last executing test programs:

5m38.147218489s ago: executing program 0 (id=1433):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@loopback, <r0=>0x0}, &(0x7f0000000140)=0xfffffffffffffce2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000002c0)={r1, 0x0, 0x0}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000040), 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
getgroups(0x0, 0x0)
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="28150000020000000c001aab0600058004c601"], 0x2c}, 0x1, 0x0, 0x0, 0x4048904}, 0x4)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2)

5m37.173965858s ago: executing program 0 (id=1436):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="d977eb370bb00fa0826459384d28b1da00120729dec80193fedd9db569ff7be31481cf831394c38618996327343b4b7361c7bf4b16b36615dde0f19ec44073a14eb7332ca591fac25abd4b9ce8f047854bf72e281c711bfb299c15bca042c60cd948241c59c93daa55b52f7c5ca341b0f0a2ad5b268b98278d7408ec58bd617427ac721beb32fa32d6a109fbe67ac6eecf2a1a23fb699f41f85bfd85e58b654a8b0afde296fab27dbe36f61043f30d277889cf01d51525fd2f541295c0945dfd21375cffa83be60057c70d7d80a397e3fd41c698abc3590c658f6fcdb8ed44f1bd9f2b8390b6d9ae188320c569c2bfba89188705d5146d0ed14a24", @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000180001801400020073797a5f74756e00000000000000000004000380"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f00000000c0)=0x4000000)

5m36.563827865s ago: executing program 0 (id=1439):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@loopback}, &(0x7f0000000140)=0xfffffffffffffce2)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000002c0)={r0, 0x0, 0x0}, 0x20)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000000)="480000001400190c09004beafd0d3602028447000b4e230f00000001a2bc5603ca00000f7f5123ff0000000309ff", 0xfe82}], 0x1)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
getgroups(0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="28150000020000000c001aab0600058004c601"], 0x2c}, 0x1, 0x0, 0x0, 0x4048904}, 0x4)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc20e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
write$sysctl(r2, &(0x7f0000000000)='2\x00', 0x2)

5m32.992438406s ago: executing program 0 (id=1452):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x5}, {0x0, 0x6}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0xb}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0xd}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}, 0x1, 0x0, 0x0, 0x20008801}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r6, r6}, &(0x7f0000000600), &(0x7f0000000640)=r5}, 0x1c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040), 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r7, 0x0, 0x4ffe6, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/133, 0x85}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e", 0x181}], 0x3}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140))
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20008001}, 0x800)

5m30.84922308s ago: executing program 0 (id=1455):
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x6, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec31f8104c13d9989ec18f832c6409021b000145f0f0000904000001098b75000905832270f3a8"], 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040f4433b6aaa01c1b59342c7beb1d7390c6215b2f1104a99e5db7070000000000"], 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0)
creat(&(0x7f0000000180)='./file0/file0\x00', 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)
syz_usb_connect$cdc_ecm(0x3, 0x5b, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x49, 0x1, 0x1, 0x7, 0x80, 0xd7, [{{0x9, 0x4, 0x0, 0x2, 0x3, 0x2, 0x6, 0x0, 0x80, {{0x5}, {0x5, 0x24, 0x0, 0xff76}, {0xd, 0x24, 0xf, 0x1, 0xe8d, 0x8, 0xdd, 0xc0}, [@obex={0x5, 0x24, 0x15, 0x8d49}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x3, 0x4, 0x8}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x2, 0x1, 0x10}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x40, 0x8, 0x3}}}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0xc0, 0x7, 0x5, 0x20}, 0xc5, &(0x7f00000001c0)={0x5, 0xf, 0xc5, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0xbd, "4186e8786866df5c8519ae294843569e"}, @generic={0x9a, 0x10, 0xb, "fcbe87ac8ff1fa53487d42a221b7f5630617ab0f3c560c854a2b28cae1e3e087ef66592006d6b9e4bc99e390266545aa0cd8204b0d0af85c8c88af7108558189a81ff049df4b4ab5d28a6226c5d2104237b99d7eccd5eeffb06fed596b30a3092b5d5a27ceb150e5dedf6f07ea6b43b65187d853258f1bf6999ffaa1b789dec1c52a99dabd745fa798355512755f2314050821e4c22967"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x1, 0x4, 0xc}, @wireless={0xb, 0x10, 0x1, 0x2, 0x10, 0xe, 0xa, 0xc90, 0x7f}]}, 0x3, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x2401}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x459}}]})

5m27.442981s ago: executing program 0 (id=1470):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x10800, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000001180)={0x84, &(0x7f0000000cc0)={0x60}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$alg(r2, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x1000})

5m12.042026084s ago: executing program 32 (id=1470):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x10800, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000001180)={0x84, &(0x7f0000000cc0)={0x60}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$alg(r2, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x1000})

2m41.311678985s ago: executing program 3 (id=2042):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpgid(0x0)
ptrace$getregset(0x4204, r0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x736a, 0x0, 0x44, 0x287}, &(0x7f0000000340)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x1, 0x0, 0x3, 0x1, 0x0, 0x8000006, 0x0, 0x0, {0x2}})
io_uring_enter(r2, 0x3516, 0x0, 0x4, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000240)={'team0\x00', <r7=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000380)={0x60, r6, 0x405, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r7}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r7}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r8 = socket$netlink(0x10, 0x3, 0x4)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r9=>r4, {0x4}}, './file0\x00'})
recvmsg$can_bcm(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/76, 0x4c}, {&(0x7f0000000200)=""/140, 0x8c}], 0x2, &(0x7f0000000500)=""/130, 0x82}, 0x40000102)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
write(r8, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket$inet6(0xa, 0x1, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r12, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r12, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route(r11, 0x0, 0x0)

2m39.832628189s ago: executing program 3 (id=2045):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000540)={&(0x7f0000000300)=@getnetconf={0x14, 0x52, 0x200, 0x70bd2c, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xc0080c4)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0xc, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/220, 0xdc, 0x1, 0x29}, @fda={0x66646185, 0x5, 0x1, 0x18}}, &(0x7f0000000240)={0x0, 0x3f, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

2m39.393209434s ago: executing program 3 (id=2047):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
r1 = dup(r0)
syz_io_uring_setup(0x48be, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000011c0), 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc8910610700fa6fa26fa7088c60897d4a6148a1c1e43f00001bde605cbeac671e8e8fdecb035865e362ead91b1979a5ae30705b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd21142525815b91076ccb7b37b41215c184e731fb13d100323b77f613af02b6f3259d6f3ac85da4fe304ecfca2be5f4a8b3910a8f0a88d082ac161c4a3c1132831a88f199f67aca8f4698996d076250b2b75cdc7776b8cab72716149f70efb190007832c6077da0df4c63a226284cd6a2e5ec5bb28f18dd44821065b9758fd159c490421901361244c01bfa0cddbc726f2b4ceace9f9309f507e6a7135b33f418af0a63bfb480c2feced947dae1d7dc19c4f1807b17c559c27be4d18b2e0a3cf26832d7fc97cea307de1852f90317b501bf66473eb6dac986d7b5682abc3a5ea1dabde56b9e3a56ba20a65dc0df39edd5f34ed22a8f0c6594a894901e455d0369e407dae0f4fb4e181415153000000b6b384cb4bbfd4edfd70cd7324de228e1047a61292abe63fc71063a9040bd927779d56ef0f4725dfb3822ce1e24632f7d51a0e65bd5664fcd3e4a0b0388b842115b5689769438f9763a55956288e78b6cad0ff3f310722b4a5cc4f25a69753fcc8ece189808e6f2f71ca2337d0de3a9feaa3f4cd2a2c69d21daec3751aca69f0a6f5b0af65aace6d04dad91c67e57a0f7b8accb3f8d9b787e002e56a7149c2d10a268884e695256ddb9c17853e29689f41667522e6932294"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map=r3, 0x26, 0x0, 0x0, &(0x7f0000001440)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r1, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) (async)
dup(r0) (async)
syz_io_uring_setup(0x48be, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000011c0), 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc8910610700fa6fa26fa7088c60897d4a6148a1c1e43f00001bde605cbeac671e8e8fdecb035865e362ead91b1979a5ae30705b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd21142525815b91076ccb7b37b41215c184e731fb13d100323b77f613af02b6f3259d6f3ac85da4fe304ecfca2be5f4a8b3910a8f0a88d082ac161c4a3c1132831a88f199f67aca8f4698996d076250b2b75cdc7776b8cab72716149f70efb190007832c6077da0df4c63a226284cd6a2e5ec5bb28f18dd44821065b9758fd159c490421901361244c01bfa0cddbc726f2b4ceace9f9309f507e6a7135b33f418af0a63bfb480c2feced947dae1d7dc19c4f1807b17c559c27be4d18b2e0a3cf26832d7fc97cea307de1852f90317b501bf66473eb6dac986d7b5682abc3a5ea1dabde56b9e3a56ba20a65dc0df39edd5f34ed22a8f0c6594a894901e455d0369e407dae0f4fb4e181415153000000b6b384cb4bbfd4edfd70cd7324de228e1047a61292abe63fc71063a9040bd927779d56ef0f4725dfb3822ce1e24632f7d51a0e65bd5664fcd3e4a0b0388b842115b5689769438f9763a55956288e78b6cad0ff3f310722b4a5cc4f25a69753fcc8ece189808e6f2f71ca2337d0de3a9feaa3f4cd2a2c69d21daec3751aca69f0a6f5b0af65aace6d04dad91c67e57a0f7b8accb3f8d9b787e002e56a7149c2d10a268884e695256ddb9c17853e29689f41667522e6932294"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map=r3, 0x26, 0x0, 0x0, &(0x7f0000001440)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) (async)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r1, 0x0) (async)

2m39.13734099s ago: executing program 3 (id=2049):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
readv(r0, &(0x7f0000000580)=[{&(0x7f00000005c0)=""/223, 0xdf}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x4b7f, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x3125899, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x202)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f0000000000)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r3, 0x80)
accept$netrom(r3, 0x0, 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000300)={0x0, 0x3}, 0x5)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x8000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r5, 0x80045300, &(0x7f0000000980))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32], 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2m38.213798858s ago: executing program 3 (id=2051):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0) (async)
write$char_usb(r1, 0x0, 0x0) (async)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}}, 0x0) (async, rerun: 64)
r4 = socket$alg(0x26, 0x5, 0x0) (rerun: 64)
bind$alg(r4, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) (async)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r5, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) (async)
recvfrom(r5, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5) (async)
sendmsg$802154_raw(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="ebe60a43", 0x4}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080)
sendmmsg$alg(r5, &(0x7f0000002a40)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40004}], 0x1, 0x2010)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) (async)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000040), 0x4) (async, rerun: 32)
r6 = getpid() (rerun: 32)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) (async, rerun: 32)
close_range(r2, 0xffffffffffffffff, 0x0)

2m37.863780549s ago: executing program 3 (id=2053):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000040)={0x0, <r3=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r3}, 0xc)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000f00)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0xff, 0x0, 0x0, 0x2, 0x7ffffffe], 0x80a0000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m37.493657206s ago: executing program 33 (id=2053):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000040)={0x0, <r3=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r3}, 0xc)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000f00)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0xff, 0x0, 0x0, 0x2, 0x7ffffffe], 0x80a0000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m23.903236194s ago: executing program 6 (id=2054):
dup(0xffffffffffffffff)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, <r3=>0x0, 0x1})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x1f8, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r2, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x10f4})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

1m12.27346575s ago: executing program 6 (id=2054):
dup(0xffffffffffffffff)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, <r3=>0x0, 0x1})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x1f8, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r2, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x10f4})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

54.526255515s ago: executing program 6 (id=2054):
dup(0xffffffffffffffff)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, <r3=>0x0, 0x1})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x1f8, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r2, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x10f4})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

37.2543561s ago: executing program 6 (id=2054):
dup(0xffffffffffffffff)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, <r3=>0x0, 0x1})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x1f8, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r2, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x10f4})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

23.277160462s ago: executing program 6 (id=2054):
dup(0xffffffffffffffff)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, <r3=>0x0, 0x1})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x1f8, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r2, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x10f4})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

11.191970394s ago: executing program 5 (id=2436):
r0 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x10003, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x1000, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x3231564e})

11.139604482s ago: executing program 5 (id=2437):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000200)={'tunl0\x00', <r0=>0x0, 0x80, 0x10, 0x7, 0x3, {{0x25, 0x4, 0x3, 0x35, 0x94, 0x67, 0x0, 0x2, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, {[@cipso={0x86, 0x2a, 0x2, [{0x0, 0x9, "908397f5f14f90"}, {0x7, 0xa, "524df5ec90bfac53"}, {0x6, 0x11, "423575bdf298fc92ec1a20d3ca2bc5"}]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x44, 0xf4, 0x3, 0x5, [{@multicast2, 0x7}, {@loopback, 0x10}, {@empty, 0xfffffffa}, {@rand_addr=0x64010102, 0x2}, {@multicast2, 0x1}, {@empty, 0x6d}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0xc}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @generic={0x7, 0x7, "7a6d06b3e5"}, @ra={0x94, 0x4, 0x1}]}}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@bridge_delvlan={0x18, 0x71, 0x1, 0x70bd26, 0x25dfdbfc, {0x7, 0x0, 0x0, r0}}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x4808c)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x1})
close(0x3)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
socket$inet6(0xa, 0x3, 0xff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@RTM_NEWMDB={0x18, 0x54, 0xe5}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x1}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000040)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8, @ANYBLOB="05"], 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b07"], 0xec)

7.928519101s ago: executing program 5 (id=2443):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x40000d0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x63682, 0x0)
fallocate(r0, 0x1, 0x2, 0x1100000800000001)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$BTRFS_IOC_BALANCE(r1, 0x4008700c, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x2, 0x0, 0x240040a5}, 0x8091)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x4000004)

7.751774405s ago: executing program 1 (id=2444):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000340)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1})
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getpid()
syz_open_procfs(r4, &(0x7f0000000300)='attr/current\x00')
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0)

7.675773083s ago: executing program 5 (id=2445):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fsopen(0x0, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x4, &(0x7f0000000100)=[{0x81, 0x6, 0x1, 0xea}, {0x2, 0xcc, 0x5, 0xd}, {0xba43, 0x1, 0x3, 0x7ffffffd}, {0x11c, 0xf, 0x9e}]})
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e65204361707455726527203030303030303430303030"], 0xb8)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)

7.675029081s ago: executing program 4 (id=2446):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x6417, 0x80, 0x3, 0x3d9}, 0x0, &(0x7f0000000700))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_complete(0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0xa, 0x1, 0xa)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xf)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x4b45, 0x3)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES8=r0, @ANYRES32=0x0, @ANYBLOB="00000000015001001800128008000100677470000c000280080003000080c0"], 0x38}}, 0x2400c080)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x40004)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x140, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0x10e0}, {&(0x7f0000001580)=""/238, 0xf0}], 0x4, 0x0, 0x353, 0x7000000}}], 0x40000000000002e, 0x2, 0x0)

7.270947106s ago: executing program 6 (id=2054):
dup(0xffffffffffffffff)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, <r3=>0x0, 0x1})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x1f8, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r2, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x10f4})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

5.644760263s ago: executing program 5 (id=2448):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000a00)=""/102384, 0x18ff0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'erspan0\x00'}, @IFLA_MASTER={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x600}, 0x24044800)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200180100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000ec000380e8000080d00001800c0002800800034000000002c00001000e80a01447354eade9fcdf54e99945b9a3f3c794c33b64481ae460b4f6a1f3f47fd758998e44e289e660caf11448beb9a1b0223267439fb295f7de371c718b20b37fb6f9b08ec9c3f8d9e1f88126c0c5187be18320bc17d5905212e23e70baafc77ed9ac47db01c34c9927fd4cb4bd9bb06c84fa5246e594ee48764c4f53dc42f0811a8b7bc8311bceacf982c449cb86b3ac46da849ef56d27cac1b59bf23320ff2d435e0a651ff2e842070000003d28a019f3d9b502c4cb050481dd140007800c000100636f756e746572"], 0x1ac}}, 0x0)

5.642770545s ago: executing program 1 (id=2449):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000100)=0x6, 0xbc, 0x4)
openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000a00)=""/102384, 0x18ff0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'erspan0\x00'}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x600}, 0x24044800)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x28, 0x0, 0xc4fc9e906872338b, 0x20, 0x0, {{0x15}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc}}}}}, 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200180100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000ec000380e8000080d00001800c0002800800034000000002c00001000e80a01447354eade9fcdf54e99945b9a3f3c794c33b64481ae460b4f6a1f3f47fd758998e44e289e660caf11448beb9a1b0223267439fb295f7de371c718b20b37fb6f9b08ec9c3f8d9e1f88126c0c5187be18320bc17d5905212e23e70baafc77ed9ac47db01c34c9927fd4cb4bd9bb06c84fa5246e594ee48764c4f53dc42f0811a8b7bc8311bceacf982c449cb86b3ac46da849ef56d27cac1b59bf23320ff2d435e0a651ff2e842070000003d28a019f3d9b502c4cb050481dd140007800c000100636f756e746572"], 0x1ac}}, 0x0)

5.641646292s ago: executing program 4 (id=2451):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd090030000300320000006000000001002f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb"], 0xfdef)

5.640527606s ago: executing program 2 (id=2452):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
splice(r0, &(0x7f0000000080)=0x35, 0xffffffffffffffff, &(0x7f0000000100)=0x6, 0xbc, 0x4)
openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000a00)=""/102384, 0x18ff0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'erspan0\x00'}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x600}, 0x24044800)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x28, 0x0, 0xc4fc9e906872338b, 0x20, 0x0, {{0x15}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc}}}}}, 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200180100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000ec000380e8000080d00001800c0002800800034000000002c00001000e80a01447354eade9fcdf54e99945b9a3f3c794c33b64481ae460b4f6a1f3f47fd758998e44e289e660caf11448beb9a1b0223267439fb295f7de371c718b20b37fb6f9b08ec9c3f8d9e1f88126c0c5187be18320bc17d5905212e23e70baafc77ed9ac47db01c34c9927fd4cb4bd9bb06c84fa5246e594ee48764c4f53dc42f0811a8b7bc8311bceacf982c449cb86b3ac46da849ef56d27cac1b59bf23320ff2d435e0a651ff2e842070000003d28a019f3d9b502c4cb050481dd140007800c000100636f756e746572"], 0x1ac}}, 0x0)

5.180730555s ago: executing program 4 (id=2453):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@loopback, <r0=>0x0}, &(0x7f0000000140)=0xfffffffffffffce2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000002c0)={r1, 0x0, 0x0}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000000)="480000001400190c09004beafd0d3602028447000b4e230f00000001a2bc5603ca00000f7f5123ff0000000309ff", 0xfe82}], 0x1)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
getgroups(0x0, 0x0)
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="28150000020000000c001aab060005"], 0x2c}, 0x1, 0x0, 0x0, 0x4048904}, 0x4)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2)

4.231665773s ago: executing program 4 (id=2454):
openat$ppp(0xffffffffffffff9c, 0x0, 0xc0846, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/address_bits', 0x0, 0x0)
socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, &(0x7f00000003c0)={[], 0xf000}, 0x1000)

4.015088861s ago: executing program 2 (id=2455):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9, 0x280002)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000001340)={0x0, 0xfffffffffffffffc, 0xa3, 0x8, @scatter={0x3, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/158, 0x9e}, {&(0x7f0000000100)=""/190, 0xbe}, {&(0x7f00000001c0)=""/55, 0x37}]}, &(0x7f0000000240)="caff6fe933422714cebd52576fd3497eaf5404d4cc28b3105e7757fe038c51725976407dbcbe31ea063525c928bbd8ee467c86ef2deb35838dd0a121a0e9fd805e344b47bbe21adc422092ae25a0e221ebe19eaf7645a9952764b914e6b58bc892f8e2c0a090f25c696fa36da8ca4d971842ff7c781caa884a1d40f60304a3d7c677a7b51a31521d2f6b72f427d4b4d0e4e89ee220e30ac39fb6534487d55cd9bcc374", &(0x7f0000000300)=""/4096, 0xb, 0x15, 0x2, &(0x7f0000001300)})
r1 = open$dir(&(0x7f00000013c0)='./file0\x00', 0x18241, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000001400)={<r3=>0x0, 0xfffffe01}, &(0x7f0000001440)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000001480)={0x4, 0x6, 0x4d4, 0x9, <r4=>r3}, &(0x7f00000014c0)=0x10)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000001500)={'veth1_virt_wifi\x00', 0xe})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r5, 0x28, 0x0, &(0x7f0000001540)=0x6, 0x8)
ioctl$SG_BLKTRACESTOP(r0, 0x1275, 0x0)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000001580)={r4, @in={{0x2, 0x4e24, @empty}}}, 0x84)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
openat$vnet(0xffffffffffffff9c, &(0x7f0000001a40), 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001a80)='cpuacct.usage_all\x00', 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r6, 0x0, 0x1, &(0x7f0000001ac0), &(0x7f0000001b00)=0x4)
syz_emit_vhci(&(0x7f0000001b40)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x3, 0x1bf}, @l2cap_cid_signaling={{0x1bb}, [@l2cap_conn_req={{0x2, 0xd5, 0x4}, {0x7fff, 0x5}}, @l2cap_conf_rsp={{0x5, 0xfc, 0x42}, {0xffc0, 0xb47d, 0x3, [@l2cap_conf_rfc={0x4, 0x9, {0x4, 0x3b, 0x8, 0x7ff, 0x8, 0x401}}, @l2cap_conf_flushto={0x2, 0x2, 0x2}, @l2cap_conf_flushto={0x2, 0x2, 0x5}, @l2cap_conf_mtu={0x1, 0x2, 0x8}, @l2cap_conf_rfc={0x4, 0x9, {0x2, 0xfc, 0xf, 0x14bd, 0x5, 0x8}}, @l2cap_conf_ews={0x7, 0x2, 0x8}, @l2cap_conf_efs={0x6, 0x10, {0x0, 0x0, 0x5, 0x733, 0xfffffffc, 0x8001}}, @l2cap_conf_flushto={0x2, 0x2, 0xff00}]}}, @l2cap_move_chan_rsp={{0xf, 0x7, 0x4}, {0x0, 0x9}}, @l2cap_move_chan_req={{0xe, 0x0, 0x3}, {0x9, 0x9}}, @l2cap_create_chan_rsp={{0xd, 0x7, 0x8}, {0x5, 0x6, 0x40, 0x81}}, @l2cap_info_rsp={{0xb, 0x3, 0xed}, {0x7, 0xa, "e555f9ac81cdfb9079930b37a63b7e3374f1b5ee878db5e51d0005882f03a03c1ff2061555103b868397a552382038c36740ec177ec570871a0c7e7153b6a6484679f25f19f146992f3c087f8124e32e208a5257193e2a9cd643568087a6b61dab54bb880b8179a94dcd5c5c1cf3878b8c0541fa8748fed76ea0dc7021335b09d1c65c128bd6724e6def41e67a9f9d63cbeec0491bb406383fa4456a4f0486552be1222b1aff09f820fa7fe21835676a9bb9046299d1e3eae391aa887dc26402516347249c0676d831421dbf824ee3c3c03ee1c6161becf233c08088fe3f9720878a8017bd51008a44"}}, @l2cap_move_chan_cfm={{0x10, 0x6, 0x4}, {0x1, 0xffff}}, @l2cap_info_rsp={{0xb, 0x7, 0x4f}, {0x7, 0x3, "ee2e533539b2858460fa53b684b377ee82a456a20b2bf529a0bc7ce75e7a5822580a594bc18ef8406f6c80dbcf9e4e54bb22d8e448daf32f4d81a6dc5b90634c6bc0471a916f7cfb6b4e96"}}, @l2cap_cmd_rej_unk={{0x1, 0x4, 0x2}, {0x8000}}]}}, 0x1c4)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r6, 0x29, 0x37, &(0x7f0000001d40)={0x11, 0x2, '\x00', [@hao={0xc9, 0x10, @remote}]}, 0x20)
fanotify_mark(r6, 0x80, 0x0, r6, &(0x7f0000001d80)='./file0\x00')

3.95445144s ago: executing program 2 (id=2456):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0900000017000000080000004000000042000000", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r1}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r1, &(0x7f0000000580), &(0x7f0000001580)=""/92}, 0x20)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x42, 0x1}}}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
socket(0x10, 0x803, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x15)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000400)=ANY=[@ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x18)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe6c, 0x30, 0x25, 0x70bd29, 0x25dfdbfc, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0xe69d}, {0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x200}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x10000000}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7d}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0xe}, {}, {0x0, 0x4, 0xdfd0}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {}, {0x0, 0x2}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x1000000}, {0xfffffffd}, {}, {0x5}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7}, {}, {}, {0x6}, {0x0, 0xea}, {}, {0x0, 0x0, 0x0, 0x2}, {0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0xcf, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xa3}, {}, {}, {}, {}, {0x0, 0xfffffffe}, {}, {0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x0, 0x0, 0x6}], [{}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x641, 0x0)
flock(r11, 0x2)
syz_open_procfs(0xffffffffffffffff, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r10, 0x1, 0x70bd25, 0x0, {{}, {}, {0x14, 0x19, {0x80000000, 0x4000001, 0x1, 0x5}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20040803}, 0x20000000)
r12 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000000)={0xf0f03c, 0x2})
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0)

3.917619706s ago: executing program 5 (id=2457):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d00000905b7e18cac000000090503"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r3 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000180))
ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f0000000080))
ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, &(0x7f0000000040))
ioctl$TCXONC(r1, 0x540a, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100))

3.882733884s ago: executing program 1 (id=2458):
r0 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x4e170000)
getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)

3.753504294s ago: executing program 1 (id=2459):
socket(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
socket$packet(0x11, 0x2, 0x300)
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000947eac2011cf3226c86d00000001090212000100000000090400000089263c00a5b4f5eabcb0b6859524b91bab65d55f78a5348e1e5a8c81be85972383abd8e46097fca41d7d21d2b0"], 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000007640)={&(0x7f00000003c0)=ANY=[@ANYBLOB="46040000", @ANYRES16=r7, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r3, @ANYRES32], 0x4}}, 0x0)
sendfile(r6, r4, 0x0, 0x100000000)

3.253614879s ago: executing program 2 (id=2460):
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0)
getpid()
socket$key(0xf, 0x3, 0x2)
setpgid(r1, r1)
setsockopt$inet_tcp_buf(r0, 0x6, 0x1f, &(0x7f00000004c0)="763619a85af732e880a1c51b149c726198bbf89b88c43e2a19de066acd6f1843afed1cf8fb2f00f332e8b971c0bb6821e75a966a6374f1ca45fc321458b381fbc9896e8e813daa3bae6735582911a2e72eac0da056cebe9376e5872f35e6cda735cecf7609199c9cc649a1ba00c6a4285ae8e81a13cea979cdffaf259ab2ec0924f6e172c5f721774c2b148530e166aa06e7389be829604d8d458dc5d344569d45da9317803c5ed87f8c419084c280130746185ab6a4126f21b3175cc1f789b3b9173c95633282011063e0004b7f5321a989bcd04d", 0xd5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = getpgid(r1)
setpgid(0x0, r5)
mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000040)='.\x00', &(0x7f0000000140)='f2fs\x00', 0xf6, 0x0)

3.100125373s ago: executing program 4 (id=2461):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xf, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x240903, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='iso9660\x00', 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000e80)=[0xffffffffffffffff], 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000140)={0x3, 0x7, 0x3000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x4, 0x1, 0x2, "8107000000ffffa7d9fc6a57000900000000ffffffff0000002000", 0x61600317})

2.167699019s ago: executing program 2 (id=2462):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x101400, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="0900bf65653f47f4020000008bd458d1e7cbdaf300000f34e7e4165f081ae36850f6d15c3e681411f7a496c0da04003c242f5bedaf6bec340dee49474362b24cb800edc500", 0x0, 0x48)
socket$kcm(0x10, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x19, &(0x7f0000000a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x23}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x7, 0x2, 0x3}, 0x0, 0x0)

1.855966661s ago: executing program 1 (id=2463):
r0 = epoll_create1(0x80000)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x80000001})
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000400)='ex\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x8e1w\xfd')
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r3 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x42000)
ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f00000000c0)=0x40)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000009500200000000000211ce47a2496260ee5a1d1c68b7d0617266ff78db990ab9b86c9233a54fa04e6e55b68a3c4647684b7992e0d2c427c4cee6373ae35f6fab064de8b99eeb95fc5fb81e78fdc49be9da3bb2651aa7be55b99c6d2379e459b23bf0d9dd64af39e"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r5, &(0x7f0000003980)={0x2020, 0x0, <r6=>0x0}, 0x2020)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}], 0x1}}], 0x2, 0x0)
write$FUSE_ATTR(r5, &(0x7f0000000240)={0x78, 0x0, r6, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0x55, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x1ff, 0xa000}}}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x20, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc091}, 0xc014)
ioctl$USBDEVFS_REAPURBNDELAY(r2, 0x4008550d, 0x0)

753.955583ms ago: executing program 2 (id=2464):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@loopback, <r0=>0x0}, &(0x7f0000000140)=0xfffffffffffffce2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000002c0)={r1, 0x0, 0x0}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000000)="480000001400190c09004beafd0d3602028447000b4e230f00000001a2bc5603ca00000f7f5123ff0000000309ff", 0xfe82}], 0x1)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
getgroups(0x0, 0x0)
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="28150000020000000c001aab060005"], 0x2c}, 0x1, 0x0, 0x0, 0x4048904}, 0x4)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2)

68.379121ms ago: executing program 1 (id=2465):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x60781, 0x0) (async)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x60781, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000000)='#!.\x00', 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0800000004000000040000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00a60000000000000000000000000000000000000000c3d62701fada0b06064446638d000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, @void, @value}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, @void, @value}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0xe8a2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_open_dev$evdev(&(0x7f00000003c0), 0x742, 0x40) (async)
syz_open_dev$evdev(&(0x7f00000003c0), 0x742, 0x40)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800, 0x0, 0x8001, 0x8000000, 0xfffffffffffffffe, 0x0, 0x4}, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) (async)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000080)=0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x642000, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x642000, 0x0)
syz_open_dev$media(0x0, 0x8, 0x10b482)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x4000084) (async)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x4000084)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="14000000100001000000000000004400000100000a2c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000000000000000000100000008000b400000000068000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000300001800c000100626974776973650020000280080003400000000208000140000000140800024000000012040007800900010073797a300000000014000000110001000000000000000000070000a4404765c0564cef8e80454fd6e93e9f9fffdeab7594c43b3211dc8046a85c0295d89022246323ae31af474874bdc000000000000000"], 0xe4}}, 0x0) (async)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="14000000100001000000000000004400000100000a2c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000000000000000000100000008000b400000000068000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000300001800c000100626974776973650020000280080003400000000208000140000000140800024000000012040007800900010073797a300000000014000000110001000000000000000000070000a4404765c0564cef8e80454fd6e93e9f9fffdeab7594c43b3211dc8046a85c0295d89022246323ae31af474874bdc000000000000000"], 0xe4}}, 0x0)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_open_pts(r9, 0x141601)
read$FUSE(r9, 0x0, 0x0) (async)
read$FUSE(r9, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r10 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)

0s ago: executing program 4 (id=2466):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$rxrpc(r0, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e22, @broadcast}}, 0x24)
r1 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0xa7ffffff, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

dy exists on: batadv_slave_1
[  729.580953][T13931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  729.665219][T13834] usb 2-1: Using ep0 maxpacket: 16
[  729.869387][T13931] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  729.903194][T13931] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  729.923101][T13931] wireguard: wg0: Could not create IPv4 socket
[  729.931426][T13931] wireguard: wg1: Could not create IPv4 socket
[  729.941911][T13931] wireguard: wg2: Could not create IPv4 socket
[  730.016157][T14043] ALSA: mixer_oss: invalid index 40000
[  731.255314][T14055] netlink: 'syz.2.2141': attribute type 10 has an invalid length.
[  731.263973][ T5867] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  731.271576][T14055] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2141'.
[  731.280639][T14055] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  731.300397][T14055] CUSE: unknown device info "ÿ
"
[  731.305408][T14055] CUSE: zero length info key specified
[  731.316755][T14055] netlink: 'syz.2.2141': attribute type 1 has an invalid length.
[  732.121943][ T5867] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  732.134066][ T5867] usb 6-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=13.03
[  732.147101][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.155153][ T5867] usb 6-1: Product: syz
[  732.159453][ T5867] usb 6-1: Manufacturer: syz
[  732.164359][ T5867] usb 6-1: SerialNumber: syz
[  732.171162][ T5867] usb 6-1: config 0 descriptor??
[  732.179327][ T5867] s2255 6-1:0.0: Could not find bulk-in endpoint
[  732.185954][ T5867] Sensoray 2255 driver load failed: 0xfffffff4
[  732.192163][ T5867] s2255 6-1:0.0: probe with driver s2255 failed with error -12
[  732.314001][T14058] netlink: 'syz.2.2142': attribute type 10 has an invalid length.
[  732.321899][T14058] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2142'.
[  732.331049][T14058] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  732.356333][T14058] CUSE: unknown device info "ÿ
"
[  732.361330][T14058] CUSE: zero length info key specified
[  732.377324][T14058] netlink: 'syz.2.2142': attribute type 1 has an invalid length.
[  733.329307][T13834] usb 2-1: unable to get BOS descriptor or descriptor too short
[  733.350993][T13834] usb 2-1: unable to read config index 0 descriptor/start: -71
[  733.358590][T13834] usb 2-1: can't read configurations, error -71
[  733.632443][T12109] usb 5-1: new full-speed USB device number 89 using dummy_hcd
[  733.790326][T14071] fuse: Unknown parameter 'd'
[  733.831436][T12109] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  733.842884][T12109] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  733.852469][T12109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.862640][T12109] usb 5-1: config 0 descriptor??
[  733.868411][T14062] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  734.093074][T13830] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  734.133424][T11433] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  734.143746][T11433] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  734.152412][T11433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  734.160427][T11433] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  734.168607][T11433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  734.191921][T14077] Failed to initialize the IGMP autojoin socket (err -2)
[  734.278793][T13830] usb 3-1: Using ep0 maxpacket: 32
[  734.287716][T13830] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  734.297094][T13830] usb 3-1: config 0 has no interface number 0
[  734.304515][T13830] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  734.322755][T12109] elan 0003:04F3:0755.0014: unknown main item tag 0x3
[  734.329549][T12109] elan 0003:04F3:0755.0014: unknown main item tag 0x1
[  734.338302][T12109] elan 0003:04F3:0755.0014: item fetching failed at offset 3/5
[  734.346441][T12109] elan 0003:04F3:0755.0014: Hid Parse failed
[  734.352488][T12109] elan 0003:04F3:0755.0014: probe with driver elan failed with error -22
[  734.386038][ T5891] usb 6-1: USB disconnect, device number 27
[  734.396578][T13830] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  734.407516][T13830] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  734.417407][T13830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.432913][T13830] usb 3-1: config 0 descriptor??
[  734.918274][T12109] usb 5-1: USB disconnect, device number 89
[  735.965096][   T30] audit: type=1400 audit(1746532442.271:1328): avc:  denied  { create } for  pid=14070 comm="syz.2.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  736.113812][T13830] uclogic 0003:28BD:0094.0015: pen parameters not found
[  736.123652][T13830] uclogic 0003:28BD:0094.0015: interface is invalid, ignoring
[  736.138870][T14071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=14071 comm=syz.2.2147
[  736.176536][   T30] audit: type=1400 audit(1746532442.430:1329): avc:  denied  { getopt } for  pid=14070 comm="syz.2.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  736.199627][ T5860] usb 3-1: USB disconnect, device number 63
[  736.213029][T14088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2150'.
[  736.397668][T11433] Bluetooth: hci1: command tx timeout
[  736.437450][   T30] audit: type=1400 audit(1746532442.701:1330): avc:  denied  { create } for  pid=14091 comm="syz.4.2152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  736.571011][T14087] ALSA: mixer_oss: invalid index 40000
[  736.631298][   T30] audit: type=1400 audit(1746532442.888:1331): avc:  denied  { write } for  pid=14091 comm="syz.4.2152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  736.805200][T14099] FAULT_INJECTION: forcing a failure.
[  736.805200][T14099] name failslab, interval 1, probability 0, space 0, times 0
[  736.841991][T14099] CPU: 0 UID: 0 PID: 14099 Comm: syz.4.2155 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  736.842008][T14099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  736.842015][T14099] Call Trace:
[  736.842018][T14099]  <TASK>
[  736.842023][T14099]  dump_stack_lvl+0x16c/0x1f0
[  736.842042][T14099]  should_fail_ex+0x512/0x640
[  736.842057][T14099]  ? fs_reclaim_acquire+0xae/0x150
[  736.842072][T14099]  ? tomoyo_encode2+0x100/0x3e0
[  736.842086][T14099]  should_failslab+0xc2/0x120
[  736.842096][T14099]  __kmalloc_noprof+0xd2/0x510
[  736.842113][T14099]  ? d_absolute_path+0x136/0x1a0
[  736.842128][T14099]  tomoyo_encode2+0x100/0x3e0
[  736.842143][T14099]  tomoyo_encode+0x29/0x50
[  736.842157][T14099]  tomoyo_realpath_from_path+0x18f/0x6e0
[  736.842175][T14099]  tomoyo_path_number_perm+0x245/0x580
[  736.842186][T14099]  ? tomoyo_path_number_perm+0x237/0x580
[  736.842200][T14099]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  736.842213][T14099]  ? find_held_lock+0x2b/0x80
[  736.842237][T14099]  ? find_held_lock+0x2b/0x80
[  736.842248][T14099]  ? hook_file_ioctl_common+0x145/0x410
[  736.842260][T14099]  ? __fget_files+0x20e/0x3c0
[  736.842278][T14099]  security_file_ioctl+0x9b/0x240
[  736.842293][T14099]  __x64_sys_ioctl+0xb7/0x200
[  736.842312][T14099]  do_syscall_64+0xcd/0x260
[  736.842326][T14099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.842337][T14099] RIP: 0033:0x7f46d658e969
[  736.842346][T14099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.842356][T14099] RSP: 002b:00007f46d73de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  736.842366][T14099] RAX: ffffffffffffffda RBX: 00007f46d67b5fa0 RCX: 00007f46d658e969
[  736.842372][T14099] RDX: 0000200000000240 RSI: 00000000c0d05605 RDI: 0000000000000003
[  736.842379][T14099] RBP: 00007f46d73de090 R08: 0000000000000000 R09: 0000000000000000
[  736.842384][T14099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.842390][T14099] R13: 0000000000000000 R14: 00007f46d67b5fa0 R15: 00007ffec54a5668
[  736.842402][T14099]  </TASK>
[  736.842412][T14099] ERROR: Out of memory at tomoyo_realpath_from_path.
[  737.117371][T14104] syzkaller0: tun_chr_ioctl cmd 1074025676
[  737.125132][T14104] syzkaller0: owner set to 0
[  737.209016][T14077] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  737.328622][T14077] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  737.368386][T13830] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  737.691139][T13830] usb 6-1: Using ep0 maxpacket: 16
[  737.756449][T14077] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  737.771681][T14108] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2157'.
[  737.785010][T13830] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  737.800156][T13830] usb 6-1: config 0 has an invalid descriptor of length 24, skipping remainder of the config
[  737.825864][T14077] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  737.869333][T13830] usb 6-1: config 0 has no interface number 0
[  737.909715][T13830] usb 6-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  737.921682][T13830] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.931309][T13830] usb 6-1: Product: syz
[  737.938865][T13830] usb 6-1: Manufacturer: syz
[  737.944381][T13830] usb 6-1: SerialNumber: syz
[  737.953289][T13830] usb 6-1: config 0 descriptor??
[  738.176419][T13830] usb 6-1: USB disconnect, device number 28
[  738.187467][T14111] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2159'.
[  738.407300][T14077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  738.423401][T14077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.434090][T14077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  738.444716][T12109] usb 3-1: new full-speed USB device number 64 using dummy_hcd
[  738.453968][T14077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.474967][T14077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  738.487650][T14077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.499046][T14077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  738.510140][T14077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.524413][T14077] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  738.546296][T14127] Driver unsupported XDP return value 0 on prog  (id 412) dev N/A, expect packet loss!
[  738.557392][T11433] Bluetooth: hci1: command tx timeout
[  738.574469][T14077] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  738.592889][T14077] wireguard: wg0: Could not create IPv4 socket
[  738.600597][T14077] wireguard: wg1: Could not create IPv4 socket
[  738.607842][T14077] wireguard: wg2: Could not create IPv4 socket
[  738.621068][T12109] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  738.633795][T12109] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  738.655193][T12109] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.678081][T12109] usb 3-1: config 0 descriptor??
[  738.688594][T14118] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  738.969595][   T30] audit: type=1400 audit(1746532445.077:1332): avc:  denied  { bind } for  pid=14131 comm="syz.5.2163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  739.210210][T12109] elan 0003:04F3:0755.0016: unknown main item tag 0x3
[  739.220577][T12109] elan 0003:04F3:0755.0016: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  739.245851][T14137] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2162'.
[  739.256577][T14137] netlink: 'syz.4.2162': attribute type 5 has an invalid length.
[  739.264467][T14137] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2162'.
[  739.682625][T13830] usb 3-1: USB disconnect, device number 64
[  739.759501][T14137] geneve2: entered promiscuous mode
[  739.765179][T14137] geneve2: entered allmulticast mode
[  740.096101][T14144] FAULT_INJECTION: forcing a failure.
[  740.096101][T14144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  740.111370][T14144] CPU: 0 UID: 0 PID: 14144 Comm: syz.1.2166 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  740.111387][T14144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  740.111393][T14144] Call Trace:
[  740.111397][T14144]  <TASK>
[  740.111401][T14144]  dump_stack_lvl+0x16c/0x1f0
[  740.111419][T14144]  should_fail_ex+0x512/0x640
[  740.111435][T14144]  _copy_to_user+0x32/0xd0
[  740.111456][T14144]  bpf_test_finish.isra.0+0x484/0x690
[  740.111470][T14144]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  740.111483][T14144]  ? _copy_from_user+0x59/0xd0
[  740.111499][T14144]  bpf_prog_test_run_xdp+0xa0d/0x1540
[  740.111520][T14144]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  740.111531][T14144]  ? __might_fault+0x20/0x190
[  740.111545][T14144]  ? fput+0x70/0xf0
[  740.111560][T14144]  ? __bpf_prog_get+0xa0/0x290
[  740.111577][T14144]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  740.111589][T14144]  __sys_bpf+0x1485/0x4d80
[  740.111603][T14144]  ? __pfx___sys_bpf+0x10/0x10
[  740.111616][T14144]  ? ksys_write+0x190/0x240
[  740.111633][T14144]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  740.111656][T14144]  ? fput+0x70/0xf0
[  740.111666][T14144]  ? ksys_write+0x1b9/0x240
[  740.111681][T14144]  ? __pfx_ksys_write+0x10/0x10
[  740.111695][T14144]  ? rcu_is_watching+0x12/0xc0
[  740.111710][T14144]  __x64_sys_bpf+0x78/0xc0
[  740.111722][T14144]  ? lockdep_hardirqs_on+0x7c/0x110
[  740.111736][T14144]  do_syscall_64+0xcd/0x260
[  740.111751][T14144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  740.111762][T14144] RIP: 0033:0x7f4defb8e969
[  740.111771][T14144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  740.111781][T14144] RSP: 002b:00007f4df0957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  740.111792][T14144] RAX: ffffffffffffffda RBX: 00007f4defdb5fa0 RCX: 00007f4defb8e969
[  740.111802][T14144] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a
[  740.111809][T14144] RBP: 00007f4df0957090 R08: 0000000000000000 R09: 0000000000000000
[  740.111815][T14144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  740.111821][T14144] R13: 0000000000000000 R14: 00007f4defdb5fa0 R15: 00007ffc13febfb8
[  740.111834][T14144]  </TASK>
[  740.418440][ T5867] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  740.543068][T14147] Failed to initialize the IGMP autojoin socket (err -2)
[  741.144248][ T5867] usb 6-1: config 0 has an invalid interface number: 189 but max is 0
[  741.174262][ T5867] usb 6-1: config 0 has no interface number 0
[  741.211035][ T5867] usb 6-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=e7.7b
[  741.220595][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  741.228943][ T5867] usb 6-1: Product: syz
[  741.233146][ T5867] usb 6-1: Manufacturer: syz
[  741.237741][ T5867] usb 6-1: SerialNumber: syz
[  741.244601][ T5867] usb 6-1: config 0 descriptor??
[  741.255516][ T5867] ttusb_dec_send_command: command bulk message failed: error -22
[  741.264647][ T5867] ttusb-dec 6-1:0.189: probe with driver ttusb-dec failed with error -22
[  741.282433][T14158] FAULT_INJECTION: forcing a failure.
[  741.282433][T14158] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  741.296837][T14158] CPU: 0 UID: 0 PID: 14158 Comm: syz.4.2171 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  741.296861][T14158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  741.296870][T14158] Call Trace:
[  741.296877][T14158]  <TASK>
[  741.296883][T14158]  dump_stack_lvl+0x16c/0x1f0
[  741.296901][T14158]  should_fail_ex+0x512/0x640
[  741.296918][T14158]  should_fail_alloc_page+0xe7/0x130
[  741.296931][T14158]  prepare_alloc_pages+0x3c2/0x610
[  741.296945][T14158]  ? rcu_is_watching+0x12/0xc0
[  741.296959][T14158]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  741.296979][T14158]  ? do_raw_spin_lock+0x12c/0x2b0
[  741.296990][T14158]  ? find_held_lock+0x2b/0x80
[  741.297004][T14158]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  741.297022][T14158]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  741.297035][T14158]  ? stack_depot_save_flags+0x3e6/0xa50
[  741.297052][T14158]  ? kasan_save_stack+0x42/0x60
[  741.297069][T14158]  ? __lock_acquire+0xaa4/0x1ba0
[  741.297083][T14158]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  741.297102][T14158]  ? policy_nodemask+0xea/0x4e0
[  741.297113][T14158]  alloc_pages_mpol+0x1fb/0x550
[  741.297124][T14158]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  741.297134][T14158]  ? __page_table_check_ptes_set+0x1ae/0x420
[  741.297145][T14158]  ? find_held_lock+0x2b/0x80
[  741.297164][T14158]  alloc_pages_noprof+0x131/0x390
[  741.297175][T14158]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  741.297190][T14158]  get_free_pages_noprof+0xc/0x40
[  741.297201][T14158]  kasan_populate_vmalloc_pte+0x2d/0x160
[  741.297217][T14158]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  741.297232][T14158]  __apply_to_page_range+0x617/0xd60
[  741.297248][T14158]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  741.297265][T14158]  ? __pfx___apply_to_page_range+0x10/0x10
[  741.297280][T14158]  ? alloc_vmap_area+0x872/0x2970
[  741.297295][T14158]  alloc_vmap_area+0x919/0x2970
[  741.297313][T14158]  ? __pfx_alloc_vmap_area+0x10/0x10
[  741.297329][T14158]  __get_vm_area_node+0x1a7/0x300
[  741.297345][T14158]  __vmalloc_node_range_noprof+0x277/0x1540
[  741.297360][T14158]  ? sock_map_alloc+0x1f9/0x280
[  741.297377][T14158]  ? sock_map_alloc+0x1f9/0x280
[  741.297390][T14158]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  741.297406][T14158]  ? rcu_is_watching+0x12/0xc0
[  741.297417][T14158]  ? trace_kmalloc+0x2b/0xd0
[  741.297428][T14158]  ? __kmalloc_node_noprof+0x23b/0x500
[  741.297438][T14158]  ? cap_capable+0x1/0x250
[  741.297450][T14158]  ? sock_map_alloc+0x1f9/0x280
[  741.297461][T14158]  __bpf_map_area_alloc+0xeb/0x190
[  741.297476][T14158]  ? sock_map_alloc+0x1f9/0x280
[  741.297487][T14158]  sock_map_alloc+0x1f9/0x280
[  741.297499][T14158]  map_create+0x58f/0x1db0
[  741.297512][T14158]  ? avc_has_perm+0x11a/0x1c0
[  741.297522][T14158]  ? __pfx_avc_has_perm+0x10/0x10
[  741.297532][T14158]  ? __pfx_map_create+0x10/0x10
[  741.297542][T14158]  ? __might_fault+0xe3/0x190
[  741.297551][T14158]  ? __might_fault+0xe3/0x190
[  741.297560][T14158]  ? __might_fault+0x13b/0x190
[  741.297571][T14158]  ? selinux_bpf+0xde/0x130
[  741.297583][T14158]  __sys_bpf+0x47cc/0x4d80
[  741.297597][T14158]  ? __pfx___sys_bpf+0x10/0x10
[  741.297610][T14158]  ? ksys_write+0x190/0x240
[  741.297627][T14158]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  741.297649][T14158]  ? fput+0x70/0xf0
[  741.297659][T14158]  ? ksys_write+0x1b9/0x240
[  741.297674][T14158]  ? __pfx_ksys_write+0x10/0x10
[  741.297691][T14158]  __x64_sys_bpf+0x78/0xc0
[  741.297704][T14158]  ? lockdep_hardirqs_on+0x7c/0x110
[  741.297717][T14158]  do_syscall_64+0xcd/0x260
[  741.297732][T14158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.297743][T14158] RIP: 0033:0x7f46d658e969
[  741.297755][T14158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  741.297770][T14158] RSP: 002b:00007f46d73de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  741.297781][T14158] RAX: ffffffffffffffda RBX: 00007f46d67b5fa0 RCX: 00007f46d658e969
[  741.297787][T14158] RDX: 0000000000000048 RSI: 0000200000000100 RDI: 0000000000000000
[  741.297793][T14158] RBP: 00007f46d73de090 R08: 0000000000000000 R09: 0000000000000000
[  741.297799][T14158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  741.297806][T14158] R13: 0000000000000001 R14: 00007f46d67b5fa0 R15: 00007ffec54a5668
[  741.297824][T14158]  </TASK>
[  741.306596][T14156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  741.401026][T14161] netlink: 146840 bytes leftover after parsing attributes in process `syz.2.2170'.
[  741.531287][T13830] usb 6-1: USB disconnect, device number 29
[  741.902895][T14164] ALSA: mixer_oss: invalid index 40000
[  742.017157][T14166] netlink: 'syz.1.2173': attribute type 10 has an invalid length.
[  742.025603][T14166] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2173'.
[  742.038674][T14166] CUSE: unknown device info "ÿ
"
[  742.043702][T14166] CUSE: zero length info key specified
[  742.056313][T14166] netlink: 'syz.1.2173': attribute type 1 has an invalid length.
[  742.867977][   T30] audit: type=1400 audit(1746532448.725:1333): avc:  denied  { getopt } for  pid=14170 comm="syz.2.2175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  742.907655][T14169] netlink: 120 bytes leftover after parsing attributes in process `syz.5.2174'.
[  742.997349][T14175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2176'.
[  743.257682][   T30] audit: type=1400 audit(1746532448.791:1334): avc:  denied  { bind } for  pid=14168 comm="syz.1.2176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  743.591499][ T5867] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[  743.954775][T12109] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  744.009391][   T30] audit: type=1400 audit(1746532449.801:1335): avc:  denied  { map } for  pid=14195 comm="syz.4.2183" path="socket:[42173]" dev="sockfs" ino=42173 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  744.046930][T14196] binder: BINDER_SET_CONTEXT_MGR already set
[  744.053064][T14196] binder: 14195:14196 ioctl 4018620d 200000000040 returned -16
[  744.062813][T14196] binder: 14195:14196 ioctl c0306201 2000000003c0 returned -14
[  744.072138][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  744.083339][ T5867] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  744.092440][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.102149][   T30] audit: type=1400 audit(1746532449.820:1336): avc:  denied  { read } for  pid=14195 comm="syz.4.2183" path="socket:[42173]" dev="sockfs" ino=42173 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  744.131049][T12109] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  744.142670][ T5867] usb 3-1: config 0 descriptor??
[  744.148677][T12109] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  744.158753][T14179] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  744.169979][T12109] usb 2-1: config 0 interface 0 has no altsetting 0
[  744.199773][T12109] usb 2-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  744.212457][T12109] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.230100][T12109] usb 2-1: config 0 descriptor??
[  744.334748][T13830] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  744.517338][   T30] audit: type=1400 audit(1746532450.269:1337): avc:  denied  { append } for  pid=14186 comm="syz.1.2180" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  744.541897][T14188] netlink: 'syz.1.2180': attribute type 1 has an invalid length.
[  744.598445][T14198] ALSA: mixer_oss: invalid index 40000
[  744.634281][ T5867] elan 0003:04F3:0755.0017: unknown main item tag 0x3
[  744.715847][ T5867] elan 0003:04F3:0755.0017: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  744.719495][T14188] bond10: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  744.789102][T14188] veth3: entered promiscuous mode
[  744.797013][T14188] bond10: (slave veth3): Enslaving as a backup interface with a down link
[  744.817867][T14188] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2180'.
[  744.826911][   T30] audit: type=1400 audit(1746532450.549:1338): avc:  denied  { bind } for  pid=14186 comm="syz.1.2180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  744.846491][T14188] vcan0: entered promiscuous mode
[  744.851512][T14188] vcan0: entered allmulticast mode
[  744.858870][ T5867] usb 3-1: USB disconnect, device number 65
[  744.862375][T13830] usb 6-1: Using ep0 maxpacket: 16
[  745.012221][ T5891] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  745.113777][T12109] logitech 0003:046D:C294.0018: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.1-1/input0
[  745.147877][T12109] logitech 0003:046D:C294.0018: no inputs found
[  745.205628][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  745.223185][ T5891] usb 5-1: config 0 interface 0 has no altsetting 0
[  745.241307][ T5891] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  745.250521][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.266029][ T5891] usb 5-1: Product: syz
[  745.287572][ T5891] usb 5-1: Manufacturer: syz
[  745.296849][ T5891] usb 5-1: SerialNumber: syz
[  745.311119][ T5891] usb 5-1: config 0 descriptor??
[  745.411003][   T24] usb 2-1: USB disconnect, device number 58
[  745.829020][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  745.843172][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  745.851900][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  745.858391][ T5891] gs_usb 5-1:0.0: Configuring for 1 interfaces
[  745.859907][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  745.873450][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  745.891606][T14208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2186'.
[  745.914454][T14206] Failed to initialize the IGMP autojoin socket (err -2)
[  746.245643][T14213] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2188'.
[  746.783698][ T5891] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  746.793746][ T5891] gs_usb 5-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  746.818995][ T5891] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[  746.894763][ T5891] usb 5-1: USB disconnect, device number 90
[  746.932246][   T30] audit: type=1400 audit(1746532452.523:1339): avc:  denied  { append } for  pid=14219 comm="syz.1.2190" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  747.175414][T13830] usb 6-1: unable to get BOS descriptor or descriptor too short
[  747.184027][T13830] usb 6-1: unable to read config index 0 descriptor/start: -71
[  747.249177][T14227] netlink: 'syz.2.2192': attribute type 10 has an invalid length.
[  747.257073][T14227] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2192'.
[  747.266073][T14227] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  747.284765][T14227] CUSE: unknown device info "ÿ
"
[  747.289770][T14227] CUSE: zero length info key specified
[  747.300204][T14227] netlink: 'syz.2.2192': attribute type 1 has an invalid length.
[  748.029762][T13830] usb 6-1: can't read configurations, error -71
[  748.048383][T11433] Bluetooth: hci1: command tx timeout
[  748.498654][T14235] syz.1.2194: attempt to access beyond end of device
[  748.498654][T14235] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  748.511737][T14235] FAT-fs (loop3): unable to read boot sector
[  748.943717][T14206] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  748.956651][T14206] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  748.976834][T14206] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  748.990754][T14206] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  749.093836][T14239] netlink: 120 bytes leftover after parsing attributes in process `syz.2.2195'.
[  749.142594][   T30] audit: type=1400 audit(1746532454.562:1340): avc:  denied  { write } for  pid=14238 comm="syz.2.2195" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  749.153040][T14239] FAULT_INJECTION: forcing a failure.
[  749.153040][T14239] name failslab, interval 1, probability 0, space 0, times 0
[  749.226753][T14239] CPU: 0 UID: 0 PID: 14239 Comm: syz.2.2195 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  749.226780][T14239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  749.226790][T14239] Call Trace:
[  749.226797][T14239]  <TASK>
[  749.226804][T14239]  dump_stack_lvl+0x16c/0x1f0
[  749.226830][T14239]  should_fail_ex+0x512/0x640
[  749.226851][T14239]  ? __kmalloc_noprof+0xbf/0x510
[  749.226880][T14239]  ? io_cache_alloc_new+0x45/0xf0
[  749.226908][T14239]  should_failslab+0xc2/0x120
[  749.226925][T14239]  __kmalloc_noprof+0xd2/0x510
[  749.226956][T14239]  io_cache_alloc_new+0x45/0xf0
[  749.226981][T14239]  __io_prep_rw+0x227/0xf40
[  749.227012][T14239]  ? __pfx___io_prep_rw+0x10/0x10
[  749.227037][T14239]  ? mark_held_locks+0x49/0x80
[  749.227061][T14239]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  749.227093][T14239]  io_prep_rw+0x24/0x220
[  749.227119][T14239]  io_prep_readv+0x20/0xa0
[  749.227136][T14239]  io_submit_sqes+0x825/0x25d0
[  749.227167][T14239]  __do_sys_io_uring_enter+0xd6a/0x1630
[  749.227190][T14239]  ? __fget_files+0x20e/0x3c0
[  749.227214][T14239]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  749.227236][T14239]  ? fput+0x70/0xf0
[  749.227253][T14239]  ? ksys_write+0x1b9/0x240
[  749.227277][T14239]  ? __pfx_ksys_write+0x10/0x10
[  749.227298][T14239]  ? rcu_is_watching+0x12/0xc0
[  749.227324][T14239]  do_syscall_64+0xcd/0x260
[  749.227348][T14239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.227365][T14239] RIP: 0033:0x7f075fb8e969
[  749.227379][T14239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.227394][T14239] RSP: 002b:00007f0760a0b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  749.227409][T14239] RAX: ffffffffffffffda RBX: 00007f075fdb5fa0 RCX: 00007f075fb8e969
[  749.227420][T14239] RDX: 000000001000a387 RSI: 0000000000000567 RDI: 0000000000000008
[  749.227430][T14239] RBP: 00007f0760a0b090 R08: 0000000000000000 R09: 0000000000000000
[  749.227440][T14239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.227449][T14239] R13: 0000000000000000 R14: 00007f075fdb5fa0 R15: 00007ffd36ef06f8
[  749.227472][T14239]  </TASK>
[  749.449629][   T30] audit: type=1326 audit(1746532454.721:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.5.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2468d8e969 code=0x7ffc0000
[  749.473961][   T30] audit: type=1326 audit(1746532454.721:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.5.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f2468d8e969 code=0x7ffc0000
[  749.497782][   T30] audit: type=1326 audit(1746532454.721:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14243 comm="syz.5.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2468d8e969 code=0x7ffc0000
[  749.713856][T14206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  749.759093][T14206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.768957][T14206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  749.780476][   T24] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  749.791373][T14206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  749.950164][T14206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  749.976756][T14206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.018950][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  750.045986][T14206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.072848][   T24] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  750.097403][T14206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.127197][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.200564][   T24] usb 2-1: config 0 descriptor??
[  750.226837][T14206] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  750.246879][T14242] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  750.265903][T14206] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  750.285793][T11433] Bluetooth: hci1: command tx timeout
[  750.307520][T14206] wireguard: wg0: Could not create IPv4 socket
[  750.324236][T14206] wireguard: wg1: Could not create IPv4 socket
[  750.334899][T14206] wireguard: wg2: Could not create IPv4 socket
[  751.057235][   T24] elan 0003:04F3:0755.0019: unknown main item tag 0x3
[  751.098737][   T24] elan 0003:04F3:0755.0019: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[  751.436385][T14268] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2202'.
[  751.449622][T14268] batman_adv: batadv0: Adding interface: gretap1
[  751.455941][T14268] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  751.483892][   T24] usb 2-1: USB disconnect, device number 59
[  751.915629][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  751.924784][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  751.969541][T11433] Bluetooth: hci5: unexpected event for opcode 0xa0aa
[  753.139081][T14297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.226995][T14297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.329193][T14302] netlink: 'syz.4.2210': attribute type 10 has an invalid length.
[  753.337527][T14302] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2210'.
[  753.357913][T14302] CUSE: unknown device info "ÿ
"
[  753.363224][T14302] CUSE: zero length info key specified
[  753.384301][T14302] netlink: 'syz.4.2210': attribute type 1 has an invalid length.
[  753.404306][ T5867] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  753.427596][   T30] audit: type=1400 audit(1746532458.603:1344): avc:  denied  { map } for  pid=14293 comm="syz.1.2209" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  753.615989][T14297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.667463][T14303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.684144][ T5867] usb 2-1: device descriptor read/64, error -71
[  753.732678][T14297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.780171][T14303] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.949573][ T5867] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  754.316680][ T5867] usb 2-1: device descriptor read/64, error -71
[  754.436427][ T5867] usb usb2-port1: attempt power cycle
[  754.441022][T14305] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2211'.
[  754.648838][   T30] audit: type=1400 audit(1746532459.744:1345): avc:  denied  { read } for  pid=14318 comm="syz.5.2214" path="socket:[43534]" dev="sockfs" ino=43534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  754.711043][ T5860] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  754.733384][T14322] IPv6: NLM_F_CREATE should be specified when creating new route
[  754.742275][T14322] macvlan1: mtu less than device minimum
[  754.761544][T14323] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2214'.
[  754.805470][ T5867] usb 2-1: new low-speed USB device number 62 using dummy_hcd
[  754.826480][ T5867] usb 2-1: Invalid ep0 maxpacket: 32
[  754.900036][ T5860] usb 5-1: Using ep0 maxpacket: 32
[  754.914075][ T5860] usb 5-1: config 0 has an invalid interface number: 9 but max is 0
[  754.922084][ T5860] usb 5-1: config 0 has no interface number 0
[  754.931190][ T5860] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  754.944682][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.953082][ T5860] usb 5-1: Product: syz
[  755.207811][ T5867] usb 2-1: new low-speed USB device number 63 using dummy_hcd
[  755.325746][ T5860] usb 5-1: Manufacturer: syz
[  755.360248][ T5860] usb 5-1: SerialNumber: syz
[  755.422373][ T5867] usb 2-1: Invalid ep0 maxpacket: 32
[  755.477655][ T5867] usb usb2-port1: unable to enumerate USB device
[  755.484903][ T5860] usb 5-1: config 0 descriptor??
[  755.498290][ T5860] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  755.533624][T14332] ALSA: mixer_oss: invalid index 40000
[  755.726618][T14313] netlink: 'syz.4.2212': attribute type 10 has an invalid length.
[  755.735384][T14313] veth0_macvtap: left promiscuous mode
[  755.746271][T14313] batman_adv: batadv0: Adding interface: macvtap0
[  755.752741][T14313] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  755.778408][T14313] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active
[  755.807851][T14313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2212'.
[  755.822898][T14313] trusted_key: encrypted_key: master key parameter 'ëÁÍu’·¾„õ“~¤uÚue ¤úe}?¾Ý›â±#[x¤^òßL¿ÈäóÊ®°¸œÏp‹ŠÝ=«ožÏåF¨s@}
[  755.822898][T14313] @i–
[  755.822898][T14313] ʃ}–¯zr³Séœ@W]¹å@
[  755.822898][T14313] Ž›Ê2CÚÝÊb2iv¤¤' is invalid
[  755.855536][T14313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  755.867155][T14313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  755.891047][ T5860] gspca_topro: reg_w err -71
[  755.927294][ T5860] gspca_topro: Sensor soi763a
[  755.934542][ T5860] usb 5-1: USB disconnect, device number 91
[  756.151727][   T24] usb 6-1: new full-speed USB device number 32 using dummy_hcd
[  756.315431][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  756.326449][   T24] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  756.335519][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.345661][   T24] usb 6-1: config 0 descriptor??
[  756.351288][T14338] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  756.880366][   T24] elan 0003:04F3:0755.001A: unknown main item tag 0x3
[  756.900824][   T24] elan 0003:04F3:0755.001A: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  756.943023][T14346] syz.4.2221: attempt to access beyond end of device
[  756.943023][T14346] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  756.956260][T14346] FAT-fs (loop9): unable to read boot sector
[  757.326261][   T24] usb 6-1: USB disconnect, device number 32
[  758.096339][T14352] netlink: 'syz.5.2222': attribute type 1 has an invalid length.
[  758.112511][T14356] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  758.129499][T14352] netlink: 'syz.5.2222': attribute type 2 has an invalid length.
[  758.137227][T14352] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2222'.
[  758.411280][T14361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2223'.
[  758.430855][T14361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2223'.
[  758.754210][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  758.763730][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  758.772078][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  758.780315][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  758.788522][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  758.813779][T14366] Failed to initialize the IGMP autojoin socket (err -2)
[  758.975697][   T30] audit: type=1400 audit(1746532463.767:1346): avc:  denied  { ioctl } for  pid=14363 comm="syz.4.2228" path="socket:[42773]" dev="sockfs" ino=42773 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  759.507306][   T30] audit: type=1400 audit(1746532463.767:1347): avc:  denied  { write } for  pid=14363 comm="syz.4.2228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  759.534310][T14374] veth0_vlan: entered allmulticast mode
[  759.561720][T14376] veth0_vlan: left promiscuous mode
[  759.775935][T14376] veth0_vlan: entered promiscuous mode
[  760.353704][T12109] usb 3-1: new full-speed USB device number 66 using dummy_hcd
[  760.557849][T14391] Invalid logical block size (245)
[  760.628625][T14393] FAULT_INJECTION: forcing a failure.
[  760.628625][T14393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  760.642029][T14393] CPU: 1 UID: 0 PID: 14393 Comm: syz.1.2234 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  760.642052][T14393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  760.642063][T14393] Call Trace:
[  760.642068][T14393]  <TASK>
[  760.642075][T14393]  dump_stack_lvl+0x16c/0x1f0
[  760.642101][T14393]  should_fail_ex+0x512/0x640
[  760.642125][T14393]  _copy_to_user+0x32/0xd0
[  760.642150][T14393]  simple_read_from_buffer+0xcb/0x170
[  760.642176][T14393]  proc_fail_nth_read+0x197/0x270
[  760.642200][T14393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  760.642225][T14393]  ? rw_verify_area+0xcf/0x680
[  760.642245][T14393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  760.642269][T14393]  vfs_read+0x1de/0xc70
[  760.642296][T14393]  ? __pfx___mutex_lock+0x10/0x10
[  760.642319][T14393]  ? __pfx_vfs_read+0x10/0x10
[  760.642348][T14393]  ? __fget_files+0x20e/0x3c0
[  760.642382][T14393]  ksys_read+0x12a/0x240
[  760.642404][T14393]  ? __pfx_ksys_read+0x10/0x10
[  760.642435][T14393]  do_syscall_64+0xcd/0x260
[  760.642459][T14393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  760.642475][T14393] RIP: 0033:0x7f4defb8d37c
[  760.642488][T14393] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  760.642504][T14393] RSP: 002b:00007f4df0957030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  760.642520][T14393] RAX: ffffffffffffffda RBX: 00007f4defdb5fa0 RCX: 00007f4defb8d37c
[  760.642530][T14393] RDX: 000000000000000f RSI: 00007f4df09570a0 RDI: 0000000000000004
[  760.642540][T14393] RBP: 00007f4df0957090 R08: 0000000000000000 R09: 0000000000000000
[  760.642549][T14393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  760.642559][T14393] R13: 0000000000000000 R14: 00007f4defdb5fa0 R15: 00007ffc13febfb8
[  760.642582][T14393]  </TASK>
[  760.645473][T12109] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  760.825229][   T30] audit: type=1400 audit(1746532465.525:1348): avc:  denied  { ioctl } for  pid=14399 comm="syz.1.2237" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  760.826207][T12109] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  760.882587][T12109] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.893958][T12109] usb 3-1: config 0 descriptor??
[  760.901624][T14387] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  761.040730][ T5815] Bluetooth: hci1: command tx timeout
[  761.091078][T14408] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.2239'.
[  761.110620][T14408] tmpfs: Unknown parameter 'quïtÁvÌï?a'
[  762.015659][T12109] elan 0003:04F3:0755.001B: unknown main item tag 0x3
[  762.119306][T12109] elan 0003:04F3:0755.001B: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  762.205877][ T5860] usb 3-1: USB disconnect, device number 66
[  762.228693][T14420] ceph: No mds server is up or the cluster is laggy
[  762.237524][ T5913] libceph: mon0 (1)[c::]:6789 connect error
[  763.282423][ T5815] Bluetooth: hci1: command tx timeout
[  763.331270][T14433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2243'.
[  764.219371][T14435] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2245'.
[  764.258427][T14443] FAULT_INJECTION: forcing a failure.
[  764.258427][T14443] name failslab, interval 1, probability 0, space 0, times 0
[  764.271202][T14443] CPU: 0 UID: 0 PID: 14443 Comm: syz.2.2247 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  764.271226][T14443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  764.271237][T14443] Call Trace:
[  764.271242][T14443]  <TASK>
[  764.271249][T14443]  dump_stack_lvl+0x16c/0x1f0
[  764.271275][T14443]  should_fail_ex+0x512/0x640
[  764.271296][T14443]  ? __kmalloc_noprof+0xbf/0x510
[  764.271323][T14443]  ? constrain_params_by_rules+0x175/0xca0
[  764.271345][T14443]  should_failslab+0xc2/0x120
[  764.271363][T14443]  __kmalloc_noprof+0xd2/0x510
[  764.271386][T14443]  ? unwind_get_return_address+0x59/0xa0
[  764.271407][T14443]  ? arch_stack_walk+0xa6/0x100
[  764.271432][T14443]  constrain_params_by_rules+0x175/0xca0
[  764.271459][T14443]  ? stack_trace_save+0x8e/0xc0
[  764.271481][T14443]  ? stack_depot_save_flags+0x28/0xa50
[  764.271504][T14443]  ? __pfx_constrain_params_by_rules+0x10/0x10
[  764.271524][T14443]  ? kfree+0x2b6/0x4d0
[  764.271550][T14443]  ? __kasan_kmalloc+0xaa/0xb0
[  764.271572][T14443]  ? snd_pcm_oss_change_params_locked+0x247/0x3b40
[  764.271594][T14443]  ? snd_pcm_oss_get_active_substream+0x168/0x1d0
[  764.271615][T14443]  ? snd_pcm_oss_set_channels+0x23a/0x370
[  764.271643][T14443]  ? rcu_is_watching+0x12/0xc0
[  764.271662][T14443]  ? snd_interval_refine+0x2fa/0x580
[  764.271681][T14443]  snd_pcm_hw_refine+0x7de/0xad0
[  764.271713][T14443]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  764.271743][T14443]  ? __asan_memset+0x23/0x50
[  764.271766][T14443]  ? _snd_pcm_hw_param_min+0x259/0x630
[  764.271791][T14443]  snd_pcm_oss_change_params_locked+0x65e/0x3b40
[  764.271814][T14443]  ? preempt_count_sub+0x110/0x160
[  764.271841][T14443]  ? __mutex_lock+0x1ca/0xb90
[  764.271862][T14443]  ? snd_pcm_oss_get_active_substream+0x172/0x1d0
[  764.271887][T14443]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  764.271912][T14443]  ? __pfx___mutex_lock+0x10/0x10
[  764.271949][T14443]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  764.271976][T14443]  snd_pcm_oss_set_channels+0x23a/0x370
[  764.272000][T14443]  ? __pfx_snd_pcm_oss_set_channels+0x10/0x10
[  764.272021][T14443]  ? __might_fault+0x13b/0x190
[  764.272043][T14443]  snd_pcm_oss_ioctl+0x219d/0x37a0
[  764.272067][T14443]  ? hook_file_ioctl_common+0x145/0x410
[  764.272085][T14443]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  764.272111][T14443]  ? selinux_file_ioctl+0x180/0x270
[  764.272133][T14443]  ? selinux_file_ioctl+0xb4/0x270
[  764.272158][T14443]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  764.272181][T14443]  __x64_sys_ioctl+0x190/0x200
[  764.272205][T14443]  do_syscall_64+0xcd/0x260
[  764.272229][T14443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.272246][T14443] RIP: 0033:0x7f075fb8e969
[  764.272261][T14443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  764.272276][T14443] RSP: 002b:00007f0760a0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  764.272293][T14443] RAX: ffffffffffffffda RBX: 00007f075fdb5fa0 RCX: 00007f075fb8e969
[  764.272303][T14443] RDX: 0000200000000100 RSI: 00000000c0045006 RDI: 0000000000000003
[  764.272314][T14443] RBP: 00007f0760a0b090 R08: 0000000000000000 R09: 0000000000000000
[  764.272323][T14443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  764.272333][T14443] R13: 0000000000000000 R14: 00007f075fdb5fa0 R15: 00007ffd36ef06f8
[  764.272357][T14443]  </TASK>
[  764.606422][T14436] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2244'.
[  764.724440][   T30] audit: type=1400 audit(1746532469.145:1349): avc:  denied  { read } for  pid=14447 comm="syz.2.2250" dev="sockfs" ino=43795 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  765.186820][   T30] audit: type=1400 audit(1746532469.566:1350): avc:  denied  { create } for  pid=14444 comm="syz.4.2248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  765.495367][ T5815] Bluetooth: hci1: command tx timeout
[  765.588310][T14458] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.2251'.
[  765.597907][T14458] netlink: zone id is out of range
[  765.603119][T14458] netlink: zone id is out of range
[  765.608287][T14458] netlink: zone id is out of range
[  765.613474][T14458] netlink: get zone limit has 8 unknown bytes
[  766.877894][T14366] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  766.900696][T14366] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  766.970100][T14470] netlink: 'syz.5.2253': attribute type 1 has an invalid length.
[  767.106158][T14472] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2253'.
[  767.367787][T14470] 8021q: adding VLAN 0 to HW filter on device bond2
[  767.383322][T14471] bond1: (slave erspan0): Releasing active interface
[  767.398313][T14366] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  767.821481][ T5815] Bluetooth: hci1: command tx timeout
[  767.852466][T14366] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  768.413872][ T5891] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  768.627715][ T5891] usb 2-1: Using ep0 maxpacket: 32
[  768.746015][T12109] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  768.827024][ T5891] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  768.835469][ T5891] usb 2-1: config 0 has no interface number 0
[  768.841926][ T5891] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  768.887502][ T5891] usb 2-1: config 0 interface 85 has no altsetting 0
[  768.910978][T12109] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  768.944559][T12109] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  769.298006][ T5891] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  769.312945][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.320950][ T5891] usb 2-1: Product: syz
[  769.325705][ T5891] usb 2-1: Manufacturer: syz
[  769.330275][ T5891] usb 2-1: SerialNumber: syz
[  769.337481][ T5891] usb 2-1: config 0 descriptor??
[  769.342569][T12109] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.367354][T12109] usb 6-1: config 0 descriptor??
[  769.378099][T14484] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  769.429406][ T5913] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  769.512529][T14366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  769.540436][T14366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.550633][T14366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  769.563074][T14366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.576116][T14366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.587305][T14366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.597484][ T5913] usb 5-1: Using ep0 maxpacket: 16
[  769.691124][T14366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.703187][T14366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.736531][T14366] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  769.766322][T14366] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  769.802256][ T5891] appletouch 2-1:0.85: Geyser mode initialized.
[  769.809921][ T5891] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input30
[  769.833864][T14508] wireguard: wg0: Could not create IPv4 socket
[  769.845361][T14366] wireguard: wg0: Could not create IPv4 socket
[  769.859005][T12109] elan 0003:04F3:0755.001C: unknown main item tag 0x3
[  769.867305][T12109] elan 0003:04F3:0755.001C: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  769.955786][T14366] wireguard: wg1: Could not create IPv4 socket
[  769.963504][T14366] wireguard: wg2: Could not create IPv4 socket
[  770.035720][T13834] usb 2-1: USB disconnect, device number 64
[  770.089296][T12109] usb 6-1: USB disconnect, device number 33
[  770.389999][T13834] appletouch 2-1:0.85: input: appletouch disconnected
[  771.631676][ T5867] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  771.708020][ T5913] usb 5-1: unable to get BOS descriptor or descriptor too short
[  771.741181][ T5913] usb 5-1: unable to read config index 0 descriptor/start: -71
[  771.748763][ T5913] usb 5-1: can't read configurations, error -71
[  771.803047][   T10] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  771.894054][ T5867] usb 3-1: Using ep0 maxpacket: 16
[  772.127421][T14530] netlink: 'syz.5.2266': attribute type 1 has an invalid length.
[  772.157004][T14530] 8021q: adding VLAN 0 to HW filter on device bond3
[  772.187168][T14530] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2266'.
[  772.196331][   T10] usb 2-1: Using ep0 maxpacket: 8
[  772.203226][   T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  772.212462][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.242825][   T10] pvrusb2: Hardware description: Terratec Grabster AV400
[  772.257934][   T10] pvrusb2: **********
[  772.268678][   T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  772.296721][   T10] pvrusb2: Important functionality might not be entirely working.
[  772.313836][   T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  772.326870][   T10] pvrusb2: **********
[  772.456960][ T2333] pvrusb2: Invalid write control endpoint
[  772.617313][ T2333] pvrusb2: Invalid write control endpoint
[  772.625950][ T2333] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  772.650613][ T2333] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  772.667007][ T2333] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  772.714703][ T2333] pvrusb2: Device being rendered inoperable
[  772.720839][ T2333] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  772.978772][ T2333] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  772.988455][ T2333] pvrusb2: Attached sub-driver cx25840
[  772.997022][ T2333] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  773.008157][ T2333] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  773.124872][T13834] usb 2-1: USB disconnect, device number 65
[  773.165031][T14545] ALSA: mixer_oss: invalid index 40000
[  774.183307][T14555] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2272'.
[  774.196033][ T5867] usb 3-1: unable to get BOS descriptor or descriptor too short
[  774.220256][ T5867] usb 3-1: unable to read config index 0 descriptor/start: -71
[  774.228358][ T5867] usb 3-1: can't read configurations, error -71
[  774.496897][   T24] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  774.785897][T14563] netlink: 'syz.4.2275': attribute type 21 has an invalid length.
[  774.794617][T14563] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2275'.
[  774.843814][T14557] bpf: Bad value for 'uid'
[  774.968945][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  774.979093][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  774.987952][   T24] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  774.997213][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.006539][   T24] usb 6-1: config 0 descriptor??
[  775.013207][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  775.019839][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  775.026798][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  775.035580][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  775.042635][   T24] usb 6-1: media controller created
[  775.048635][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  775.060831][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  775.066723][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  775.076711][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input31
[  775.089034][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  775.096140][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  775.231880][T14564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  775.240410][T14564] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  775.261205][   T24] usb 6-1: USB disconnect, device number 34
[  775.273812][   T24] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  775.521279][T14573] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  775.533284][T14573] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  775.867602][T14580] ALSA: mixer_oss: invalid index 40000
[  776.311047][T11433] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  776.320631][T11433] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  776.328478][T11433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  776.340104][T11433] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  776.347837][T11433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  776.369058][   T24] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  776.393735][T14581] Failed to initialize the IGMP autojoin socket (err -2)
[  777.758270][   T24] usb 5-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  777.789894][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  777.801179][   T24] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  777.807182][   T30] audit: type=1800 audit(1746532481.399:1351): pid=14602 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.2284" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  777.810207][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  777.864396][   T24] usb 5-1: SerialNumber: syz
[  777.899412][T14602] vlan1: entered promiscuous mode
[  777.906613][T14601] vlan1: left promiscuous mode
[  777.915568][T14599] tun0: tun_chr_ioctl cmd 1074025678
[  777.922534][T14599] tun0: group set to 0
[  778.110212][T14605] ALSA: mixer_oss: invalid index 40000
[  778.154289][   T24] usb 5-1: 0:2 : does not exist
[  778.628433][T11433] Bluetooth: hci1: command tx timeout
[  778.636068][   T24] usb 5-1: USB disconnect, device number 94
[  778.913780][T14581] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  778.955390][T14581] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  778.987666][T14581] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  779.081647][T14581] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  779.158091][T14619] bpf: Bad value for 'uid'
[  779.553474][   T10] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  779.629168][   T24] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  779.719999][T14629] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2291'.
[  779.767822][   T10] usb 6-1: Using ep0 maxpacket: 16
[  779.788710][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  779.811899][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  779.831498][   T24] usb 5-1: Using ep0 maxpacket: 16
[  779.885828][   T10] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  779.935821][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.963832][   T10] usb 6-1: Product: syz
[  779.974484][   T10] usb 6-1: Manufacturer: syz
[  779.981096][   T10] usb 6-1: SerialNumber: syz
[  779.994366][   T10] usb 6-1: config 0 descriptor??
[  780.015608][   T10] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  780.043076][   T10] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  780.244484][T14617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  780.270082][T14617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  780.546413][T14646] netlink: 'syz.1.2292': attribute type 39 has an invalid length.
[  780.648240][   T30] audit: type=1326 audit(1746532484.055:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14616 comm="syz.5.2289" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2468d8e969 code=0x0
[  780.691719][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.705150][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.724789][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  780.736049][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.758008][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.770276][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.790917][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  780.801705][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  780.814311][T11433] Bluetooth: hci1: command tx timeout
[  780.821630][T14581] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  780.850157][T14581] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  780.913297][T14581] wireguard: wg0: Could not create IPv4 socket
[  781.018599][T14581] wireguard: wg1: Could not create IPv4 socket
[  781.036432][T14581] wireguard: wg2: Could not create IPv4 socket
[  781.444217][   T10] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  781.452372][   T10] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  781.459746][   T10] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  781.468149][   T10] em28xx 6-1:0.0: No AC97 audio processor
[  781.487448][   T10] usb 6-1: USB disconnect, device number 35
[  781.519902][   T10] em28xx 6-1:0.0: Disconnecting em28xx
[  781.532771][   T10] em28xx 6-1:0.0: Freeing device
[  781.592899][T14668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2296'.
[  781.602345][T14668] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  781.613648][T14668] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  782.781586][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  782.801519][   T24] usb 5-1: unable to read config index 0 descriptor/start: -71
[  782.881375][   T24] usb 5-1: can't read configurations, error -71
[  784.503523][T12109] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  784.696444][T12109] usb 2-1: Using ep0 maxpacket: 8
[  784.736270][T12109] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 15
[  784.817095][T12109] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  784.925945][T12109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  784.978422][T12109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  785.090186][T12109] usb 2-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  785.106637][T12109] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.117486][T12109] usb 2-1: Product: syz
[  785.121661][T12109] usb 2-1: Manufacturer: syz
[  785.129200][T12109] usb 2-1: SerialNumber: syz
[  785.242973][T12109] usb 2-1: config 0 descriptor??
[  785.249871][T14677] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  785.266342][T14698] netlink: 256 bytes leftover after parsing attributes in process `syz.5.2304'.
[  785.358373][ T5891] usb 5-1: new full-speed USB device number 97 using dummy_hcd
[  785.426715][   T30] audit: type=1400 audit(1746532488.471:1353): avc:  denied  { read write } for  pid=14697 comm="syz.5.2304" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  785.471499][   T30] audit: type=1400 audit(1746532488.471:1354): avc:  denied  { open } for  pid=14697 comm="syz.5.2304" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  785.578306][ T5891] usb 5-1: config 0 has an invalid interface number: 34 but max is 0
[  785.615475][ T5891] usb 5-1: config 0 has no interface number 0
[  785.622120][ T5891] usb 5-1: config 0 interface 34 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  785.642806][ T5891] usb 5-1: config 0 interface 34 altsetting 0 endpoint 0x82 has invalid maxpacket 2312, setting to 64
[  785.645727][T12109] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  785.663713][T12109] input: Griffin SoundKnob as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input32
[  785.675943][   T24] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[  785.687006][ T5891] usb 5-1: New USB device found, idVendor=06e0, idProduct=f112, bcdDevice=89.55
[  785.696486][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.704951][ T5891] usb 5-1: Product: syz
[  785.709163][ T5891] usb 5-1: Manufacturer: syz
[  785.715700][ T5891] usb 5-1: SerialNumber: syz
[  785.722011][ T5891] usb 5-1: config 0 descriptor??
[  785.727600][T14693] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  785.735005][T14693] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  785.743700][ T5891] ti_usb_3410_5052 5-1:0.34: TI USB 3410 1 port adapter converter detected
[  785.754197][ T5891] usb 5-1: TI USB 3410 1 port adapter converter now attached to ttyUSB0
[  785.862209][   T24] usb 6-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  785.871377][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.881525][   T24] usb 6-1: config 0 descriptor??
[  785.889594][   T24] pwc: Samsung MPC-C10 USB webcam detected.
[  785.966997][T14693] 9pnet_fd: Insufficient options for proto=fd
[  785.975705][T12109] usb 5-1: USB disconnect, device number 97
[  785.986140][T12109] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0
[  785.997531][T12109] ti_usb_3410_5052 5-1:0.34: device disconnected
[  786.050870][    C0] powermate: config urb returned -71
[  786.056378][    C0] powermate: config urb returned -71
[  786.061845][    C0] powermate: config urb returned -71
[  786.067233][ T5860] usb 2-1: USB disconnect, device number 66
[  786.073275][    C0] powermate 2-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  786.106321][   T24] pwc: send_video_command error -71
[  786.115295][   T24] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  786.127096][   T24] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  786.137910][   T24] usb 6-1: USB disconnect, device number 36
[  786.662672][   T24] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  786.825493][   T24] usb 6-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  786.834585][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.843776][   T24] usb 6-1: config 0 descriptor??
[  786.851275][   T24] pwc: Samsung MPC-C10 USB webcam detected.
[  787.482642][T14713] ALSA: mixer_oss: invalid index 40000
[  788.492733][   T24] pwc: send_video_command error -71
[  788.498025][   T24] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  788.522415][   T24] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  788.697843][   T24] usb 6-1: USB disconnect, device number 37
[  789.427534][T14729] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2310'.
[  790.012919][T14735] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2313'.
[  790.126546][T12109] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  790.223668][T14738] netlink: 'syz.1.2314': attribute type 10 has an invalid length.
[  790.230456][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  790.240425][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  790.249763][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  790.261040][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  790.269183][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  790.286590][T14738] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  790.326141][T14739] Failed to initialize the IGMP autojoin socket (err -2)
[  790.387479][T12109] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.445813][T12109] usb 5-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  790.534249][T12109] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  790.583705][T14746] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  790.635940][T12109] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x87 has invalid maxpacket 42124, setting to 1024
[  790.733870][T14747] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  790.770117][T12109] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  790.877951][T12109] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  791.006463][T12109] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.379896][T12109] usb 5-1: Product: syz
[  791.384374][T12109] usb 5-1: Manufacturer: syz
[  791.389472][T12109] usb 5-1: SerialNumber: syz
[  791.628591][T14754] syz.1.2318: attempt to access beyond end of device
[  791.628591][T14754] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  791.641521][T14754] FAT-fs (loop3): unable to read boot sector
[  792.052383][T14756] ALSA: mixer_oss: invalid index 40000
[  792.522072][ T5815] Bluetooth: hci1: command tx timeout
[  792.598283][ T5913] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  792.653587][T14762] capability: warning: `syz.5.2321' uses 32-bit capabilities (legacy support in use)
[  792.832671][ T5913] usb 3-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  792.844978][ T5913] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  792.856287][ T5913] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  792.873978][ T5860] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  793.205746][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  793.213912][ T5913] usb 3-1: SerialNumber: syz
[  793.453847][ T5913] usb 3-1: 0:2 : does not exist
[  793.455856][ T5860] usb 2-1: Using ep0 maxpacket: 16
[  793.739397][ T5913] usb 3-1: USB disconnect, device number 69
[  793.990148][T14773] netlink: 'syz.5.2323': attribute type 1 has an invalid length.
[  794.133482][T14772] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2323'.
[  794.145207][T14773] 8021q: adding VLAN 0 to HW filter on device bond4
[  794.227679][T14739] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  794.271780][T14739] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  794.341197][T14739] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  794.448724][T14739] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  795.140351][ T5815] Bluetooth: hci1: command tx timeout
[  796.390716][   T30] audit: type=1400 audit(1746532498.030:1355): avc:  denied  { write } for  pid=14781 comm="syz.5.2325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  796.597495][T14792] bpf: Bad value for 'uid'
[  796.755995][T12109] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  796.762223][T12109] cdc_ncm 5-1:1.0: bind() failure
[  797.043314][ T5913] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  797.087173][ T5860] usb 2-1: unable to get BOS descriptor or descriptor too short
[  797.099148][T12109] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  797.106333][T12109] cdc_ncm 5-1:1.1: bind() failure
[  797.124075][ T5860] usb 2-1: unable to read config index 0 descriptor/start: -71
[  797.197009][ T5860] usb 2-1: can't read configurations, error -71
[  797.254372][ T5913] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  797.275735][T12109] usb 5-1: USB disconnect, device number 98
[  797.311343][ T5815] Bluetooth: hci1: command tx timeout
[  797.326146][ T5913] usb 6-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  797.363996][ T5913] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  797.375361][ T5913] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x87 has invalid maxpacket 42124, setting to 1024
[  797.387474][ T5913] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  797.417847][ T5913] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  797.447694][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.800819][ T5913] usb 6-1: Product: syz
[  797.806842][ T5913] usb 6-1: Manufacturer: syz
[  797.811524][ T5913] usb 6-1: SerialNumber: syz
[  797.877771][T14813] netlink: 'syz.2.2332': attribute type 1 has an invalid length.
[  797.905318][T14813] 8021q: adding VLAN 0 to HW filter on device bond5
[  797.955362][T14813] bond4: (slave erspan0): Releasing active interface
[  797.970639][T14813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2332'.
[  798.143797][T14739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  798.162027][T14739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  798.173297][T14739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  798.183867][T14739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  798.196049][T14739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  798.207723][T14739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  798.217929][T14739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  798.228688][T14739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  798.241548][T14739] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  798.259074][T14739] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  798.278188][T14739] wireguard: wg0: Could not create IPv4 socket
[  798.289921][T14739] wireguard: wg1: Could not create IPv4 socket
[  798.298748][T12109] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  798.308702][T14739] wireguard: wg2: Could not create IPv4 socket
[  798.368490][T14829] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  798.375017][T14829] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  798.388456][T14829] vhci_hcd vhci_hcd.0: Device attached
[  798.475794][T12109] usb 5-1: Using ep0 maxpacket: 32
[  799.620494][ T5815] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  800.068955][ T5913] cdc_ncm 6-1:1.0: failed GET_NTB_PARAMETERS
[  800.094056][T12109] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  800.096227][ T5913] cdc_ncm 6-1:1.0: bind() failure
[  800.177721][ T5913] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  800.194442][ T5913] cdc_ncm 6-1:1.1: bind() failure
[  800.242344][ T5913] usb 6-1: USB disconnect, device number 38
[  800.346854][   T24] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  800.517827][   T24] usb 2-1: Using ep0 maxpacket: 32
[  800.529593][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  800.557046][   T24] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  800.577690][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  800.591860][   T24] usb 2-1: Product: syz
[  800.620119][   T24] usb 2-1: Manufacturer: syz
[  800.631343][   T24] usb 2-1: SerialNumber: syz
[  800.637839][ T5860] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  800.640290][   T24] usb 2-1: config 0 descriptor??
[  800.673446][   T24] gs_usb 2-1:0.0: Required endpoints not found
[  800.760560][T14830] vhci_hcd: connection closed
[  800.764109][T12109] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  800.778792][T12109] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  800.779776][   T53] vhci_hcd: stop threads
[  800.787828][T12109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.801844][T12109] usb 5-1: config 0 descriptor??
[  800.804225][   T53] vhci_hcd: release socket
[  800.814276][   T53] vhci_hcd: disconnect device
[  800.942034][ T5913] usb 2-1: USB disconnect, device number 69
[  801.576680][T12109] hkems 0003:2006:0118.001D: item fetching failed at offset 0/2
[  801.585108][T12109] hkems 0003:2006:0118.001D: parse failed
[  801.591976][T12109] hkems 0003:2006:0118.001D: probe with driver hkems failed with error -22
[  801.825044][T14849] netlink: 'syz.1.2338': attribute type 10 has an invalid length.
[  801.833290][T14849] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2338'.
[  801.848871][T14849] netlink: 'syz.1.2338': attribute type 1 has an invalid length.
[  802.355268][ T5913] usb 3-1: new full-speed USB device number 70 using dummy_hcd
[  802.835215][ T5913] usb 3-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  802.836176][T14824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  802.859480][ T5913] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  802.862236][T14824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  802.895186][ T5913] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  803.023847][ T5913] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  803.033037][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.041201][ T5913] usb 3-1: Product: syz
[  803.045413][ T5913] usb 3-1: Manufacturer: syz
[  803.050062][ T5913] usb 3-1: SerialNumber: syz
[  803.508155][ T5913] usb 3-1: selecting invalid altsetting 1
[  803.557813][   T24] usb 5-1: USB disconnect, device number 99
[  803.881375][   T30] audit: type=1400 audit(1746532505.794:1356): avc:  denied  { setopt } for  pid=14866 comm="syz.1.2343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  803.901292][T12109] usb 6-1: new low-speed USB device number 39 using dummy_hcd
[  804.089863][   T24] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  804.166584][T12109] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  804.174060][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  804.186486][T12109] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  804.202837][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  804.216507][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  804.229437][T12109] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  804.236837][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  804.248136][T12109] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  804.262260][ T5913] cdc_ncm 3-1:1.0: SET_CRC_MODE failed
[  804.263657][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  804.279126][ T5913] cdc_ncm 3-1:1.0: SET_NTB_FORMAT failed
[  804.279463][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  804.297247][T12109] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  804.302249][ T5913] usb 3-1: selecting invalid altsetting 1
[  804.304684][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  804.310360][ T5913] cdc_ncm 3-1:1.0: bind() failure
[  804.334206][   T24] usb 5-1: Using ep0 maxpacket: 16
[  804.335498][T12109] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  804.351099][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  804.396788][T12109] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  804.399672][ T5913] usb 3-1: USB disconnect, device number 70
[  804.427317][T12109] usb 6-1: string descriptor 0 read error: -22
[  804.434270][T12109] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  804.444805][T12109] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.457685][T12109] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  804.674734][ T5913] usb 6-1: USB disconnect, device number 39
[  805.047760][T14878] netlink: 'syz.2.2345': attribute type 1 has an invalid length.
[  805.184091][T14878] 8021q: adding VLAN 0 to HW filter on device bond6
[  805.209289][T14880] bond6: (slave erspan0): making interface the new active one
[  805.222287][T14880] bond6: (slave erspan0): Enslaving as an active interface with an up link
[  805.505239][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  805.515947][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  805.525174][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  805.534331][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  805.542153][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  805.585297][T14883] Failed to initialize the IGMP autojoin socket (err -2)
[  805.659879][ T5891] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  805.847323][ T5891] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  805.860971][ T5891] usb 6-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  805.910375][ T5891] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  805.954109][ T5891] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x87 has invalid maxpacket 42124, setting to 1024
[  805.969559][ T5891] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  805.993627][ T5891] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  806.011539][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.019752][ T5891] usb 6-1: Product: syz
[  806.024281][ T5891] usb 6-1: Manufacturer: syz
[  806.034084][ T5891] usb 6-1: SerialNumber: syz
[  806.085864][T14889] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2347'.
[  806.194585][ T5860] vhci_hcd: vhci_device speed not set
[  806.818625][T14897] netlink: 'syz.1.2350': attribute type 10 has an invalid length.
[  806.826679][T14897] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2350'.
[  806.841412][T14897] netlink: 'syz.1.2350': attribute type 1 has an invalid length.
[  807.788769][ T5815] Bluetooth: hci1: command tx timeout
[  807.839695][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  807.854752][   T24] usb 5-1: unable to read config index 0 descriptor/start: -71
[  807.869584][   T24] usb 5-1: can't read configurations, error -71
[  807.930120][T14883] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  807.971479][T14883] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  807.973040][   T30] audit: type=1400 audit(1746532509.611:1357): avc:  denied  { mount } for  pid=14900 comm="syz.2.2351" name="/" dev="ramfs" ino=47315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  808.067327][T14906] nfs4: Unknown parameter '
'
[  808.067841][T14883] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  808.078763][   T30] audit: type=1400 audit(1746532509.629:1358): avc:  denied  { unmount } for  pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  808.099340][ T5891] cdc_ncm 6-1:1.0: failed GET_NTB_PARAMETERS
[  808.105376][ T5891] cdc_ncm 6-1:1.0: bind() failure
[  808.114238][ T5891] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  808.121123][ T5891] cdc_ncm 6-1:1.1: bind() failure
[  808.204863][ T5891] usb 6-1: USB disconnect, device number 40
[  808.212447][T14883] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  809.968875][ T5815] Bluetooth: hci1: command tx timeout
[  813.078459][ T5815] Bluetooth: hci1: command tx timeout
[  813.223183][T14928] FAULT_INJECTION: forcing a failure.
[  813.223183][T14928] name failslab, interval 1, probability 0, space 0, times 0
[  813.236361][T14928] CPU: 0 UID: 0 PID: 14928 Comm: syz.2.2357 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  813.236385][T14928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  813.236394][T14928] Call Trace:
[  813.236400][T14928]  <TASK>
[  813.236407][T14928]  dump_stack_lvl+0x16c/0x1f0
[  813.236432][T14928]  should_fail_ex+0x512/0x640
[  813.236452][T14928]  ? __kmalloc_noprof+0xbf/0x510
[  813.236478][T14928]  ? __crypto_alloc_tfmgfp+0xd1/0x400
[  813.236494][T14928]  should_failslab+0xc2/0x120
[  813.236511][T14928]  __kmalloc_noprof+0xd2/0x510
[  813.236534][T14928]  ? __pfx___up_read+0x10/0x10
[  813.236556][T14928]  __crypto_alloc_tfmgfp+0xd1/0x400
[  813.236576][T14928]  crypto_spawn_tfm+0x93/0x110
[  813.236599][T14928]  ? __pfx_lskcipher_init_tfm_simple2+0x10/0x10
[  813.236619][T14928]  lskcipher_init_tfm_simple2+0x43/0xc0
[  813.236638][T14928]  crypto_lskcipher_init_tfm+0xb7/0xf0
[  813.236657][T14928]  crypto_create_tfm_node+0x100/0x320
[  813.236674][T14928]  ? __pfx_lskcipher_init_tfm_simple+0x10/0x10
[  813.236693][T14928]  crypto_spawn_tfm2+0x62/0xb0
[  813.236716][T14928]  lskcipher_init_tfm_simple+0x39/0xb0
[  813.236733][T14928]  crypto_lskcipher_init_tfm+0xb7/0xf0
[  813.236751][T14928]  crypto_create_tfm_node+0x100/0x320
[  813.236770][T14928]  crypto_init_lskcipher_ops_sg+0x5d/0x100
[  813.236789][T14928]  crypto_skcipher_init_tfm+0x247/0x2d0
[  813.236808][T14928]  crypto_create_tfm_node+0x100/0x320
[  813.236828][T14928]  crypto_alloc_tfm_node+0x102/0x260
[  813.236847][T14928]  init_skcipher_req.constprop.0+0x1f/0x230
[  813.236866][T14928]  derived_key_encrypt.constprop.0+0x10a/0x5e0
[  813.236884][T14928]  ? __free_frozen_pages+0x734/0xff0
[  813.236907][T14928]  ? __pfx_derived_key_encrypt.constprop.0+0x10/0x10
[  813.236928][T14928]  ? __folio_put+0x32e/0x450
[  813.236951][T14928]  ? free_large_kmalloc+0x84/0x1a0
[  813.236975][T14928]  ? get_derived_key+0x128/0x160
[  813.236993][T14928]  encrypted_read+0x2a2/0x840
[  813.237012][T14928]  ? __pfx_encrypted_read+0x10/0x10
[  813.237029][T14928]  ? __pfx___might_resched+0x10/0x10
[  813.237054][T14928]  ? down_read+0x13d/0x480
[  813.237076][T14928]  ? trace_kmalloc+0x2b/0xd0
[  813.237094][T14928]  ? __pfx_down_read+0x10/0x10
[  813.237116][T14928]  ? keyctl_read_key+0x22d/0x4f0
[  813.237133][T14928]  ? keyctl_read_key+0x2cc/0x4f0
[  813.237154][T14928]  keyctl_read_key+0x2b8/0x4f0
[  813.237176][T14928]  __do_sys_keyctl+0x3d9/0x590
[  813.237196][T14928]  do_syscall_64+0xcd/0x260
[  813.237219][T14928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.237242][T14928] RIP: 0033:0x7f075fb8e969
[  813.237256][T14928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  813.237270][T14928] RSP: 002b:00007f07609ea038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  813.237287][T14928] RAX: ffffffffffffffda RBX: 00007f075fdb6080 RCX: 00007f075fb8e969
[  813.237298][T14928] RDX: 0000200000000240 RSI: 00000000333f4c5c RDI: 000000000000000b
[  813.237307][T14928] RBP: 00007f07609ea090 R08: 0000000000000000 R09: 0000000000000000
[  813.237317][T14928] R10: 00000000349b7f55 R11: 0000000000000246 R12: 0000000000000001
[  813.237326][T14928] R13: 0000000000000000 R14: 00007f075fdb6080 R15: 00007ffd36ef06f8
[  813.237350][T14928]  </TASK>
[  813.238298][T14928] trusted_key: encrypted_key: failed to load cbc(aes) transform (-12)
[  813.269922][T14931] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  814.050548][T14941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2359'.
[  814.069116][T14941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2359'.
[  814.577240][T12109] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  814.849996][T14948] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  814.914568][T12109] usb 6-1: Using ep0 maxpacket: 16
[  815.281469][ T5815] Bluetooth: hci1: command tx timeout
[  815.444395][T14949] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2361'.
[  815.607944][T14883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  815.619063][T14883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  815.629898][T14883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  815.640973][T14883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  815.652796][T14883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  815.681006][T14883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  815.777308][T14883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  815.993677][T14883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  816.048285][T14957] mkiss: ax0: crc mode is auto.
[  816.078226][T14883] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  816.427869][T14883] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  816.468209][ T5860] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  816.490201][T14883] wireguard: wg0: Could not create IPv4 socket
[  816.498973][T14967] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  816.512190][T14967] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  816.523475][T14883] wireguard: wg1: Could not create IPv4 socket
[  816.536796][T14883] wireguard: wg2: Could not create IPv4 socket
[  816.625330][T12109] usb 6-1: unable to get BOS descriptor or descriptor too short
[  816.647930][ T5860] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  816.658950][ T5860] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xF8, changing to 0x88
[  816.679291][T12109] usb 6-1: unable to read config index 0 descriptor/start: -71
[  816.688331][T12109] usb 6-1: can't read configurations, error -71
[  816.689266][ T5860] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x88 has invalid maxpacket 15441, setting to 64
[  816.689292][ T5860] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  816.689325][ T5860] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  816.689345][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.775978][   T30] audit: type=1800 audit(1746532517.851:1359): pid=14973 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.2367" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  816.810392][ T5891] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  816.931402][ T5860] ath6kl: Failed to submit usb control message: -71
[  816.931425][ T5860] ath6kl: unable to send the bmi data to the device: -71
[  816.931434][ T5860] ath6kl: Unable to send get target info: -71
[  816.931882][ T5860] ath6kl: Failed to init ath6kl core: -71
[  816.932197][ T5860] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71
[  816.935876][ T5860] usb 3-1: USB disconnect, device number 71
[  816.997837][ T5891] usb 2-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  816.997854][ T5891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  816.998656][ T5891] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  817.060348][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  817.077995][ T5891] usb 2-1: SerialNumber: syz
[  817.306405][ T5891] usb 2-1: 0:2 : does not exist
[  817.319512][ T5891] usb 2-1: USB disconnect, device number 70
[  817.344752][T12109] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  817.894788][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  817.903483][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  818.071782][T12109] usb 6-1: Using ep0 maxpacket: 16
[  818.641113][T14989] ALSA: mixer_oss: invalid index 40000
[  819.794292][T14999] netlink: 'syz.2.2373': attribute type 10 has an invalid length.
[  819.802268][T14999] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2373'.
[  819.811480][T14999] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  819.836842][T14999] CUSE: unknown device info "ÿ
"
[  819.841861][T14999] CUSE: zero length info key specified
[  820.455970][T15000] netlink: 'syz.2.2373': attribute type 1 has an invalid length.
[  820.767809][T12109] usb 6-1: unable to get BOS descriptor or descriptor too short
[  820.781100][T12109] usb 6-1: unable to read config index 0 descriptor/start: -71
[  820.790635][T12109] usb 6-1: can't read configurations, error -71
[  820.792350][T15005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  820.797104][T12109] usb usb6-port1: attempt power cycle
[  820.813593][T15005] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  820.867840][T15009] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2374'.
[  820.979257][T15011] netlink: 'syz.5.2376': attribute type 1 has an invalid length.
[  821.065093][ T5891] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  821.199260][T15011] 8021q: adding VLAN 0 to HW filter on device bond5
[  821.235811][T15013] bond5: (slave erspan0): making interface the new active one
[  821.244835][T15013] bond5: (slave erspan0): Enslaving as an active interface with an up link
[  821.254418][ T5891] usb 2-1: Using ep0 maxpacket: 8
[  821.272851][ T5891] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  821.311024][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.333380][ T5891] usb 2-1: config 0 descriptor??
[  821.562852][ T5891] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  821.575283][ T5891] asix 2-1:0.0: probe with driver asix failed with error -71
[  821.584488][ T5891] usb 2-1: USB disconnect, device number 71
[  822.680008][T15029] netlink: 'syz.5.2377': attribute type 1 has an invalid length.
[  822.951629][ T5891] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  823.181914][ T5891] usb 2-1: Using ep0 maxpacket: 16
[  823.483524][T15037] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2377'.
[  823.486232][T15029] 8021q: adding VLAN 0 to HW filter on device bond6
[  823.590457][T15034] bond5: (slave erspan0): Releasing active interface
[  823.844293][   T30] audit: type=1400 audit(1746532524.465:1360): avc:  denied  { connect } for  pid=15038 comm="syz.4.2382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  824.163829][T15043] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  824.260027][T11433] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  824.280793][T11433] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  824.294412][T11433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  824.305296][T11433] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  824.326162][T11433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  824.372415][T15045] Failed to initialize the IGMP autojoin socket (err -2)
[  824.650408][T15051] netlink: 'syz.2.2384': attribute type 1 has an invalid length.
[  825.006831][T15051] 8021q: adding VLAN 0 to HW filter on device bond7
[  825.304097][T15053] bond6: (slave erspan0): Releasing active interface
[  825.318011][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  825.412407][T15062] ceph: No mds server is up or the cluster is laggy
[  825.565868][T13830] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  826.103315][T15053] bond7: (slave erspan0): making interface the new active one
[  826.120304][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  826.154355][T15053] bond7: (slave erspan0): Enslaving as an active interface with an up link
[  826.238163][ T5891] usb 2-1: unable to get BOS descriptor or descriptor too short
[  826.269288][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -71
[  826.276976][T13830] usb 5-1: Using ep0 maxpacket: 8
[  826.287180][ T5891] usb 2-1: can't read configurations, error -71
[  826.295341][T13830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  826.308220][T13830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  826.323727][T13830] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  826.333977][T13830] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.350465][T13830] usb 5-1: config 0 descriptor??
[  826.401554][   T30] audit: type=1400 audit(1746532526.869:1361): avc:  denied  { setopt } for  pid=15071 comm="syz.2.2387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  826.422683][T15072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2387'.
[  826.506470][   T30] audit: type=1400 audit(1746532526.962:1362): avc:  denied  { getopt } for  pid=15071 comm="syz.2.2387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  826.560258][T11433] Bluetooth: hci1: command tx timeout
[  826.774507][ T5891] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  827.031823][ T5891] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  827.119834][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  827.143431][ T5891] usb 2-1: Product: syz
[  827.154569][ T5891] usb 2-1: Manufacturer: syz
[  827.175470][ T5891] usb 2-1: SerialNumber: syz
[  827.189379][ T5891] usb 2-1: config 0 descriptor??
[  827.231562][T15045] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  827.252557][T15045] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  827.269974][T15045] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  827.278860][T15087] ALSA: mixer_oss: invalid index 40000
[  827.295056][T15045] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  827.429151][T15070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  827.512638][T15070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  827.582315][ T5891] cx82310_eth 2-1:0.0: probe with driver cx82310_eth failed with error -22
[  827.611301][T15095] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  827.632657][T15095] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  827.769533][T15070] netlink: 'syz.1.2388': attribute type 11 has an invalid length.
[  828.433827][ T5891] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19!
[  828.810423][T11433] Bluetooth: hci1: command tx timeout
[  829.000579][T13830] usbhid 5-1:0.0: can't add hid device: -71
[  829.006959][T13830] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  829.325268][T15045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  829.354469][T15045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  829.386230][T15045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  830.094252][T15045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  830.106518][T15045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  830.117080][T15045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  830.126927][T15045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  830.155692][T15045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  830.377027][ T5891] usb 2-1: USB disconnect, device number 73
[  830.385097][T13830] usb 5-1: USB disconnect, device number 102
[  830.400341][T15045] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  830.463502][T15045] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  830.465162][   T30] audit: type=1400 audit(1746532530.657:1363): avc:  denied  { write } for  pid=15115 comm="syz.4.2398" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  830.483061][T15045] wireguard: wg0: Could not create IPv4 socket
[  830.506968][T15045] wireguard: wg1: Could not create IPv4 socket
[  830.516197][T15045] wireguard: wg2: Could not create IPv4 socket
[  830.527830][T15119] binder: 15117:15119 ioctl c0306201 2000000003c0 returned -14
[  830.556562][   T30] audit: type=1400 audit(1746532530.704:1364): avc:  denied  { shutdown } for  pid=15117 comm="syz.2.2399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  830.653510][T15121] omfs: Invalid superblock (0)
[  830.857896][T13830] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  830.865970][ T5891] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[  831.007469][T13830] usb 5-1: device descriptor read/64, error -71
[  831.083965][ T5891] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  831.106929][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.209919][ T5891] usb 2-1: config 0 descriptor??
[  831.245833][ T5891] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  831.274649][T13830] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  831.413718][T13830] usb 5-1: device descriptor read/64, error -71
[  831.484387][T15111] 9pnet_fd: Insufficient options for proto=fd
[  831.532465][T13830] usb usb5-port1: attempt power cycle
[  831.595049][ T5891] gp8psk: usb in 128 operation failed.
[  831.859218][T15110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  831.876274][ T5891] gp8psk: usb in 146 operation failed.
[  831.892023][ T5891] gp8psk: failed to get FW version
[  831.905111][ T5891] gp8psk: usb in 149 operation failed.
[  831.924591][ T5891] gp8psk: failed to get FPGA version
[  831.951698][ T5891] gp8psk: usb in 138 operation failed.
[  831.959086][T13830] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  831.982288][ T5891] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  832.005164][ T5891] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  832.016153][T13830] usb 5-1: device descriptor read/8, error -71
[  832.079913][ T5891] usb 2-1: USB disconnect, device number 74
[  832.291049][T13830] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  832.349143][T13830] usb 5-1: device descriptor read/8, error -71
[  832.494755][T13830] usb usb5-port1: unable to enumerate USB device
[  833.334860][   T10] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  833.595253][   T10] usb 6-1: Using ep0 maxpacket: 8
[  833.621378][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  833.645157][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  833.658303][   T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  833.672432][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.691704][   T10] usb 6-1: config 0 descriptor??
[  834.186295][T15152] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2408'.
[  834.198329][T15152] netlink: zone id is out of range
[  834.204080][T15152] netlink: zone id is out of range
[  834.209710][T15152] netlink: zone id is out of range
[  834.215302][T15152] netlink: get zone limit has 8 unknown bytes
[  834.995033][ T5860] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  835.208756][T15159] ALSA: mixer_oss: invalid index 40000
[  835.689897][ T5860] usb 5-1: Using ep0 maxpacket: 8
[  835.704116][ T5860] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  835.724556][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.741623][ T5860] usb 5-1: Product: syz
[  835.745884][ T5860] usb 5-1: Manufacturer: syz
[  835.750505][ T5860] usb 5-1: SerialNumber: syz
[  835.757754][ T5860] usb 5-1: config 0 descriptor??
[  835.825493][   T10] usbhid 6-1:0.0: can't add hid device: -71
[  835.833285][   T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  835.843118][   T10] usb 6-1: USB disconnect, device number 44
[  835.980073][ T5860] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  836.201234][   T30] audit: type=1400 audit(1746532536.026:1365): avc:  denied  { module_load } for  pid=15144 comm="syz.4.2406" path="/483/bus" dev="tmpfs" ino=2568 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  836.201393][T15146] Invalid ELF header len 8
[  837.143720][T12109] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  837.524016][ T5860] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  837.530105][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  837.535122][ T5860] usb 5-1: USB disconnect, device number 107
[  837.544254][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  837.603446][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  837.617002][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  837.627237][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  837.628410][T12109] usb 2-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  837.790937][T12109] usb 2-1: config 0 interface 0 has no altsetting 0
[  837.835344][T15173] Failed to initialize the IGMP autojoin socket (err -2)
[  837.861139][T12109] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  837.870329][T12109] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  837.879582][T12109] usb 2-1: Product: syz
[  837.896811][T12109] usb 2-1: Manufacturer: syz
[  837.903574][T12109] usb 2-1: SerialNumber: syz
[  837.925979][T12109] usb 2-1: config 0 descriptor??
[  837.996549][T12109] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  839.022651][T15166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  839.060688][T15166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.091935][T15166] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[  839.203743][T15166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  839.255792][T15166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.486279][   T10] usb 2-1: USB disconnect, device number 75
[  839.604654][T15186] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  839.645972][T15187] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  840.230704][ T5815] Bluetooth: hci1: command tx timeout
[  840.361613][ T5860] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  840.403336][T15173] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  840.422487][T15173] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  840.435394][T15173] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  840.450728][T15173] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  840.611949][ T5860] usb 6-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  840.623816][ T5860] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  840.633982][ T5860] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  840.643373][ T5860] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  840.659073][ T5860] usb 6-1: SerialNumber: syz
[  840.714012][T15204] pim6reg1: entered promiscuous mode
[  840.832607][T15204] pim6reg1: entered allmulticast mode
[  841.069827][ T5815] Bluetooth: hci5: unknown advertising packet type: 0x20
[  841.381232][ T5860] usb 6-1: 0:2 : does not exist
[  841.393276][ T5860] usb 6-1: unit 5 not found!
[  841.405304][ T5860] usb 6-1: USB disconnect, device number 45
[  842.564172][ T5815] Bluetooth: hci1: command tx timeout
[  844.841423][ T5815] Bluetooth: hci1: command tx timeout
[  845.183128][T15250] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2428'.
[  845.192682][T15250] netlink: zone id is out of range
[  845.197981][T15250] netlink: zone id is out of range
[  845.203158][T15250] netlink: zone id is out of range
[  845.208349][T15250] netlink: get zone limit has 8 unknown bytes
[  845.758497][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  845.773019][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  845.784584][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  845.801104][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  845.815148][T15254] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  845.826291][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  845.839366][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  845.849605][T15173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  845.860737][T15173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  845.876106][T15173] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  845.907435][T15173] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  846.015624][T15173] wireguard: wg0: Could not create IPv4 socket
[  846.045891][T15173] wireguard: wg1: Could not create IPv4 socket
[  846.202945][T15261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2431'.
[  846.219211][T15261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2431'.
[  846.295034][ T5862] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  846.343458][T15173] wireguard: wg2: Could not create IPv4 socket
[  846.370956][   T24] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  846.530216][ T5862] usb 3-1: Using ep0 maxpacket: 8
[  846.536884][ T5862] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  846.547866][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  846.558803][   T24] usb 2-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  846.570277][ T5862] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  846.580083][ T5862] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  846.589153][   T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  846.600039][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  846.608391][   T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x87 has invalid maxpacket 42124, setting to 1024
[  846.621074][   T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  846.631132][ T5862] usb 3-1: config 0 descriptor??
[  846.640435][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  846.649605][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.657591][   T24] usb 2-1: Product: syz
[  846.661825][   T24] usb 2-1: Manufacturer: syz
[  846.666421][   T24] usb 2-1: SerialNumber: syz
[  847.308194][T15273] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  847.345806][T15273] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  847.994716][T13830] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  848.068093][   T24] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[  848.078332][   T24] cdc_ncm 2-1:1.0: bind() failure
[  848.156496][T13830] usb 6-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  848.180711][   T24] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  848.188549][   T24] cdc_ncm 2-1:1.1: bind() failure
[  848.193901][T13830] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  848.227386][T13830] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  848.238101][   T24] usb 2-1: USB disconnect, device number 76
[  848.254837][T13830] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  848.267170][T13830] usb 6-1: SerialNumber: syz
[  848.700900][T13830] usb 6-1: 0:2 : does not exist
[  848.709021][T13830] usb 6-1: unit 5 not found!
[  848.728666][T13830] usb 6-1: USB disconnect, device number 46
[  849.340322][ T5862] usbhid 3-1:0.0: can't add hid device: -71
[  849.354132][ T5862] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  849.386325][ T5862] usb 3-1: USB disconnect, device number 72
[  850.387779][   T30] audit: type=1400 audit(1746532549.281:1366): avc:  denied  { ioctl } for  pid=15288 comm="syz.2.2441" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  850.516542][   T30] audit: type=1400 audit(1746532549.421:1367): avc:  denied  { append } for  pid=15297 comm="syz.5.2443" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  850.518862][T15298] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2443'.
[  850.565403][   T30] audit: type=1400 audit(1746532549.468:1368): avc:  denied  { setopt } for  pid=15288 comm="syz.2.2441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  850.662212][T15302] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  850.995152][T15310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2444'.
[  851.027595][T15310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2444'.
[  851.167986][T15311] ALSA: mixer_oss: invalid index 40000
[  852.908062][T15333] netlink: 'syz.1.2449': attribute type 1 has an invalid length.
[  853.129203][T15335] netlink: 'syz.2.2452': attribute type 1 has an invalid length.
[  853.436260][T15330] netlink: 'syz.5.2448': attribute type 1 has an invalid length.
[  853.470080][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  853.538854][T15344] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2453'.
[  853.548364][T15344] netlink: zone id is out of range
[  853.553549][T15344] netlink: zone id is out of range
[  853.558824][T15344] netlink: zone id is out of range
[  853.563960][T15344] netlink: get zone limit has 8 unknown bytes
[  854.046265][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  854.056909][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  854.065065][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  854.073376][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  854.093107][T15333] 8021q: adding VLAN 0 to HW filter on device bond11
[  854.260792][T15335] 8021q: adding VLAN 0 to HW filter on device bond8
[  854.273968][T15342] bond7: (slave erspan0): Releasing active interface
[  854.286118][T15342] bond8: (slave erspan0): making interface the new active one
[  854.294432][T15342] bond8: (slave erspan0): Enslaving as an active interface with an up link
[  854.303873][T15330] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR
[  854.336786][T15339] bond9: (slave erspan0): Releasing active interface
[  854.371896][T15339] bond11: (slave erspan0): making interface the new active one
[  854.404537][T15339] bond11: (slave erspan0): Enslaving as an active interface with an up link
[  854.434774][T15338] Failed to initialize the IGMP autojoin socket (err -2)
[  854.616319][T15362] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2456'.
[  854.740546][T12109] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  854.903553][T12109] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  854.913502][ T5862] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  854.943627][T12109] usb 6-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  854.955477][T12109] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  854.966458][T12109] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x87 has invalid maxpacket 42124, setting to 1024
[  854.977777][T12109] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  854.991353][T12109] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  854.999445][T15338] netdevsim netdevsim6 netdevsim0: renamed from eth9
[  855.007136][T12109] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.016567][T12109] usb 6-1: Product: syz
[  855.021213][T12109] usb 6-1: Manufacturer: syz
[  855.025914][T12109] usb 6-1: SerialNumber: syz
[  855.093659][T15338] netdevsim netdevsim6 netdevsim1: renamed from eth10
[  855.131448][ T5862] usb 2-1: Using ep0 maxpacket: 32
[  855.158815][ T5862] usb 2-1: New USB device found, idVendor=cf11, idProduct=2632, bcdDevice=6d.c8
[  855.168778][T15338] netdevsim netdevsim6 netdevsim2: renamed from eth11
[  855.188338][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.209262][ T5862] usb 2-1: config 0 descriptor??
[  855.221042][T15338] netdevsim netdevsim6 netdevsim3: renamed from eth12
[  855.616269][   T30] audit: type=1400 audit(1746532554.023:1369): avc:  denied  { remount } for  pid=15364 comm="syz.2.2460" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  855.769636][ T5860] usb 2-1: USB disconnect, device number 77
[  856.238092][T11433] Bluetooth: hci1: command tx timeout
[  856.412919][T15381] syz.4.2461: attempt to access beyond end of device
[  856.412919][T15381] loop4: rw=0, sector=64, nr_sectors = 2 limit=0
[  856.426732][T15381] isofs_fill_super: bread failed, dev=loop4, iso_blknum=16, block=32
[  856.602231][T12109] cdc_ncm 6-1:1.0: failed GET_NTB_PARAMETERS
[  856.609960][T12109] cdc_ncm 6-1:1.0: bind() failure
[  856.620419][T12109] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  856.627686][T12109] cdc_ncm 6-1:1.1: bind() failure
[  856.637383][T12109] usb 6-1: USB disconnect, device number 47
[  856.714322][T15389] netlink: 'syz.1.2463': attribute type 10 has an invalid length.
[  856.722313][T15389] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2463'.
[  856.741711][T15389] CUSE: unknown device info "ÿ
"
[  856.746722][T15389] CUSE: zero length info key specified
[  856.759148][T15389] netlink: 'syz.1.2463': attribute type 1 has an invalid length.
[  857.610490][T15338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  857.635155][T15338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  857.650890][T15338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  857.665316][T15338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  857.687588][T15338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  857.705439][T15338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  857.716247][T15338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  857.728891][T15338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  857.786303][T15393] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2464'.
[  857.795893][T15393] netlink: zone id is out of range
[  857.801114][T15393] netlink: zone id is out of range
[  857.806296][T15393] netlink: zone id is out of range
[  857.811452][T15393] netlink: get zone limit has 8 unknown bytes
[  858.263439][T15338] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  858.289014][T15338] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  858.309084][   T30] audit: type=1400 audit(1746532556.708:1370): avc:  denied  { append } for  pid=15394 comm="syz.1.2465" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  858.325327][T15338] wireguard: wg0: Could not create IPv4 socket
[  858.341673][T15338] wireguard: wg1: Could not create IPv4 socket
[  858.351856][T15338] wireguard: wg2: Could not create IPv4 socket
[  858.460778][    C1] ------------[ cut here ]------------
[  858.466487][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci1
[  858.473223][    C1] WARNING: CPU: 1 PID: 0 at kernel/workqueue.c:2257 __queue_work+0xc9c/0x10f0
[  858.482083][    C1] Modules linked in:
[  858.486165][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  858.497803][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  858.507864][    C1] RIP: 0010:__queue_work+0xc9c/0x10f0
[  858.513249][    C1] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 e0 e2 8b 8b e8 05 22 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 66 96 37 00 90 0f 0b 90 e9 1b f6 ff
[  858.532863][    C1] RSP: 0018:ffffc90000a08be8 EFLAGS: 00010082
[  858.538937][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ac018
[  858.546908][    C1] RDX: ffff88801dafa440 RSI: ffffffff817ac025 RDI: 0000000000000001
[  858.554881][    C1] RBP: ffff888069a9c930 R08: 0000000000000001 R09: 0000000000000000
[  858.562855][    C1] R10: 0000000000000000 R11: fffffffffffd7720 R12: 1ffff9200014118f
[  858.570828][    C1] R13: 0000000000000101 R14: ffff8880694fa978 R15: 0000000000000001
[  858.578800][    C1] FS:  0000000000000000(0000) GS:ffff888124adf000(0000) knlGS:0000000000000000
[  858.587734][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  858.594323][    C1] CR2: 0000200000013030 CR3: 0000000060a1d000 CR4: 00000000003526f0
[  858.602300][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  858.610271][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  858.618246][    C1] Call Trace:
[  858.621524][    C1]  <IRQ>
[  858.624375][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  858.630186][    C1]  call_timer_fn+0x197/0x620
[  858.634788][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  858.639910][    C1]  ? __run_timers+0x559/0x960
[  858.644595][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  858.650406][    C1]  __run_timers+0x569/0x960
[  858.654924][    C1]  ? __pfx___run_timers+0x10/0x10
[  858.659972][    C1]  run_timer_base+0x114/0x190
[  858.664665][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  858.669874][    C1]  ? rcu_is_watching+0x12/0xc0
[  858.674638][    C1]  run_timer_softirq+0x1a/0x40
[  858.679411][    C1]  handle_softirqs+0x216/0x8e0
[  858.684192][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  858.689488][    C1]  __irq_exit_rcu+0x109/0x170
[  858.694169][    C1]  irq_exit_rcu+0x9/0x30
[  858.698413][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  858.704052][    C1]  </IRQ>
[  858.706981][    C1]  <TASK>
[  858.709910][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  858.715893][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  858.721533][    C1] Code: 15 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 1a 1d 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  858.741149][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
[  858.747218][    C1] RAX: 0000000004c15c7d RBX: 0000000000000001 RCX: ffffffff8b6cd419
[  858.755190][    C1] RDX: 0000000000000000 RSI: ffffffff8dbe124f RDI: ffffffff8bf482e0
[  858.763162][    C1] RBP: ffffed1003b5f488 R08: 0000000000000001 R09: ffffed10170a65bd
[  858.771132][    C1] R10: ffff8880b8532deb R11: 0000000000000000 R12: 0000000000000001
[  858.779101][    C1] R13: ffff88801dafa440 R14: ffffffff90850510 R15: 0000000000000000
[  858.787079][    C1]  ? ct_kernel_exit+0x139/0x190
[  858.791946][    C1]  default_idle+0x13/0x20
[  858.796281][    C1]  default_idle_call+0x6d/0xb0
[  858.801051][    C1]  do_idle+0x391/0x510
[  858.805129][    C1]  ? __pfx_do_idle+0x10/0x10
[  858.809724][    C1]  ? trace_sched_exit_tp+0x31/0x130
[  858.814934][    C1]  cpu_startup_entry+0x4f/0x60
[  858.819705][    C1]  start_secondary+0x21d/0x2b0
[  858.824479][    C1]  ? __pfx_start_secondary+0x10/0x10
[  858.829778][    C1]  common_startup_64+0x13e/0x148
[  858.834734][    C1]  </TASK>
[  858.837756][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  858.845035][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  858.856668][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  858.866723][    C1] Call Trace:
[  858.869999][    C1]  <IRQ>
[  858.872841][    C1]  dump_stack_lvl+0x3d/0x1f0
[  858.877441][    C1]  panic+0x71c/0x800
[  858.881348][    C1]  ? __pfx_panic+0x10/0x10
[  858.885784][    C1]  ? show_trace_log_lvl+0x29b/0x3e0
[  858.891007][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  858.896136][    C1]  ? __queue_work+0xc9c/0x10f0
[  858.900907][    C1]  check_panic_on_warn+0xab/0xb0
[  858.905863][    C1]  __warn+0xf6/0x3c0
[  858.909762][    C1]  ? __queue_work+0xc9c/0x10f0
[  858.914529][    C1]  report_bug+0x3c3/0x580
[  858.918876][    C1]  ? __queue_work+0xc9c/0x10f0
[  858.923649][    C1]  handle_bug+0x184/0x210
[  858.927991][    C1]  exc_invalid_op+0x17/0x50
[  858.932503][    C1]  asm_exc_invalid_op+0x1a/0x20
[  858.937356][    C1] RIP: 0010:__queue_work+0xc9c/0x10f0
[  858.942735][    C1] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 e0 e2 8b 8b e8 05 22 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 66 96 37 00 90 0f 0b 90 e9 1b f6 ff
[  858.962346][    C1] RSP: 0018:ffffc90000a08be8 EFLAGS: 00010082
[  858.968390][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ac018
[  858.976336][    C1] RDX: ffff88801dafa440 RSI: ffffffff817ac025 RDI: 0000000000000001
[  858.984282][    C1] RBP: ffff888069a9c930 R08: 0000000000000001 R09: 0000000000000000
[  858.992227][    C1] R10: 0000000000000000 R11: fffffffffffd7720 R12: 1ffff9200014118f
[  859.000174][    C1] R13: 0000000000000101 R14: ffff8880694fa978 R15: 0000000000000001
[  859.008124][    C1]  ? __warn_printk+0x198/0x350
[  859.012871][    C1]  ? __warn_printk+0x1a5/0x350
[  859.017627][    C1]  ? __queue_work+0xc9b/0x10f0
[  859.022376][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  859.028168][    C1]  call_timer_fn+0x197/0x620
[  859.032744][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  859.037838][    C1]  ? __run_timers+0x559/0x960
[  859.042497][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  859.048281][    C1]  __run_timers+0x569/0x960
[  859.052766][    C1]  ? __pfx___run_timers+0x10/0x10
[  859.057778][    C1]  run_timer_base+0x114/0x190
[  859.062433][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  859.067608][    C1]  ? rcu_is_watching+0x12/0xc0
[  859.072349][    C1]  run_timer_softirq+0x1a/0x40
[  859.077092][    C1]  handle_softirqs+0x216/0x8e0
[  859.081834][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  859.087110][    C1]  __irq_exit_rcu+0x109/0x170
[  859.091769][    C1]  irq_exit_rcu+0x9/0x30
[  859.095987][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  859.101596][    C1]  </IRQ>
[  859.104505][    C1]  <TASK>
[  859.107435][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  859.113398][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  859.119011][    C1] Code: 15 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 1a 1d 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  859.138621][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
[  859.144673][    C1] RAX: 0000000004c15c7d RBX: 0000000000000001 RCX: ffffffff8b6cd419
[  859.152625][    C1] RDX: 0000000000000000 RSI: ffffffff8dbe124f RDI: ffffffff8bf482e0
[  859.160574][    C1] RBP: ffffed1003b5f488 R08: 0000000000000001 R09: ffffed10170a65bd
[  859.168522][    C1] R10: ffff8880b8532deb R11: 0000000000000000 R12: 0000000000000001
[  859.176467][    C1] R13: ffff88801dafa440 R14: ffffffff90850510 R15: 0000000000000000
[  859.184419][    C1]  ? ct_kernel_exit+0x139/0x190
[  859.189267][    C1]  default_idle+0x13/0x20
[  859.193573][    C1]  default_idle_call+0x6d/0xb0
[  859.198313][    C1]  do_idle+0x391/0x510
[  859.202367][    C1]  ? __pfx_do_idle+0x10/0x10
[  859.206931][    C1]  ? trace_sched_exit_tp+0x31/0x130
[  859.212107][    C1]  cpu_startup_entry+0x4f/0x60
[  859.216844][    C1]  start_secondary+0x21d/0x2b0
[  859.221588][    C1]  ? __pfx_start_secondary+0x10/0x10
[  859.226853][    C1]  common_startup_64+0x13e/0x148
[  859.231773][    C1]  </TASK>
[  859.234966][    C1] Kernel Offset: disabled
[  859.239272][    C1] Rebooting in 86400 seconds..