  414.190130][T11535] dib0700: tx buffer length is larger than 4. Not supported.
[  414.366062][  T790] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  414.473715][T11534] delete_channel: no stack
[  414.561355][  T790] DVB: Unable to find symbol dib7000p_attach()
[  414.571467][  T790] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  414.647870][  T790] rc_core: IR keymap rc-dib0700-rc5 not found
[  414.663890][  T790] Registered IR keymap rc-empty
[  414.676732][  T790] dvb-usb: could not initialize remote control.
[  414.691685][  T790] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  414.717598][  T790] usb 5-1: USB disconnect, device number 24
[  414.785763][  T790] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  415.005720][T11572] FAULT_INJECTION: forcing a failure.
[  415.005720][T11572] name failslab, interval 1, probability 0, space 0, times 0
[  415.018590][T11572] CPU: 0 UID: 0 PID: 11572 Comm: syz.3.1694 Not tainted syzkaller #0 PREEMPT(full) 
[  415.018622][T11572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  415.018632][T11572] Call Trace:
[  415.018638][T11572]  <TASK>
[  415.018645][T11572]  dump_stack_lvl+0x100/0x190
[  415.018678][T11572]  should_fail_ex.cold+0x5/0xa
[  415.018701][T11572]  should_failslab+0xc2/0x120
[  415.018722][T11572]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  415.018740][T11572]  ? __alloc_skb+0x156/0x410
[  415.018756][T11572]  ? rcu_is_watching+0x12/0xc0
[  415.018777][T11572]  __alloc_skb+0x156/0x410
[  415.018793][T11572]  ? __alloc_skb+0x35d/0x410
[  415.018810][T11572]  ? __pfx___alloc_skb+0x10/0x10
[  415.018829][T11572]  ? netlink_autobind.isra.0+0xd0/0x370
[  415.018858][T11572]  netlink_alloc_large_skb+0x69/0x150
[  415.018881][T11572]  netlink_sendmsg+0x680/0xda0
[  415.018906][T11572]  ? __pfx_netlink_sendmsg+0x10/0x10
[  415.018927][T11572]  ? __might_fault+0x70/0x140
[  415.018961][T11572]  ____sys_sendmsg+0xa54/0xc30
[  415.018989][T11572]  ? __pfx_____sys_sendmsg+0x10/0x10
[  415.019025][T11572]  ___sys_sendmsg+0x190/0x1e0
[  415.019052][T11572]  ? __pfx____sys_sendmsg+0x10/0x10
[  415.019107][T11572]  __sys_sendmsg+0x170/0x220
[  415.019128][T11572]  ? __pfx___sys_sendmsg+0x10/0x10
[  415.019164][T11572]  do_syscall_64+0x106/0xf80
[  415.019179][T11572]  ? clear_bhb_loop+0x40/0x90
[  415.019200][T11572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.019217][T11572] RIP: 0033:0x7fbfbdf9bf79
[  415.019231][T11572] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  415.019248][T11572] RSP: 002b:00007fbfbeec4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  415.019266][T11572] RAX: ffffffffffffffda RBX: 00007fbfbe215fa0 RCX: 00007fbfbdf9bf79
[  415.019277][T11572] RDX: 0000000000002014 RSI: 0000200000000000 RDI: 0000000000000003
[  415.019287][T11572] RBP: 00007fbfbeec4090 R08: 0000000000000000 R09: 0000000000000000
[  415.019297][T11572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.019306][T11572] R13: 00007fbfbe216038 R14: 00007fbfbe215fa0 R15: 00007fff915c6678
[  415.019330][T11572]  </TASK>
[  415.459065][T11576] binder: 11573:11576 ioctl c0306201 2000000003c0 returned -14
[  415.571494][   T29] audit: type=1400 audit(1770912158.709:587): avc:  denied  { connect } for  pid=11575 comm="syz.3.1695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  416.193300][T11601] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1698'.
[  416.343206][T11603] IPVS: rr: FWM 3 0x00000003 - no destination available
[  416.740962][T11605] syzkaller0: entered promiscuous mode
[  416.746686][T11605] syzkaller0: entered allmulticast mode
[  416.757944][T11605] tipc: Started in network mode
[  416.762903][T11605] tipc: Node identity 0ea1dea4949, cluster identity 4711
[  416.770381][T11605] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  416.829772][T11604] tipc: Resetting bearer <eth:syzkaller0>
[  416.852693][T11604] tipc: Disabling bearer <eth:syzkaller0>
[  417.282136][T11629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.292311][ T5947] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  417.315719][T11629] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.577208][ T6620] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  417.612271][ T5947] usb 7-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  417.641048][ T5947] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.667239][ T5947] usb 7-1: Product: syz
[  417.681757][ T5947] usb 7-1: Manufacturer: syz
[  417.815315][ T5947] usb 7-1: SerialNumber: syz
[  417.831247][T11647] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1718'.
[  417.855509][ T5947] usb 7-1: config 0 descriptor??
[  417.900465][ T5947] hub 7-1:0.0: bad descriptor, ignoring hub
[  417.920994][ T5947] hub 7-1:0.0: probe with driver hub failed with error -5
[  418.021763][T11652] netlink: 'syz.2.1719': attribute type 4 has an invalid length.
[  418.097821][T11653] netlink: 'syz.2.1719': attribute type 4 has an invalid length.
[  418.146867][ T5947] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  418.304417][ T5856] lo speed is unknown, defaulting to 1000
[  418.306806][ T5947] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  418.310250][ T5856] syz0: Port: 1 Link ACTIVE
[  418.347723][ T5947] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  418.356346][ T5947] usb 7-1: media controller created
[  418.362342][T11612] dib0700: tx buffer length is larger than 4. Not supported.
[  418.380024][T11611] delete_channel: no stack
[  418.406295][ T5947] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  418.536991][ T5947] DVB: Unable to find symbol dib7000p_attach()
[  418.653983][ T5947] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  418.721546][ T5947] rc_core: IR keymap rc-dib0700-rc5 not found
[  418.730082][ T5947] Registered IR keymap rc-empty
[  418.744248][ T5947] dvb-usb: could not initialize remote control.
[  418.750519][ T5947] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  418.791651][ T5947] usb 7-1: USB disconnect, device number 16
[  418.843567][T11677] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  418.869640][ T5947] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  418.942759][T11677] syzkaller0: entered promiscuous mode
[  418.948348][T11677] syzkaller0: entered allmulticast mode
[  418.954470][T11677] tipc: Resetting bearer <eth:syzkaller0>
[  419.121208][T11676] tipc: Resetting bearer <eth:syzkaller0>
[  419.790318][ T5814] Bluetooth: hci2: command 0x2016 tx timeout
[  422.705017][ T5814] Bluetooth: hci2: command 0x2016 tx timeout
[  423.633142][T11676] tipc: Disabling bearer <eth:syzkaller0>
[  423.644810][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1732'.
[  423.717091][ T5947] tipc: Node number set to 1172683101
[  423.732339][T11731] geneve2: entered promiscuous mode
[  423.737607][T11731] geneve2: entered allmulticast mode
[  423.799433][ T9144] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  423.808824][ T9144] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  423.868869][ T9144] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  423.897059][ T9144] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  423.967727][T11740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1743'.
[  424.018036][T11742] comedi comedi3: pcl812: I/O port conflict (0x8001,16)
[  425.436505][T11747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1745'.
[  425.510632][T11749] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1746'.
[  425.519695][T11749] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1746'.
[  425.664690][T11756] FAULT_INJECTION: forcing a failure.
[  425.664690][T11756] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.700153][T11756] CPU: 0 UID: 0 PID: 11756 Comm: syz.4.1748 Not tainted syzkaller #0 PREEMPT(full) 
[  425.700180][T11756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  425.700191][T11756] Call Trace:
[  425.700197][T11756]  <TASK>
[  425.700204][T11756]  dump_stack_lvl+0x100/0x190
[  425.700237][T11756]  should_fail_ex.cold+0x5/0xa
[  425.700260][T11756]  _copy_from_user+0x2e/0xd0
[  425.700288][T11756]  __sys_bpf+0x243/0x4b90
[  425.700316][T11756]  ? __pfx___sys_bpf+0x10/0x10
[  425.700343][T11756]  ? proc_fail_nth_write+0x9f/0x220
[  425.700366][T11756]  ? find_held_lock+0x2b/0x80
[  425.700388][T11756]  ? find_held_lock+0x2b/0x80
[  425.700404][T11756]  ? ksys_write+0x190/0x250
[  425.700426][T11756]  ? __mutex_unlock_slowpath+0x15c/0x790
[  425.700443][T11756]  ? __fget_files+0x215/0x3d0
[  425.700473][T11756]  ? fput+0x79/0x100
[  425.700494][T11756]  ? ksys_write+0x1ac/0x250
[  425.700509][T11756]  ? __pfx_ksys_write+0x10/0x10
[  425.700530][T11756]  __x64_sys_bpf+0x7b/0xc0
[  425.700553][T11756]  ? lockdep_hardirqs_on+0x78/0x100
[  425.700579][T11756]  do_syscall_64+0x106/0xf80
[  425.700592][T11756]  ? clear_bhb_loop+0x40/0x90
[  425.700613][T11756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.700630][T11756] RIP: 0033:0x7f92ea59bf79
[  425.700644][T11756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  425.700660][T11756] RSP: 002b:00007f92eb3f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  425.700678][T11756] RAX: ffffffffffffffda RBX: 00007f92ea815fa0 RCX: 00007f92ea59bf79
[  425.700690][T11756] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 0000000000000017
[  425.700701][T11756] RBP: 00007f92eb3f9090 R08: 0000000000000000 R09: 0000000000000000
[  425.700711][T11756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.700721][T11756] R13: 00007f92ea816038 R14: 00007f92ea815fa0 R15: 00007fff8aa5d8c8
[  425.700745][T11756]  </TASK>
[  426.542177][T11767] overlayfs: workdir and upperdir must be separate subtrees
[  426.616237][T11778] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.1753'.
[  426.981219][T11781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1755'.
[  426.991020][T11781] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1755'.
[  427.016106][T11781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1755'.
[  427.038236][T11781] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1755'.
[  427.198360][T11783] ip6tnl0: Caught tx_queue_len zero misconfig
[  428.342512][ T6620] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  428.524258][ T6620] usb 3-1: Using ep0 maxpacket: 32
[  428.664863][ T6620] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  428.811747][ T6620] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  428.928718][ T6620] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  428.940365][ T6620] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  428.956246][ T6620] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  428.965536][ T6620] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.973681][ T6620] usb 3-1: Product: syz
[  428.977938][ T6620] usb 3-1: Manufacturer: syz
[  428.982521][ T6620] usb 3-1: SerialNumber: syz
[  429.001494][    C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  429.043740][ T6620] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input22
[  429.252197][ T6620] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  429.277444][ T6620]  (id 0x00)
[  429.411534][ T6620] rc_core: IR keymap rc-imon-pad not found
[  429.417433][ T6620] Registered IR keymap rc-empty
[  429.428368][ T6620] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  429.445654][ T6620] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  429.465852][ T5947] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  429.479527][ T6620] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0
[  429.492531][ T6620] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input23
[  429.700507][ T6620] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:22> initialized
[  430.780055][ T5947] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  430.789128][ T5947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.802737][ T6620] usb 3-1: USB disconnect, device number 22
[  430.857293][ T5947] usb 7-1: config 0 descriptor??
[  430.880396][ T5947] cp210x 7-1:0.0: cp210x converter detected
[  431.439769][ T5947] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -71
[  431.460740][ T5947] cp210x 7-1:0.0: failed to get vendor val 0x370c size 73: -71
[  431.487259][ T5947] cp210x 7-1:0.0: GPIO initialisation failed: -71
[  431.536452][ T5947] usb 7-1: cp210x converter now attached to ttyUSB0
[  431.551816][ T5947] usb 7-1: USB disconnect, device number 17
[  431.577823][T11849] __nla_validate_parse: 2 callbacks suppressed
[  431.577840][T11849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1776'.
[  431.593469][ T5947] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  431.698094][ T5947] cp210x 7-1:0.0: device disconnected
[  431.706280][T11849] openvswitch: netlink: Flow actions attr not present in new flow.
[  432.241752][T11856] netlink: 'syz.0.1777': attribute type 11 has an invalid length.
[  432.636345][T11864] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1779'.
[  432.645420][T11864] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1779'.
[  432.671472][T11864] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1779'.
[  432.680556][T11864] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1779'.
[  432.926171][   T29] audit: type=1400 audit(1770912174.789:588): avc:  denied  { getopt } for  pid=11859 comm="syz.4.1779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  434.220238][T11884] binder: 11883:11884 ioctl c0306201 2000000003c0 returned -14
[  435.153142][T11884] FAULT_INJECTION: forcing a failure.
[  435.153142][T11884] name failslab, interval 1, probability 0, space 0, times 0
[  435.259402][T11884] CPU: 0 UID: 0 PID: 11884 Comm: syz.2.1786 Not tainted syzkaller #0 PREEMPT(full) 
[  435.259427][T11884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  435.259437][T11884] Call Trace:
[  435.259442][T11884]  <TASK>
[  435.259449][T11884]  dump_stack_lvl+0x100/0x190
[  435.259479][T11884]  should_fail_ex.cold+0x5/0xa
[  435.259500][T11884]  ? tomoyo_realpath_from_path+0xb6/0x690
[  435.259522][T11884]  should_failslab+0xc2/0x120
[  435.259542][T11884]  __kmalloc_noprof+0xe0/0x850
[  435.259563][T11884]  tomoyo_realpath_from_path+0xb6/0x690
[  435.259596][T11884]  tomoyo_path_number_perm+0x23c/0x580
[  435.259615][T11884]  ? tomoyo_path_number_perm+0x22e/0x580
[  435.259636][T11884]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  435.259679][T11884]  ? find_held_lock+0x2b/0x80
[  435.259695][T11884]  ? __fget_files+0x215/0x3d0
[  435.259713][T11884]  ? hook_file_ioctl_common+0x146/0x410
[  435.259742][T11884]  ? __fget_files+0x21f/0x3d0
[  435.259764][T11884]  security_file_ioctl+0xd3/0x230
[  435.259786][T11884]  __x64_sys_ioctl+0xb7/0x210
[  435.259812][T11884]  do_syscall_64+0x106/0xf80
[  435.259828][T11884]  ? clear_bhb_loop+0x40/0x90
[  435.259847][T11884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.259863][T11884] RIP: 0033:0x7fc02f19bf79
[  435.259877][T11884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  435.259893][T11884] RSP: 002b:00007fc02ffe3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  435.259910][T11884] RAX: ffffffffffffffda RBX: 00007fc02f415fa0 RCX: 00007fc02f19bf79
[  435.259921][T11884] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000004
[  435.259929][T11884] RBP: 00007fc02ffe3090 R08: 0000000000000000 R09: 0000000000000000
[  435.259939][T11884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.259948][T11884] R13: 00007fc02f416038 R14: 00007fc02f415fa0 R15: 00007ffcb9155088
[  435.259970][T11884]  </TASK>
[  435.259976][T11884] ERROR: Out of memory at tomoyo_realpath_from_path.
[  436.403223][ T6632] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  436.665685][ T6632] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  436.991750][ T6632] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  437.015961][ T6632] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  437.031733][ T6632] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.062181][ T6632] usb 5-1: Product: syz
[  437.076922][ T6632] usb 5-1: Manufacturer: syz
[  437.120819][ T6632] usb 5-1: SerialNumber: syz
[  437.136861][ T6632] usb 5-1: config 0 descriptor??
[  437.153844][T11913] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  437.170692][T11913] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  437.426030][T11913] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  437.590068][T11913] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  437.801904][T11942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1801'.
[  438.081375][T11947] overlayfs: failed to clone upperpath
[  438.253898][ T6632] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  439.741474][ T6632] usb 5-1: USB disconnect, device number 25
[  440.707473][T11985] sctp: [Deprecated]: syz.0.1815 (pid 11985) Use of struct sctp_assoc_value in delayed_ack socket option.
[  440.707473][T11985] Use struct sctp_sack_info instead
[  441.363665][ T5890] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[  441.452474][T12000] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  441.525110][   T29] audit: type=1400 audit(1770912182.983:589): avc:  denied  { write } for  pid=11972 comm="syz.4.1811" path="socket:[42764]" dev="sockfs" ino=42764 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  441.558939][ T5890] usb 4-1: config 15 has an invalid interface number: 154 but max is 0
[  441.577461][ T5890] usb 4-1: config 15 has no interface number 0
[  441.592252][ T5890] usb 4-1: config 15 interface 154 altsetting 7 endpoint 0x9 has invalid maxpacket 1024, setting to 8
[  441.626688][ T5890] usb 4-1: config 15 interface 154 altsetting 7 endpoint 0xB has invalid maxpacket 43051, setting to 8
[  441.637110][T11973] overlayfs: missing 'lowerdir'
[  441.671004][ T5890] usb 4-1: config 15 interface 154 has no altsetting 0
[  441.718041][ T5890] usb 4-1: string descriptor 0 read error: -22
[  441.724462][ T5890] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0002, bcdDevice=9e.7c
[  441.858304][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.879656][T11994] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  441.890502][ T5890] ati_remote 4-1:15.154: ati_remote_probe: Unexpected endpoint_in
[  442.031407][T12013] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1824'.
[  442.124744][ T6621] usb 4-1: USB disconnect, device number 26
[  442.134300][   T29] audit: type=1400 audit(1770912183.544:590): avc:  denied  { read } for  pid=12014 comm="syz.2.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  442.141929][T12017] syzkaller0: entered promiscuous mode
[  442.204649][T12017] syzkaller0: entered allmulticast mode
[  442.272952][T12019] tipc: Started in network mode
[  442.277853][T12019] tipc: Node identity fa8a7b2c7aa2, cluster identity 4711
[  442.310309][T12019] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  442.325897][ T5856] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  442.346765][   T29] audit: type=1400 audit(1770912183.750:591): avc:  denied  { mount } for  pid=12020 comm="syz.0.1825" name="/" dev="rpc_pipefs" ino=43438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  442.372280][T12016] tipc: Resetting bearer <eth:syzkaller0>
[  442.412847][T12016] tipc: Disabling bearer <eth:syzkaller0>
[  442.523940][ T5856] usb 5-1: config 2 descriptor has 1 excess byte, ignoring
[  442.539701][ T5856] usb 5-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  442.554430][ T5856] usb 5-1: config 2 interface 0 has no altsetting 0
[  442.680560][ T5856] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  442.714820][ T5856] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.742317][ T5856] usb 5-1: Product: syz
[  442.749337][ T5856] usb 5-1: Manufacturer: syz
[  442.771132][ T5856] usb 5-1: SerialNumber: syz
[  443.749948][T12013] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1824'.
[  443.759071][   T29] audit: type=1326 audit(1770912184.255:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12030 comm="syz.6.1830" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9b119bf79 code=0x0
[  444.830291][T12013] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1824'.
[  449.566272][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  450.479033][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  450.648163][    C0] sched: DL replenish lagged too much
[  605.015422][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  605.022390][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P12022/1:b..l P5939/1:b..l P12013/1:b..l P49/1:b..l
[  605.034078][    C0] rcu: 	(detected by 0, t=10503 jiffies, g=45009, q=345 ncpus=2)
[  605.041801][    C0] task:kworker/u8:3    state:R  running task     stack:23576 pid:49    tgid:49    ppid:2      task_flags:0x24248060 flags:0x00080000
[  605.056355][    C0] Workqueue: writeback wb_workfn (flush-8:0)
[  605.062333][    C0] Call Trace:
[  605.065597][    C0]  <TASK>
[  605.068514][    C0]  __schedule+0x1023/0x6000
[  605.073026][    C0]  ? sbitmap_find_bit+0x5f4/0x6b0
[  605.078049][    C0]  ? __pfx___schedule+0x10/0x10
[  605.082885][    C0]  ? mark_held_locks+0x40/0x70
[  605.087647][    C0]  preempt_schedule_irq+0x50/0x90
[  605.092651][    C0]  irqentry_exit+0x17b/0x670
[  605.097230][    C0]  asm_common_interrupt+0x26/0x40
[  605.102230][    C0] RIP: 0010:lock_acquire+0x5e/0x330
[  605.107423][    C0] Code: 05 fb f5 23 12 83 f8 07 0f 87 a4 02 00 00 48 0f a3 05 86 99 f4 0e 0f 82 6f 02 00 00 8b 35 9e cc f4 0e 85 f6 0f 85 8a 00 00 00 <48> 8b 44 24 30 65 48 2b 05 9d f5 23 12 0f 85 b8 02 00 00 48 83 c4
[  605.127010][    C0] RSP: 0018:ffffc90000b96d00 EFLAGS: 00000206
[  605.133073][    C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000005
[  605.141015][    C0] RDX: 0000000000000000 RSI: ffffffff8de366b7 RDI: ffffffff8c1a9520
[  605.148952][    C0] RBP: ffffffff8e7e7220 R08: 000000003969918f R09: 0000000000000007
[  605.156890][    C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
[  605.164829][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  605.172777][    C0]  ? unwind_next_frame+0x3be/0x1ea0
[  605.178047][    C0]  ? unwind_next_frame+0x3be/0x1ea0
[  605.183226][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  605.189380][    C0]  unwind_next_frame+0xd1/0x1ea0
[  605.194295][    C0]  ? unwind_next_frame+0xbd/0x1ea0
[  605.199378][    C0]  ? __reset_page_owner+0x84/0x190
[  605.204462][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  605.210585][    C0]  arch_stack_walk+0x94/0xf0
[  605.215146][    C0]  ? __reset_page_owner+0x84/0x190
[  605.220232][    C0]  stack_trace_save+0x8e/0xc0
[  605.224875][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  605.230213][    C0]  ? __lock_acquire+0x4a5/0x2630
[  605.235119][    C0]  ? __lock_acquire+0x4a5/0x2630
[  605.240024][    C0]  save_stack+0x162/0x1e0
[  605.244320][    C0]  ? __pfx_save_stack+0x10/0x10
[  605.249139][    C0]  ? page_ext_put+0x3e/0xd0
[  605.253617][    C0]  __reset_page_owner+0x84/0x190
[  605.258521][    C0]  __free_frozen_pages+0x822/0x1130
[  605.263687][    C0]  ? __free_slab+0xd0/0x220
[  605.268160][    C0]  qlist_free_all+0x47/0xe0
[  605.272642][    C0]  kasan_quarantine_reduce+0x1a0/0x1f0
[  605.278067][    C0]  __kasan_slab_alloc+0x69/0x90
[  605.282883][    C0]  kmem_cache_alloc_noprof+0x241/0x6e0
[  605.288306][    C0]  ? ext4_init_io_end+0x24/0x170
[  605.293221][    C0]  ext4_init_io_end+0x24/0x170
[  605.297965][    C0]  ext4_do_writepages+0x9dd/0x3df0
[  605.303046][    C0]  ? __lock_acquire+0x4a5/0x2630
[  605.307957][    C0]  ? __pfx_ext4_do_writepages+0x10/0x10
[  605.313483][    C0]  ? ext4_writepages+0x347/0x790
[  605.318394][    C0]  ext4_writepages+0x347/0x790
[  605.323128][    C0]  ? __pfx_ext4_writepages+0x10/0x10
[  605.328386][    C0]  ? __pfx_ext4_writepages+0x10/0x10
[  605.333639][    C0]  do_writepages+0x278/0x600
[  605.338203][    C0]  ? __pfx_do_writepages+0x10/0x10
[  605.343292][    C0]  __writeback_single_inode+0x164/0x1220
[  605.348979][    C0]  ? find_held_lock+0x2b/0x80
[  605.353633][    C0]  ? __pfx___writeback_single_inode+0x10/0x10
[  605.359754][    C0]  ? do_raw_spin_unlock+0x145/0x1e0
[  605.364926][    C0]  writeback_sb_inodes+0x72e/0x1b90
[  605.370103][    C0]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  605.375716][    C0]  ? __pfx___up_read+0x10/0x10
[  605.380451][    C0]  ? __writeback_inodes_wb+0x104/0x2d0
[  605.385884][    C0]  __writeback_inodes_wb+0xf8/0x2d0
[  605.391047][    C0]  ? __pfx___writeback_inodes_wb+0x10/0x10
[  605.396822][    C0]  wb_writeback+0x6b4/0xab0
[  605.401295][    C0]  ? __pfx_wb_writeback+0x10/0x10
[  605.406288][    C0]  ? get_nr_dirty_inodes+0x115/0x190
[  605.411548][    C0]  wb_workfn+0x885/0xbb0
[  605.415757][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  605.421535][    C0]  ? __pfx_wb_workfn+0x10/0x10
[  605.426270][    C0]  ? process_one_work+0x80b/0x1840
[  605.431356][    C0]  ? rcu_is_watching+0x12/0xc0
[  605.436087][    C0]  process_one_work+0x9c2/0x1840
[  605.441009][    C0]  ? __pfx_process_one_work+0x10/0x10
[  605.446365][    C0]  ? __pfx_wb_workfn+0x10/0x10
[  605.451103][    C0]  worker_thread+0x5da/0xe40
[  605.455669][    C0]  ? kthread+0x13a/0x450
[  605.459896][    C0]  ? __pfx_worker_thread+0x10/0x10
[  605.464976][    C0]  kthread+0x370/0x450
[  605.469013][    C0]  ? __pfx_kthread+0x10/0x10
[  605.473570][    C0]  ret_from_fork+0x754/0xd80
[  605.478129][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  605.483222][    C0]  ? __switch_to+0x7b4/0x10c0
[  605.487867][    C0]  ? __pfx_kthread+0x10/0x10
[  605.492427][    C0]  ret_from_fork_asm+0x1a/0x30
[  605.497167][    C0]  </TASK>
[  605.500167][    C0] task:syz.4.1824      state:R  running task     stack:25112 pid:12013 tgid:12012 ppid:5811   task_flags:0x400140 flags:0x00080000
[  605.513778][    C0] Call Trace:
[  605.517025][    C0]  <TASK>
[  605.520012][    C0]  __schedule+0x1023/0x6000
[  605.524483][    C0]  ? __lock_acquire+0x4a5/0x2630
[  605.529395][    C0]  ? __pfx___schedule+0x10/0x10
[  605.534214][    C0]  ? mark_held_locks+0x40/0x70
[  605.538951][    C0]  preempt_schedule_irq+0x50/0x90
[  605.543945][    C0]  irqentry_exit+0x17b/0x670
[  605.548503][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  605.554450][    C0] RIP: 0010:lock_acquire+0x5e/0x330
[  605.559616][    C0] Code: 05 fb f5 23 12 83 f8 07 0f 87 a4 02 00 00 48 0f a3 05 86 99 f4 0e 0f 82 6f 02 00 00 8b 35 9e cc f4 0e 85 f6 0f 85 8a 00 00 00 <48> 8b 44 24 30 65 48 2b 05 9d f5 23 12 0f 85 b8 02 00 00 48 83 c4
[  605.579196][    C0] RSP: 0018:ffffc9000fc467e0 EFLAGS: 00000206
[  605.585230][    C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000003
[  605.593168][    C0] RDX: 0000000000000000 RSI: ffffffff8de366b7 RDI: ffffffff8c1a9520
[  605.601105][    C0] RBP: ffffffff8e7e7220 R08: 00000000ed5b1ae9 R09: 0000000000000007
[  605.609052][    C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
[  605.616989][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  605.624935][    C0]  ? unwind_next_frame+0x3be/0x1ea0
[  605.630100][    C0]  ? unwind_next_frame+0x3be/0x1ea0
[  605.635264][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  605.641383][    C0]  unwind_next_frame+0xd1/0x1ea0
[  605.646289][    C0]  ? unwind_next_frame+0xbd/0x1ea0
[  605.651365][    C0]  ? net_rx_queue_update_kobjects+0x37e/0x760
[  605.657402][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  605.663521][    C0]  arch_stack_walk+0x94/0xf0
[  605.668078][    C0]  ? net_rx_queue_update_kobjects+0x37e/0x760
[  605.674123][    C0]  stack_trace_save+0x8e/0xc0
[  605.678766][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  605.684104][    C0]  ? __lock_acquire+0x4a5/0x2630
[  605.689007][    C0]  ? __lock_acquire+0x4a5/0x2630
[  605.693999][    C0]  save_stack+0x162/0x1e0
[  605.698295][    C0]  ? __pfx_save_stack+0x10/0x10
[  605.703197][    C0]  ? __free_frozen_pages+0x822/0x1130
[  605.708536][    C0]  ? qlist_free_all+0x47/0xe0
[  605.713176][    C0]  ? kasan_quarantine_reduce+0x1a0/0x1f0
[  605.718771][    C0]  ? __kasan_kmalloc+0x8a/0xb0
[  605.723503][    C0]  ? __kmalloc_node_track_caller_noprof+0x304/0x850
[  605.730055][    C0]  ? kvasprintf+0xbc/0x150
[  605.734436][    C0]  ? kvasprintf_const+0x66/0x1a0
[  605.739338][    C0]  ? kobject_set_name_vargs+0x5a/0x140
[  605.744766][    C0]  ? kobject_init_and_add+0xe7/0x180
[  605.750014][    C0]  ? net_rx_queue_update_kobjects+0x37e/0x760
[  605.756051][    C0]  ? page_ext_put+0x3e/0xd0
[  605.760523][    C0]  __reset_page_owner+0x84/0x190
[  605.765428][    C0]  __free_frozen_pages+0x822/0x1130
[  605.770594][    C0]  ? __free_slab+0xd0/0x220
[  605.775065][    C0]  qlist_free_all+0x47/0xe0
[  605.779532][    C0]  kasan_quarantine_reduce+0x1a0/0x1f0
[  605.784965][    C0]  __kasan_kmalloc+0x8a/0xb0
[  605.789520][    C0]  __kmalloc_node_track_caller_noprof+0x304/0x850
[  605.795898][    C0]  ? kvasprintf_const+0x66/0x1a0
[  605.800803][    C0]  kvasprintf+0xbc/0x150
[  605.805011][    C0]  ? __pfx_kvasprintf+0x10/0x10
[  605.809828][    C0]  ? mark_held_locks+0x40/0x70
[  605.814560][    C0]  kvasprintf_const+0x66/0x1a0
[  605.819290][    C0]  kobject_set_name_vargs+0x5a/0x140
[  605.824542][    C0]  kobject_init_and_add+0xe7/0x180
[  605.829620][    C0]  ? __pfx_kobject_init_and_add+0x10/0x10
[  605.835316][    C0]  ? rtnetlink_rcv_msg+0x95e/0xe90
[  605.840412][    C0]  ? ____sys_sendmsg+0xa54/0xc30
[  605.845355][    C0]  ? ___sys_sendmsg+0x190/0x1e0
[  605.850183][    C0]  ? __sys_sendmsg+0x170/0x220
[  605.854921][    C0]  ? do_syscall_64+0x106/0xf80
[  605.859655][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.865694][    C0]  net_rx_queue_update_kobjects+0x37e/0x760
[  605.871572][    C0]  ? kset_register+0x1bb/0x290
[  605.876303][    C0]  netdev_register_kobject+0x290/0x3d0
[  605.881746][    C0]  register_netdevice+0x12b3/0x21d0
[  605.886923][    C0]  ? __pfx_register_netdevice+0x10/0x10
[  605.892439][    C0]  ? dev_addr_mod+0x31b/0x500
[  605.897089][    C0]  veth_newlink+0x316/0xa00
[  605.901565][    C0]  ? kasan_save_track+0x14/0x30
[  605.906397][    C0]  ? __pfx_veth_newlink+0x10/0x10
[  605.911402][    C0]  ? rtnl_create_link+0xc13/0xf80
[  605.916393][    C0]  ? rtnl_newlink+0x13b8/0x2380
[  605.921208][    C0]  ? rtnetlink_rcv_msg+0x95e/0xe90
[  605.926304][    C0]  ? validate_linkmsg+0x57c/0xba0
[  605.931294][    C0]  ? __pfx_validate_linkmsg+0x10/0x10
[  605.936632][    C0]  ? alloc_netdev_mqs+0x1163/0x14f0
[  605.941798][    C0]  ? rtnl_create_link+0xa4b/0xf80
[  605.946788][    C0]  ? __pfx_veth_newlink+0x10/0x10
[  605.951777][    C0]  rtnl_newlink+0x1494/0x2380
[  605.956435][    C0]  ? __pfx_rtnl_newlink+0x10/0x10
[  605.961431][    C0]  ? find_held_lock+0x2b/0x80
[  605.966075][    C0]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  605.971422][    C0]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  605.976762][    C0]  ? avc_has_perm_noaudit+0x145/0x3b0
[  605.982108][    C0]  ? find_held_lock+0x2b/0x80
[  605.986750][    C0]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  605.991826][    C0]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  605.996904][    C0]  ? __pfx_rtnl_newlink+0x10/0x10
[  606.001895][    C0]  rtnetlink_rcv_msg+0x95e/0xe90
[  606.006801][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  606.012229][    C0]  ? ref_tracker_free+0x37e/0x6c0
[  606.017221][    C0]  netlink_rcv_skb+0x159/0x420
[  606.021958][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  606.027483][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  606.032740][    C0]  ? netlink_deliver_tap+0x1ae/0xcc0
[  606.038005][    C0]  netlink_unicast+0x5aa/0x870
[  606.042750][    C0]  ? __pfx_netlink_unicast+0x10/0x10
[  606.048016][    C0]  netlink_sendmsg+0x8b0/0xda0
[  606.052758][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.058021][    C0]  ? __might_fault+0x70/0x140
[  606.062678][    C0]  ____sys_sendmsg+0xa54/0xc30
[  606.067428][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[  606.072697][    C0]  ? try_to_wake_up+0x644/0x1a80
[  606.077604][    C0]  ___sys_sendmsg+0x190/0x1e0
[  606.082254][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[  606.087421][    C0]  ? futex_private_hash_put+0x107/0x1c0
[  606.092955][    C0]  __sys_sendmsg+0x170/0x220
[  606.097514][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[  606.102590][    C0]  ? __x64_sys_futex+0x34f/0x4d0
[  606.107501][    C0]  do_syscall_64+0x106/0xf80
[  606.112056][    C0]  ? clear_bhb_loop+0x40/0x90
[  606.116698][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.122557][    C0] RIP: 0033:0x7f92ea59bf79
[  606.126937][    C0] RSP: 002b:00007f92eb3f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  606.135313][    C0] RAX: ffffffffffffffda RBX: 00007f92ea815fa0 RCX: 00007f92ea59bf79
[  606.143252][    C0] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000c
[  606.151211][    C0] RBP: 00007f92ea6327e0 R08: 0000000000000000 R09: 0000000000000000
[  606.159163][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  606.167101][    C0] R13: 00007f92ea816038 R14: 00007f92ea815fa0 R15: 00007fff8aa5d8c8
[  606.175058][    C0]  </TASK>
[  606.178050][    C0] task:kworker/0:8     state:R  running task     stack:27208 pid:5939  tgid:5939  ppid:2      task_flags:0x4208060 flags:0x00080000
[  606.191747][    C0] Workqueue: events_power_efficient gc_worker
[  606.197786][    C0] Call Trace:
[  606.201034][    C0]  <TASK>
[  606.203939][    C0]  __schedule+0x1023/0x6000
[  606.208427][    C0]  ? __lock_acquire+0x4a5/0x2630
[  606.213355][    C0]  ? __pfx___schedule+0x10/0x10
[  606.218178][    C0]  ? lock_acquire+0x17c/0x330
[  606.222822][    C0]  ? find_held_lock+0x2b/0x80
[  606.227474][    C0]  ? __nf_ct_delete_from_lists+0x4a7/0x580
[  606.233248][    C0]  ? __nf_ct_delete_from_lists+0x4a7/0x580
[  606.239023][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  606.244375][    C0]  preempt_schedule_common+0x42/0xc0
[  606.249630][    C0]  preempt_schedule_thunk+0x16/0x30
[  606.254805][    C0]  ? nf_ct_delete+0x547/0x730
[  606.259460][    C0]  __local_bh_enable_ip+0xff/0x120
[  606.264539][    C0]  ? nf_ct_delete+0x547/0x730
[  606.269183][    C0]  nf_ct_delete+0x564/0x730
[  606.273655][    C0]  nf_ct_gc_expired.part.0+0x17e/0x200
[  606.279082][    C0]  gc_worker+0x63f/0x1630
[  606.283385][    C0]  ? __pfx_gc_worker+0x10/0x10
[  606.288119][    C0]  ? process_one_work+0x80b/0x1840
[  606.293201][    C0]  ? rcu_is_watching+0x12/0xc0
[  606.297940][    C0]  process_one_work+0x9c2/0x1840
[  606.302852][    C0]  ? __pfx_process_one_work+0x10/0x10
[  606.308197][    C0]  ? __pfx_gc_worker+0x10/0x10
[  606.312930][    C0]  worker_thread+0x5da/0xe40
[  606.317490][    C0]  ? __pfx_worker_thread+0x10/0x10
[  606.322569][    C0]  ? kthread+0x13a/0x450
[  606.326777][    C0]  ? __pfx_worker_thread+0x10/0x10
[  606.331862][    C0]  kthread+0x370/0x450
[  606.335898][    C0]  ? __pfx_kthread+0x10/0x10
[  606.340455][    C0]  ret_from_fork+0x754/0xd80
[  606.345015][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  606.350094][    C0]  ? __switch_to+0x7b4/0x10c0
[  606.354737][    C0]  ? __pfx_kthread+0x10/0x10
[  606.359295][    C0]  ret_from_fork_asm+0x1a/0x30
[  606.364041][    C0]  </TASK>
[  606.367030][    C0] task:syz.2.1828      state:R  running task     stack:26056 pid:12022 tgid:12022 ppid:5803   task_flags:0x400040 flags:0x00080000
[  606.380462][    C0] Call Trace:
[  606.383710][    C0]  <TASK>
[  606.386612][    C0]  __schedule+0x1023/0x6000
[  606.391107][    C0]  ? __pfx___schedule+0x10/0x10
[  606.396017][    C0]  ? mark_held_locks+0x40/0x70
[  606.400749][    C0]  preempt_schedule_irq+0x50/0x90
[  606.405740][    C0]  irqentry_exit+0x17b/0x670
[  606.410297][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  606.416242][    C0] RIP: 0010:rcu_is_watching+0x82/0xc0
[  606.421588][    C0] Code: 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 24 8b 03 c1 e8 02 83 e0 01 65 ff 0d 90 a7 1b 12 74 07 <5b> 5d c3 cc cc cc cc e8 42 6e 8a ff 5b 5d c3 cc cc cc cc 48 89 df
[  606.441161][    C0] RSP: 0000:ffffc9000f08f3f0 EFLAGS: 00000286
[  606.447197][    C0] RAX: 0000000000000001 RBX: ffff8880b8533aa8 RCX: ffffffff91760201
[  606.455133][    C0] RDX: 0000000000000000 RSI: ffffffff8c1a94a0 RDI: ffffffff8e109f28
[  606.463070][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000007
[  606.471014][    C0] R10: 0000000000000200 R11: 000000000000b712 R12: ffffc9000f08f518
[  606.478962][    C0] R13: ffffc9000f08f4c8 R14: ffffc9000f08f4c8 R15: ffffc9000f08f4fc
[  606.486906][    C0]  unwind_next_frame+0x745/0x1ea0
[  606.491897][    C0]  ? __unwind_start+0x2fb/0x7f0
[  606.496724][    C0]  __unwind_start+0x3d1/0x7f0
[  606.501368][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  606.507489][    C0]  arch_stack_walk+0x73/0xf0
[  606.512048][    C0]  ? arch_stack_walk+0x73/0xf0
[  606.516789][    C0]  stack_trace_save+0x8e/0xc0
[  606.521436][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  606.526772][    C0]  ? __lock_acquire+0x4a5/0x2630
[  606.531684][    C0]  ? __lock_acquire+0x4a5/0x2630
[  606.536597][    C0]  save_stack+0x162/0x1e0
[  606.540901][    C0]  ? __pfx_save_stack+0x10/0x10
[  606.545724][    C0]  ? page_ext_put+0x3e/0xd0
[  606.550200][    C0]  __reset_page_owner+0x84/0x190
[  606.555106][    C0]  __free_frozen_pages+0x822/0x1130
[  606.560276][    C0]  ? __free_slab+0xd0/0x220
[  606.564761][    C0]  qlist_free_all+0x47/0xe0
[  606.569230][    C0]  kasan_quarantine_reduce+0x1a0/0x1f0
[  606.574668][    C0]  __kasan_slab_alloc+0x69/0x90
[  606.579498][    C0]  kmem_cache_alloc_noprof+0x241/0x6e0
[  606.584924][    C0]  ? jbd2__journal_start+0x194/0x6a0
[  606.590233][    C0]  jbd2__journal_start+0x194/0x6a0
[  606.595341][    C0]  __ext4_journal_start_sb+0x32a/0x5c0
[  606.600789][    C0]  ? ext4_dirty_inode+0xa1/0x130
[  606.605702][    C0]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  606.611045][    C0]  ext4_dirty_inode+0xa1/0x130
[  606.615779][    C0]  ? rcu_is_watching+0x12/0xc0
[  606.620514][    C0]  __mark_inode_dirty+0x1f3/0x1600
[  606.625598][    C0]  file_update_time_flags+0x46b/0x500
[  606.630944][    C0]  ext4_page_mkwrite+0x35b/0x1980
[  606.635951][    C0]  ? find_held_lock+0x2b/0x80
[  606.640595][    C0]  ? futex_unqueue+0x133/0x2c0
[  606.645328][    C0]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  606.650760][    C0]  ? vm_normal_page+0x1b6/0x330
[  606.655579][    C0]  ? find_held_lock+0x2b/0x80
[  606.660223][    C0]  ? rcu_read_unlock+0x2d/0xb0
[  606.664958][    C0]  do_page_mkwrite+0x17a/0x440
[  606.669695][    C0]  do_wp_page+0x4aa/0x4c10
[  606.674087][    C0]  ? __pfx_do_wp_page+0x10/0x10
[  606.678911][    C0]  ? do_raw_spin_lock+0x128/0x260
[  606.683920][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  606.689284][    C0]  __handle_mm_fault+0x1ac0/0x2b50
[  606.694373][    C0]  ? reacquire_held_locks+0xce/0x1e0
[  606.699640][    C0]  ? __pfx___handle_mm_fault+0x10/0x10
[  606.705085][    C0]  ? lock_vma_under_rcu+0x17c/0x5a0
[  606.710272][    C0]  handle_mm_fault+0x36d/0xa20
[  606.715036][    C0]  do_user_addr_fault+0x5a3/0x12f0
[  606.720129][    C0]  exc_page_fault+0x6f/0xd0
[  606.724609][    C0]  asm_exc_page_fault+0x26/0x30
[  606.729444][    C0] RIP: 0033:0x7fc02f0707e0
[  606.733837][    C0] RSP: 002b:00007ffcb91550d0 EFLAGS: 00010206
[  606.739880][    C0] RAX: 0000001b2f723ebc RBX: fffffffffffffebc RCX: ffffffff81acf3bc
[  606.747827][    C0] RDX: 0000001b2f723eb8 RSI: 0000000000000004 RDI: 00007fc02ff45720
[  606.755775][    C0] RBP: 0000000000000000 R08: 00007fc02f400000 R09: 00007fc02f402000
[  606.763721][    C0] R10: 0000000081acf3c0 R11: 0000000000000015 R12: 0000000000000000
[  606.771660][    C0] R13: 000000000000c66b R14: ffffffff81acf570 R15: 00007fc02ff45720
[  606.779600][    C0]  ? fpregs_assert_state_consistent+0xb0/0x150
[  606.785727][    C0]  ? fpu_flush_thread+0x13c/0x210
[  606.790721][    C0]  </TASK>
[  606.793724][    C0] rcu: rcu_preempt kthread starved for 9035 jiffies! g45009 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  606.804820][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  606.814791][    C0] rcu: RCU grace-period kthread stack dump:
[  606.820672][    C0] task:rcu_preempt     state:R  running task     stack:28472 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  606.834157][    C0] Call Trace:
[  606.837428][    C0]  <TASK>
[  606.840355][    C0]  __schedule+0x1023/0x6000
[  606.844861][    C0]  ? __lock_acquire+0x4a5/0x2630
[  606.849807][    C0]  ? __pfx___schedule+0x10/0x10
[  606.854654][    C0]  ? find_held_lock+0x2b/0x80
[  606.859322][    C0]  ? schedule+0x2bf/0x390
[  606.863664][    C0]  schedule+0xdd/0x390
[  606.867730][    C0]  schedule_timeout+0x127/0x280
[  606.872575][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  606.878002][    C0]  ? __pfx_process_timeout+0x10/0x10
[  606.883297][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  606.889118][    C0]  ? prepare_to_swait_event+0xdf/0x4a0
[  606.894586][    C0]  rcu_gp_fqs_loop+0x1a9/0x900
[  606.899352][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  606.904633][    C0]  ? prepare_to_swait_event+0xdf/0x4a0
[  606.910091][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  606.915024][    C0]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[  606.920218][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  606.926026][    C0]  rcu_gp_kthread+0x179/0x230
[  606.930701][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  606.935892][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  606.941705][    C0]  ? __kthread_parkme+0x18c/0x230
[  606.946734][    C0]  ? kthread+0x13a/0x450
[  606.950981][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  606.956180][    C0]  kthread+0x370/0x450
[  606.960250][    C0]  ? __pfx_kthread+0x10/0x10
[  606.964848][    C0]  ret_from_fork+0x754/0xd80
[  606.969534][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  606.974655][    C0]  ? __switch_to+0x7b4/0x10c0
[  606.979327][    C0]  ? __pfx_kthread+0x10/0x10
[  606.983921][    C0]  ret_from_fork_asm+0x1a/0x30
[  606.988690][    C0]  </TASK>
[  606.991697][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  606.998006][    C0] Sending NMI from CPU 0 to CPUs 1:
[  607.003198][    C1] NMI backtrace for cpu 1
[  607.003210][    C1] CPU: 1 UID: 0 PID: 1001 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  607.003226][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  607.003235][    C1] Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
[  607.003257][    C1] RIP: 0010:unwind_next_frame+0x14ad/0x1ea0
[  607.003273][    C1] Code: 02 48 89 f8 48 c1 e8 03 0f b6 34 10 48 8d 41 03 49 89 c0 49 c1 e8 03 41 0f b6 14 10 49 89 f8 41 83 e0 07 44 38 c6 41 0f 9e c0 <40> 84 f6 40 0f 95 c6 41 84 f0 0f 85 e2 05 00 00 83 e0 07 38 c2 40
[  607.003285][    C1] RSP: 0018:ffffc90000a07fe8 EFLAGS: 00000297
[  607.003295][    C1] RAX: ffffffff92068e67 RBX: 0000000000000002 RCX: ffffffff92068e64
[  607.003304][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff92068e66
[  607.003313][    C1] RBP: ffffc90000a080a0 R08: 0000000000000001 R09: 0000000000000007
[  607.003321][    C1] R10: 0000000000000200 R11: 0000000000085373 R12: ffffc90000a080a8
[  607.003329][    C1] R13: ffffc90000a08058 R14: ffffc90000a08d30 R15: ffffc90000a0808c
[  607.003338][    C1] FS:  0000000000000000(0000) GS:ffff8881244a8000(0000) knlGS:0000000000000000
[  607.003351][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  607.003360][    C1] CR2: 0000200000404030 CR3: 0000000053c94000 CR4: 00000000003526f0
[  607.003369][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000001800
[  607.003377][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  607.003385][    C1] Call Trace:
[  607.003390][    C1]  <IRQ>
[  607.003395][    C1]  ? process_backlog+0x37a/0x1580
[  607.003410][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  607.003425][    C1]  arch_stack_walk+0x94/0xf0
[  607.003440][    C1]  ? __napi_poll.constprop.0+0xaf/0x450
[  607.003455][    C1]  stack_trace_save+0x8e/0xc0
[  607.003468][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  607.003482][    C1]  ? stack_trace_save+0x8e/0xc0
[  607.003496][    C1]  ? __lock_acquire+0x4a5/0x2630
[  607.003513][    C1]  kasan_save_stack+0x30/0x50
[  607.003526][    C1]  ? kasan_save_stack+0x30/0x50
[  607.003537][    C1]  ? kasan_save_track+0x14/0x30
[  607.003549][    C1]  ? __kasan_slab_alloc+0x89/0x90
[  607.003561][    C1]  ? kmem_cache_alloc_node_noprof+0x25a/0x6f0
[  607.003575][    C1]  ? kmalloc_reserve+0x18b/0x2c0
[  607.003596][    C1]  ? __alloc_skb+0x186/0x410
[  607.003608][    C1]  ? synproxy_send_client_synack+0x19e/0x970
[  607.003625][    C1]  ? nft_synproxy_do_eval+0xa73/0xd50
[  607.003642][    C1]  ? nft_do_chain+0x2e8/0x1930
[  607.003658][    C1]  ? nft_do_chain_inet+0xee/0x340
[  607.003674][    C1]  ? nf_hook_slow+0xbf/0x220
[  607.003688][    C1]  ? nf_hook.constprop.0+0x2a6/0x750
[  607.003700][    C1]  ? ip_local_deliver+0x163/0x1f0
[  607.003712][    C1]  ? ip_rcv+0x2d9/0x5d0
[  607.003724][    C1]  ? __netif_receive_skb_one_core+0x197/0x1e0
[  607.003736][    C1]  ? __netif_receive_skb+0x1f/0x120
[  607.003747][    C1]  ? process_backlog+0x37a/0x1580
[  607.003771][    C1]  kasan_save_track+0x14/0x30
[  607.003783][    C1]  __kasan_slab_alloc+0x89/0x90
[  607.003797][    C1]  kmem_cache_alloc_node_noprof+0x25a/0x6f0
[  607.003809][    C1]  ? kmalloc_reserve+0x18b/0x2c0
[  607.003829][    C1]  ? rcu_is_watching+0x12/0xc0
[  607.003843][    C1]  kmalloc_reserve+0x18b/0x2c0
[  607.003860][    C1]  __alloc_skb+0x186/0x410
[  607.003872][    C1]  ? __alloc_skb+0x35d/0x410
[  607.003885][    C1]  ? __pfx___alloc_skb+0x10/0x10
[  607.003900][    C1]  ? lock_acquire+0x17c/0x330
[  607.003917][    C1]  synproxy_send_client_synack+0x19e/0x970
[  607.003933][    C1]  ? trace_contention_end.constprop.0+0x140/0x140
[  607.003947][    C1]  ? find_held_lock+0x2b/0x80
[  607.003960][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  607.003976][    C1]  ? net_generic+0xea/0x2a0
[  607.003995][    C1]  nft_synproxy_do_eval+0xa73/0xd50
[  607.004014][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  607.004032][    C1]  ? ip_vs_conn_in_get+0x85/0x1b0
[  607.004045][    C1]  ? ip_vs_service_find+0x1a1/0x1040
[  607.004065][    C1]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  607.004084][    C1]  nft_do_chain+0x2e8/0x1930
[  607.004104][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  607.004120][    C1]  ? mark_held_locks+0x40/0x70
[  607.004139][    C1]  ? ip_vs_in_hook+0x9dd/0x27a0
[  607.004152][    C1]  ? ip_vs_in_hook+0xa5a/0x27a0
[  607.004172][    C1]  nft_do_chain_inet+0xee/0x340
[  607.004188][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  607.004208][    C1]  ? nf_nat_ipv4_local_in+0x181/0x730
[  607.004222][    C1]  nf_hook_slow+0xbf/0x220
[  607.004237][    C1]  nf_hook.constprop.0+0x2a6/0x750
[  607.004250][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  607.004263][    C1]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  607.004276][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  607.004290][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  607.004304][    C1]  ? ip_rcv_finish_core+0x80a/0x2220
[  607.004318][    C1]  ip_local_deliver+0x163/0x1f0
[  607.004332][    C1]  ip_rcv+0x2d9/0x5d0
[  607.004344][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  607.004355][    C1]  __netif_receive_skb_one_core+0x197/0x1e0
[  607.004368][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  607.004382][    C1]  ? lock_acquire+0x17c/0x330
[  607.004398][    C1]  ? process_backlog+0x32a/0x1580
[  607.004411][    C1]  ? process_backlog+0x32a/0x1580
[  607.004422][    C1]  __netif_receive_skb+0x1f/0x120
[  607.004435][    C1]  process_backlog+0x37a/0x1580
[  607.004450][    C1]  __napi_poll.constprop.0+0xaf/0x450
[  607.004463][    C1]  net_rx_action+0xa40/0xf20
[  607.004479][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  607.004491][    C1]  ? find_held_lock+0x2b/0x80
[  607.004503][    C1]  ? try_to_wake_up+0x154/0x1a80
[  607.004516][    C1]  ? try_to_wake_up+0x154/0x1a80
[  607.004529][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  607.004547][    C1]  ? sched_clock+0x38/0x60
[  607.004563][    C1]  ? sched_clock_cpu+0x6c/0x570
[  607.004588][    C1]  ? mark_held_locks+0x40/0x70
[  607.004605][    C1]  handle_softirqs+0x1ea/0x910
[  607.004622][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  607.004636][    C1]  ? kernel_fpu_end+0x5f/0x80
[  607.004649][    C1]  do_softirq+0xac/0xe0
[  607.004661][    C1]  </IRQ>
[  607.004665][    C1]  <TASK>
[  607.004670][    C1]  __local_bh_enable_ip+0xf8/0x120
[  607.004683][    C1]  kernel_fpu_end+0x64/0x80
[  607.004695][    C1]  blake2s_compress+0x78/0xf0
[  607.004708][    C1]  blake2s_final+0xc9/0x150
[  607.004721][    C1]  hmac.constprop.0+0x34a/0x480
[  607.004740][    C1]  ? __pfx_hmac.constprop.0+0x10/0x10
[  607.004761][    C1]  ? __pfx_curve25519_ever64_base+0x10/0x10
[  607.004776][    C1]  ? crng_fast_key_erasure+0x1d6/0x260
[  607.004796][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  607.004813][    C1]  ? kernel_fpu_end+0x5f/0x80
[  607.004824][    C1]  ? __local_bh_enable_ip+0x9e/0x120
[  607.004839][    C1]  kdf.constprop.0+0x128/0x280
[  607.004858][    C1]  ? __pfx_kdf.constprop.0+0x10/0x10
[  607.004875][    C1]  ? __pfx_mix_hash+0x10/0x10
[  607.004899][    C1]  message_ephemeral+0x5e/0x70
[  607.004917][    C1]  wg_noise_handshake_create_initiation+0x322/0x610
[  607.004939][    C1]  ? __pfx_wg_noise_handshake_create_initiation+0x10/0x10
[  607.004960][    C1]  ? find_held_lock+0x2b/0x80
[  607.004974][    C1]  ? ktime_get_coarse_with_offset+0x1af/0x240
[  607.004990][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  607.005008][    C1]  ? ktime_get_coarse_with_offset+0x1c1/0x240
[  607.005023][    C1]  ? ktime_get_coarse_with_offset+0x150/0x240
[  607.005039][    C1]  wg_packet_send_handshake_initiation+0x19c/0x360
[  607.005056][    C1]  ? __pfx_wg_packet_send_handshake_initiation+0x10/0x10
[  607.005071][    C1]  ? __lock_acquire+0x4a5/0x2630
[  607.005093][    C1]  ? process_one_work+0x80b/0x1840
[  607.005113][    C1]  wg_packet_handshake_send_worker+0x1c/0x30
[  607.005128][    C1]  process_one_work+0x9c2/0x1840
[  607.005150][    C1]  ? __pfx_process_one_work+0x10/0x10
[  607.005171][    C1]  ? __pfx_wg_packet_handshake_send_worker+0x10/0x10
[  607.005188][    C1]  worker_thread+0x5da/0xe40
[  607.005208][    C1]  ? __pfx_worker_thread+0x10/0x10
[  607.005226][    C1]  ? kthread+0x13a/0x450
[  607.005242][    C1]  ? __pfx_worker_thread+0x10/0x10
[  607.005258][    C1]  kthread+0x370/0x450
[  607.005274][    C1]  ? __pfx_kthread+0x10/0x10
[  607.005290][    C1]  ret_from_fork+0x754/0xd80
[  607.005308][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  607.005327][    C1]  ? __switch_to+0x7b4/0x10c0
[  607.005340][    C1]  ? __pfx_kthread+0x10/0x10
[  607.005357][    C1]  ret_from_fork_asm+0x1a/0x30
[  607.005376][    C1]  </TASK>
[  608.969531][ T5856] ims_pcu 5-1:2.0: Missing CDC union descriptor
[  608.985341][ T5856] ims_pcu 5-1:2.0: probe with driver ims_pcu failed with error -22