last executing test programs:

3m47.012799791s ago: executing program 2 (id=1393):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = memfd_create(&(0x7f00000008c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x0)
ftruncate(r6, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
lseek(r6, 0x1003ff, 0x4)

3m40.27101891s ago: executing program 2 (id=1417):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

3m39.32896163s ago: executing program 2 (id=1419):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x880)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="9b1501000044090000000000000001006d6163736505000800000000000800050000000000000000", @ANYRES32=r3, @ANYBLOB], 0x44}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
r5 = creat(&(0x7f00000002c0)='./file2\x00', 0x0)
r6 = open$dir(&(0x7f0000000040)='./file0\x00', 0x301000, 0x8)
write$binfmt_script(r5, &(0x7f0000000840)={'#! ', './file2', [{0x20, ',0eQ{\xb2)\x8cU\xf5o-\x0eN\xf0\x9d\f\xa6\x96P\xb3\x0eQ\x90l\x117r\x01\xeb\xd6\x9bt]\x0f\xfb^o\x98\x942\xae\xdc\x88\xfd\x9b\xe5\xaa\xffoI\xb1\xdc\x9c\xff'}, {0x20, 'ex\x00\x00\x00I\xc0\x03\xf1\x98\xccn\xe1\x12M\xf1r]B\xdc\xca\x90Isy\x1f\x11F\xfd\xbc\xd5\xa7\xd2\xd6w\x8c\x88\xbfy\xbb*\xa6\xfd\x8cc\xcb\xda\xc1\xde\xaf\x0e\xd8f=7j\v\xe2\x98\x9a;\x8b\xed\xddr\x8ca\\|J6\xde\x17\x01\xe0\xb5\x03\t\xeb\x7fK\x8d\xcfG\\Hx\x12G}U6\xadr\x17\x84\xe1\xc7\xda\xbe<!\t\x15\x9e,\x11q\a\xfds\x82\x8c\xe6\xdc5\x87\xb3\x12\xdb\x00\xf2\xc0v0\xea\xd2\xcdoM\x9a\xb9\xb2\xcf\xa0 \xae\x1fc\xd8em\v\x01\x80-\x8e\x030\x98\xeb\xc4V\xcf\x16`LVX]rj\xdb\xc2\xdb\x99f\\\bEu\xebxj\xc2E\x98\xe2\xf80y\xe8\x986j\r\xb6j\xd7t\xf8\xbc\t\x9ac\r\xb4\xae\x8d\x93\x1b\x95\xe3#\xbb*\xf6\xbe5WT\x91+\xd9.\xc2\x05A\xc7!\x80\'=R\xe8\xaa\xfe\xd6\xbe\xdc\x00'/241}, {0x20, '\x00'}, {0x20, 'ext\xb4\x00'}, {0x20, 'b\x00\x01\x99N\x10Q\xd6;\xf5+\xbb\xab\x16z\xc1%\xb5\xe8\'i\x1a\\\xd1\xecI\xea\xed\x97\xfbt\x9fc\x19%!%p\x1fG`\xd0$\x90;s\xfa\x9f\xaay\xaf%\xe5\x96\xcb0\xf2\xc3\x85\x10%\x15\x8e\xa87\xd1g\xe3cX\xd3\xee`%L\x85\x10\x96\xc3\x9bq\xc4\x9c\xd2C<9\xe5\xbcp\xafv\b\xfdj\xfc*\xba\xf40\x84\b9\x1e4\x14\x96\x97\xf1\xd7\x92\xb0\xe43>\xccl\x91[(\xc9\x02\xa6PG\xa0\x05\x1d=D\xb4s\x00\x00\x00\xb0>0O lA\x04\x9e\xaeS\xb6\x10\xedWy[Ye\x14\xc5%(\xab\xbe\x8e\'\x8f\xd8\x18\x16\xb7Zl\x97\f0\x9f\xd1\x83$%xcT\b\xe5\xd7nh\xac\xddc3E\xe0\xa4\x1a\x00\x00\x00Hs/\xfb\xfd\xfd\xba\xf2\xea\v~\x01'}], 0xa, "98ffe8aad4600ffdee7f7b202931869cc0ebacd18510f00086b7cfc47a9bb2364d0e71c2b5b49098730314083ca6615f519627f3b13bfb830561b098cdd2d850cd14ad89e90acd0d1d71019292fc34c5050b90402dd2a24a5700"/103}, 0x275)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, @void, @value}, 0x94)
write$qrtrtun(r5, &(0x7f0000000100)="ca0e808bb35bda15a08769bcd5107053eaafa98740f8cb9694c01f00"/48, 0x30)
write$qrtrtun(r5, &(0x7f0000000480)="06375468d886d8f58187445ffe34fc2cf9f144f6122487386e5fed8ee07cb6f6b4787ad3b273e0bed92a69f869883a32f9575a046e3bb2957cf5402fdc253e6e63bddcf97ea0578999706c43d97e005e0fe78828c7207f7af5e7196be5203c92898db9294207ed43c4dd7dd54dd6576d7627e493d9e919980c05405e9790955316e516d3c6b4b958958f1224927db9b02da2239307c7095020467a5b5bce55c115fef0a41f82fde0c0e34e049be9688ced6d13e6645d1e6b468730fd8a6cea2fffd8ec9f988b2d3c662070e0307383c12421f391c48a25c3d866455328e08591e5bdd241bec1df6869a7e75cbc5ac490e79247fb65e13144b7fa47fdad888b64b12e2ec8cf890418b554b329", 0x10c)
write$qrtrtun(r5, &(0x7f00000016c0)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930e9268649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f403000000203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b671ff8b0bf20420c462aa1bb93218edaa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725416101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f84", 0x28f)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r7, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40)
bind$l2tp6(r4, 0x0, 0x0)
bind$l2tp6(r4, 0x0, 0x0)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCFLSH(r8, 0x40204706, 0x20000000)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x0, 0x0})
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)

3m38.412446612s ago: executing program 2 (id=1422):
socket$netlink(0x10, 0x3, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = add_key$fscrypt_v1(&(0x7f0000019100), &(0x7f0000019140)={'fscrypt:', @desc2}, &(0x7f0000019180)={0x0, "f797ab8d04b8ed8bdd69239b18c43b447c0eef76ddfff5f399c521619b559baaea1f0f15811e1de1def8d731e98b0969ddfd64199d44e4d76edcc3722a537541", 0x2e}, 0x48, 0xfffffffffffffff9)
request_key(&(0x7f0000000000)='trusted\x00', &(0x7f0000019080)={'syz', 0x0}, &(0x7f00000190c0)=',\xca\x00', r3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000019200), &(0x7f0000019240)=0x4)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000019280)='syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r4, &(0x7f00000192c0)='cgroup.procs\x00', 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r5, 0xc0485630, &(0x7f0000019400)={0x2, "51d0e733342caeabe0261cb53a51d1786ca6ea9e83592c0bde57fc25a12b3525", 0x3, 0xffffffff, 0xfffff545, 0x8f0d92, 0x2})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f00000193c0)={&(0x7f0000019300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000019380)={&(0x7f0000019340)={0x38, 0x140d, 0x400, 0x70bd2d, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x94}, 0x800)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r7, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
read$FUSE(r6, &(0x7f0000001300)={0x2020}, 0x2020)

3m37.345421001s ago: executing program 2 (id=1425):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x4634e85576f00408, &(0x7f00000004c0)=ANY=[])
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f00000001c0)='.\x00', 0x20000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)

3m35.752135935s ago: executing program 2 (id=1431):
gettid()
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)="f9686a9fa204621d690a0e3a96cf863098c16937d9899e32bdce00d033e1c6820155940059493444553473fedc8b5ec6e08c40b811a791503021d4e4c14e529722cba2", 0x43, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x18}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x75a8, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
userfaultfd(0x801)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r5 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000040)={0xa})
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000200)={0x0, 0x56d1, 0x2, "5a0f"}, 0xa)
writev(r0, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x3000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x78, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4c, 0x3, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x3c, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x35, 0x1, "299246c8790c329b9b21c709e5bde740667dacbfa315d9435694f397a882b3f08e609ceb866040a2100c9ec9eac4261c62"}]}]}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x128}}, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r0, 0x0)

3m20.599360407s ago: executing program 32 (id=1431):
gettid()
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)="f9686a9fa204621d690a0e3a96cf863098c16937d9899e32bdce00d033e1c6820155940059493444553473fedc8b5ec6e08c40b811a791503021d4e4c14e529722cba2", 0x43, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x18}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x75a8, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
userfaultfd(0x801)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r5 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000040)={0xa})
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000200)={0x0, 0x56d1, 0x2, "5a0f"}, 0xa)
writev(r0, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x3000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x78, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4c, 0x3, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x3c, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x35, 0x1, "299246c8790c329b9b21c709e5bde740667dacbfa315d9435694f397a882b3f08e609ceb866040a2100c9ec9eac4261c62"}]}]}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x128}}, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r0, 0x0)

1m35.412679057s ago: executing program 5 (id=1479):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r11, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

1m17.622465979s ago: executing program 5 (id=1479):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r11, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

53.845825565s ago: executing program 5 (id=1479):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r11, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

40.61101449s ago: executing program 5 (id=1479):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r11, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

36.823481184s ago: executing program 3 (id=1949):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
close(r3)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000001c0)={{}, @host, 0x2, 0x8, 0x200002449, 0x5, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x8000, 0x7, 0x0, 0x0, 0xfffffffe})

33.685965313s ago: executing program 3 (id=1949):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
close(r3)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000001c0)={{}, @host, 0x2, 0x8, 0x200002449, 0x5, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x8000, 0x7, 0x0, 0x0, 0xfffffffe})

27.219880535s ago: executing program 5 (id=1479):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r11, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

18.590405804s ago: executing program 3 (id=1949):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
close(r3)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000001c0)={{}, @host, 0x2, 0x8, 0x200002449, 0x5, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x8000, 0x7, 0x0, 0x0, 0xfffffffe})

15.66373306s ago: executing program 3 (id=1949):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
close(r3)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000001c0)={{}, @host, 0x2, 0x8, 0x200002449, 0x5, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x8000, 0x7, 0x0, 0x0, 0xfffffffe})

7.340579692s ago: executing program 0 (id=2068):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000140)=0x9)

7.300041484s ago: executing program 0 (id=2069):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0xf4, [0xdb, 0x2, 0x4, 0x9, 0x5, 0x953, 0x8, 0x3, 0x0, 0xb9, 0x9, 0x10, 0x8, 0x8, 0x0, 0xfff3, 0x4, 0x3ff, 0x5, 0x7, 0x81, 0x0, 0x2, 0x8, 0xe, 0x9, 0x3, 0xff, 0xffff, 0x4, 0x4, 0xfffd, 0x8, 0x0, 0xffeb, 0x0, 0x108, 0xfff, 0x8, 0x1, 0x365a, 0x400, 0x6, 0x8, 0x4, 0xfff8, 0x100, 0x9], 0xfffffffe}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0585605, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000240), 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc0405627, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
eventfd(0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0)
r3 = socket(0x2, 0x3, 0xff)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000400))
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r3, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}]}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000500)="7dcc2c9d4eaf588822e6a9cc8eec13d9754bb76c", 0x14}], 0x302}}], 0x2, 0x0)
unshare(0x44040000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
r4 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
r5 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0)
lseek(r4, 0x1, 0x2)
ioctl$VHOST_VDPA_GET_CONFIG(r2, 0x8008af73, &(0x7f0000000000)={0x0, 0x3e, ""/62})

7.21495448s ago: executing program 0 (id=2070):
r0 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x20}}, 0xfffd}, 0x90)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e24, @empty}], 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x101000)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000000c0)={0x0, 0x4, 0x0, 0x0})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000340)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r6, 0x113, 0x1, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)
r7 = userfaultfd(0x1)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x1000000, 0x0, 0x0}, 0x0)
syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r7, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000000))
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000100)}, 0x20000000)

6.952269854s ago: executing program 5 (id=1479):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r9, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r11 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r11, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

4.888040791s ago: executing program 0 (id=2072):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b408000000000000731142000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x8, 0x0, 0x0}}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002380)=@newtaction={0x54, 0x30, 0x1, 0x0, 0x0, {}, [{0x40, 0x1, [@m_gact={0x3c, 0x8, 0x0, 0x0, {{0x9}, {0x10, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x17e3, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000000c0)={0x2, 0xc8d, {<r1=>0x0}, {0xffffffffffffffff}, 0x4, 0xf})
sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, &(0x7f0000000540)={0x1, @sliced={0x0, [0x12a9, 0x400, 0xea, 0x8, 0xffff, 0x3, 0x6, 0x8, 0x83, 0x1, 0xe3c7, 0x5, 0x6, 0x8, 0x9, 0x200, 0x7, 0x9, 0x5, 0x3, 0x1ff, 0xad3f, 0x5, 0x4, 0x0, 0x0, 0x6, 0x8, 0x101, 0x515, 0x7, 0x2, 0x5, 0x9, 0x2, 0xfc00, 0x10, 0xfff, 0x9, 0x23, 0x38, 0x4, 0xfff4, 0x675, 0xa, 0x6, 0x800, 0x8], 0x3}})
socket$alg(0x26, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002340)={[{@quota}, {@huge_always}]})
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f00000004c0)="de4a753fc2ddada207741dffbfc4320f46f4a1b834f03eba3d05806da7ca64b4230e32b80bbb0bd8a20df3ceadae732994c30663d0e3c9534f7d365d3b28ab7cba0435fa0ac385eeb9d48ea11ec2f361351817c319d226d8badeec835192d296fb9ce5ce835962bf53158ca4042aedf05141d4ba28bfe7e47edc059f450342b741ca263a3e283e72a059ce3d009365ac4ee056d42d478e24b75f6a376f90287aac3c7dd60b0abc13dde44499fe13456215010303de2248b63a1c76bcebf9c1e26920b86c36d1aa2cc4c27cba361cf99674790775a0e56b925ebefc8df75166c5df04d5731da9bf832ed0c0895ebc3f2fc367c69fb5f6a1168d32be9aee24ed6a16a7e049419194b2287b05f09a4e16ef6aa35536950be3fc2b38a29b6ff14c2b2dafeb6cb69ca1748ab82d0fb93b880dfa6f83b468d99a0f118f9a7ca64aca79e5294edcf190aba5a659fed3a737630910a79c28715971c4bf8546f7260ce5b95a2779cdbaf23ca0086735b61001b6a88a8acf3463878732c853c6db752da9094695f0959206cc7e588d7ba4f915467a7f38116b349673eadbb28682f9e9c1f6b2094aa185c4e42e24edbe8d2d584a19fae98c6b743d907d2f33032c6d14fa7381e74ef0efa19a9c922ae9a490419392050d777d42c8d488c98da0430d397e04a4027cae18aecd9ac9e80f52312e5eb106b04e81804f770f5f24e3c235e192cbe0b8f67c64fe3a680642b64822e3addb7432156eea6cb44f11aa3ccf9d4a1bd99b900ca5764f62f217acc80ce315aa8c04efb0ea382b3987cafbe248bd027e3eadaf59c5ce12d4de7dffe86f91bda52aa37e00a1f9d97922db5b7f93992a43425485e65f051ffc7938dd8506bc581c2baefbe0aebdf8ac7aa588d5dd8074b6d9b7bc43daef6f60293fbb21738ae9563dcc4cf8c1785c5a1bfb8eebb7cca592007fb5331c2eba852cbe6a54a544ec4bf60ecacd6474ac9c9f0c10700f1f00ee46b6dfb710c4d7fce392bbd707565a054cb556a177b0d686187897ca2fa7d2f9d55c2b48b6a6803b75e198cba0d672e5cde5fad7a9f6a7d284fa33207fe35aa90aee83865a8b3c6354f3a4bde2d57a43a7cde4bbd49eadb474847cfea142e3c516fb2d9f4c3f949978128e6472ec96e08f52a305ac8be2e2c0b01439bf5d49da8a90d963ce93f7af67578b844005fd3242a5744f0fbc6f2961103c99d7937f27bbd184c742338d8ba19ee04c1ae1af1aade5a9bc7c6be91b28b2db79f4f709834ada9968974b5f6c3732d3988e190982b1483a71abb38a7e71b8da37c8bd54623c671a29ea5223010174fa6292ee2faea2a71bdda476a07f44b205627ab229a6a61e87988757b14ca40742c68111d5a979d185131b984c09c43758974d3400644be1a6eb347e7c55dfa5f43bc344ed4d780d6e977c4d196a1728681ac48a986898d7309c5d6edbd5f772b8c04dd72e74a3f37beffb971bb99287f7d02af6d0eec58f1cd4aa763949469e6e218fe2d675ca2373aae114141d6306b3d172ab6b9b8492cf511d5b587daba9c0676beebbfae13bde5ae31e0b070e8b3b4db92198c912fa9bf0b30df6d72fa4c685bcba415a9ceee6f2b2afe7dd9c4cdab0e965fd89b63df14f33cccddc33d47ae75c0aa29587398b83a1c384e63732141c559198472f61a2ff3fbe8868fc70a14ac886627f06ba68bc22c3cb46dd5cf48dfbbd317202288e7be3c37219b821370b1ed2ce5454a2fe365680032bf22ddc1f47f6c8af60361460038af975498059cb21378b3e3098da676390d898516e91ab0868d7eecc2d418ac637d24629817c0e5fb0d68e7663a49510090a7ae108e3c8e04ec5752a82ab8bb4d294ff4c4e5fff2785fb1da31b31948481fd51c2de689dc861dcabd2f66b2950614f89fefbd154a8e49138817f697948c52edd77dfc93f4bc697c5e965c239e520815ffbb3491d2333654096f6b5708f60c16b5caca267c7a0805756c98e3331464860f02ab04c9c7f458cdc59439edb15ae8d8d470e3a44a6e42d25609d59179872ec3ec2b7552153c3daeda3b0b1bbaee7e979380a78dd48ae1e508a81aaefaf4f6de4bda80f6fabd7df57ace50be6ccde9acc949a2c032755182fed0b9581b5ec3b5ec6c56b3850787af89ba7c0148e096a2e23b721897699c7a64bc2c5b98791da0d4cd0239a38167995e80be50066b716f82ee4f6c088567dacfefb2cecc156af8223cf64dab6f73f46b096c62401db5836a4e5ad3328e947fe4906651201d6dcf7b6192ce2b5af55b9408ee8776acb66b1671695df404d2910b11cc6e7239a255030a016167a3a3bb96455bdd101d914e7f2837314f4212acfb3ca5fe7c8aa080acbcd324a9d164b7ac9746f474564ab66a3fc22f7081aca1eabaa61f9339259364daf792900a1c66804bb8077229f817879107077b91cd5d4899364beb286168d40bec6331ea24b0d377c3359d78debbabe6e91746c348d1d49fb18d7b3a9126f477bf736a6bddc52ba70ac58059b246e73e21bfcd097a7db9a9be67e9cf705dbd06d80a8ecf59f810e07e58885cd6e3701d9cce1ccaa18a22463eea972806f382f3a02c88fddaa20ab3451acf0ed48dc5e43165aa26558755a109a511d7624d98f7006e4bf661ae0d9b16af5eb99284a88622294b9a47b82faca542049b0f4e82d757546b6cfc48db4472ccff29e7c2e33f88065dcef65be64ef0a906500266247f1abf90f11c54500474fe1e41a6de6736895932649e842e6", 0x7a1}], 0x1, 0x0, 0x0, 0x2004040}}], 0x1, 0x0)
r6 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502"], 0x0)
syz_usb_control_io$cdc_ecm(r6, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xc38, &(0x7f0000000300)=ANY=[])

4.885406207s ago: executing program 4 (id=2074):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x22010, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000021c0)=[{{&(0x7f00000005c0)=@file={0x1, './file1\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f00000002c0)="b71d438647816c1fb1590a76012c1d2495f539c62819fadb18def9017b8d2db29f5a2b40ddbc76", 0x27}, {&(0x7f0000000380)}, {&(0x7f0000000640)="b0669a5e4c0552932f96cef1315177c1470ea99dc3d6af6d63238283b8bbe0981634edfa23d0f2c1eda557925b9ea318f3376684768199f79d5b8ef3098520d761f19ebdcd4fc70e7181144d61e9bd281e3c108de71a390cbfef9763bd8ff8102f3234c50b8cfedcd95d4275f4ee8dacf54e02f3b2c1d409f1472b7d4c03bb61d13f0902200098dcb91c8dd4d962c8a8dad64bbce8b2ecf166b984dfaa91", 0x9e}, {&(0x7f0000000700)="c1f5319249b2fbde90160883c0922c2d359cd234dd84d3640e841a8eb5e33d86a879cc5091664f825c8c62085f8d05813289eb41cc6766a9f52d70089f5634e5d4d7b46169702f99ddde99709f6f3c2c8f24b0b3d11f334ec9e9576fed16367d69b46dedc6b5cb9c3a3e9a6d5a", 0x6d}, {&(0x7f0000000780)="1af6745682e89ef27466334547776603217558683b4ea80ab4a85fd95377bd4df37a259b60d36038ff73aec401649f0a0ca5a8c178eec6660fad4ce612e9cf03c646feb75b328f0beee2de71de8c345505d300733575d9a9c9ef5d5a42cc35a65044efd433c8e9b5c9aa743bc50fb5fc4c69fe49ada264a46a353f428b433a3dc80e54bd0f095d971c5939665a84f2e3f986d7", 0x93}], 0x5, 0x0, 0x0, 0x8001}}, {{&(0x7f00000008c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000940)="ed4a1a0c6f1ff30a4547e43665b5ca6287e51315d4925750f8e19757b806ec57fb881bc5bdf5089af4c8ce67755b8b8c3c8dc1beaf20fa0fbeb297e7a6dc809002d4032b0dd616ee72939b7c2e95e71a8203f7d37d9f358d7a2570574221a4b5edd71f1d457dcbdd17a10725b0227bdd272bd8929cef83d014296502694f55a3db7288705e6188ed5b141852a8c67cf2cdbcab00d30156ab3c0abf075291b09a359e2592", 0xa4}, {&(0x7f0000000a00)="6225d9df132fe89fd443ffa396d723a2d8fd2c4da7193adbe369934b68bfc6f5b68f0c5c0512dfdd02ed63d1e080e3a53fc0335e3fc56362a42bdc85dba3851d7adeab69bb222383a32ef4876df14995cf24da294d48576ad59eaa571457f0cf19f80f965aa430af47f3ef3ecdce4428e45171c4313a21179ca190e833166d6e116d85b671b980afc72d46440477aae66e5479a779f93d20f84e32be5307611cd89fd5ba1aa83809adc69fa7370892a97bfcf6ad293111d36ec2fbcf4865e3eeb8ea078778b6cf2625e777c260e9ace375d345120fc5065660b1ffe03afc0d1e1cadf3c2d6a1d98c813200223c417d", 0xef}, {&(0x7f0000000b00)="446b873fbefdfa5b812a99c789cdf2e57ba42c611d3844b42c137b15eca8e1d68c0d255ba74fa3f5b8570bd226cbac8ca68b27fb90f828d7e4b8e6c993272eb502ba2007777fe80e930b92586fa90b4f6e804451af33666a72da3d37d6142869c18adb99af58d8a801f5faa366233e981438838f158d1025e39a2c4720da85e3a283d120b3e6ab935cee887b70a9cd4e87b007bc7d5b5464b0e5a64320ca062ec6be1ccc3e7392c0b31d548c86df2935e43206d39faa", 0xb6}], 0x3, &(0x7f00000010c0)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x30, 0x1, 0x1, [r1, r1, r1, r2, r2, r2, r1, r2]}}, @rights={{0x1c, 0x1, 0x1, [r2, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x24, 0x1, 0x1, [r2, r1, r2, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x34, 0x1, 0x1, [r2, r2, r1, r2, r1, 0xffffffffffffffff, 0xffffffffffffffff, r2, r2]}}, @rights={{0x38, 0x1, 0x1, [r2, r2, r1, r1, r1, r2, 0xffffffffffffffff, 0xffffffffffffffff, r2, r1]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}], 0x178, 0x4000080}}, {{&(0x7f0000001280)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000013c0)=[{&(0x7f0000001300)="3d868c4b6c282f3c04120fdeb1f0c384f11d4394f7053ee6db0505151501d0a35eb801fc4696bbf6a403b41ce961a976d3f5473fb674db37454224a59afcd84923dc62b32f7316caace4d2610dbd46e3a781e3b05b1f01921ba9a7a8fd7ba4d607dc99774a5acf3b3a4cdbee94e14855eea0f9d4b2ce725aec9c4a93c7050ef02c862a803b407f3dae0b2ae226", 0x8d}], 0x1, &(0x7f0000001500)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x50, 0x4}}, {{&(0x7f0000001580)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001680)=[{&(0x7f0000001600)="a06156c120d21ec7c72b67c62eb0d265d37c8f34908679922967dad35785e86efa571b046d2a8b84735c9591edc2ae6c66ab6f305ddbab5bb14933ed4d75273a9ae25a623c55dbbf592d71bcf04b5a7f70488dc6239643a4e87eda70e088dd9f7daa4d4a29416640dae15d", 0x6b}], 0x1, &(0x7f00000017c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r1]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}], 0x60, 0x20000090}}, {{&(0x7f0000001840)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000001c40)=[{&(0x7f00000018c0)="cdfaca4800505dd0b3011a50ed6994c84f952af995d7cc20058a3712a9014bbdafe9e08b01ef2f8cfa", 0x29}, {&(0x7f0000001900)="a0cfc55b09c12a3a0faf24ab1c8def4603d240885aae8108511a12c3768834ce024f134087c92364fb96fc47843a185d2e9e01e87675172fde12b54eef9ac8da04c014303b9999c5812be50da0b2a7502420ffa69c36b667ae6615280ba5d98a4f3b5045f2caa5e1c16c5f72b107e2edb252b994c0c2416a0c319bdac3e791de611615f7534a56c033e1a77ea19c3d5ac25636e5a1b8378a9afba273cf6dc135ecec857ac18673410168a50885f0b34d1936a59aed608ec4b9bba7021f9548ec4cba15a1c12364a915ae6ecc2d7b12a69316d10a822bd27a49961664ae2ef675f95c76b04f", 0xe5}, {&(0x7f0000001a00)="b05807c0c3645e8877434ee7ad7e2fe4923ebfcbf91f76868d9822bcd9c9dfb0fb01b03049ac03463823b35496acded6ccdf708a641201883c7d051b8f98c6265c14ab6aa5f14708617b38b817150f4c4c55ca0ef94ab7b9e0c44861b9d36efb94b67d56af465be9ad2287db5ca260c7765390b98a30e738d69db2280e77090eed96d50f7f27a947b4dbc0c4a2875c93a470d9c61e20373fc85ead6bddf3af8edf336b35bd1e4a", 0xa7}, {&(0x7f0000001ac0)="d66f24c506460c8e6018c62f6260f106fa1f647c291812779b1f1d1cb8eb76532d605b1f56c35cdf23a6ac8cc7000299e1660cb40d085d9737f9d70753", 0x3d}, {&(0x7f0000001b00)="24fe4e0b8350095498962e51f825b9d31e8d6ac3a3f2ba0836110f196eff29120f3eddad81be69", 0x27}, {&(0x7f0000001b40)="727e62eb86693432d29b300ef31d13fa45aa31e3c140c564d72defec25f37c5dd095537dccafded91920c8efc1af525e019d5d51d40aa7d31659e0c677b9e55f6bbf423572f543884e420ea5231876cf99315d61bb2b82f74a9a5e6febc342774c502cfcb8737e919c87dd6f769afeac477976ea0b17260cd7907f5b28005a4b98b4f5ac96c81c488dc5ec572aa1b75d01377e65ddca4723e1f5238ea195825bcf85f94e8e486e1109be8a8771f19b01cb6e7f8781f0ac96561be4d77f289fa7c4f7a60827c6981f2b0101182fbc52d4ad8e797a52bb2ea2", 0xd8}], 0x6, 0x0, 0x0, 0x4}}, {{&(0x7f0000001cc0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000001d40)="d1c550ee82270e1107c925cb7c212b0421926160e9c99b2033908e977e9dd7e286883cd6059a94bfaad9e23ce6949eba6005ec9b1285d814018cf81257ad4bbaf6faee00911f7e7aa9c4ca47ba79c0ddf1067d27a1e4e2e46fef0fb8ebf9dde75cc12a4a59709cf48c234f96641f6cc8143d7b5ea94ee62463be4801b2681032b5a59eb7db70d46b003ddfbd", 0x8c}, {&(0x7f0000001e00)="81335d9d1138acf4afb1a8b9f05e2a262b00f74ff1b7451eeb32a22b6ea6711524cbb4698500db02ab2631b2a656243319bb0d5f2ad16e54381fce6e3e5be3e78a3ba68794a589098271f5e5cd42d8ff270c96d8dcfe4da52e2f192b371af349d3433e4febd74693ca996895cc9dc1750f1e3c6fb961b5897c992137bdc4ae190fe8f01b134b624ab5be939125cd16039110d6a069be810194f83be4eae5a6c2d531910c8de059332bedfcd207f5bab22c2424a8de561bbce9241afaf73b69bd8a97a37bad6a99a156ed2727b6cd23", 0xcf}, {&(0x7f0000001f00)="8c378b1abff8dd291a20f2792bbe42bf89b117704cedfac42177cd6313fe46e135066a1f59a14426001c99d6bc0fe3490f86652e955534d6c080142f4d6a58cf766b42355122c348e2061aac8aad1e769b56bfdc7b88963782ce27271aefa7c05291d8fc9bd9aef29fa79db26d4b40f14c8dba53d2c9a0d0d3c41ad524ff2f180092debe46416684a8744bab0c1f230901b9667e93d000feb4127ac563615adc01c8d75dc9e2949508e81c4d8e6e0c", 0xaf}], 0x3, 0x0, 0x0, 0x4040881}}], 0x6, 0x40)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(0x0, 0x20076, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4}, 0xe)
listen(r3, 0x3)
pread64(r2, &(0x7f00000004c0)=""/233, 0xe9, 0x3)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
accept4(r3, 0x0, 0x0, 0x800)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x5)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = socket(0x10, 0x80000, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x0, 0x0, 0xfffffffe}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001200010a000000000000b03d1a020000"], 0x14}}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})
open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r5, 0x29, 0x37, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000dbc2b99a77516f3a000000"], 0x8)
setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0)

3.916463607s ago: executing program 4 (id=2075):
r0 = socket$kcm(0x21, 0x2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x6, 0x11, 0x0, 0x2000e881)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sg(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)
semop(0x0, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x6, @local, 0xb}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0x1}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x14a)

3.783551676s ago: executing program 1 (id=2076):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000000000", @ANYRES32, @ANYBLOB="0100000000000000000000000000008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsopen(&(0x7f0000000240)='qnx6\x00', 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, 0x0, 0x0)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x3, 0x0, 0x1000}], 0x1)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x61, &(0x7f0000000680)={'filter\x00', 0x4}, 0x68)
munlock(&(0x7f0000e4a000/0x1000)=nil, 0x1000)
mlock2(&(0x7f0000ea2000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@dellinkprop={0x4c, 0x6d, 0xc19, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_PROP_LIST={0x18, 0x34, 0x0, 0x1, [{0x14, 0x35, 'nr0\x00'}]}, @IFLA_IFNAME={0x14, 0x3, 'veth1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8}, 0x4040)
map_shadow_stack(&(0x7f0000ea3000/0x4000)=nil, 0x4000, 0x1)
r6 = socket(0x10, 0x3, 0x0)
sendto$inet6(r6, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d0a000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160004000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)

3.264987482s ago: executing program 4 (id=2077):
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00', 0x40})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0)
ioctl$FBIOBLANK(r1, 0x4611, 0x5)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r4=>0x0})
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000280)=0x7, 0x4)
bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r4}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r5=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r5}, 0x18)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000440)={0x1d, r5, 0x0, {0x0, 0xf0}, 0x2}, 0x18)
recvmsg$can_j1939(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
close(r2)

2.516196796s ago: executing program 1 (id=2078):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x74, 0x3, 0x1, 0x3, 0x0, 0x0, {0x7}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}, @CTA_PROTOINFO={0x38, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x34, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0xa23}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xff}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x9}]}}, @CTA_NAT_DST={0x20, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @private2}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x8010)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})

2.352681747s ago: executing program 1 (id=2079):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
ioctl$BLKSECDISCARD(r0, 0x127d, 0x0)

2.348347588s ago: executing program 1 (id=2080):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x12123, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d8c, 0x0, 0x1, 0x250}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, r8, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r5, 0x8aa, 0x0, 0x0, 0x0, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r9 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000100002100000002ff020000000000000000000000000001"], 0x0)
r10 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r10, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f, 0xffffffffffffffff, {0x4}}, '.\x00'})

2.331651982s ago: executing program 4 (id=2081):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0xf4, [0xdb, 0x2, 0x4, 0x9, 0x5, 0x953, 0x8, 0x3, 0x0, 0xb9, 0x9, 0x10, 0x8, 0x8, 0x0, 0xfff3, 0x4, 0x3ff, 0x5, 0x7, 0x81, 0x0, 0x2, 0x8, 0xe, 0x9, 0x3, 0xff, 0xffff, 0x4, 0x4, 0xfffd, 0x8, 0x0, 0xffeb, 0x0, 0x108, 0xfff, 0x8, 0x1, 0x365a, 0x400, 0x6, 0x8, 0x4, 0xfff8, 0x100, 0x9], 0xfffffffe}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000240), 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc0405627, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
eventfd(0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0)
r3 = socket(0x2, 0x3, 0xff)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000400))
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r3, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}]}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000500)="7dcc2c9d4eaf588822e6a9cc8eec13d9754bb76c", 0x14}], 0x302}}], 0x2, 0x0)
unshare(0x44040000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
r4 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
r5 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0)
lseek(r4, 0x1, 0x2)
ioctl$VHOST_VDPA_GET_CONFIG(r2, 0x8008af73, &(0x7f0000000000)={0x0, 0x3e, ""/62})

2.037888692s ago: executing program 3 (id=1949):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
close(r3)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000001c0)={{}, @host, 0x2, 0x8, 0x200002449, 0x5, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x8000, 0x7, 0x0, 0x0, 0xfffffffe})

1.988954899s ago: executing program 4 (id=2082):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000280)={'wg2\x00'})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ptrace(0x10, 0x1)
r6 = creat(0x0, 0x0)
r7 = getuid()
sendmsg$nl_generic(r6, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, 0x29, 0x4, 0x70bd2a, 0x25dfdbfb, {0x9}, [@typed={0x8, 0xe5, 0x0, 0x0, @u32=0x8b}, @typed={0x8, 0x4f, 0x0, 0x0, @uid=r7}, @nested={0x8, 0xf2, 0x0, 0x1, [@nested={0x4, 0xf6}]}, @typed={0xc, 0x6e, 0x0, 0x0, @u64=0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0)

1.00244977s ago: executing program 0 (id=2083):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000020001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000411b00"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000380)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x62040200)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, @in6=@mcast2, {@in=@dev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {{@in6=@mcast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}}}}, 0x128}}, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)

989.052209ms ago: executing program 1 (id=2084):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f00000010c0)={0x0, @reserved}) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000400)={'sit0\x00', &(0x7f00000003c0)={'tunl0\x00', 0x0, 0x10, 0x40, 0xfffffffb, 0x92, {{0x6, 0x4, 0x0, 0x34, 0x18, 0x64, 0x0, 0x5, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, {[@generic={0x9f, 0x2}]}}}}})
r4 = dup3(r3, r3, 0x0) (async)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f00000011c0), 0xffffffffffffffff) (async)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x200102, 0x0)
sendmsg$GTP_CMD_GETPDP(r4, &(0x7f0000001300)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000012c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYRES8=r2, @ANYRES16=r2, @ANYBLOB="08000900040000000800080001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x40804}, 0x548afab904d5f994) (async)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="e0000002ac1e00010100000001000000ac1e0101d06cc97cc70c1dc50a0e78336b7ffb5b384c46fe621b5c1450d6aae3e4ba3f9b0c74abdd3bcb5516396a6d3eb8bc5f1ed023619b84c7dd87a90f4d43c150cbb71da4b3df942bed1f1f43e1975b5ec02d9229af745e597823440bf58a8de5956930f102206ffaf0d2e11e6a20bee0778a0f564ddc89a7b558a8703c2dac27e2d3905b6c54303115cb94eb570a6095e2805f3295545f73cdef4de727010000fd68e0a9"], 0x14) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6, 0x0, 0xfffffffffffffffc}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)
r7 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) (async)
bind$inet(r7, &(0x7f0000000480)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$SO_TIMESTAMP(r7, 0x1, 0x23, &(0x7f00000000c0)=0x3, 0x4) (async)
sendto$inet(r7, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
recvmmsg(r7, &(0x7f0000000d80), 0x36f, 0x20102, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0x10, 0x803, 0x0)
pselect6(0x40, &(0x7f0000000380)={0x3a, 0x20000, 0x3, 0x20000000, 0x3, 0xfffffffffffffffe, 0x0, 0x2b980000}, 0x0, 0x0, 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

987.041497ms ago: executing program 4 (id=2085):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffff54)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x240, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0xb0}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f0000002e40)=[{{&(0x7f0000000400)=@tipc, 0x80, &(0x7f0000001900)=[{&(0x7f0000000280)=""/57, 0x39}, {&(0x7f0000000640)=""/87, 0x57}, {&(0x7f00000006c0)=""/56, 0x38}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000700)=""/244, 0xf4}, {&(0x7f0000001880)=""/88, 0x58}], 0x6, &(0x7f0000000800)=""/17, 0x11}, 0x328a}, {{&(0x7f0000001980)=@hci, 0x80, &(0x7f0000002d00)=[{&(0x7f0000001a00)=""/132, 0x84}, {&(0x7f0000001ac0)=""/110, 0x6e}, {&(0x7f0000001b40)=""/150, 0x96}, {&(0x7f0000001c00)=""/34, 0x22}, {&(0x7f0000001c40)=""/2, 0x2}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/18, 0x12}, {&(0x7f0000002cc0)}], 0x8, &(0x7f0000002d80)=""/160, 0xa0}}], 0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0xfffffffffffffffe, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f0000000300)={0x0, @win={{0x68a4, 0x1d5, 0xb6e3, 0x4}, 0x8, 0x65, &(0x7f0000000500)={{0x4, 0x817, 0x7fff, 0x7}}, 0x3, &(0x7f0000000540)="055834a7f7165f0d0a4a522683f61d10b671425281337f7fca33b69ada80d69a1ba6af3ec0809552e8e9cf937c2205e154efc1d54df04ef787dad9118134aa6afc788ba32ccb04ea96e4ef25e58906772c24ac33ed96af4d6fb2293c3c9b08902cda734ca010ae3ded7f3a24999b0bc08c36ae78f68d71743b9d0ac4ccef712cb2c91d58808818ce6afd83cb6aea62561a0f336806f1f6ccf17b8e3bbee1a3e7bea59e", 0x72}})
sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@cswp={0x58, 0x114, 0x7, {{0xca59, 0x1}, &(0x7f00000001c0)=0x1, &(0x7f0000000600)=0x70, 0x1, 0x20000004, 0x3, 0x2587, 0x20, 0x469c}}], 0x58, 0x20040040}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000e90000000000000000040000008000"/32], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)

772.331871ms ago: executing program 1 (id=2086):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x22010, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000021c0)=[{{&(0x7f00000005c0)=@file={0x1, './file1\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f00000002c0)="b71d438647816c1fb1590a76012c1d2495f539c62819fadb18def9017b8d2db29f5a2b40ddbc76", 0x27}, {&(0x7f0000000380)}, {&(0x7f0000000640)="b0669a5e4c0552932f96cef1315177c1470ea99dc3d6af6d63238283b8bbe0981634edfa23d0f2c1eda557925b9ea318f3376684768199f79d5b8ef3098520d761f19ebdcd4fc70e7181144d61e9bd281e3c108de71a390cbfef9763bd8ff8102f3234c50b8cfedcd95d4275f4ee8dacf54e02f3b2c1d409f1472b7d4c03bb61d13f0902200098dcb91c8dd4d962c8a8dad64bbce8b2ecf166b984dfaa91", 0x9e}, {&(0x7f0000000700)="c1f5319249b2fbde90160883c0922c2d359cd234dd84d3640e841a8eb5e33d86a879cc5091664f825c8c62085f8d05813289eb41cc6766a9f52d70089f5634e5d4d7b46169702f99ddde99709f6f3c2c8f24b0b3d11f334ec9e9576fed16367d69b46dedc6b5cb9c3a3e9a6d5a", 0x6d}, {&(0x7f0000000780)="1af6745682e89ef27466334547776603217558683b4ea80ab4a85fd95377bd4df37a259b60d36038ff73aec401649f0a0ca5a8c178eec6660fad4ce612e9cf03c646feb75b328f0beee2de71de8c345505d300733575d9a9c9ef5d5a42cc35a65044efd433c8e9b5c9aa743bc50fb5fc4c69fe49ada264a46a353f428b433a3dc80e54bd0f095d971c5939665a84f2e3f986d7", 0x93}], 0x5, 0x0, 0x0, 0x8001}}, {{&(0x7f00000008c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000940)="ed4a1a0c6f1ff30a4547e43665b5ca6287e51315d4925750f8e19757b806ec57fb881bc5bdf5089af4c8ce67755b8b8c3c8dc1beaf20fa0fbeb297e7a6dc809002d4032b0dd616ee72939b7c2e95e71a8203f7d37d9f358d7a2570574221a4b5edd71f1d457dcbdd17a10725b0227bdd272bd8929cef83d014296502694f55a3db7288705e6188ed5b141852a8c67cf2cdbcab00d30156ab3c0abf075291b09a359e2592", 0xa4}, {&(0x7f0000000a00)="6225d9df132fe89fd443ffa396d723a2d8fd2c4da7193adbe369934b68bfc6f5b68f0c5c0512dfdd02ed63d1e080e3a53fc0335e3fc56362a42bdc85dba3851d7adeab69bb222383a32ef4876df14995cf24da294d48576ad59eaa571457f0cf19f80f965aa430af47f3ef3ecdce4428e45171c4313a21179ca190e833166d6e116d85b671b980afc72d46440477aae66e5479a779f93d20f84e32be5307611cd89fd5ba1aa83809adc69fa7370892a97bfcf6ad293111d36ec2fbcf4865e3eeb8ea078778b6cf2625e777c260e9ace375d345120fc5065660b1ffe03afc0d1e1cadf3c2d6a1d98c813200223c417d", 0xef}, {&(0x7f0000000b00)="446b873fbefdfa5b812a99c789cdf2e57ba42c611d3844b42c137b15eca8e1d68c0d255ba74fa3f5b8570bd226cbac8ca68b27fb90f828d7e4b8e6c993272eb502ba2007777fe80e930b92586fa90b4f6e804451af33666a72da3d37d6142869c18adb99af58d8a801f5faa366233e981438838f158d1025e39a2c4720da85e3a283d120b3e6ab935cee887b70a9cd4e87b007bc7d5b5464b0e5a64320ca062ec6be1ccc3e7392c0b31d548c86df2935e43206d39faa", 0xb6}], 0x3, &(0x7f00000010c0)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x30, 0x1, 0x1, [r1, r1, r1, r2, r2, r2, r1, r2]}}, @rights={{0x1c, 0x1, 0x1, [r2, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x24, 0x1, 0x1, [r2, r1, r2, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x34, 0x1, 0x1, [r2, r2, r1, r2, r1, 0xffffffffffffffff, 0xffffffffffffffff, r2, r2]}}, @rights={{0x38, 0x1, 0x1, [r2, r2, r1, r1, r1, r2, 0xffffffffffffffff, 0xffffffffffffffff, r2, r1]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}], 0x178, 0x4000080}}, {{&(0x7f0000001280)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000013c0)=[{&(0x7f0000001300)="3d868c4b6c282f3c04120fdeb1f0c384f11d4394f7053ee6db0505151501d0a35eb801fc4696bbf6a403b41ce961a976d3f5473fb674db37454224a59afcd84923dc62b32f7316caace4d2610dbd46e3a781e3b05b1f01921ba9a7a8fd7ba4d607dc99774a5acf3b3a4cdbee94e14855eea0f9d4b2ce725aec9c4a93c7050ef02c862a803b407f3dae0b2ae226", 0x8d}], 0x1, &(0x7f0000001500)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x50, 0x4}}, {{&(0x7f0000001580)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001680)=[{&(0x7f0000001600)="a06156c120d21ec7c72b67c62eb0d265d37c8f34908679922967dad35785e86efa571b046d2a8b84735c9591edc2ae6c66ab6f305ddbab5bb14933ed4d75273a9ae25a623c55dbbf592d71bcf04b5a7f70488dc6239643a4e87eda70e088dd9f7daa4d4a29416640dae15d", 0x6b}], 0x1, &(0x7f00000017c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r1]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}], 0x60, 0x20000090}}, {{&(0x7f0000001840)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000001c40)=[{&(0x7f00000018c0)="cdfaca4800505dd0b3011a50ed6994c84f952af995d7cc20058a3712a9014bbdafe9e08b01ef2f8cfa", 0x29}, {&(0x7f0000001900)="a0cfc55b09c12a3a0faf24ab1c8def4603d240885aae8108511a12c3768834ce024f134087c92364fb96fc47843a185d2e9e01e87675172fde12b54eef9ac8da04c014303b9999c5812be50da0b2a7502420ffa69c36b667ae6615280ba5d98a4f3b5045f2caa5e1c16c5f72b107e2edb252b994c0c2416a0c319bdac3e791de611615f7534a56c033e1a77ea19c3d5ac25636e5a1b8378a9afba273cf6dc135ecec857ac18673410168a50885f0b34d1936a59aed608ec4b9bba7021f9548ec4cba15a1c12364a915ae6ecc2d7b12a69316d10a822bd27a49961664ae2ef675f95c76b04f", 0xe5}, {&(0x7f0000001a00)="b05807c0c3645e8877434ee7ad7e2fe4923ebfcbf91f76868d9822bcd9c9dfb0fb01b03049ac03463823b35496acded6ccdf708a641201883c7d051b8f98c6265c14ab6aa5f14708617b38b817150f4c4c55ca0ef94ab7b9e0c44861b9d36efb94b67d56af465be9ad2287db5ca260c7765390b98a30e738d69db2280e77090eed96d50f7f27a947b4dbc0c4a2875c93a470d9c61e20373fc85ead6bddf3af8edf336b35bd1e4a", 0xa7}, {&(0x7f0000001ac0)="d66f24c506460c8e6018c62f6260f106fa1f647c291812779b1f1d1cb8eb76532d605b1f56c35cdf23a6ac8cc7000299e1660cb40d085d9737f9d70753", 0x3d}, {&(0x7f0000001b00)="24fe4e0b8350095498962e51f825b9d31e8d6ac3a3f2ba0836110f196eff29120f3eddad81be69", 0x27}, {&(0x7f0000001b40)="727e62eb86693432d29b300ef31d13fa45aa31e3c140c564d72defec25f37c5dd095537dccafded91920c8efc1af525e019d5d51d40aa7d31659e0c677b9e55f6bbf423572f543884e420ea5231876cf99315d61bb2b82f74a9a5e6febc342774c502cfcb8737e919c87dd6f769afeac477976ea0b17260cd7907f5b28005a4b98b4f5ac96c81c488dc5ec572aa1b75d01377e65ddca4723e1f5238ea195825bcf85f94e8e486e1109be8a8771f19b01cb6e7f8781f0ac96561be4d77f289fa7c4f7a60827c6981f2b0101182fbc52d4ad8e797a52bb2ea2", 0xd8}], 0x6, 0x0, 0x0, 0x4}}, {{&(0x7f0000001cc0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000001d40)="d1c550ee82270e1107c925cb7c212b0421926160e9c99b2033908e977e9dd7e286883cd6059a94bfaad9e23ce6949eba6005ec9b1285d814018cf81257ad4bbaf6faee00911f7e7aa9c4ca47ba79c0ddf1067d27a1e4e2e46fef0fb8ebf9dde75cc12a4a59709cf48c234f96641f6cc8143d7b5ea94ee62463be4801b2681032b5a59eb7db70d46b003ddfbd", 0x8c}, {&(0x7f0000001e00)="81335d9d1138acf4afb1a8b9f05e2a262b00f74ff1b7451eeb32a22b6ea6711524cbb4698500db02ab2631b2a656243319bb0d5f2ad16e54381fce6e3e5be3e78a3ba68794a589098271f5e5cd42d8ff270c96d8dcfe4da52e2f192b371af349d3433e4febd74693ca996895cc9dc1750f1e3c6fb961b5897c992137bdc4ae190fe8f01b134b624ab5be939125cd16039110d6a069be810194f83be4eae5a6c2d531910c8de059332bedfcd207f5bab22c2424a8de561bbce9241afaf73b69bd8a97a37bad6a99a156ed2727b6cd23", 0xcf}, {&(0x7f0000001f00)="8c378b1abff8dd291a20f2792bbe42bf89b117704cedfac42177cd6313fe46e135066a1f59a14426001c99d6bc0fe3490f86652e955534d6c080142f4d6a58cf766b42355122c348e2061aac8aad1e769b56bfdc7b88963782ce27271aefa7c05291d8fc9bd9aef29fa79db26d4b40f14c8dba53d2c9a0d0d3c41ad524ff2f180092debe46416684a8744bab0c1f230901b9667e93d000feb4127ac563615adc01c8d75dc9e2949508e81c4d8e6e0c", 0xaf}], 0x3, 0x0, 0x0, 0x4040881}}], 0x6, 0x40)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(0x0, 0x20076, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4}, 0xe)
listen(r3, 0x3)
pread64(r2, &(0x7f00000004c0)=""/233, 0xe9, 0x3)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
accept4(r3, 0x0, 0x0, 0x800)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x5)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = socket(0x10, 0x80000, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x0, 0x0, 0xfffffffe}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001200010a000000000000b03d1a020000"], 0x14}}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})
open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r5, 0x29, 0x37, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000dbc2b99a77516f3a000000"], 0x8)
setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0)

53.159263ms ago: executing program 0 (id=2087):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)

0s ago: executing program 3 (id=1949):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'bridge_slave_0\x00', &(0x7f00000004c0)=@ethtool_dump={0x3f}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
close(r3)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000001c0)={{}, @host, 0x2, 0x8, 0x200002449, 0x5, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x8000, 0x7, 0x0, 0x0, 0xfffffffe})

kernel console output (not intermixed with test programs):

wly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  499.929962][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  499.992655][T11239] batman_adv: batadv0: Interface activated: batadv_slave_1
[  500.115654][T11239] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  500.234625][T11239] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  500.273172][T11239] wireguard: wg0: Could not create IPv4 socket
[  500.302087][T11239] wireguard: wg1: Could not create IPv4 socket
[  500.356742][T11239] wireguard: wg2: Could not create IPv4 socket
[  501.541168][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  501.541266][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  503.554750][T11445] Failed to initialize the IGMP autojoin socket (err -2)
[  503.568545][   T29] audit: type=1800 audit(1735946404.347:756): pid=11445 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1523" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  504.292687][T11453] netlink: 'syz.4.1525': attribute type 10 has an invalid length.
[  504.297086][T11451] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1526'.
[  504.311669][T11453] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1525'.
[  506.277200][T11486] bridge2: entered promiscuous mode
[  506.282926][T11486] bridge2: entered allmulticast mode
[  506.333444][T11486] team0: Port device bridge2 added
[  506.518663][T11216] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1
[  506.528633][T11216] Bluetooth: hci1: unexpected event for opcode 0x203e
[  507.033892][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  507.044455][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  507.053816][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  507.062952][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  507.082392][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  507.090309][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  507.344991][T11505] Failed to initialize the IGMP autojoin socket (err -2)
[  507.363826][T11499] Failed to initialize the IGMP autojoin socket (err -2)
[  507.591677][T11508] Failed to initialize the IGMP autojoin socket (err -2)
[  509.263752][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.279436][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.288196][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.296283][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.303755][T11216] Bluetooth: hci4: command tx timeout
[  509.310332][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.431966][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.450656][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.459253][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  509.572052][   T25] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  510.055128][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.072745][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.095419][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.102989][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.110389][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.118052][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.125573][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.133059][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.140703][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.148108][ T1974] hid-generic 0000:0000:0003.0009: unknown main item tag 0x0
[  510.236214][ T1974] hid-generic 0000:0000:0003.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  510.272398][T11499] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  510.322646][   T25] usb 2-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  510.335951][T11535] 9pnet_virtio: no channels available for device syz
[  510.342771][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.373428][   T25] usb 2-1: config 0 descriptor??
[  510.413772][   T25] gspca_main: benq-2.14.0 probing 04a5:3035
[  510.419174][T11499] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  510.485190][T11499] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  510.564313][T11499] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  510.573081][T11216] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  510.582509][T11216] Bluetooth: hci1: Injecting HCI hardware error event
[  510.591128][ T5825] Bluetooth: hci1: hardware error 0x00
[  510.611672][T11529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.620224][T11529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.678614][T11540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.732471][T11540] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.948201][T10505] usb 2-1: USB disconnect, device number 27
[  511.714029][T11216] Bluetooth: hci4: command tx timeout
[  513.114110][ T5825] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  513.380182][T11593] netlink: 'syz.3.1555': attribute type 4 has an invalid length.
[  513.444859][ T5825] Bluetooth: hci2: Invalid connection link type handle 0x00c9
[  513.652310][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  513.662888][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.673239][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  513.684168][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.694118][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  513.704706][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.721749][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.733751][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.743768][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.754308][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.764872][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.773986][ T5825] Bluetooth: hci4: command tx timeout
[  513.776066][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.826874][T11499] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  513.847618][T11499] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  513.900566][T10505] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  513.917582][T11499] wireguard: wg0: Could not create IPv4 socket
[  513.946402][T11499] wireguard: wg1: Could not create IPv4 socket
[  513.993610][T11499] wireguard: wg2: Could not create IPv4 socket
[  514.090743][T10505] usb 4-1: Using ep0 maxpacket: 8
[  514.103589][T10505] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  514.121292][T10505] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  514.188298][T10505] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  514.246715][T10505] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  514.284530][T10505] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  514.338585][T10505] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  514.365102][T10505] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.581452][T11626] wg2: left promiscuous mode
[  514.607169][T10505] usb 4-1: GET_CAPABILITIES returned 0
[  514.615043][T10505] usbtmc 4-1:16.0: can't read capabilities
[  514.626737][T11626] wg2: left allmulticast mode
[  514.741826][T11630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1566'.
[  514.827082][T11632] wireguard: wg2: Could not create IPv4 socket
[  514.833349][T11632] wg2: entered promiscuous mode
[  514.838200][T11632] wg2: entered allmulticast mode
[  514.901690][T11633] ptrace attach of "./syz-executor exec"[5820] was attempted by ""[11633]
[  515.989211][T10505] usb 4-1: USB disconnect, device number 29
[  517.126301][T11676] wg2: left promiscuous mode
[  517.154303][T11676] wg2: left allmulticast mode
[  517.392277][T11684] wireguard: wg2: Could not create IPv4 socket
[  517.398581][T11684] wg2: entered promiscuous mode
[  517.403551][T11684] wg2: entered allmulticast mode
[  517.519172][T11685] ptrace attach of "./syz-executor exec"[5814] was attempted by ""[11685]
[  518.180405][T11690] wireguard: wg2: Could not create IPv4 socket
[  518.186992][T11690] wg2: entered promiscuous mode
[  518.191987][T11690] wg2: entered allmulticast mode
[  518.237979][T11690] ptrace attach of "./syz-executor exec"[5811] was attempted by ""[11690]
[  519.530968][ T1974] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  519.694566][T11715] autofs4:pid:11715:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  519.801194][ T1974] usb 5-1: Using ep0 maxpacket: 32
[  519.905114][ T1974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  520.055399][ T1974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  520.209868][ T1974] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  520.304553][ T1974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.399570][ T1974] usb 5-1: config 0 descriptor??
[  520.773094][   T25] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  520.901681][ T1974] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0
[  520.953258][ T1974] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0
[  521.008423][ T1974] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0
[  521.018012][   T25] usb 2-1: Using ep0 maxpacket: 16
[  521.032869][   T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  521.080238][ T1974] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0
[  521.099335][   T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  521.117705][ T1974] savu 0003:1E7D:2D5A.000A: unknown main item tag 0x0
[  521.125593][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  521.137457][ T1974] savu 0003:1E7D:2D5A.000A: unbalanced collection at end of report description
[  521.147655][   T25] usb 2-1: SerialNumber: syz
[  521.163209][   T25] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  521.174779][ T1974] savu 0003:1E7D:2D5A.000A: parse failed
[  521.180561][   T25] cdc_acm 2-1:1.0: This needs exactly 3 endpoints
[  521.187302][ T1974] savu 0003:1E7D:2D5A.000A: probe with driver savu failed with error -22
[  521.200237][   T25] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22
[  521.212100][ T1974] usb 5-1: USB disconnect, device number 25
[  521.547567][T10505] usb 2-1: USB disconnect, device number 28
[  522.073491][T11216] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  522.085338][T11216] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  522.097803][T11216] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  522.116813][T11216] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  522.166696][T11216] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  522.176842][T11216] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  522.335189][T11759] Failed to initialize the IGMP autojoin socket (err -2)
[  522.948080][T11788] ptrace attach of "./syz-executor exec"[5817] was attempted by ""[11788]
[  523.317573][T11786] wireguard: wg2: Could not create IPv4 socket
[  523.323824][T11786] wg2: entered promiscuous mode
[  523.328656][T11786] wg2: entered allmulticast mode
[  523.468971][   T29] audit: type=1400 audit(1735946424.217:757): avc:  denied  { ioctl } for  pid=11784 comm="syz.4.1589" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0xae46 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  524.342734][T11216] Bluetooth: hci4: command tx timeout
[  524.638651][T11808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1593'.
[  524.654143][T11808] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1593'.
[  524.667566][T11808] syz.0.1593[11808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  524.667646][T11808] syz.0.1593[11808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  524.682265][T11808] syz.0.1593[11808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  525.140938][  T969] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  525.276465][T11759] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  525.324001][  T969] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  525.338220][  T969] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  525.348556][  T969] usb 5-1: config 0 has no interface number 0
[  525.356736][  T969] usb 5-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  525.359300][T11759] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  525.366836][  T969] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  525.366882][  T969] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  525.366907][  T969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.368551][  T969] usb 5-1: config 0 descriptor??
[  525.410226][T11814] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  525.512621][T11759] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  525.624104][  T969] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  525.665358][T11759] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  525.854123][T11842] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  526.530604][T11216] Bluetooth: hci4: command tx timeout
[  526.871706][ T6368] usb 5-1: Failed to submit usb control message: -110
[  526.879653][ T6368] usb 5-1: unable to send the bmi data to the device: -110
[  526.900176][ T6368] usb 5-1: unable to get target info from device
[  526.950282][ T6368] usb 5-1: could not get target info (-110)
[  527.191375][T11846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1594'.
[  527.200697][T11846] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1594'.
[  527.276263][ T6368] usb 5-1: could not probe fw (-110)
[  527.915455][  T969] usb 5-1: USB disconnect, device number 26
[  528.001226][T11863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1601'.
[  528.466991][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  528.492479][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  528.526817][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  528.551208][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  528.565621][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  528.576323][T11216] Bluetooth: hci4: command tx timeout
[  528.584712][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  528.602619][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  528.613618][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  528.624418][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  528.660663][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  528.671081][T11759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  528.682009][T11759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  528.704639][T11759] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  528.840593][T11759] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  529.094762][T11759] wireguard: wg0: Could not create IPv4 socket
[  529.326355][T11759] wireguard: wg1: Could not create IPv4 socket
[  529.505641][T11759] wireguard: wg2: Could not create IPv4 socket
[  529.639235][T11896] Failed to initialize the IGMP autojoin socket (err -2)
[  530.662982][T11216] Bluetooth: hci4: command tx timeout
[  530.673945][T11907] wg2: left promiscuous mode
[  530.678850][T11907] wg2: left allmulticast mode
[  530.842638][  T969] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  530.914693][T11914] wireguard: wg2: Could not create IPv4 socket
[  530.921059][T11914] wg2: entered promiscuous mode
[  530.925999][T11914] wg2: entered allmulticast mode
[  531.111621][T11915] ptrace attach of "./syz-executor exec"[5814] was attempted by ""[11915]
[  531.519133][T11916] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  531.900560][  T969] usb 5-1: device descriptor read/64, error -71
[  532.400748][  T969] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  532.560933][  T969] usb 5-1: device descriptor read/64, error -71
[  532.738383][  T969] usb usb5-port1: attempt power cycle
[  533.145527][T11940] netlink: 'syz.1.1616': attribute type 4 has an invalid length.
[  533.209329][  T969] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  533.297884][  T969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  533.309247][  T969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  533.320618][  T969] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  533.320649][  T969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.322310][  T969] usb 5-1: config 0 descriptor??
[  534.021561][  T969] hid (null): bogus close delimiter
[  534.040560][  T969] usb 5-1: string descriptor 0 read error: -71
[  534.062150][  T969] uclogic 0003:256C:006D.000B: failed retrieving string descriptor #200: -71
[  534.079618][  T969] uclogic 0003:256C:006D.000B: failed retrieving pen parameters: -71
[  534.087853][  T969] uclogic 0003:256C:006D.000B: failed probing pen v2 parameters: -71
[  534.096102][  T969] uclogic 0003:256C:006D.000B: failed probing parameters: -71
[  534.103699][  T969] uclogic 0003:256C:006D.000B: probe with driver uclogic failed with error -71
[  534.188955][  T969] usb 5-1: USB disconnect, device number 29
[  536.819109][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  536.833922][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  536.858720][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  536.881374][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  536.981068][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  536.989267][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  537.023420][  T969] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  537.069745][T12012] Failed to initialize the IGMP autojoin socket (err -2)
[  537.184350][T12024] autofs4:pid:12024:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  537.732057][  T969] usb 5-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  537.741505][  T969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.826164][  T969] usb 5-1: config 0 descriptor??
[  537.875456][T12030] netlink: 'syz.1.1627': attribute type 11 has an invalid length.
[  538.058437][  T969] hackrf 5-1:0.0: usb_control_msg() failed -71 request 0e
[  538.095368][  T969] hackrf 5-1:0.0: Could not detect board
[  538.129559][  T969] hackrf 5-1:0.0: probe with driver hackrf failed with error -71
[  538.149866][   T29] audit: type=1400 audit(2000000011.550:758): avc:  denied  { watch_mount } for  pid=12036 comm="syz.0.1628" path="/401" dev="tmpfs" ino=2109 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  538.172131][  T969] usb 5-1: USB disconnect, device number 30
[  539.104050][T12050] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1631'.
[  539.226234][ T5825] Bluetooth: hci4: command tx timeout
[  539.328966][T12050] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1631'.
[  539.751884][T12057] netlink: 'syz.0.1632': attribute type 1 has an invalid length.
[  541.513942][ T5825] Bluetooth: hci4: command tx timeout
[  541.962604][T12012] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  542.108667][T12012] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  542.188489][T12012] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  542.293197][T12012] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  543.533359][ T5825] Bluetooth: hci4: command tx timeout
[  543.746522][T12012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  543.809207][T12012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  543.824109][T12012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  543.835022][T12012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  543.844979][T12012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  543.856255][T12012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  543.868668][T12012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  543.883620][T12012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  543.894818][T12012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  543.907603][T12012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  543.908109][T12142] ALSA: mixer_oss: invalid OSS volume ''
[  543.924549][T12012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  543.935209][T12012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  544.123988][T12012] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  544.144460][T12012] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  544.556934][T12012] wireguard: wg0: Could not create IPv4 socket
[  544.678744][T12012] wireguard: wg1: Could not create IPv4 socket
[  544.689076][T12012] wireguard: wg2: Could not create IPv4 socket
[  545.859273][T12162] Failed to initialize the IGMP autojoin socket (err -2)
[  547.674614][T12194] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  548.005641][T12209] wg2: left promiscuous mode
[  548.033692][T12209] wg2: left allmulticast mode
[  548.317618][T12216] wireguard: wg2: Could not create IPv4 socket
[  548.324068][T12216] wg2: entered promiscuous mode
[  548.329019][T12216] wg2: entered allmulticast mode
[  548.345651][T12216] ptrace attach of "./syz-executor exec"[5817] was attempted by ""[12216]
[  551.256716][T12263] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1662'.
[  552.037573][T12278] Failed to initialize the IGMP autojoin socket (err -2)
[  552.383724][T12282] netlink: 'syz.3.1663': attribute type 4 has an invalid length.
[  553.587406][T12322] autofs4:pid:12322:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  554.109651][T11216] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  554.124526][T11216] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  554.134607][T11216] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  554.161097][T11216] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  554.170896][T11216] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  554.181868][T11216] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  554.224000][T12324] Failed to initialize the IGMP autojoin socket (err -2)
[  555.708306][T12372] Failed to initialize the IGMP autojoin socket (err -2)
[  556.258946][T11216] Bluetooth: hci4: command tx timeout
[  557.271660][T12388] Process accounting resumed
[  557.678553][T12324] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  557.711929][T12324] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  558.332924][T11216] Bluetooth: hci4: command tx timeout
[  558.353450][T12324] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  558.404424][T12412] wg2: left promiscuous mode
[  558.409090][T12412] wg2: left allmulticast mode
[  558.433318][T12324] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  558.688862][T12418] wireguard: wg2: Could not create IPv4 socket
[  558.695102][T12418] wg2: entered promiscuous mode
[  558.699956][T12418] wg2: entered allmulticast mode
[  558.764816][T12419] ptrace attach of "./syz-executor exec"[5820] was attempted by "./syz-executor exec"[12419]
[  559.323547][   T29] audit: type=1400 audit(2000000032.710:759): avc:  denied  { read } for  pid=12408 comm="syz.0.1687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  559.967367][   T29] audit: type=1400 audit(2000000033.370:760): avc:  denied  { ioctl } for  pid=12441 comm="syz.3.1691" path="socket:[37013]" dev="sockfs" ino=37013 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  560.001432][T12442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1691'.
[  560.061701][T12324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.073620][T12324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.084138][T12324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.098122][T12324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.109757][T12324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.129747][T12324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.169287][T12324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  560.179895][T12324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.189875][T12324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  560.200587][T12324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.210406][T12324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  560.221753][T12324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.262082][   T29] audit: type=1400 audit(2000000033.650:761): avc:  denied  { mount } for  pid=12451 comm="syz.3.1693" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  560.284862][   T29] audit: type=1400 audit(2000000033.660:762): avc:  denied  { mounton } for  pid=12451 comm="syz.3.1693" path="/347/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  560.307615][T12324] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  560.351031][T12324] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  560.379104][T12324] wireguard: wg0: Could not create IPv4 socket
[  560.386875][T12324] wireguard: wg1: Could not create IPv4 socket
[  560.394664][T12324] wireguard: wg2: Could not create IPv4 socket
[  560.410729][T11216] Bluetooth: hci4: command tx timeout
[  560.460879][  T969] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  560.611210][  T969] usb 4-1: Using ep0 maxpacket: 16
[  560.620312][  T969] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  560.656784][  T969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  560.675442][  T969] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  560.686253][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.703359][  T969] usb 4-1: Product: syz
[  560.711836][  T969] usb 4-1: Manufacturer: syz
[  560.722233][  T969] usb 4-1: SerialNumber: syz
[  560.736680][  T969] usb 4-1: config 0 descriptor??
[  560.754803][  T969] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  560.772818][  T969] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  560.941378][T12478] Failed to initialize the IGMP autojoin socket (err -2)
[  561.001267][   T29] audit: type=1400 audit(2000000034.400:763): avc:  denied  { call } for  pid=12477 comm="syz.1.1699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  561.150964][  T969] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  561.190389][  T969] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  561.204039][   T29] audit: type=1400 audit(2000000034.620:764): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  561.204548][  T969] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  561.282123][  T969] em28xx 4-1:0.0: No AC97 audio processor
[  561.325792][  T969] usb 4-1: USB disconnect, device number 30
[  561.346595][  T969] em28xx 4-1:0.0: Disconnecting em28xx
[  561.367533][  T969] em28xx 4-1:0.0: Freeing device
[  561.461320][   T25] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  561.621512][   T25] usb 2-1: Using ep0 maxpacket: 8
[  561.630289][   T25] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  561.645960][   T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  561.674266][   T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  561.695920][   T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  561.722955][   T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  561.752449][   T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  561.777214][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.807858][T12517] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1703'.
[  562.007404][   T25] usb 2-1: usb_control_msg returned -32
[  562.015339][   T25] usbtmc 2-1:16.0: can't read capabilities
[  562.821091][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  562.830392][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  563.232767][   T25] usb 2-1: USB disconnect, device number 29
[  563.239844][T12535] usbtmc 2-1:16.0: usb_control_msg returned -71
[  563.292954][T12547] usbtmc 2-1:16.0: send_request_dev_dep_msg_in returned -19
[  565.330783][   T25] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  565.525070][  T969] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  565.643619][T12584] Failed to initialize the IGMP autojoin socket (err -2)
[  565.651825][   T25] usb 4-1: Using ep0 maxpacket: 16
[  565.665261][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  565.677202][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  565.688644][   T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  565.704493][   T25] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  565.713116][T12580] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  565.714243][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.753994][   T25] usb 4-1: config 0 descriptor??
[  565.761758][  T969] usb 5-1: Using ep0 maxpacket: 8
[  565.778162][  T969] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  565.798499][  T969] usb 5-1: config 0 has no interfaces?
[  565.806639][  T969] usb 5-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=3f.e0
[  565.821900][  T969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.840919][  T969] usb 5-1: config 0 descriptor??
[  566.371660][   T25] microsoft 0003:045E:07DA.000C: ignoring exceeding usage max
[  566.422126][   T25] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000C/input/input15
[  566.459333][T12568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.471363][T12568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.479785][  T969] usb 5-1: USB disconnect, device number 31
[  566.494728][   T25] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  566.510663][   T25] usb 4-1: USB disconnect, device number 31
[  566.648119][T12611] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  567.456066][T12602] overlayfs: failed to clone upperpath
[  568.512787][T12676] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1723'.
[  568.565776][   T29] audit: type=1400 audit(2000000041.970:765): avc:  denied  { create } for  pid=12672 comm="syz.3.1723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  568.670500][   T29] audit: type=1400 audit(2000000041.970:766): avc:  denied  { write } for  pid=12672 comm="syz.3.1723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  568.690897][   T29] audit: type=1400 audit(2000000041.970:767): avc:  denied  { nlmsg_write } for  pid=12672 comm="syz.3.1723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  568.914603][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  568.925297][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  568.934734][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  568.956634][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  568.967141][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  568.978705][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  569.383121][T12685] Failed to initialize the IGMP autojoin socket (err -2)
[  569.634239][T12701] wg2: left promiscuous mode
[  569.639217][T12701] wg2: left allmulticast mode
[  569.975726][T12715] ptrace attach of "./syz-executor exec"[5817] was attempted by ""[12715]
[  570.122086][T12714] wireguard: wg2: Could not create IPv4 socket
[  570.128377][T12714] wg2: entered promiscuous mode
[  570.133421][T12714] wg2: entered allmulticast mode
[  570.142546][T12720] IPv6: sit1: Disabled Multicast RS
[  570.148612][T12720] sit1: entered allmulticast mode
[  570.686444][   T29] audit: type=1326 audit(2000000044.090:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12726 comm="syz.0.1732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdfc4d85d29 code=0x0
[  570.980800][T12685] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  571.043823][T12685] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  571.087694][T12685] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  571.094970][   T25] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  571.135167][ T5825] Bluetooth: hci4: command tx timeout
[  571.148812][T12685] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  571.211077][   T29] audit: type=1400 audit(2000000044.610:769): avc:  denied  { write } for  pid=12746 comm="syz.3.1734" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  571.274255][   T25] usb 5-1: Using ep0 maxpacket: 8
[  571.291633][T12747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1734'.
[  571.306212][   T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.345406][   T25] usb 5-1: config 0 has no interfaces?
[  571.354373][   T25] usb 5-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=3f.e0
[  571.370237][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.383556][   T25] usb 5-1: config 0 descriptor??
[  572.055406][   T25] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  572.063293][    C1] raw-gadget.1 gadget.3: ignoring, device is not running
[  572.072540][   T29] audit: type=1400 audit(2000000045.380:770): avc:  denied  { read append } for  pid=12734 comm="syz.4.1733" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  572.102461][   T29] audit: type=1400 audit(2000000045.390:771): avc:  denied  { open } for  pid=12734 comm="syz.4.1733" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  572.137062][T12685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.147606][T12685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.157555][T12685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.168121][T12685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.178007][T12685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.188664][T12685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.202173][T12685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  572.212710][T12685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.222610][T12685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  572.233151][T12685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.243383][T12685] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  572.254291][T12685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.286895][T10505] usb 5-1: USB disconnect, device number 32
[  572.300159][T12685] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  572.323116][T12685] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  572.341279][T12685] wireguard: wg0: Could not create IPv4 socket
[  572.348999][T12685] wireguard: wg1: Could not create IPv4 socket
[  572.357098][T12685] wireguard: wg2: Could not create IPv4 socket
[  572.396132][   T25] usb 4-1: device descriptor read/64, error -32
[  572.640751][   T25] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  572.836173][   T25] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  572.846363][   T25] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  572.859061][   T25] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  573.317596][   T25] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  573.349858][   T25] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  573.398046][   T25] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  573.412102][   T25] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  573.429818][   T25] usb 4-1: Product: syz
[  573.440483][   T25] usb 4-1: Manufacturer: syz
[  573.468813][   T25] cdc_wdm 4-1:1.0: skipping garbage
[  573.481665][   T25] cdc_wdm 4-1:1.0: skipping garbage
[  573.488378][   T25] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  573.550941][   T25] cdc_wdm 4-1:1.0: Unknown control protocol
[  573.685579][   T25] usb 4-1: USB disconnect, device number 33
[  573.710920][T10505] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  573.901959][T12828] netlink: 'syz.1.1739': attribute type 1 has an invalid length.
[  573.960686][T10505] usb 5-1: Using ep0 maxpacket: 8
[  573.967961][T10505] usb 5-1: config 6 has an invalid interface number: 2 but max is 0
[  573.976222][T10505] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  573.987133][T10505] usb 5-1: config 6 has no interface number 0
[  574.000536][T10505] usb 5-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  574.579010][T10505] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  574.588432][T10505] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.596755][T10505] usb 5-1: Product: syz
[  574.601094][T10505] usb 5-1: Manufacturer: syz
[  574.605704][T10505] usb 5-1: SerialNumber: syz
[  574.613569][T10505] hso 5-1:6.2: Failed to find INT IN ep
[  575.104724][T10505] usb 5-1: USB disconnect, device number 33
[  575.450317][T12855] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  576.057735][T12868] FAULT_INJECTION: forcing a failure.
[  576.057735][T12868] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  576.071001][T12868] CPU: 1 UID: 0 PID: 12868 Comm: syz.4.1746 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  576.081767][T12868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  576.091818][T12868] Call Trace:
[  576.095099][T12868]  <TASK>
[  576.098028][T12868]  dump_stack_lvl+0x16c/0x1f0
[  576.102715][T12868]  should_fail_ex+0x497/0x5b0
[  576.107401][T12868]  _copy_to_user+0x32/0xd0
[  576.111830][T12868]  simple_read_from_buffer+0xd0/0x160
[  576.117211][T12868]  proc_fail_nth_read+0x198/0x270
[  576.122240][T12868]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  576.127794][T12868]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  576.133346][T12868]  vfs_read+0x1df/0xbe0
[  576.137509][T12868]  ? mark_held_locks+0x9f/0xe0
[  576.142287][T12868]  ? __pfx_vfs_read+0x10/0x10
[  576.146974][T12868]  ? irqentry_exit+0x3b/0x90
[  576.151575][T12868]  ? lockdep_hardirqs_on+0x7c/0x110
[  576.156806][T12868]  ksys_read+0x12b/0x250
[  576.161051][T12868]  ? __pfx_ksys_read+0x10/0x10
[  576.165824][T12868]  do_syscall_64+0xcd/0x250
[  576.170335][T12868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.176241][T12868] RIP: 0033:0x7fd495f8473c
[  576.180663][T12868] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  576.200284][T12868] RSP: 002b:00007fd496d5d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  576.208707][T12868] RAX: ffffffffffffffda RBX: 00007fd496176160 RCX: 00007fd495f8473c
[  576.216683][T12868] RDX: 000000000000000f RSI: 00007fd496d5d0a0 RDI: 0000000000000007
[  576.224650][T12868] RBP: 00007fd496d5d090 R08: 0000000000000000 R09: fffffffffffffe93
[  576.232627][T12868] R10: 0000000000040040 R11: 0000000000000246 R12: 0000000000000001
[  576.240602][T12868] R13: 0000000000000000 R14: 00007fd496176160 R15: 00007fff5a236798
[  576.248588][T12868]  </TASK>
[  577.153413][   T29] audit: type=1400 audit(2000000050.560:772): avc:  denied  { create } for  pid=12880 comm="syz.4.1749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  577.244413][T12883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1749'.
[  577.310998][   T29] audit: type=1400 audit(2000000050.590:773): avc:  denied  { write } for  pid=12880 comm="syz.4.1749" path="socket:[38383]" dev="sockfs" ino=38383 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  579.400640][ T1974] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  579.562289][ T1974] usb 5-1: unable to get BOS descriptor or descriptor too short
[  579.574084][ T1974] usb 5-1: config 1 has an invalid interface number: 20 but max is 0
[  579.589470][ T1974] usb 5-1: config 1 has no interface number 0
[  579.610538][ T1974] usb 5-1: config 1 interface 20 has no altsetting 0
[  579.624765][ T1974] usb 5-1: language id specifier not provided by device, defaulting to English
[  579.638252][T11216] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  579.647901][T11216] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  579.658860][T11216] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  579.669487][T11216] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  579.677342][ T1974] usb 5-1: New USB device found, idVendor=0923, idProduct=010f, bcdDevice=b0.fa
[  579.686910][T11216] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  579.694407][T11216] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  579.701870][ T1974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.709880][ T1974] usb 5-1: Product: syz
[  579.715381][ T1974] usb 5-1: Manufacturer: 
[  579.721074][ T1974] usb 5-1: SerialNumber: syz
[  579.735223][T12978] Failed to initialize the IGMP autojoin socket (err -2)
[  579.979691][ T1974] gspca_main: tv8532-2.14.0 probing 0923:010f
[  580.064529][ T1974] usb 5-1: USB disconnect, device number 34
[  580.483052][T13012] netlink: 576 bytes leftover after parsing attributes in process `syz.0.1765'.
[  580.700376][T13012] overlayfs: missing 'lowerdir'
[  581.367429][   T29] audit: type=1400 audit(2000000054.770:774): avc:  denied  { map } for  pid=13032 comm="syz.0.1769" path="/450/file0" dev="tmpfs" ino=2379 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  581.423245][   T29] audit: type=1400 audit(2000000054.830:775): avc:  denied  { execute } for  pid=13032 comm="syz.0.1769" path="/450/file0" dev="tmpfs" ino=2379 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  581.772390][T13041] wg2: left promiscuous mode
[  581.780005][T13041] wg2: left allmulticast mode
[  583.150601][T11216] Bluetooth: hci4: command tx timeout
[  583.250012][T13041] wireguard: wg2: Could not create IPv4 socket
[  583.259400][T13041] wg2: entered promiscuous mode
[  583.301580][T13050] ptrace attach of "./syz-executor exec"[5817] was attempted by ""[13050]
[  583.321553][T13041] wg2: entered allmulticast mode
[  583.472439][T12978] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  583.508042][T12978] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  583.525442][T12978] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  583.782500][T12978] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  583.806580][T13064] netlink: 'syz.0.1774': attribute type 4 has an invalid length.
[  584.301565][T13057] tipc: Started in network mode
[  584.307637][T13057] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  584.334590][T13057] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  584.359740][T13078] overlayfs: failed to clone lowerpath
[  584.386934][   T29] audit: type=1400 audit(2000000057.760:776): avc:  denied  { mount } for  pid=13076 comm="syz.0.1776" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  584.448176][   T29] audit: type=1400 audit(2000000057.830:777): avc:  denied  { bind } for  pid=13076 comm="syz.0.1776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  584.936713][T10505] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  585.216518][T11216] Bluetooth: hci4: command tx timeout
[  586.232410][T10505] usb 2-1: New USB device found, idVendor=056a, idProduct=0336, bcdDevice= 0.00
[  586.242293][T10505] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.252146][T10505] usb 2-1: config 0 descriptor??
[  586.270777][  T969] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  586.308888][T12978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  586.323990][T12978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.353550][T12978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  586.377968][T12978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.409394][T12978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  586.456182][T12978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.486617][T12978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.515699][T12978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.525719][T12978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.549811][T12978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.579971][T12978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.592223][  T969] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.596012][T12978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.619878][  T969] usb 4-1: config 0 interface 0 has no altsetting 0
[  586.640475][  T969] usb 4-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[  586.665516][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.702584][T13121] wireguard: wg2: Could not create IPv4 socket
[  586.735317][  T969] usb 4-1: config 0 descriptor??
[  586.810921][T12978] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  586.831987][T10505] wacom 0003:056A:0336.000D: hidraw0: USB HID v0.00 Device [HID 056a:0336] on usb-dummy_hcd.1-1/input0
[  586.859437][T12978] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  586.922697][T12978] wireguard: wg0: Could not create IPv4 socket
[  586.933145][   T29] audit: type=1400 audit(2000000060.345:778): avc:  denied  { read } for  pid=13120 comm="syz.0.1781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  586.987373][T12978] wireguard: wg1: Could not create IPv4 socket
[  587.049163][T12978] wireguard: wg2: Could not create IPv4 socket
[  587.106929][ T5892] usb 2-1: USB disconnect, device number 30
[  587.290533][T11216] Bluetooth: hci4: command tx timeout
[  587.319023][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.333775][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.366496][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.441331][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.454468][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.465776][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.477815][  T969] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  587.531535][  T969] macally 0003:060B:0001.000E: hidraw0: USB HID v0.00 Device [HID 060b:0001] on usb-dummy_hcd.3-1/input0
[  587.553694][  T969] usb 4-1: USB disconnect, device number 34
[  587.795061][T13150] hfs: can't find a HFS filesystem on dev nullb0
[  590.214525][T13191] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1789'.
[  590.232692][T13193] wg2: left promiscuous mode
[  590.249164][T13193] wg2: left allmulticast mode
[  590.480021][T13202] wireguard: wg2: Could not create IPv4 socket
[  590.486696][T13202] wg2: entered promiscuous mode
[  590.491660][T13202] wg2: entered allmulticast mode
[  590.506853][T13202] ptrace attach of "./syz-executor exec"[5817] was attempted by ""[13202]
[  590.953619][T11536] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  591.171189][T11536] usb 4-1: Using ep0 maxpacket: 8
[  591.358224][T11536] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  591.367715][T11536] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  591.376035][T11536] usb 4-1: config 0 has no interface number 0
[  591.382288][T11536] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  591.394733][T11536] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  591.405852][T11536] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  591.418553][T11536] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  591.427827][T11536] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  591.436601][T11536] usb 4-1: Product: syz
[  591.448516][T11536] usb 4-1: config 0 descriptor??
[  591.454464][T13185] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  591.683906][   T29] audit: type=1400 audit(2000000065.095:779): avc:  denied  { mounton } for  pid=13184 comm="syz.3.1787" path="mnt:[4026532865]" dev="nsfs" ino=4026532865 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  591.743909][   T29] audit: type=1326 audit(2000000065.095:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  591.760878][T11536] usb 4-1: USB disconnect, device number 35
[  592.362529][   T29] audit: type=1326 audit(2000000065.095:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  592.548772][   T29] audit: type=1326 audit(2000000065.095:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  592.596529][   T29] audit: type=1326 audit(2000000065.095:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  592.796830][   T29] audit: type=1326 audit(2000000065.095:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  593.022879][   T29] audit: type=1326 audit(2000000065.095:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  593.069000][   T29] audit: type=1326 audit(2000000065.095:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  593.136877][   T29] audit: type=1326 audit(2000000065.095:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13184 comm="syz.3.1787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f104d185d29 code=0x7ffc0000
[  593.889786][   T29] audit: type=1400 audit(2000000067.295:788): avc:  denied  { create } for  pid=13241 comm="syz.3.1798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  594.266893][T13253] autofs4:pid:13253:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  596.098065][T13324] netlink: 'syz.3.1803': attribute type 4 has an invalid length.
[  596.204931][T13327] Failed to initialize the IGMP autojoin socket (err -2)
[  596.245304][ T5138] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  596.256967][ T5138] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  596.267330][ T5138] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  596.277714][ T5138] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  596.303140][ T5138] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  596.310387][ T5138] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  596.344577][T13333] Failed to initialize the IGMP autojoin socket (err -2)
[  596.862112][   T29] audit: type=1400 audit(2000000070.145:789): avc:  denied  { map } for  pid=13335 comm="syz.4.1806" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  597.429937][   T29] audit: type=1400 audit(2000000070.145:790): avc:  denied  { execute } for  pid=13335 comm="syz.4.1806" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  597.453531][   T29] audit: type=1400 audit(2000000070.425:791): avc:  denied  { ioctl } for  pid=13335 comm="syz.4.1806" path="socket:[39860]" dev="sockfs" ino=39860 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  597.583419][T13359] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1809'.
[  597.664908][T13359] unsupported nlmsg_type 40
[  598.410558][T11216] Bluetooth: hci4: command tx timeout
[  598.673501][T13382] netlink: 'syz.1.1813': attribute type 5 has an invalid length.
[  598.683894][T13382] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1813'.
[  598.700721][T10505] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  598.852196][T10505] usb 4-1: Using ep0 maxpacket: 32
[  599.303849][T10505] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  599.312414][T10505] usb 4-1: config 0 has no interface number 0
[  599.319124][T10505] usb 4-1: config 0 interface 184 has no altsetting 0
[  599.328595][T10505] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  599.343893][T10505] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.359858][T10505] usb 4-1: Product: syz
[  599.369547][T10505] usb 4-1: Manufacturer: syz
[  599.967947][T13399] Failed to initialize the IGMP autojoin socket (err -2)
[  600.052614][T10505] usb 4-1: SerialNumber: syz
[  600.058760][T10505] usb 4-1: config 0 descriptor??
[  600.091218][T10505] smsc75xx v1.0.0
[  600.346022][T13413] netlink: 'syz.1.1821': attribute type 4 has an invalid length.
[  600.444424][T13333] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  600.473856][T13424] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1823'.
[  600.490630][T11216] Bluetooth: hci4: command tx timeout
[  600.494174][T13333] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  600.544170][   T29] audit: type=1400 audit(2000000073.955:792): avc:  denied  { mount } for  pid=13422 comm="syz.0.1823" name="/" dev="configfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  600.659899][   T29] audit: type=1400 audit(2000000074.065:793): avc:  denied  { search } for  pid=13422 comm="syz.0.1823" name="/" dev="configfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  600.748525][   T29] audit: type=1400 audit(2000000074.065:794): avc:  denied  { read } for  pid=13422 comm="syz.0.1823" name="/" dev="configfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  600.774448][T13333] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  600.890750][   T29] audit: type=1400 audit(2000000074.065:795): avc:  denied  { open } for  pid=13422 comm="syz.0.1823" path="/" dev="configfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  601.409890][T10505] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  601.410330][T13333] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  601.470659][T10505] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  601.506085][T10505] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  601.570910][T10505] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  602.102032][   T29] audit: type=1400 audit(2000000075.495:796): avc:  denied  { connect } for  pid=13444 comm="syz.1.1826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  602.120488][T10505] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  602.250485][T10505] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  602.260220][T10505] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  602.297210][T10505] usb 4-1: USB disconnect, device number 36
[  602.582318][T11216] Bluetooth: hci4: command tx timeout
[  602.681083][  T969] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  602.753251][T13470] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  603.265849][T13333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  603.276966][T13333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  603.306441][  T969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  603.332225][  T969] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  603.348497][T13333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  603.352105][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.372986][T13333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  603.381038][  T969] usb 2-1: Product: syz
[  603.388465][T13333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  603.392762][  T969] usb 2-1: Manufacturer: syz
[  603.400549][T13333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  603.414896][  T969] usb 2-1: SerialNumber: syz
[  603.423129][T13333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  603.441042][T13333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  603.455172][T13333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  603.467472][  T969] usb 2-1: config 0 descriptor??
[  603.485187][T13333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  603.512107][T13333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  603.543429][T13333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  603.575361][T13333] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  603.628571][T13333] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  603.664763][   T29] audit: type=1400 audit(2000000077.075:797): avc:  denied  { bind } for  pid=13501 comm="syz.0.1831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  603.723781][T13333] wireguard: wg0: Could not create IPv4 socket
[  603.747475][T13333] wireguard: wg1: Could not create IPv4 socket
[  603.775503][T13333] wireguard: wg2: Could not create IPv4 socket
[  603.864247][  T969] usb 2-1: USB disconnect, device number 31
[  604.076051][T13508] Failed to initialize the IGMP autojoin socket (err -2)
[  604.382798][ T6058] udevd[6058]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  604.991331][  T969] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  605.720551][  T969] usb 5-1: Using ep0 maxpacket: 8
[  605.734255][  T969] usb 5-1: unable to get BOS descriptor or descriptor too short
[  605.744583][  T969] usb 5-1: config 1 has an invalid interface number: 3 but max is 2
[  605.762878][  T969] usb 5-1: config 1 has no interface number 1
[  605.783442][  T969] usb 5-1: too many endpoints for config 1 interface 3 altsetting 2: 143, using maximum allowed: 30
[  605.835554][  T969] usb 5-1: config 1 interface 3 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 143
[  605.886147][  T969] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  605.932462][  T969] usb 5-1: config 1 interface 3 has no altsetting 0
[  605.945607][  T969] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  605.964956][  T969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.989298][  T969] usb 5-1: Product: syz
[  606.012334][  T969] usb 5-1: Manufacturer: syz
[  606.016946][  T969] usb 5-1: SerialNumber: syz
[  606.208033][T13555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1839'.
[  606.272199][  T969] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  606.449891][  T969] usb 5-1: USB disconnect, device number 35
[  607.689411][T13586] Invalid ELF header magic: != ELF
[  607.700772][T13586] ntfs3(nullb0): Primary boot signature is not NTFS.
[  607.708113][T13586] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  607.719550][T13586] bridge0: port 3(erspan0) entered blocking state
[  607.726393][T13586] bridge0: port 3(erspan0) entered disabled state
[  607.733088][T13586] erspan0: entered allmulticast mode
[  607.739274][T13586] erspan0: entered promiscuous mode
[  607.744914][T13586] bridge0: port 3(erspan0) entered blocking state
[  607.751503][T13586] bridge0: port 3(erspan0) entered forwarding state
[  608.484190][   T29] audit: type=1400 audit(2000000081.095:798): avc:  denied  { module_load } for  pid=13579 comm="syz.4.1842" path="/sys/kernel/notes" dev="sysfs" ino=1382 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  610.218370][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1852'.
[  611.695393][   T29] audit: type=1400 audit(2000000085.095:799): avc:  denied  { lock } for  pid=13638 comm="syz.1.1854" path="/dev/video37" dev="devtmpfs" ino=1050 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  611.718982][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.281684][   T29] audit: type=1400 audit(2000000085.235:800): avc:  denied  { sys_chroot } for  pid=13646 comm="dhcpcd" capability=18  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[  612.302893][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.317016][   T29] audit: type=1400 audit(2000000085.245:802): avc:  denied  { setrlimit } for  pid=13649 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  612.341011][   T29] audit: type=1400 audit(2000000085.235:801): avc:  denied  { setgid } for  pid=13646 comm="dhcpcd" capability=6  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[  613.391703][T13688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  614.314953][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  614.325602][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  614.341273][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  614.357700][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  614.366604][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  614.374417][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  614.410125][T13697] Failed to initialize the IGMP autojoin socket (err -2)
[  615.122391][T13719] netlink: 'syz.4.1873': attribute type 10 has an invalid length.
[  615.140103][T13719] loop7: detected capacity change from 0 to 95
[  615.779441][T13725] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 7 prio class 0
[  616.517007][T11216] Bluetooth: hci4: command tx timeout
[  616.669109][T13731] FAULT_INJECTION: forcing a failure.
[  616.669109][T13731] name failslab, interval 1, probability 0, space 0, times 0
[  616.682141][T13731] CPU: 0 UID: 0 PID: 13731 Comm: syz.3.1874 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  616.692915][T13731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  616.702984][T13731] Call Trace:
[  616.706261][T13731]  <TASK>
[  616.709191][T13731]  dump_stack_lvl+0x16c/0x1f0
[  616.713893][T13731]  should_fail_ex+0x497/0x5b0
[  616.718580][T13731]  ? fs_reclaim_acquire+0xae/0x150
[  616.723701][T13731]  should_failslab+0xc2/0x120
[  616.728372][T13731]  __kmalloc_noprof+0xcb/0x510
[  616.733128][T13731]  tomoyo_encode2+0x100/0x3e0
[  616.737797][T13731]  tomoyo_encode+0x29/0x50
[  616.742202][T13731]  tomoyo_realpath_from_path+0x19d/0x720
[  616.747829][T13731]  tomoyo_check_open_permission+0x2ad/0x3c0
[  616.753707][T13731]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  616.760123][T13731]  ? __pfx_hook_file_open+0x10/0x10
[  616.765311][T13731]  ? lock_acquire+0x2f/0xb0
[  616.769795][T13731]  ? mnt_get_write_access+0x6a/0x300
[  616.775072][T13731]  tomoyo_file_open+0x6b/0x90
[  616.779738][T13731]  security_file_open+0x84/0x1e0
[  616.784678][T13731]  do_dentry_open+0x57e/0x1ea0
[  616.789432][T13731]  dentry_open+0xdd/0x470
[  616.793749][T13731]  pidfs_alloc_file+0x159/0x1f0
[  616.798588][T13731]  ? __pfx_pidfs_alloc_file+0x10/0x10
[  616.803954][T13731]  pidfd_prepare+0xa8/0x150
[  616.808454][T13731]  __x64_sys_pidfd_open+0x106/0x1a0
[  616.813635][T13731]  ? __pfx___x64_sys_pidfd_open+0x10/0x10
[  616.819342][T13731]  do_syscall_64+0xcd/0x250
[  616.823837][T13731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.829716][T13731] RIP: 0033:0x7f104d185d29
[  616.834114][T13731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  616.853709][T13731] RSP: 002b:00007f104dfe8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2
[  616.862108][T13731] RAX: ffffffffffffffda RBX: 00007f104d375fa0 RCX: 00007f104d185d29
[  616.870062][T13731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000055a
[  616.878016][T13731] RBP: 00007f104dfe8090 R08: 0000000000000000 R09: 0000000000000000
[  616.885975][T13731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  616.893932][T13731] R13: 0000000000000000 R14: 00007f104d375fa0 R15: 00007ffd5286f6d8
[  616.901900][T13731]  </TASK>
[  616.912379][T13731] ERROR: Out of memory at tomoyo_realpath_from_path.
[  618.160592][T13749] wg2: left promiscuous mode
[  618.244694][T13749] wg2: left allmulticast mode
[  618.846800][T13765] ptrace attach of "./syz-executor exec"[5820] was attempted by ""[13765]
[  619.248107][T13763] autofs4:pid:13763:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  619.290971][T11216] Bluetooth: hci4: command tx timeout
[  619.586556][T13756] wg2: left promiscuous mode
[  619.592796][T13756] wg2: left allmulticast mode
[  619.600839][T13764] wireguard: wg2: Could not create IPv4 socket
[  619.607013][T13764] wg2: entered promiscuous mode
[  619.611984][T13764] wg2: entered allmulticast mode
[  620.989862][T13787] wg2: left promiscuous mode
[  620.996187][T13785] Failed to initialize the IGMP autojoin socket (err -2)
[  621.004450][T13787] wg2: left allmulticast mode
[  621.076100][T13792] wireguard: wg2: Could not create IPv4 socket
[  621.082728][T13792] wg2: entered promiscuous mode
[  621.087670][T13792] wg2: entered allmulticast mode
[  621.094989][T13792] ptrace attach of "./syz-executor exec"[5811] was attempted by ""[13792]
[  621.578382][T11216] Bluetooth: hci4: command tx timeout
[  621.994403][T13697] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  622.153340][T13697] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  622.593497][T13697] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  622.702453][   T29] audit: type=1400 audit(2000000096.095:803): avc:  denied  { ioctl } for  pid=13805 comm="syz.4.1892" path="socket:[40916]" dev="sockfs" ino=40916 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  622.772934][T13697] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  623.621671][T11216] Bluetooth: hci4: command tx timeout
[  624.518126][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  624.524576][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  625.048875][T13839] ªªªªªª: renamed from syzkaller0
[  625.397419][T13847] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1899'.
[  626.277011][T13858] syzkaller0: entered promiscuous mode
[  626.302232][T13858] syzkaller0: entered allmulticast mode
[  627.700628][ T1974] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  627.870923][ T1974] usb 4-1: Using ep0 maxpacket: 16
[  627.901407][ T1974] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  627.951748][ T1974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  627.973519][ T1974] usb 4-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  627.985421][ T1974] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  628.003904][ T1974] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  628.018914][ T1974] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  628.060116][ T1974] usb 4-1: Manufacturer: syz
[  628.060566][T13880] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  628.071731][ T1974] usb 4-1: config 0 descriptor??
[  628.408869][T13880] PKCS7: Only support pkcs7_signedData type
[  630.349356][T11536] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  630.359139][   T25] usb 4-1: USB disconnect, device number 37
[  630.600667][T11536] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  630.692719][T11536] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  630.730160][T11536] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  630.799232][T11536] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  630.833239][T11536] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.057836][T11536] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  631.415104][T11536] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -12
[  631.439220][ T6058] udevd[6058]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  632.393056][   T29] audit: type=1400 audit(2000000105.795:804): avc:  denied  { setattr } for  pid=13895 comm="syz.4.1910" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  632.426256][   T29] audit: type=1400 audit(2000000105.795:805): avc:  denied  { write } for  pid=13895 comm="syz.4.1910" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  632.431418][T13927] overlayfs: failed to clone upperpath
[  632.447273][   T29] audit: type=1400 audit(2000000105.795:806): avc:  denied  { open } for  pid=13895 comm="syz.4.1910" path="/382/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  632.534731][   T29] audit: type=1400 audit(2000000105.945:807): avc:  denied  { setopt } for  pid=13925 comm="syz.0.1917" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  633.785374][T13697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.796069][T13697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.812928][T13697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.826913][T13697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.836975][T13697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.860823][T13697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.873502][T13697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  633.885416][T13697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.909970][T13697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  633.931512][T13953] openvswitch: netlink: Actions may not be safe on all matching packets
[  633.955258][T13697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  633.982736][T13697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.003432][T11536] usb 5-1: USB disconnect, device number 36
[  634.019404][T13697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.780790][T13697] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  634.853450][T13697] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  634.955546][T13967] netlink: 'syz.1.1927': attribute type 4 has an invalid length.
[  634.976448][T13697] wireguard: wg0: Could not create IPv4 socket
[  635.035113][T13697] wireguard: wg1: Could not create IPv4 socket
[  635.088034][T13697] wireguard: wg2: Could not create IPv4 socket
[  635.150520][   T25] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  635.305776][   T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  635.343319][   T25] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  635.372317][   T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  635.386188][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.420172][   T25] usb 5-1: Product: syz
[  635.450068][   T25] usb 5-1: Manufacturer: syz
[  635.479026][   T25] usb 5-1: SerialNumber: syz
[  635.536227][   T25] cdc_mbim 5-1:1.0: skipping garbage
[  635.737520][T13965] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  636.360981][T13965] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  636.370796][   T25] cdc_mbim 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  636.390512][   T25] cdc_mbim 5-1:1.0: setting rx_max = 2048
[  636.574006][   T25] cdc_mbim 5-1:1.0: setting tx_max = 184
[  636.590792][   T25] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  636.626009][   T25] wwan wwan0: port wwan0mbim0 attached
[  636.648695][   T25] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, 5e:84:5f:14:52:20
[  636.683113][   T25] usb 5-1: USB disconnect, device number 37
[  636.689633][   T25] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM
[  636.789376][   T25] wwan wwan0: port wwan0mbim0 disconnected
[  637.831755][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  637.842906][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  637.856320][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  637.859367][T14034] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14034 comm=syz.1.1937
[  637.900998][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  637.910540][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  637.917938][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  637.949843][T14041] Failed to initialize the IGMP autojoin socket (err -2)
[  637.971114][T14050] xfrm1: entered promiscuous mode
[  637.992130][T14050] xfrm1: entered allmulticast mode
[  638.008571][T14050] team0: Device xfrm1 is of different type
[  638.097010][   T29] audit: type=1400 audit(2000000111.505:808): avc:  denied  { read } for  pid=14052 comm="syz.3.1941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  638.109502][T14053] cgroup: fork rejected by pids controller in /syz3
[  638.191669][T14061] netlink: 'syz.0.1943': attribute type 4 has an invalid length.
[  638.300563][ T5864] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  638.483396][ T5864] usb 2-1: config 0 has an invalid interface number: 120 but max is 0
[  638.497101][ T5864] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  638.540341][T14280] autofs4:pid:14280:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  638.559417][ T5864] usb 2-1: config 0 has no interface number 0
[  638.583273][ T5864] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  638.597425][ T5864] usb 2-1: config 0 interface 120 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  638.634667][ T5864] usb 2-1: New USB device found, idVendor=e828, idProduct=cea8, bcdDevice=50.03
[  638.648995][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.665867][ T5864] usb 2-1: Product: syz
[  638.677631][ T5864] usb 2-1: Manufacturer: syz
[  638.717669][ T5864] usb 2-1: SerialNumber: syz
[  638.751212][ T5864] usb 2-1: config 0 descriptor??
[  638.976535][ T5864] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  638.990659][ T5864] usb 2-1: MIDIStreaming interface descriptor not found
[  639.051789][ T5864] usb 2-1: USB disconnect, device number 32
[  639.426705][T14315] netlink: 'syz.4.1950': attribute type 32 has an invalid length.
[  639.447101][T14315] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1950'.
[  639.497403][T14315] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  639.545545][ T6058] udevd[6058]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  639.579156][T11216] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  639.590898][T11216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  639.599438][T11216] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  639.608133][T11216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  639.617992][T11216] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  639.625313][T11216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  639.703749][T14317] Failed to initialize the IGMP autojoin socket (err -2)
[  639.766569][   T29] audit: type=1400 audit(2000000113.175:809): avc:  denied  { relabelfrom } for  pid=14317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  639.784409][T14041] netdevsim netdevsim5 netdevsim0: renamed from eth1
[  639.806639][   T29] audit: type=1400 audit(2000000113.175:810): avc:  denied  { relabelto } for  pid=14317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  639.889351][T14041] netdevsim netdevsim5 netdevsim1: renamed from eth2
[  639.926606][T14041] netdevsim netdevsim5 netdevsim2: renamed from eth3
[  640.010640][T11216] Bluetooth: hci4: command tx timeout
[  640.057875][T14041] netdevsim netdevsim5 netdevsim3: renamed from eth4
[  640.771030][ T5864] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  640.932087][ T5864] usb 5-1: device descriptor read/64, error -71
[  641.102628][T14352] FAULT_INJECTION: forcing a failure.
[  641.102628][T14352] name failslab, interval 1, probability 0, space 0, times 0
[  641.160747][T14352] CPU: 1 UID: 0 PID: 14352 Comm: syz.1.1955 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  641.171583][T14352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  641.181647][T14352] Call Trace:
[  641.184927][T14352]  <TASK>
[  641.187862][T14352]  dump_stack_lvl+0x16c/0x1f0
[  641.192548][T14352]  should_fail_ex+0x497/0x5b0
[  641.197248][T14352]  ? fs_reclaim_acquire+0xae/0x150
[  641.202360][T14352]  should_failslab+0xc2/0x120
[  641.207038][T14352]  __kmalloc_noprof+0xcb/0x510
[  641.211804][T14352]  ? trace_kmalloc+0x2d/0xd0
[  641.216399][T14352]  ? __kmalloc_noprof+0x23b/0x510
[  641.220637][ T5864] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  641.221437][T14352]  tomoyo_realpath_from_path+0xb9/0x720
[  641.234534][T14352]  ? tomoyo_fill_path_info+0x233/0x420
[  641.240018][T14352]  tomoyo_mount_acl+0x1af/0x880
[  641.244883][T14352]  ? hlock_class+0x4e/0x130
[  641.249413][T14352]  ? __lock_acquire+0x15a9/0x3c40
[  641.254444][T14352]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  641.259813][T14352]  ? __pfx___lock_acquire+0x10/0x10
[  641.265016][T14352]  ? stack_trace_save+0x95/0xd0
[  641.269861][T14352]  ? __pfx_lock_release+0x10/0x10
[  641.274886][T14352]  ? trace_lock_acquire+0x14e/0x1f0
[  641.280077][T14352]  ? tomoyo_mount_permission+0x149/0x420
[  641.285701][T14352]  ? lock_acquire+0x2f/0xb0
[  641.290195][T14352]  ? tomoyo_mount_permission+0x149/0x420
[  641.295818][T14352]  tomoyo_mount_permission+0x16e/0x420
[  641.301265][T14352]  ? tomoyo_mount_permission+0x149/0x420
[  641.306885][T14352]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  641.312859][T14352]  ? get_current_fs_domain+0x184/0x1f0
[  641.318312][T14352]  security_sb_mount+0x9b/0x260
[  641.323152][T14352]  path_mount+0x129/0x1f20
[  641.327558][T14352]  ? kmem_cache_free+0x152/0x4c0
[  641.332481][T14352]  ? __pfx_path_mount+0x10/0x10
[  641.337338][T14352]  ? putname+0x13c/0x180
[  641.341572][T14352]  __x64_sys_mount+0x294/0x320
[  641.346325][T14352]  ? __pfx___x64_sys_mount+0x10/0x10
[  641.351602][T14352]  do_syscall_64+0xcd/0x250
[  641.356116][T14352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.362001][T14352] RIP: 0033:0x7feeeab85d29
[  641.366403][T14352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  641.386012][T14352] RSP: 002b:00007feeeb9e4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  641.394414][T14352] RAX: ffffffffffffffda RBX: 00007feeead75fa0 RCX: 00007feeeab85d29
[  641.402371][T14352] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000
[  641.410338][T14352] RBP: 00007feeeb9e4090 R08: 00000000200001c0 R09: 0000000000000000
[  641.418295][T14352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  641.426251][T14352] R13: 0000000000000000 R14: 00007feeead75fa0 R15: 00007ffc82a750e8
[  641.434232][T14352]  </TASK>
[  641.441540][T14352] ERROR: Out of memory at tomoyo_realpath_from_path.
[  641.544550][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  641.561003][ T5864] usb 5-1: device descriptor read/64, error -71
[  641.593016][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  641.607667][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  641.616886][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  641.626871][ T5825] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  641.635479][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  641.680772][ T5864] usb usb5-port1: attempt power cycle
[  641.686532][T14356] openvswitch: netlink: Actions may not be safe on all matching packets
[  641.717027][T14360] Failed to initialize the IGMP autojoin socket (err -2)
[  641.747187][   T29] audit: type=1400 audit(2000000115.155:811): avc:  denied  { bind } for  pid=14369 comm="syz.1.1958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  641.846892][T14041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.863305][T14041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.874205][T14041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.885627][T14041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.895920][T14041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.906727][T14041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.925076][T14041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  641.951189][T14041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.962278][T14041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  641.973499][T14041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.983864][T14041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  641.995002][T14041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.021097][  T969] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  642.039009][T14041] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  642.054928][ T5864] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  642.073789][T14041] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  642.090698][ T5825] Bluetooth: hci4: command tx timeout
[  642.100807][ T5864] usb 5-1: device descriptor read/8, error -71
[  642.131456][T14041] wireguard: wg0: Could not create IPv4 socket
[  642.139091][T14041] wireguard: wg1: Could not create IPv4 socket
[  642.148703][T14041] wireguard: wg2: Could not create IPv4 socket
[  642.193680][  T969] usb 2-1: Using ep0 maxpacket: 32
[  642.215325][  T969] usb 2-1: config index 0 descriptor too short (expected 10770, got 18)
[  642.267713][  T969] usb 2-1: config 44 has 1 interface, different from the descriptor's value: 10
[  642.312593][  T969] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  642.330509][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.340088][  T969] usb 2-1: Product: syz
[  642.344473][ T5864] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  642.354545][  T969] usb 2-1: Manufacturer: syz
[  642.359334][  T969] usb 2-1: SerialNumber: syz
[  642.383525][ T5864] usb 5-1: device descriptor read/8, error -71
[  642.490899][T11216] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  642.501504][ T5864] usb usb5-port1: unable to enumerate USB device
[  642.515234][T11216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  642.537102][T11216] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  642.547356][T11216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  642.757063][T11216] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  642.766860][T11216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  643.101103][T14370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.146159][T14370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.294611][T14394] Failed to initialize the IGMP autojoin socket (err -2)
[  643.315910][T14408] Failed to initialize the IGMP autojoin socket (err -2)
[  643.343371][  T969] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  643.355995][  T969] gspca_stk1135: reg_w 0x2 err -71
[  643.367489][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.385426][  T969] gspca_stk1135: Sensor write failed
[  643.397786][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.409845][  T969] gspca_stk1135: Sensor write failed
[  643.419965][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.436655][  T969] gspca_stk1135: Sensor read failed
[  643.460900][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.492434][  T969] gspca_stk1135: Sensor read failed
[  643.497671][  T969] gspca_stk1135: Detected sensor type unknown (0x0)
[  643.542768][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.558561][  T969] gspca_stk1135: Sensor read failed
[  643.570465][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.582870][  T969] gspca_stk1135: Sensor read failed
[  643.587597][T14420] team0: Device vxcan1 is of different type
[  643.597151][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.623925][  T969] gspca_stk1135: Sensor write failed
[  643.637649][  T969] gspca_stk1135: serial bus timeout: status=0x00
[  643.654177][  T969] gspca_stk1135: Sensor write failed
[  643.670928][  T969] stk1135 2-1:44.0: probe with driver stk1135 failed with error -71
[  643.698787][  T969] usb 2-1: USB disconnect, device number 33
[  644.369133][T14394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  644.410851][T14394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  644.425621][T14394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  644.439929][T14394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  644.452260][T14394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  644.481008][T14394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  644.550126][T14394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  644.572836][T14394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  644.583491][T14394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  644.599577][T14394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  644.648145][T14394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  644.706614][T14394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  644.732979][T14473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1969'.
[  644.895176][T11216] Bluetooth: hci0: command tx timeout
[  644.918847][T14394] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  645.056169][T14394] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  645.119898][T14394] wireguard: wg0: Could not create IPv4 socket
[  645.144145][T14394] wireguard: wg1: Could not create IPv4 socket
[  645.164974][T14394] wireguard: wg2: Could not create IPv4 socket
[  648.220505][ T5864] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  648.382065][ T5864] usb 2-1: config 0 has an invalid interface number: 100 but max is 0
[  648.390437][ T5864] usb 2-1: config 0 has no interface number 0
[  648.400157][ T5864] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=6d.61
[  648.412453][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.432041][ T5864] usb 2-1: Product: syz
[  648.436251][ T5864] usb 2-1: Manufacturer: syz
[  648.446113][ T5864] usb 2-1: SerialNumber: syz
[  648.460314][ T5864] usb 2-1: config 0 descriptor??
[  648.720080][T14549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.740356][T14549] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.766204][ T5864] usb 2-1: USB disconnect, device number 34
[  651.125212][   T29] audit: type=1400 audit(2000000124.495:812): avc:  denied  { link } for  pid=14685 comm="syz.1.1992" name="#1b" dev="tmpfs" ino=2102 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  651.161848][   T29] audit: type=1400 audit(2000000124.495:813): avc:  denied  { rename } for  pid=14685 comm="syz.1.1992" name="#1c" dev="tmpfs" ino=2102 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  651.201991][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  651.215290][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  651.226001][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  651.260715][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  651.268144][ T5825] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  651.275432][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  651.337251][T14698] Failed to initialize the IGMP autojoin socket (err -2)
[  652.111984][ T5825] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  652.121960][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: kworker/u9:6 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  652.132850][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  652.142969][ T5825] Workqueue: hci3 hci_rx_work
[  652.147686][ T5825] Call Trace:
[  652.150978][ T5825]  <TASK>
[  652.153912][ T5825]  dump_stack_lvl+0x16c/0x1f0
[  652.158610][ T5825]  sysfs_warn_dup+0x7f/0xa0
[  652.163138][ T5825]  sysfs_create_dir_ns+0x24d/0x2b0
[  652.168275][ T5825]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  652.173935][ T5825]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  652.179330][ T5825]  ? kobject_add_internal+0x12d/0x990
[  652.184726][ T5825]  ? do_raw_spin_unlock+0x172/0x230
[  652.189944][ T5825]  kobject_add_internal+0x2c8/0x990
[  652.195169][ T5825]  kobject_add+0x16f/0x240
[  652.199607][ T5825]  ? __pfx_kobject_add+0x10/0x10
[  652.204562][ T5825]  ? class_to_subsys+0x3e/0x160
[  652.209430][ T5825]  ? do_raw_spin_unlock+0x172/0x230
[  652.214650][ T5825]  ? kobject_put+0xab/0x5a0
[  652.219181][ T5825]  device_add+0x289/0x1a70
[  652.220303][T14743] overlayfs: conflicting lowerdir path
[  652.223610][ T5825]  ? __pfx_dev_set_name+0x10/0x10
[  652.223667][ T5825]  ? __pfx_device_add+0x10/0x10
[  652.223695][ T5825]  ? mgmt_send_event_skb+0x2f2/0x460
[  652.223728][ T5825]  hci_conn_add_sysfs+0x17e/0x230
[  652.249361][ T5825]  le_conn_complete_evt+0x107f/0x1da0
[  652.254767][ T5825]  ? __pfx_lock_release+0x10/0x10
[  652.259819][ T5825]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  652.265569][ T5825]  ? trace_contention_end+0xee/0x140
[  652.270885][ T5825]  ? __mutex_lock+0x1cc/0xa60
[  652.275600][ T5825]  hci_le_conn_complete_evt+0x23c/0x370
[  652.281178][ T5825]  hci_le_meta_evt+0x2e2/0x5d0
[  652.285968][ T5825]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  652.292066][ T5825]  hci_event_packet+0x666/0x1180
[  652.297027][ T5825]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  652.302343][ T5825]  ? __pfx_hci_event_packet+0x10/0x10
[  652.307741][ T5825]  ? mark_held_locks+0x9f/0xe0
[  652.312528][ T5825]  ? kcov_remote_start+0x3cf/0x6e0
[  652.317662][ T5825]  ? lockdep_hardirqs_on+0x7c/0x110
[  652.322889][ T5825]  hci_rx_work+0x2c5/0x16b0
[  652.327407][ T5825]  ? process_one_work+0x921/0x1ba0
[  652.332522][ T5825]  process_one_work+0x9c5/0x1ba0
[  652.337462][ T5825]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  652.343088][ T5825]  ? __pfx_process_one_work+0x10/0x10
[  652.348464][ T5825]  ? rcu_is_watching+0x12/0xc0
[  652.353228][ T5825]  ? assign_work+0x1a0/0x250
[  652.357826][ T5825]  worker_thread+0x6c8/0xf00
[  652.362414][ T5825]  ? __pfx_worker_thread+0x10/0x10
[  652.367517][ T5825]  kthread+0x2c1/0x3a0
[  652.371578][ T5825]  ? _raw_spin_unlock_irq+0x23/0x50
[  652.376763][ T5825]  ? __pfx_kthread+0x10/0x10
[  652.381348][ T5825]  ret_from_fork+0x45/0x80
[  652.385763][ T5825]  ? __pfx_kthread+0x10/0x10
[  652.390344][ T5825]  ret_from_fork_asm+0x1a/0x30
[  652.395126][ T5825]  </TASK>
[  652.411298][ T5825] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  652.425849][ T5825] Bluetooth: hci3: failed to register connection device
[  653.393564][T11216] Bluetooth: hci0: command tx timeout
[  653.577828][T14698] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  653.607374][T14698] netdevsim netdevsim5 netdevsim1: renamed from eth6
[  653.643147][T14698] netdevsim netdevsim5 netdevsim2: renamed from eth7
[  653.665685][T14698] netdevsim netdevsim5 netdevsim3: renamed from eth8
[  654.184419][   T29] audit: type=1400 audit(2000000127.595:814): avc:  denied  { write } for  pid=14795 comm="syz.4.2003" name="netstat" dev="proc" ino=4026532832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  654.555684][T14801] 9pnet: Could not find request transport: r哘CÁóé=0x0000000000000005
[  654.556962][T14784] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 95 prio class 0
[  654.596096][T14784] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  654.620171][T14784] Buffer I/O error on dev loop7, logical block 1, lost async page write
[  654.642746][T14784] Buffer I/O error on dev loop7, logical block 2, lost async page write
[  654.657023][T14784] Buffer I/O error on dev loop7, logical block 3, lost async page write
[  654.658308][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  654.677270][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  654.685175][T14784] Buffer I/O error on dev loop7, logical block 4, lost async page write
[  654.693740][T14784] Buffer I/O error on dev loop7, logical block 5, lost async page write
[  654.702283][T14784] Buffer I/O error on dev loop7, logical block 6, lost async page write
[  654.710747][T14784] Buffer I/O error on dev loop7, logical block 7, lost async page write
[  654.719191][T14784] Buffer I/O error on dev loop7, logical block 8, lost async page write
[  654.727698][T14784] Buffer I/O error on dev loop7, logical block 9, lost async page write
[  654.884958][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  654.953856][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  654.962405][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  654.969738][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  655.015099][T14808] Failed to initialize the IGMP autojoin socket (err -2)
[  655.501426][ T5825] Bluetooth: hci0: command tx timeout
[  655.767575][T14698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  655.810270][T14698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  655.846498][T14698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  655.867167][T14698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  655.887381][T14698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  655.918598][T14698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  655.950079][T14698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  656.768112][T14698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.075358][T14698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  657.132001][T14698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.143619][T14698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  657.155724][T14698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.195357][T14698] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  657.240957][T14698] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  657.297994][T14698] wireguard: wg0: Could not create IPv4 socket
[  657.305747][T14698] wireguard: wg1: Could not create IPv4 socket
[  657.313338][T14698] wireguard: wg2: Could not create IPv4 socket
[  658.870031][T11216] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  658.881384][T11216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  658.889746][T11216] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  658.899141][T11216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  658.907996][T11216] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  658.915304][T11216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  658.929255][T14905] Failed to initialize the IGMP autojoin socket (err -2)
[  659.336059][T14919] autofs4:pid:14919:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  659.715839][T14931] Failed to initialize the IGMP autojoin socket (err -2)
[  660.972440][ T5825] Bluetooth: hci0: command tx timeout
[  661.109452][T14949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2019'.
[  661.255934][T14942] Bluetooth: MGMT ver 1.23
[  661.261143][T14905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  661.271785][T14905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  661.281741][T14905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  661.292262][T14905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  661.302129][T14905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  661.312625][T14905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  661.331797][T14905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  661.347385][T14905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  661.357771][T14905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  661.370669][T14905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  661.381187][T14905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  661.394158][T14905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  661.616154][T14905] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  661.761222][T14905] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  661.797038][T14905] wireguard: wg0: Could not create IPv4 socket
[  661.814792][T14905] wireguard: wg1: Could not create IPv4 socket
[  661.835593][T14905] wireguard: wg2: Could not create IPv4 socket
[  662.310729][   T25] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  662.944761][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  662.956761][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  662.967736][   T25] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  662.977190][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.987075][   T25] usb 2-1: config 0 descriptor??
[  663.290833][ T5825] Bluetooth: hci3: Opcode 0x0401 failed: -110
[  663.299019][ T5825] Bluetooth: hci3: command 0x0406 tx timeout
[  663.397737][   T25] hid-thrustmaster 0003:044F:B65D.000F: unbalanced collection at end of report description
[  663.412186][   T25] hid-thrustmaster 0003:044F:B65D.000F: parse failed with error -22
[  663.423538][   T25] hid-thrustmaster 0003:044F:B65D.000F: probe with driver hid-thrustmaster failed with error -22
[  663.600011][T14977] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2023'.
[  663.613527][   T25] usb 2-1: USB disconnect, device number 35
[  664.898459][T11216] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  664.909517][T11216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  664.918542][T11216] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  664.929162][T11216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  664.941713][T11216] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  664.951092][T11216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  665.028703][T15072] Failed to initialize the IGMP autojoin socket (err -2)
[  665.108525][T15066] autofs4:pid:15066:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  666.594083][ T5864] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  666.730543][ T5864] usb 2-1: device descriptor read/64, error -71
[  666.970607][ T5864] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  667.013933][T15113] Failed to initialize the IGMP autojoin socket (err -2)
[  667.050586][T11216] Bluetooth: hci0: command tx timeout
[  667.120558][ T5864] usb 2-1: device descriptor read/64, error -71
[  667.250664][ T5864] usb usb2-port1: attempt power cycle
[  667.390542][   T25] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  667.552870][   T25] usb 5-1: config 0 has an invalid interface number: 56 but max is 0
[  667.563529][   T25] usb 5-1: config 0 has no interface number 0
[  667.573396][   T25] usb 5-1: too many endpoints for config 0 interface 56 altsetting 83: 47, using maximum allowed: 30
[  667.587731][   T25] usb 5-1: config 0 interface 56 altsetting 83 has 0 endpoint descriptors, different from the interface descriptor's value: 47
[  667.602102][   T25] usb 5-1: config 0 interface 56 has no altsetting 0
[  667.608885][   T25] usb 5-1: New USB device found, idVendor=10b8, idProduct=1f9c, bcdDevice=90.83
[  667.620594][ T5864] usb 2-1: new full-speed USB device number 38 using dummy_hcd
[  667.633886][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.645014][   T25] usb 5-1: config 0 descriptor??
[  667.652880][ T5864] usb 2-1: device descriptor read/8, error -71
[  667.860174][   T25] dvb-usb: found a 'DiBcom TFE8096P reference design' in cold state, will try to load a firmware
[  667.904154][   T25] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  667.915579][   T25] dib0700: firmware download failed at 7 with -22
[  667.920494][ T5864] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  667.951630][ T5864] usb 2-1: device descriptor read/8, error -71
[  668.061509][ T5864] usb usb2-port1: unable to enumerate USB device
[  668.130969][T15124] loop6: detected capacity change from 0 to 524287999
[  668.144976][T15124] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0
[  668.155610][T15124] buffer_io_error: 85 callbacks suppressed
[  668.155624][T15124] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  668.176598][T15124] Buffer I/O error on dev loop6, logical block 1, lost async page write
[  668.192393][T15124] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  668.205589][T15124] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  668.354324][ T5864] usb 5-1: USB disconnect, device number 42
[  669.135941][T11216] Bluetooth: hci0: command tx timeout
[  669.156443][   T29] audit: type=1400 audit(2000000142.565:815): avc:  denied  { read } for  pid=15196 comm="syz.0.2035" path="socket:[45047]" dev="sockfs" ino=45047 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  671.236383][T11216] Bluetooth: hci0: command tx timeout
[  672.958039][T15072] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  673.148636][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  673.158503][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  673.167371][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  673.175500][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  673.183310][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  673.192591][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  673.257118][T15264] Failed to initialize the IGMP autojoin socket (err -2)
[  673.265020][T15072] netdevsim netdevsim5 netdevsim1: renamed from eth6
[  673.291065][ T5825] Bluetooth: hci0: command tx timeout
[  673.324869][T15072] netdevsim netdevsim5 netdevsim2: renamed from eth7
[  673.364801][T15072] netdevsim netdevsim5 netdevsim3: renamed from eth8
[  675.570320][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.581688][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.593195][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.603723][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.613912][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  675.624680][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.636726][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  675.647565][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.657728][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  675.669880][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.682508][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  675.695233][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  675.727046][T15072] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  675.765172][T15072] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  675.789711][T15072] wireguard: wg0: Could not create IPv4 socket
[  675.803804][T15072] wireguard: wg1: Could not create IPv4 socket
[  675.814036][T15072] wireguard: wg2: Could not create IPv4 socket
[  676.922333][   T29] audit: type=1400 audit(2000000150.335:816): avc:  denied  { listen } for  pid=15380 comm="syz.0.2050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  676.946678][ T5138] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  676.956564][ T5138] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  676.965256][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  677.020992][ T5138] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  677.028640][ T5138] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  677.036048][ T5138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  677.098060][T15392] Failed to initialize the IGMP autojoin socket (err -2)
[  678.540526][  T969] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  678.580964][T11216] Bluetooth: hci3: command 0x0406 tx timeout
[  678.714040][  T969] usb 2-1: config 7 has an invalid interface number: 101 but max is 0
[  678.728882][  T969] usb 2-1: config 7 has no interface number 0
[  678.752494][  T969] usb 2-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  678.784473][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.818525][  T969] usb 2-1: Product: syz
[  678.830491][  T969] usb 2-1: Manufacturer: syz
[  678.835298][  T969] usb 2-1: SerialNumber: syz
[  678.968302][T15392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  678.982350][T15392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  678.993787][T15392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  679.005338][T15392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.015756][T15392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  679.027015][T15392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.044234][T15392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  679.056681][T15392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.068110][T15392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  679.080320][T15392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.090964][T15392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  679.101899][T15392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  679.116831][T15392] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  679.133708][ T5825] Bluetooth: hci0: command tx timeout
[  679.143503][T15392] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  679.162965][T15392] wireguard: wg0: Could not create IPv4 socket
[  679.171854][T15392] wireguard: wg1: Could not create IPv4 socket
[  679.181655][T15392] wireguard: wg2: Could not create IPv4 socket
[  679.390181][T15426] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2062'.
[  681.103453][T15427] openvswitch: netlink: IP tunnel dst address not specified
[  681.199947][T15434] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2064'.
[  681.314773][  T969] as10x_usb: device has been detected
[  681.338197][  T969] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  681.373227][  T969] usb 2-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  681.492992][  T969] as10x_usb: error during firmware upload part1
[  681.503687][  T969] Registered device Elgato EyeTV DTT Deluxe
[  681.516045][  T969] usb 2-1: USB disconnect, device number 40
[  681.557912][  T969] Unregistered device Elgato EyeTV DTT Deluxe
[  681.567062][  T969] as10x_usb: device has been disconnected
[  681.984154][T15460] Failed to initialize the IGMP autojoin socket (err -2)
[  684.516155][ T5825] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  684.570836][T15554] overlayfs: conflicting lowerdir path
[  685.696016][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  685.704467][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  686.040219][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  686.053770][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  686.222583][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  686.239026][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  686.257758][ T5825] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  686.266485][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  686.506967][T15571] Failed to initialize the IGMP autojoin socket (err -2)
[  686.599542][T15573] netlink: 'syz.1.2076': attribute type 4 has an invalid length.
[  687.066215][T15600] Failed to initialize the IGMP autojoin socket (err -2)
[  687.235047][T15604] autofs4:pid:15604:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  687.384287][T15611] wg2: left promiscuous mode
[  687.388986][T15611] wg2: left allmulticast mode
[  687.718875][T15619] ptrace attach of "./syz-executor exec"[5820] was attempted by ""[15619]
[  687.793560][T15618] wireguard: wg2: Could not create IPv4 socket
[  687.799766][T15618] wg2: entered promiscuous mode
[  687.805031][T15618] wg2: entered allmulticast mode
[  687.980962][T15571] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  688.026296][T15571] netdevsim netdevsim5 netdevsim1: renamed from eth6
[  688.061310][T15571] netdevsim netdevsim5 netdevsim2: renamed from eth7
[  688.097108][T15571] netdevsim netdevsim5 netdevsim3: renamed from eth8
[  688.330898][T11216] Bluetooth: hci0: command tx timeout
[  688.579026][T11216] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  688.588800][T11216] CPU: 1 UID: 0 PID: 11216 Comm: kworker/u9:0 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  688.599764][T11216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  688.609824][T11216] Workqueue: hci2 hci_rx_work
[  688.614517][T11216] Call Trace:
[  688.617799][T11216]  <TASK>
[  688.620730][T11216]  dump_stack_lvl+0x16c/0x1f0
[  688.625416][T11216]  sysfs_warn_dup+0x7f/0xa0
[  688.629930][T11216]  sysfs_create_dir_ns+0x24d/0x2b0
[  688.635054][T11216]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  688.640700][T11216]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  688.646083][T11216]  ? kobject_add_internal+0x12d/0x990
[  688.651469][T11216]  ? do_raw_spin_unlock+0x172/0x230
[  688.656677][T11216]  kobject_add_internal+0x2c8/0x990
[  688.661892][T11216]  kobject_add+0x16f/0x240
[  688.666322][T11216]  ? __pfx_kobject_add+0x10/0x10
[  688.671274][T11216]  ? kobject_put+0xab/0x5a0
[  688.675793][T11216]  device_add+0x289/0x1a70
[  688.680221][T11216]  ? __pfx_device_add+0x10/0x10
[  688.685118][T11216]  hci_conn_add_sysfs+0x17e/0x230
[  688.690174][T11216]  le_conn_complete_evt+0x107f/0x1da0
[  688.695568][T11216]  ? __pfx_lock_release+0x10/0x10
[  688.700599][T11216]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  688.706323][T11216]  ? trace_contention_end+0xee/0x140
[  688.711618][T11216]  ? mark_held_locks+0x9f/0xe0
[  688.716393][T11216]  hci_le_conn_complete_evt+0x23c/0x370
[  688.721953][T11216]  hci_le_meta_evt+0x2e2/0x5d0
[  688.726723][T11216]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  688.732801][T11216]  hci_event_packet+0x666/0x1180
[  688.737746][T11216]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  688.743043][T11216]  ? __pfx_hci_event_packet+0x10/0x10
[  688.748430][T11216]  ? kcov_remote_start+0x3df/0x6e0
[  688.753554][T11216]  hci_rx_work+0x2c5/0x16b0
[  688.758070][T11216]  ? process_one_work+0x921/0x1ba0
[  688.763197][T11216]  process_one_work+0x9c5/0x1ba0
[  688.768178][T11216]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  688.773825][T11216]  ? __pfx_process_one_work+0x10/0x10
[  688.779204][T11216]  ? rcu_is_watching+0x12/0xc0
[  688.783982][T11216]  ? assign_work+0x1a0/0x250
[  688.788579][T11216]  worker_thread+0x6c8/0xf00
[  688.793182][T11216]  ? __kthread_parkme+0x148/0x220
[  688.798225][T11216]  ? __pfx_worker_thread+0x10/0x10
[  688.802282][T15648] Failed to initialize the IGMP autojoin socket (err -2)
[  688.803333][T11216]  kthread+0x2c1/0x3a0
[  688.814424][T11216]  ? _raw_spin_unlock_irq+0x23/0x50
[  688.819644][T11216]  ? __pfx_kthread+0x10/0x10
[  688.824252][T11216]  ret_from_fork+0x45/0x80
[  688.828659][T11216]  ? __pfx_kthread+0x10/0x10
[  688.833329][T11216]  ret_from_fork_asm+0x1a/0x30
[  688.838096][T11216]  </TASK>
[  688.841853][T11216] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  688.857466][T11216] Bluetooth: hci2: failed to register connection device
[  688.866275][ T5863] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  688.885429][T15654] overlayfs: conflicting lowerdir path
[  688.965165][T11216] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  688.977282][T11216] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  688.986591][T11216] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  688.994636][T11216] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  689.002518][T11216] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  689.012342][T11216] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  689.052170][T15658] Failed to initialize the IGMP autojoin socket (err -2)
[  689.061982][ T5863] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.073090][ T5863] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  689.082481][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.093387][ T5863] usb 5-1: config 0 descriptor??
[  689.105908][ T5863] pwc: Askey VC010 type 2 USB webcam detected.
[  689.282841][T15571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  689.297455][T15571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.337473][T15652] 
[  689.339843][T15652] =========================
[  689.344342][T15652] WARNING: held lock freed!
[  689.348836][T15652] 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0 Not tainted
[  689.355939][T15652] -------------------------
[  689.360431][T15652] syz.1.2086/15652 is freeing memory ffff88805b9c7000-ffff88805b9c77ff, with a lock still held there!
[  689.371363][T15652] ffff88805b9c7258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: bt_accept_dequeue+0x249/0x600
[  689.382436][T15652] 2 locks held by syz.1.2086/15652:
[  689.387631][T15652]  #0: ffff88807a6f2008 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[  689.393861][T15571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  689.398172][T15652]  #1: ffff88805b9c7258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: bt_accept_dequeue+0x249/0x600
[  689.408662][T15571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.420044][T15652] 
[  689.420044][T15652] stack backtrace:
[  689.420053][T15652] CPU: 0 UID: 0 PID: 15652 Comm: syz.1.2086 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  689.420072][T15652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  689.420081][T15652] Call Trace:
[  689.420086][T15652]  <TASK>
[  689.420092][T15652]  dump_stack_lvl+0x116/0x1f0
[  689.420115][T15652]  debug_check_no_locks_freed+0x208/0x2b0
[  689.430195][T15571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  689.435747][T15652]  kfree+0xe5/0x4b0
[  689.435767][T15652]  ? security_sk_free+0x9d/0x1a0
[  689.435785][T15652]  ? __sk_destruct+0x5eb/0x720
[  689.446731][T15571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.456540][T15652]  __sk_destruct+0x5eb/0x720
[  689.456569][T15652]  sk_destruct+0xc2/0xf0
[  689.461176][T15571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.462728][T15652]  __sk_free+0xf4/0x3e0
[  689.467370][T15571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.473486][T15652]  sk_free+0x6a/0x90
[  689.473507][T15652]  bt_accept_unlink+0x245/0x2e0
[  689.473527][T15652]  bt_accept_dequeue+0x517/0x600
[  689.473548][T15652]  l2cap_sock_cleanup_listen+0x5c/0x2a0
[  689.473570][T15652]  l2cap_sock_release+0x5c/0x210
[  689.473593][T15652]  __sock_release+0xb0/0x270
[  689.500483][T15571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.507174][T15652]  ? __pfx_sock_close+0x10/0x10
[  689.521923][T15571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.526336][T15652]  sock_close+0x1c/0x30
[  689.542223][T15571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.544098][T15652]  __fput+0x3f8/0xb60
[  689.548916][T15571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.553818][T15652]  ? _raw_spin_unlock_irq+0x23/0x50
[  689.553840][T15652]  task_work_run+0x14e/0x250
[  689.553858][T15652]  ? __pfx_task_work_run+0x10/0x10
[  689.553877][T15652]  get_signal+0x1d3/0x26c0
[  689.553900][T15652]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  689.647407][T15652]  ? __pfx_get_signal+0x10/0x10
[  689.652281][T15652]  ? task_work_add+0x1ca/0x3b0
[  689.657052][T15652]  ? __pfx_task_work_add+0x10/0x10
[  689.662173][T15652]  ? __pfx___file_ref_put+0x10/0x10
[  689.667379][T15652]  arch_do_signal_or_restart+0x90/0x7e0
[  689.672937][T15652]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  689.679112][T15652]  ? rcu_is_watching+0x12/0xc0
[  689.683897][T15652]  syscall_exit_to_user_mode+0x150/0x2a0
[  689.689545][T15652]  do_syscall_64+0xda/0x250
[  689.694067][T15652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.699975][T15652] RIP: 0033:0x7feeeab85d29
[  689.704397][T15652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.724013][T15652] RSP: 002b:00007feeeb9c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  689.732438][T15652] RAX: fffffffffffffe00 RBX: 00007feeead76080 RCX: 00007feeeab85d29
[  689.740417][T15652] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  689.748395][T15652] RBP: 00007feeeac01b08 R08: 0000000000000000 R09: 0000000000000000
[  689.756375][T15652] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000
[  689.764354][T15652] R13: 0000000000000000 R14: 00007feeead76080 R15: 00007ffc82a750e8
[  689.772344][T15652]  </TASK>
[  689.776166][T15652] ==================================================================
[  689.784236][T15652] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x271/0x2c0
[  689.792066][T15652] Read of size 4 at addr ffff88805b9c71c4 by task syz.1.2086/15652
[  689.799967][T15652] 
[  689.800898][T15571] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  689.802281][T15652] CPU: 0 UID: 0 PID: 15652 Comm: syz.1.2086 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  689.828539][T15652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  689.838596][T15652] Call Trace:
[  689.841861][T15652]  <TASK>
[  689.844773][T15652]  dump_stack_lvl+0x116/0x1f0
[  689.849455][T15652]  print_report+0xc3/0x620
[  689.853855][T15652]  ? __virt_addr_valid+0x5e/0x590
[  689.858868][T15652]  ? __phys_addr+0xc6/0x150
[  689.863356][T15652]  kasan_report+0xd9/0x110
[  689.867770][T15652]  ? do_raw_spin_lock+0x271/0x2c0
[  689.872889][T15652]  ? do_raw_spin_lock+0x271/0x2c0
[  689.877915][T15652]  do_raw_spin_lock+0x271/0x2c0
[  689.882766][T15652]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  689.888121][T15652]  ? lock_acquire+0x2f/0xb0
[  689.892606][T15652]  ? release_sock+0x21/0x220
[  689.897194][T15652]  release_sock+0x21/0x220
[  689.901605][T15652]  bt_accept_dequeue+0x505/0x600
[  689.906540][T15652]  l2cap_sock_cleanup_listen+0x5c/0x2a0
[  689.912085][T15652]  l2cap_sock_release+0x5c/0x210
[  689.917012][T15652]  __sock_release+0xb0/0x270
[  689.921602][T15652]  ? __pfx_sock_close+0x10/0x10
[  689.926443][T15652]  sock_close+0x1c/0x30
[  689.930585][T15652]  __fput+0x3f8/0xb60
[  689.934572][T15652]  ? _raw_spin_unlock_irq+0x23/0x50
[  689.939848][T15652]  task_work_run+0x14e/0x250
[  689.944423][T15652]  ? __pfx_task_work_run+0x10/0x10
[  689.949523][T15652]  get_signal+0x1d3/0x26c0
[  689.953929][T15652]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  689.959804][T15652]  ? __pfx_get_signal+0x10/0x10
[  689.964638][T15652]  ? task_work_add+0x1ca/0x3b0
[  689.969380][T15652]  ? __pfx_task_work_add+0x10/0x10
[  689.974472][T15652]  ? __pfx___file_ref_put+0x10/0x10
[  689.979654][T15652]  arch_do_signal_or_restart+0x90/0x7e0
[  689.985188][T15652]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  689.991332][T15652]  ? rcu_is_watching+0x12/0xc0
[  689.996082][T15652]  syscall_exit_to_user_mode+0x150/0x2a0
[  690.001701][T15652]  do_syscall_64+0xda/0x250
[  690.006191][T15652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.012071][T15652] RIP: 0033:0x7feeeab85d29
[  690.016467][T15652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.036057][T15652] RSP: 002b:00007feeeb9c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  690.044448][T15652] RAX: fffffffffffffe00 RBX: 00007feeead76080 RCX: 00007feeeab85d29
[  690.052399][T15652] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  690.060357][T15652] RBP: 00007feeeac01b08 R08: 0000000000000000 R09: 0000000000000000
[  690.068308][T15652] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000
[  690.076268][T15652] R13: 0000000000000000 R14: 00007feeead76080 R15: 00007ffc82a750e8
[  690.084234][T15652]  </TASK>
[  690.087232][T15652] 
[  690.089534][T15652] Allocated by task 5825:
[  690.093837][T15652]  kasan_save_stack+0x33/0x60
[  690.098495][T15652]  kasan_save_track+0x14/0x30
[  690.103152][T15652]  __kasan_kmalloc+0xaa/0xb0
[  690.107725][T15652]  __kmalloc_noprof+0x21c/0x510
[  690.112555][T15652]  sk_prot_alloc+0x1a8/0x2a0
[  690.117124][T15652]  sk_alloc+0x36/0xb90
[  690.121179][T15652]  bt_sock_alloc+0x3b/0x3a0
[  690.125666][T15652]  l2cap_sock_alloc.constprop.0+0x33/0x1c0
[  690.131458][T15652]  l2cap_sock_new_connection_cb+0x101/0x240
[  690.137337][T15652]  l2cap_connect_cfm+0x85f/0xf10
[  690.142254][T15652]  hci_remote_features_evt+0x50d/0x9a0
[  690.147709][T15652]  hci_event_packet+0x9eb/0x1180
[  690.152626][T15652]  hci_rx_work+0x2c5/0x16b0
[  690.157127][T15652]  process_one_work+0x9c5/0x1ba0
[  690.162043][T15652]  worker_thread+0x6c8/0xf00
[  690.166613][T15652]  kthread+0x2c1/0x3a0
[  690.170665][T15652]  ret_from_fork+0x45/0x80
[  690.175060][T15652]  ret_from_fork_asm+0x1a/0x30
[  690.179806][T15652] 
[  690.182112][T15652] Freed by task 15652:
[  690.186152][T15652]  kasan_save_stack+0x33/0x60
[  690.190821][T15652]  kasan_save_track+0x14/0x30
[  690.195477][T15652]  kasan_save_free_info+0x3b/0x60
[  690.200485][T15652]  __kasan_slab_free+0x51/0x70
[  690.205231][T15652]  kfree+0x14f/0x4b0
[  690.209106][T15652]  __sk_destruct+0x5eb/0x720
[  690.213692][T15652]  sk_destruct+0xc2/0xf0
[  690.217921][T15652]  __sk_free+0xf4/0x3e0
[  690.222071][T15652]  sk_free+0x6a/0x90
[  690.225952][T15652]  bt_accept_unlink+0x245/0x2e0
[  690.230783][T15652]  bt_accept_dequeue+0x517/0x600
[  690.235701][T15652]  l2cap_sock_cleanup_listen+0x5c/0x2a0
[  690.241231][T15652]  l2cap_sock_release+0x5c/0x210
[  690.246154][T15652]  __sock_release+0xb0/0x270
[  690.250725][T15652]  sock_close+0x1c/0x30
[  690.254857][T15652]  __fput+0x3f8/0xb60
[  690.258821][T15652]  task_work_run+0x14e/0x250
[  690.263388][T15652]  get_signal+0x1d3/0x26c0
[  690.267787][T15652]  arch_do_signal_or_restart+0x90/0x7e0
[  690.273316][T15652]  syscall_exit_to_user_mode+0x150/0x2a0
[  690.278931][T15652]  do_syscall_64+0xda/0x250
[  690.283418][T15652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.289305][T15652] 
[  690.291607][T15652] The buggy address belongs to the object at ffff88805b9c7000
[  690.291607][T15652]  which belongs to the cache kmalloc-2k of size 2048
[  690.305639][T15652] The buggy address is located 452 bytes inside of
[  690.305639][T15652]  freed 2048-byte region [ffff88805b9c7000, ffff88805b9c7800)
[  690.319530][T15652] 
[  690.321839][T15652] The buggy address belongs to the physical page:
[  690.328232][T15652] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b9c0
[  690.336974][T15652] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  690.345450][T15652] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  690.353426][T15652] page_type: f5(slab)
[  690.357391][T15652] raw: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001
[  690.365958][T15652] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[  690.374522][T15652] head: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001
[  690.383172][T15652] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[  690.391822][T15652] head: 00fff00000000003 ffffea00016e7001 ffffffffffffffff 0000000000000000
[  690.400470][T15652] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  690.409114][T15652] page dumped because: kasan: bad access detected
[  690.415505][T15652] page_owner tracks the page as allocated
[  690.421196][T15652] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5820, tgid 5820 (syz-executor), ts 56538748556, free_ts 11291559500
[  690.442361][T15652]  post_alloc_hook+0x2d1/0x350
[  690.447106][T15652]  get_page_from_freelist+0xfce/0x2f80
[  690.452547][T15652]  __alloc_pages_noprof+0x223/0x25b0
[  690.457810][T15652]  alloc_pages_mpol_noprof+0x2c9/0x610
[  690.463252][T15652]  new_slab+0x2c9/0x410
[  690.467386][T15652]  ___slab_alloc+0xd7d/0x17a0
[  690.472047][T15652]  __slab_alloc.constprop.0+0x56/0xb0
[  690.477400][T15652]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  690.483800][T15652]  kmalloc_reserve+0xef/0x2c0
[  690.488457][T15652]  pskb_expand_head+0x243/0x1240
[  690.493370][T15652]  netlink_trim+0x1ef/0x250
[  690.497853][T15652]  netlink_broadcast_filtered+0xc7/0xef0
[  690.503469][T15652]  nlmsg_notify+0x9e/0x220
[  690.507874][T15652]  rtmsg_ifinfo+0x174/0x1a0
[  690.512355][T15652]  register_netdevice+0x18b5/0x1e90
[  690.517533][T15652]  nsim_create+0x740/0xb20
[  690.521934][T15652] page last free pid 1 tgid 1 stack trace:
[  690.527731][T15652]  free_unref_page+0x661/0x1080
[  690.532562][T15652]  free_contig_range+0x133/0x3f0
[  690.537481][T15652]  destroy_args+0x802/0xa50
[  690.541965][T15652]  debug_vm_pgtable+0x168e/0x31a0
[  690.546968][T15652]  do_one_initcall+0x128/0x700
[  690.551715][T15652]  kernel_init_freeable+0x5c7/0x900
[  690.556896][T15652]  kernel_init+0x1c/0x2b0
[  690.561207][T15652]  ret_from_fork+0x45/0x80
[  690.565601][T15652]  ret_from_fork_asm+0x1a/0x30
[  690.570350][T15652] 
[  690.572653][T15652] Memory state around the buggy address:
[  690.578265][T15652]  ffff88805b9c7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  690.586312][T15652]  ffff88805b9c7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  690.594348][T15652] >ffff88805b9c7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  690.602383][T15652]                                            ^
[  690.608509][T15652]  ffff88805b9c7200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  690.616551][T15652]  ffff88805b9c7280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  690.624586][T15652] ==================================================================
[  690.632684][T15652] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  690.639876][T15652] CPU: 0 UID: 0 PID: 15652 Comm: syz.1.2086 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  690.650641][T15652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  690.660700][T15652] Call Trace:
[  690.663976][T15652]  <TASK>
[  690.666904][T15652]  dump_stack_lvl+0x3d/0x1f0
[  690.671501][T15652]  panic+0x71d/0x800
[  690.675397][T15652]  ? rcu_is_watching+0x12/0xc0
[  690.680167][T15652]  ? __pfx_panic+0x10/0x10
[  690.684590][T15652]  ? rcu_is_watching+0x12/0xc0
[  690.689363][T15652]  check_panic_on_warn+0xab/0xb0
[  690.694293][T15652]  end_report+0x117/0x180
[  690.698622][T15652]  kasan_report+0xe9/0x110
[  690.703033][T15652]  ? do_raw_spin_lock+0x271/0x2c0
[  690.708060][T15652]  ? do_raw_spin_lock+0x271/0x2c0
[  690.713092][T15652]  do_raw_spin_lock+0x271/0x2c0
[  690.717947][T15652]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  690.723324][T15652]  ? lock_acquire+0x2f/0xb0
[  690.727822][T15652]  ? release_sock+0x21/0x220
[  690.732416][T15652]  release_sock+0x21/0x220
[  690.736824][T15652]  bt_accept_dequeue+0x505/0x600
[  690.741768][T15652]  l2cap_sock_cleanup_listen+0x5c/0x2a0
[  690.747319][T15652]  l2cap_sock_release+0x5c/0x210
[  690.752258][T15652]  __sock_release+0xb0/0x270
[  690.756846][T15652]  ? __pfx_sock_close+0x10/0x10
[  690.761691][T15652]  sock_close+0x1c/0x30
[  690.765840][T15652]  __fput+0x3f8/0xb60
[  690.769821][T15652]  ? _raw_spin_unlock_irq+0x23/0x50
[  690.775017][T15652]  task_work_run+0x14e/0x250
[  690.779604][T15652]  ? __pfx_task_work_run+0x10/0x10
[  690.784713][T15652]  get_signal+0x1d3/0x26c0
[  690.789132][T15652]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  690.795022][T15652]  ? __pfx_get_signal+0x10/0x10
[  690.799869][T15652]  ? task_work_add+0x1ca/0x3b0
[  690.804625][T15652]  ? __pfx_task_work_add+0x10/0x10
[  690.809730][T15652]  ? __pfx___file_ref_put+0x10/0x10
[  690.814927][T15652]  arch_do_signal_or_restart+0x90/0x7e0
[  690.820475][T15652]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  690.826633][T15652]  ? rcu_is_watching+0x12/0xc0
[  690.831397][T15652]  syscall_exit_to_user_mode+0x150/0x2a0
[  690.837039][T15652]  do_syscall_64+0xda/0x250
[  690.841542][T15652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.847436][T15652] RIP: 0033:0x7feeeab85d29
[  690.851844][T15652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.871447][T15652] RSP: 002b:00007feeeb9c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  690.879853][T15652] RAX: fffffffffffffe00 RBX: 00007feeead76080 RCX: 00007feeeab85d29
[  690.887815][T15652] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  690.895776][T15652] RBP: 00007feeeac01b08 R08: 0000000000000000 R09: 0000000000000000
[  690.903738][T15652] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000
[  690.911700][T15652] R13: 0000000000000000 R14: 00007feeead76080 R15: 00007ffc82a750e8
[  690.919668][T15652]  </TASK>
[  690.922879][T15652] Kernel Offset: disabled
[  690.927176][T15652] Rebooting in 86400 seconds..