last executing test programs:

3m14.648565226s ago: executing program 1 (id=961):
bpf$MAP_CREATE(0x0, &(0x7f00000020c0)=ANY=[], 0x50)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000000)={0x3, 0x80})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x3fb, 0x7fff})

3m14.47464861s ago: executing program 1 (id=962):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x202, 0xa, 0x2, 0x2000, 0x6})
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)

3m14.124638537s ago: executing program 1 (id=964):
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x0, 0x0, 0x2}}, 0x0, 0x0}})

3m14.064703291s ago: executing program 1 (id=965):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
r1 = landlock_create_ruleset(&(0x7f0000000240)={0x5fff, 0x13, 0x2}, 0x18, 0x0)
read$msr(r1, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mremap(&(0x7f0000213000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
mlock(&(0x7f0000655000/0x4000)=nil, 0x4000)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0xe8)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$P9_RGETLOCK(r2, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(r2, 0x407, 0x7000000)
ioctl$CEC_ADAP_G_PHYS_ADDR(r2, 0x80026101, &(0x7f00000000c0))
r3 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90)
ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, &(0x7f0000000180))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$binfmt_register(r3, 0x0, 0x0)
munmap(&(0x7f0000860000/0x1000)=nil, 0x1000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3m12.096002589s ago: executing program 1 (id=972):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x20f47)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0xd)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x4004)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r3, 0x28, 0x20006, 0x0, &(0x7f0000000000))
r4 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r7 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
add_key$keyring(&(0x7f0000000040), 0xfffffffffffffffc, 0x0, 0x0, r7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

3m10.92364073s ago: executing program 1 (id=978):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
prlimit64(r2, 0x1, &(0x7f0000000180)={0x9, 0x9}, &(0x7f00000001c0))
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x44b, 0x0, 0x0, {0x7a}}, 0x20}}, 0x0)
pipe2(&(0x7f0000001040), 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4)
ioctl$SIOCPNGETOBJECT(r6, 0x89e0, &(0x7f0000000480))
r7 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r7, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)={0x18, r0, 0x333, 0x0, 0x0, {0x1c}, [@HEADER={0x4}]}, 0x18}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

3m10.486822585s ago: executing program 32 (id=978):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
prlimit64(r2, 0x1, &(0x7f0000000180)={0x9, 0x9}, &(0x7f00000001c0))
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x44b, 0x0, 0x0, {0x7a}}, 0x20}}, 0x0)
pipe2(&(0x7f0000001040), 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4)
ioctl$SIOCPNGETOBJECT(r6, 0x89e0, &(0x7f0000000480))
r7 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r7, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)={0x18, r0, 0x333, 0x0, 0x0, {0x1c}, [@HEADER={0x4}]}, 0x18}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

2m34.06271916s ago: executing program 5 (id=1107):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
syz_usb_connect$uac1(0x4, 0x71, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x2}, &(0x7f0000000000)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0)
statfs(0x0, 0x0)

2m33.966830413s ago: executing program 5 (id=1108):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
socket$nl_generic(0x10, 0x3, 0x10)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffc, @broadcast}, 0x2}}, 0x2e)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r5, 0x0)
listen(r5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r6, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r5}, 0x20)
recvmmsg(r5, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/220, 0xdc}], 0x1}, 0x7}], 0x1, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="796100c5d2fbbd0000007e000000"], 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)
r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000100)=@base={0x12, 0x2, 0x8, 0x2}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r8, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r8}, 0x4)
r9 = gettid()
r10 = getpid()
rt_tgsigqueueinfo(r10, r9, 0x21, &(0x7f0000000300)={0xf, 0x0, 0x2})

2m33.530445857s ago: executing program 5 (id=1111):
r0 = syz_open_dev$hiddev(&(0x7f0000000180), 0xe117, 0x22800)
ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x80)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
setrlimit(0x40000000000008, &(0x7f0000000100)={0x3, 0x9})
r3 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000140))
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[0x10583a, 0x5, 0xa, 0x4000000000, 0x6, 0x2, 0x1041, 0x4, 0x7, 0x8000000000000000, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0xbe3, 0x6a], 0xeeee8000, 0x1000d6})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat2(r5, &(0x7f00000006c0)='./cgroup\x00', r5, &(0x7f00000003c0)='./mnt\x00', 0x0)
ioctl$SG_GET_SG_TABLESIZE(r5, 0x227f, &(0x7f0000000080))
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'syztnl1\x00', &(0x7f0000000700)={'tunl0\x00', <r6=>0x0, 0x1, 0x8000, 0x7, 0xf, {{0x2d, 0x4, 0x0, 0x3c, 0xb4, 0x67, 0x0, 0x7f, 0x4, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x2e}, {[@timestamp_prespec={0x44, 0x24, 0x34, 0x3, 0x7, [{@local, 0x4}, {@multicast1, 0x4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9a80}, {@rand_addr=0x64010102, 0x24}]}, @timestamp_addr={0x44, 0xc, 0x29, 0x1, 0x7, [{@multicast1, 0x6}]}, @cipso={0x86, 0x38, 0xffffffffffffffff, [{0x2, 0x12, "9f79630011d4bcda881cd6df7d79ed17"}, {0x5, 0x10, "4999c4d9e5e5ef4c45bf5c5e6537"}, {0x7, 0xb, "325094a896abeb930c"}, {0x5, 0x5, "cb8929"}]}, @ssrr={0x89, 0x27, 0x45, [@remote, @multicast2, @loopback, @multicast2, @remote, @loopback, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast]}, @timestamp={0x44, 0xc, 0x71, 0x0, 0xb, [0x2, 0x200]}, @end, @ra={0x94, 0x4, 0x1}]}}}}})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={0xffffffffffffffff, r6, 0x25, 0x5, @void}, 0x10)

2m33.369875817s ago: executing program 5 (id=1114):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001000010028bd7000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="28080000002000000400140014001680100001800c0003000814000002000000"], 0x38}}, 0x408c4)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x101, {{0xa, 0xe22, 0x0, @mcast1, 0x3}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}}, 0x108)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0x3)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$pokeuser(0x6, r6, 0x358, 0x800000000000)
socket$igmp(0x2, 0x3, 0x2)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001a000100000000000000000080200000000007"], 0x1c}}, 0x4000084)
close(0xffffffffffffffff)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

2m32.877103773s ago: executing program 5 (id=1116):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x19)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, &(0x7f00000006c0))
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000180)={r2, 0x10, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000300)={'comedi_parport\x00', [0x800, 0x1f, 0x10000, 0x4, 0x3, 0xcc7, 0x4, 0x10, 0xe, 0x6, 0x2, 0x2, 0x7, 0x1, 0x6, 0x10000105, 0x0, 0x1244d, 0x3, 0x3fff7fff, 0x89, 0x10, 0x1, 0x20001e58, 0x80000b, 0xe6c, 0x8, 0x8, 0x6, 0xffffffff, 0xeffffff5]})
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r6, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d413600000000000002900000003000000", 0x6033)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000e2da5035bdbc1d7c00100001000b000000000000000000000a3c000000120a090000000000cc00000002009d0b3c2c0474c4ac1506f24bccbfc100751700020073797a310000000008000440001500000900010073797a300000000008000340000000031400002111"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000000c0)=0xe9)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x8000, 0x124)

2m32.213793947s ago: executing program 5 (id=1119):
rseq(&(0x7f0000000040), 0x20, 0x1, 0x0)
sync()
sync()
sync()

2m17.483065922s ago: executing program 33 (id=1119):
rseq(&(0x7f0000000040), 0x20, 0x1, 0x0)
sync()
sync()
sync()

1m52.09204598s ago: executing program 3 (id=1257):
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf2507000000080001000100000008000500020000000a0004007770616e330000000c0017000201aaaaaaaa0000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa0}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
socket$pppoe(0x18, 0x1, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'ip6gre0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r2, 0x4008b100, &(0x7f00000000c0)={0x18, 0x0, {0x1, @broadcast, 'sit0\x00'}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r8, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

1m51.798085146s ago: executing program 3 (id=1260):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setrlimit(0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x0, 0x3}})
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c000280050001000000000008000740000000001000170000"], 0x84}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002e00090027097000000000220400000008000c"], 0x28}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
r6 = getpgid(0x0)
r7 = syz_pidfd_open(r6, 0x0)
r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0)
pidfd_getfd(r7, r8, 0x0)

1m48.735909152s ago: executing program 3 (id=1267):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r0 = socket$nl_route(0x10, 0x3, 0x0)
getpgrp(0x0) (async)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000001ac0), 0xffffffffffffffff)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000a00), 0x802, 0x0)
ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000a80)={0x10, 0xc2, {0x51, 0x8000, 0x7, {0x9, 0xa}, {0x27f8, 0x5}, @ramp={0x1, 0x0, {0x1, 0x6, 0x9, 0x4}}}, {0x51, 0xe8, 0x40cc, {0x6, 0x8}, {0xda, 0xff7e}, @ramp={0x9, 0x3ff, {0xfff9, 0x401, 0x8, 0xa}}}}) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)={0x3c, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xff}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async, rerun: 64)
r4 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) (rerun: 64)
write$binfmt_elf64(r4, &(0x7f00000005c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x3, 0x5, 0x7, 0x800, 0x3, 0x3e, 0x80000001, 0x1fd, 0xffffffffffffff4a, 0x12a, 0x6576, 0x0, 0x38, 0x1, 0x0, 0x5, 0x7}, [{0x6474e551, 0x200, 0xb7, 0xfffffffffffffffb, 0x10000, 0x6, 0x9, 0xf1}], "3974f613e7aff5ca2b3c5c9339db68092d5099faca0f31aaea831c37d3e4545a112a27df1f8d293b53e2e77416f3b9661c99504a090ccad1a2f873267ff5142bb3", ['\x00', '\x00', '\x00']}, 0x3b9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x3, r5, 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x1, 0x170bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2100}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}, @AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1m48.332836783s ago: executing program 3 (id=1269):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x20f47)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0xd)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r4, 0x28, 0x20006, 0x0, &(0x7f0000000000))
r5 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f000001b700)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

1m48.136733466s ago: executing program 3 (id=1270):
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf2507000000080001000100000008000500020000000a0004007770616e330000000c0017000201aaaaaaaa0000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa0}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
socket$pppoe(0x18, 0x1, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'ip6gre0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r2, 0x4008b100, &(0x7f00000000c0)={0x18, 0x0, {0x1, @broadcast, 'sit0\x00'}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r8, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

1m47.645629211s ago: executing program 3 (id=1272):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setregid(0xffffffffffffffff, 0x0)
openat$uinput(0xffffff9c, 0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x400, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}, 0x1c)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000001900)={'vcan0\x00', <r6=>0x0})
sendto$packet(r4, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xe, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
r7 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f00000001c0), 0x12)
sync()
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000005700)=[@text16={0x10, 0x0}], 0x1, 0x14, 0x0, 0x0)
r8 = socket(0x2, 0x6, 0x2)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r9=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xfffffffa, '\x00', r9, 0xffffffffffffffff, 0x3, 0x4}, 0x50)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005740)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xfec00000}, {'\x00', "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003900"}})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000008c0)="65660fc736b9230200000f320fc5b0040000000f0f10970fe8fa6426660f35c4e21d4501b9de0100000f32c74424021c320000c744240600000000c4e17de69222ad2eec0e476e04b8200fae82ef66bafc0c66b8004066ef66b8296c", 0x5c}], 0x1, 0x9, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201500000000010d90481a000000000000109022400010000000009040100010300000009210000000122080009058103"], 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_control_io$hid(r10, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='\x00\"\n'], 0x0}, 0xfffffffffffffffc)
syz_usb_control_io(r10, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x20, 0x4, 0x9f, {0x9f, 0x23, "0a57a5834b9f9014c65e67ce5eb3051174d172e74fbe90e07d00592376e621f62f9097532b6a391b5aa526e69a00b8e8e17193ce7daf94f6b82f4c5eea2337faa2279cd7991dcc762e7ad4a6bb1e744eea5ecaf20041b1f7e6cc8aa2dbd57c19caf781987e7a3c44507217cddc71bc9d1f1253e5dd949dabb63af08cc970fcb6bac673f3252a43fa454dcef97cb7a8710b269b3be2425609248c71e1d0"}}, &(0x7f0000000140)=ANY=[@ANYBLOB="0003540000005403dfb27a9722016f856c714155a31b50d063e74d16f52fba96f116f27234490f578378ef82edaa569af714090a1b42ec7e2270d3b6ab85018a870e9bfcc2d8e406aa711ed0d79100a687790f39bb14f342b25c"], &(0x7f00000001c0)={0x0, 0xf, 0x47, {0x5, 0xf, 0x47, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0xf, 0x4, 0x9}, @ssp_cap={0x1c, 0x10, 0xa, 0x5, 0x4, 0x3, 0xf0f, 0x4, [0xffc0c0, 0x3f00, 0x3f30, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "a51e3e652348e3ffa59f8cbb73ebd648"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x1, 0x78, 0x1, 0xd}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x73, 0x10, 0x1, 0x2, "eadca3fa", "fbc2189e"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x60, 0xb2, 0xab, 0xfa, 0x2000, 0x1}}}, &(0x7f0000000940)={0x84, &(0x7f0000000440)={0x20, 0xc, 0x8b, "fb3d24ab7e7bb7d8d10ef55442ec3d1822ef96f32a6b216a257b1f125f3db4929dc1b79cadae19f3569fc4b81a24bbeed28b0a46d40883bf343cb71e264f4e3fd23dd62d555460178b40b452ed34745a3c90f77909dd39a4a612eb8bf00172ea819d2db6e80ffaa683589bc56a4c611aafc0dbd2877f17eb59037442758cfc867f717b646904860cc3d74d"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000500)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x10, 0x80}}, &(0x7f0000000580)={0x40, 0x7, 0x2, 0x4}, &(0x7f00000005c0)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000600)={0x40, 0xb, 0x2, "87cb"}, &(0x7f0000000640)={0x40, 0xf, 0x2, 0x5558}, &(0x7f0000000680)={0x40, 0x13, 0x6, @broadcast}, &(0x7f00000006c0)={0x40, 0x17, 0x6}, &(0x7f0000000700)={0x40, 0x19, 0x2, 't '}, &(0x7f0000000740)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000000780)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000007c0)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000800)={0x40, 0x21, 0x1, 0x3}})

1m33.187525274s ago: executing program 34 (id=1272):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setregid(0xffffffffffffffff, 0x0)
openat$uinput(0xffffff9c, 0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x400, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}, 0x1c)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000001900)={'vcan0\x00', <r6=>0x0})
sendto$packet(r4, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xe, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
r7 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f00000001c0), 0x12)
sync()
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000005700)=[@text16={0x10, 0x0}], 0x1, 0x14, 0x0, 0x0)
r8 = socket(0x2, 0x6, 0x2)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r9=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xfffffffa, '\x00', r9, 0xffffffffffffffff, 0x3, 0x4}, 0x50)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005740)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xfec00000}, {'\x00', "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003900"}})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000008c0)="65660fc736b9230200000f320fc5b0040000000f0f10970fe8fa6426660f35c4e21d4501b9de0100000f32c74424021c320000c744240600000000c4e17de69222ad2eec0e476e04b8200fae82ef66bafc0c66b8004066ef66b8296c", 0x5c}], 0x1, 0x9, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201500000000010d90481a000000000000109022400010000000009040100010300000009210000000122080009058103"], 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_control_io$hid(r10, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='\x00\"\n'], 0x0}, 0xfffffffffffffffc)
syz_usb_control_io(r10, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x20, 0x4, 0x9f, {0x9f, 0x23, "0a57a5834b9f9014c65e67ce5eb3051174d172e74fbe90e07d00592376e621f62f9097532b6a391b5aa526e69a00b8e8e17193ce7daf94f6b82f4c5eea2337faa2279cd7991dcc762e7ad4a6bb1e744eea5ecaf20041b1f7e6cc8aa2dbd57c19caf781987e7a3c44507217cddc71bc9d1f1253e5dd949dabb63af08cc970fcb6bac673f3252a43fa454dcef97cb7a8710b269b3be2425609248c71e1d0"}}, &(0x7f0000000140)=ANY=[@ANYBLOB="0003540000005403dfb27a9722016f856c714155a31b50d063e74d16f52fba96f116f27234490f578378ef82edaa569af714090a1b42ec7e2270d3b6ab85018a870e9bfcc2d8e406aa711ed0d79100a687790f39bb14f342b25c"], &(0x7f00000001c0)={0x0, 0xf, 0x47, {0x5, 0xf, 0x47, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0xf, 0x4, 0x9}, @ssp_cap={0x1c, 0x10, 0xa, 0x5, 0x4, 0x3, 0xf0f, 0x4, [0xffc0c0, 0x3f00, 0x3f30, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "a51e3e652348e3ffa59f8cbb73ebd648"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x1, 0x78, 0x1, 0xd}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x73, 0x10, 0x1, 0x2, "eadca3fa", "fbc2189e"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x60, 0xb2, 0xab, 0xfa, 0x2000, 0x1}}}, &(0x7f0000000940)={0x84, &(0x7f0000000440)={0x20, 0xc, 0x8b, "fb3d24ab7e7bb7d8d10ef55442ec3d1822ef96f32a6b216a257b1f125f3db4929dc1b79cadae19f3569fc4b81a24bbeed28b0a46d40883bf343cb71e264f4e3fd23dd62d555460178b40b452ed34745a3c90f77909dd39a4a612eb8bf00172ea819d2db6e80ffaa683589bc56a4c611aafc0dbd2877f17eb59037442758cfc867f717b646904860cc3d74d"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000500)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x10, 0x80}}, &(0x7f0000000580)={0x40, 0x7, 0x2, 0x4}, &(0x7f00000005c0)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000600)={0x40, 0xb, 0x2, "87cb"}, &(0x7f0000000640)={0x40, 0xf, 0x2, 0x5558}, &(0x7f0000000680)={0x40, 0x13, 0x6, @broadcast}, &(0x7f00000006c0)={0x40, 0x17, 0x6}, &(0x7f0000000700)={0x40, 0x19, 0x2, 't '}, &(0x7f0000000740)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000000780)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000007c0)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000800)={0x40, 0x21, 0x1, 0x3}})

26.228224762s ago: executing program 7 (id=1485):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000380)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r5 = memfd_create(&(0x7f0000000a00)='/dev/loop#\x00\xee\b\xce\xde\xe9\x8d\xd2\xd59\xe8\xda\b\xd6\xb2\x15\xf6F\xb8\xb4{r.\xd2\xea\xec\xdbXe&J \xe9\x16\x82\xe8=\x83\x88sN\x83N`\xf9\xec\xe1<r\xf8\xd56\xaf~Nh%\x14\xf4\x14\xa3\x88i*rR\x17\x1a\vz\x950#(Wy\xc4x\x82u\xa3c\x9ez7\x88\x15\xdbz\xd1\\\xb5&\xd1\xca\xcb\xc5C\xa6,\xc7~\xa3\x86\xee=\xae}\xeb\xe8N\x11\xef\xb2\xceP\xff\xed\xee\xd7x6}-y #\x17\x8d[~\xe2\xab\xe6\xe3\x17\xd2/&\xfb\x13\xf3\xd9\xf4O\xf2\xdb\x9b\x03)\xae\x03\x00\x00\x00W\xb5;\xa6\xb4\'\'\x17\t\x00\x00\xaa\xe8\x81\xc0\x85\xd2\xfe\xcf\x9bn\xee*\x15\x97#\'\xc4\x06h\x1f@\a\n=7\xeb2\xaa\x0e\xee\x03\xd1\xd4\xc2yT\x8a0\x06=\xe7R\x85\x02\xf3\x15\x99z0]\xc4\x04\xb0\xea^\xd9\x1e\xbf\xb6\xe9\x8a\xfe\xd9G\x82\x93\xbf,J}\xed\x06\x18\x86WQn`\xf1\x9b\xb5\x96\xfe\xcf\xeb\x9f\x87:me\x02\x90\xa2\x13O\x9a\xd6\xd0\x12\xf2$7\xb4\x8f\xfaal\xb8\xaaV>\xb16\xfb*\xf5\xd5\\\xa7\xebe\xbe\x9d\xd7\xf5\xb9<\xb2\xc4\xf9:\xef\xc0g\xc3\xb5\x7f\xc0\xcck.5=\xcc\x10Y\xad^*\x10\x00\x00\x00\x00\x00\x00\x00\x0e%\x84\x95bXy\x81;o\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa9{b\xab\x91\x88\xba\xa5J\xfd\xd2\x96R\x06\xeeP\x0f\xb0\xad_\x0e\xf6\xe7k\xbf\x93)\x02yX\x91\xc0\x8c\xeb\xd9\xda=\\\xa0\xdeke\xb6\xef\x10\xd2\xbd9\x87<[BKq\t*t\x9e\xf9\xa6\xb5\xda\tb\xcc%?\x14Y\x9b\x18nx\x19\x11\xb7\x9d~\xc5{O\xd0S\xbdi\xf8\"P>4\x05E|h?\x0f\xf5\xf8\x8c\xce\xebXN\xb7\xc0F\xbao\xf7\xab\xedO\x96\xa1(\n\x1e\xf9\xbe/.\xe2^\xb0\xb6{\x1fdX\x100v\xab\xce\x05\x00i\x85\xf63\x05\b\xd8\xeb\xdf\x00\x00]N\xe1\x9di&\r\xd2pw\x85\vQ \x82v\x8a7\xb6\xf8\x1c\x8c\xf0\xaf\xfa\x17\xbeD\a\vM\x87\xc0Q\x94\xd4\xd3\xc7I@Z\t\xa9\xf0\x9d4c\xb1^\xeeF\x96\xa1{OV\xe0\x1e#\xb3w\xc7\x87\xdd\'c\xcf.\x04\x8b\x9e\xef-b\xbe\x17T\xee\xe1\xf7\'+s\x15\xeb\xb1D\x86\x93\x1e\xf9\xf1L\x0f\x9b7/\xd9D\x91\xc47hI\xbc\x13.@R\x8b\xe2x\x97:A\xf1\xb6\xe2\xc8\xb2\x9bD\xb2P\xdc\xd4\xb1\xa50\x9f\x83~)\x9b7-\x80&r\xbc\xf6<p7\xaaS7\xb4\xcdtd\x81V|\xc6\x99\x81\x80\'\xf8\xb5\xe0{\xb0\x04hVL/\xff\x97\td\xd5\xddc\xc0i5\x9c\x06\x88\x8cb\xfb2\xbf\xa3\xb4\xceF\xd9\xc8\xdf\xfcw\"\xdcv\x8d\x83\x91\xacn[a~\xc8\x9a1\x04\x18\xd2@O\xf3q\xb3\xadj\xb1\x01\xfa\xc4i\'\xa0\x86\x12\xcd3l\x98v;@\x95\xa5\xa8/7\x03\xb2\x88\xa7', 0x2)
fallocate(r5, 0x0, 0x0, 0x200401)
fallocate(r5, 0x0, 0x0, 0x200401)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

20.817507134s ago: executing program 7 (id=1496):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x20f47)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x4004)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r3, 0x28, 0x20006, 0x0, &(0x7f0000000000))
r4 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

18.49001658s ago: executing program 4 (id=1501):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x20980, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pread64(r0, &(0x7f0000000640)=""/154, 0x9a, 0x4046)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@var, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x5a}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000000000000000040000000000000421db2396bbada02f2a60283f2f934c94f83c90eaae26b66fb0efc75aa734b3666700190a78ffe6ed3b84c04a20910fb30d07acfa589fcb65978608d9b2718b0bb32bd2a1fe46e10b"], 0x0, 0x26}, 0x28)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_emit_ethernet(0x87, &(0x7f0000000180)=ANY=[], 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000400)={0x3})
r4 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_adj\x00')
writev(r4, &(0x7f0000000140)=[{&(0x7f0000000280)='0', 0x1}, {&(0x7f0000000080)="d2", 0x1}], 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, 0x0, 0x10, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xb4}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x77c}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_CRIT_PROT_ID={0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080}, 0x20008005)

14.877395802s ago: executing program 4 (id=1506):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x4)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x4)

13.261870638s ago: executing program 7 (id=1510):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000700)={0x7, [[0xa0, 0x0, 0x6, 0x1ff, 0x0, 0x4], [0x81, 0xfffffffc, 0x9], [0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x290a]], '\x00', [{0x4}, {0x6c, 0xfffffffb}, {0x0, 0x8}, {0x1, 0x80000000}, {0x4, 0x0, 0x0, 0x1, 0x1}, {0x18, 0x5f}, {0xffffffff, 0x10}, {0x1, 0x6}, {0x3, 0x3}, {0x0, 0xfffffffe}, {0x8, 0x12}, {0x7, 0xffffffff}], '\x00', 0x1004})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='dctcp', 0x5)
getsockopt$inet_tcp_buf(r1, 0x6, 0x1a, 0x0, &(0x7f00000000c0))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x92, 0xec, 0xc6, 0x20, 0x5ac, 0x77c2, 0xeb3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xc4, 0x1, 0x2, 0xff, 0xfd, 0x1, 0x80, [], [{{0x9, 0x5, 0x2, 0x2, 0x210, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r3, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0003060000000603"]}, 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000700)={0x44, &(0x7f0000000100)={0x0, 0x0, 0x6, "00414f811c00"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0xfffffffd, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x2a, &(0x7f00000002c0)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @address_request={0x11, 0x0, 0x0, 0x1}}}}}, 0x0)
r5 = socket(0x10, 0x803, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040))
recvmmsg(r5, 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6000ed6a00143b"], 0x0)

11.861516772s ago: executing program 4 (id=1514):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000fc0)=ANY=[@ANYBLOB], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0003"], 0xffffffffffffffff, 0x0}, 0x0)

9.466949902s ago: executing program 7 (id=1519):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_usb_connect$cdc_ncm(0x0, 0x76, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000140)={0x50, 0x0, r5, {0x7, 0x29, 0xfffffffe, 0x200, 0x0, 0x3ff, 0x2, 0x1, 0x0, 0x0, 0x20, 0x2076}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f0000006280)="c9614df797d5bbaf2d529ccfe807cb2396820ca614edc8f52d067330a81f6c26f4cc0f48e5ae1d42335297538a44b9b28f2d36c39510bcdb6cf2fc17d9b35688d0447cc7167668496bdd28d8df1292b12b61894268f707c212263b3f1ae188c8a69527ac8e196f23028853fd4009294124f18fc47bd2322220e5f0d5d30223095e4e748803b6bf25ba87f40183766b5d2c3a6b3d2f7566b160f0e0742a6cabf6b0071295bc4d5ca4ee60a1fbdc8bbc1f2a59428bc836a1ef0c2dfcbe514f9857f7230f848af37be100dc4f4115ffcb0198774affeb7690dd6782a9f51987dba5d9fd0b6a3426c1ce1e04e48f4255c157450791ba022f0bad4844a22679bb17601987f461d7a35d7de8874cc3c47f360b3c31dfdbf7bb9f93ec80046118660e8bbb18930914f087c05df436073b9ccc5a740f8f634cc827245366b1179aaaddd2bd161f2fa413e1beded9f3063cabd52ece7139af17db00b63117a6b6a1ad8c33ed779d7dddf5b40c17635397b878c7117923f26767864e788da1f79dbbc769fbab45b34198b69dd0599904a0c1297812f9ad9cbf48c59d553b1004ab8213802f3a0852b5b827ab3ea7220873b379b459d7a09af061ccda8bd857d3b2bf2dbaea1b00e2cd0bcc8d6eb11c04bd21532bec66ae36d674a4dd01ab54c27d3267961ecfad0042837fea87d75cecc7a1a58f79f77d72fede0757b7c1f54a5040e741a0fc785ea0ad13bcfc0b69df4dc29dc75e331d2ba03c3cdf04e0a4490159b43c6ae2c010f276c85f3bc46ca94e73e11762739e40e6bfbc113f46ee6ab801b97d42fadc067e23a3151ae90ff64c80e64bba5313475948fbd24a6a95f7ec0b221c9f901c68d184d38b2e09cde68fbd6dd022b6fa1db26aa6ebe2128a93fcb7259ebcde896bd81685c881cb25f581e27479f929e1094852559209c255b0dd5317b148567674b235b10e093363e8e4bd15c4ab90c44abaadbfeabd65e26223543c415befff4d280ad0f0dc132b5413bbe96fdedcabc55e9f3eeead53a1f2d7c0455c8a3bda363a8c33c99888a05546f49dc4c3593aeb30b8ea314b77b8d117334d9c3f800a132e4c3bab461863f027dcfc066bf93f0426d74e02c92a0727309d5bf5bf8242a2b594b81de0e030e55f0125b5d4e12dbffc6806a6c7bd6d62c3d54e87f0607e08750d808a2f442a7eac0ec311c3498b9709ae2f505d5e8b3670079847644147741ffca679bbd1b658bc6c422e58d070f8608c246677af0e2efff5cbf88b3b4a0431a2f26648d64991cf99848012cb6eecb8a13ea91ce77d3c8f2bc047370f4811ae5c341371e3b65bed88294580ba90258c8d36683f21d91a8a914948b2222e4127b061cc0121b97a1b9b1c4ebb7ee166b5af58497d7e0ac90fda25e41a2490ec5d143d0e47475741b30138585637d7997fff2a8805a88c4bd75975ccffcbabefa3576328d86e802b8490e8a773e01afa74fa26c6849deb15b05596e7226cdc0c0ff364bcb4e62ec54984c9485b6eb819165972b9c935a3ae18c698438582e170437c538d7d24a935036964c77e6ed37de77c64384b258f7bbe944f630d3ca82c441c6b2c5bc73dd9f90ecff67a816de7b15bdcaa5a5f1bb8b270a8ac1119e1626e29eb5f2ae4595ca2e10c2e6b297c30c3eeb432ad374101938916c77aefd2ed0f5bb658922bdec9bd76767b9a4b56a15aaa2f7e7d06dba36710a4c8d69d2361aa5f1864710d0868d8f7616cffac40e0accd9b44df8cb5b5324039d82c44e9b97d3a77d914a3738cab84541f0dfc2ed93fb3a746d19cf73495cab380afcdac8acf300e34bb68917009ec1d205dc315669c6341218ebbd0a380c0d14396732e430544ea02d9aff1ffd199c475c4cd313aac4de1121055d806858ee1538436a5f3a549230a42698aeaa3b58b5b9dbf6e11292dad9e0535f5c0685105a448888101ca2228ab50af16b657bb9abb5d4c40cf03931f345663ef6e7655048f78bd23227c6a78bd8b8a457abad7267c8d3ed8decb74cfb21c98471c31f068fd8fea32f13d4478e476d7b5ee10579bda100686db9b3fac14b71e614fd156bddbbde1bf759d0023eb50345e970fa93efd99469583eecec690147f3c075da4efeda849b172829f34e31b281d844fb7c04ca49b30a15abbe493c191e003b76ccb8b2e560ddc3573c6182a87f8e5bdbe10333b3ff3381705984e5595831c025335d0438b053d17fe2f43424735ec3e9d0e8dc278d9e3f35d8d6881e47801d9f77ddf9954ba8f4fe95c295a67968b07bde6378b5ccf24f3d0d228b3cfb4624318828a2649af11698c56860c85617a5151f879846383f5fcf0e9ac483bc4c60beda3bd273a594fc26850d31a852839f23f9e5ffd31d63a7cee2341f22f385d41521aacfe6faf1c5b1e024cd6c6cd4b8696b8e66c6268196da27dc4090552748260bba916b932cbf8066b07dbf5f75b5ea04c385d2ac971d079ab7d4a6bec1008b7564f167aa903acda2ef1756ddbdee86ad25b172479756036d1e11b5c2ab10e657e3b3c768840fd111477bfa05b9e7a2ee765d685f7688765f2441e052a60f56286e6d15ea19d98306a0a5b5efd5b1363bf357d836cb20bb2420ecff7fd682c78763bd1ab31561e6a36a20bf57024852e168bdbc82efa42f7302dc5519c2b56ba3e960437e69f5502048e914540bd4e6138e04e3cb04c75abaee441dd29e23a23948eecb2a7883ae6f3c35b3a3a965fd062688a5975059da47b6029f38baec8d3932295a2257c83a0f966aa7c19db13ccadb86c6c81d84a09bd0782cc87369c8b3a006fee64323c964dcd731fbcaa2f1c1b19f55688365f183bc26bcb636eb0622fc5f5804d46db493737078fe6a6e82f34e48eef5974787c8c4b8abd8a0dcf516862454915b7b9d81a48b9d14a3a08a9408e41c3522480a925cb9521f02cf4380aa44796fa9569aa5043787d9c3a0a345f202d66e28f6c5fc17f8998655bff0351687e2ef6ee523f965d37ed7c4c1fedc51ad7024d8c1102fef833ecf9289050b944e2e9a5646e090f5ab5be3759ea66ee79d5f870fea4ed505a231461421084317c6c5379c74ba5eef02b77c9687f49b05606c5969ae5c84f74a7d43b148dddaffcbd45e8c4eefacdd5c8c07f926baf0b1e7f65c7184c56c9ac355fde5df39557d4011b7eeb65a18fca8de446d9879404bf64f3e460232642960938e6c797d3d942534fa64b9fb0ec5648940456ae4ec22df6ccbaca34ff8a296640ed28f903db33533e0bb4927ac96312580810a38738d5c5ae638359379d244d0c45cc9bc4525648748f4a2becb101c08d7c4ecc407067cf1008cb0f14279bae658ea5f16084769ad66a8e6a9a5137ec65764ec6d25e688cf8a357252420b1ba619e8ab19d28019060434a9d2579be998e8a735778b690cad9512cc9604d2e60e01f2cbb714dbfd87795092e0ff7acb8217074a6d0b9ae00d80685798eb4bee828dff6e1f6858202381cb4051c6a5b6918f8c042a3698ac5eb402abc1f27932764ebd54daa45105666041c1a51e55bf1761c2dbe2c75a511b168f4961385d1a7b7c780fc1c23f1710b7c1e4716e99ed044ce4697fa3b649bc85443ef1b111549d342cd2a417158d01c483e6a2d6535a5801c00f5a7bb47a0d51656bd50824b2f998ea59cde88a7c329e09f19a704104309b674e9b6dd48acd0abee6366ae1ccc24fc2cb1fc0666e71c57e314464c2f2b950b76d426441265f34ae20af7e5dbf47773459f2e34a3b1a2af5d2f406cda82049ca734f22c6ac5e284c4f4c3f10edf89ba7eac611dfd27c46fbad61aa3c5acfd1a29611b917a26ba070169f08e81441e7d6f77f73837dcf6c758c40fecebab6475fee4a6105c844fc52eb603159d4762408911fce84b736a4fae34cb79dd525ebdd53b3b241a08c664a90a6bab087052b82db1f0a9e2f98b78b4998504b148711f47caac7229b708a562e6968b91720b585b2446f7f8aa848d433ebdf0d9d5c866ae7c3660f0be9734959533da9b9484dd10954c7bbc631fc07cf74d1a103076721639a19dec9ba88904c55c3d0e4829d14e48c3f93097521c4a9f4fbcf7b0d17baa7b742afd32a2e78be29f6fb37018bd0579af59985171a8dd5dd35af833fd8816cdd704fa5214260994cd64bae6c7d1376b864874de542dafb0a5c4b29c5bd887bf1dc8ec0e2f907fcffeb6522a3aa20c8ae5912b519049719cba277be7bb6c4341d65fc530804dec7ce5c1a64c4aef279c0da8a1bcc89a63542fc2af2cd1d69701c78db225c596190e81fadabd718b794689fafc929ed092b90218642ae0c75ffe6b9fa9baff10f2424d43ecda2867013d4f2e7562d3bcaa7f51f1f5a96bcc9bff8dd1bce4eaaf49626550183dc19eb358c146b657c2b34fe67a8ecb12b1b29b3d0bf28d6ecc13578f7d1ec1c7f7f76f325d920ff717c7d01baffa0d52166f6849832895f9ec960c65b06506caf39ea6ececccfa197ae151b948d415338c18b3ac35f6f96e67c7662de01f8a92c2a224f4567fc72333b43fb099dda8c49c3cbaee48cff545894390165fc290d798888a84c583b0096513a5c61b2ee1e836b17632cff8f71f9c73546882961cf25a010c7276791167e0dd7d2de8bf44abe9f12419c8776d84418d8e26463ea139e64f82f81fc5b577957f6d34b247a6d7d79aec95d80320b7999f398347835d82a74f3f5637a37ca08158d4022e39ef514f264ba84dacb3c5270272ae94ee3858eaf4de98e8d944273398e315dc42a277fb97d9ee7ddc4f7dbb6cbdbb9283ff1ecbde638ce6edeb18e680addd942f6632e73fc11ba5874a179c79ae67a6406d19ab7293af407cd319862fd4c9568a3bcf31a11adc4ddd8a924e10768594e4689a109daeff28f15a182ee3bfb347f0500005d8dcc691421b6fad377a9ceda726d195eb847ee879664861d4e2e0d3567362524303feafc2b552f0f1f64436ce9efaa63b2b268c674969c879d027c37aca197b71cfe47670cc268de9714a91a3a50c7c205daa613c56c1b1f13d34eaf8dbfc126e0e9fc10cd3e508154e6cea0572e179e424d2270454b1000a3bf4aac26b18efeb9115b6fcd3fcee6ed5b9c3d585394077c35850ef697c5f8a57a270431a0a2e81f6a6269bff09be4da7640fb600130375de62e9796eed4e4e25bfd3f6addfe62addcf2b8fa8eb28d8c3fb20800a8e9ae87c114a1ae91ed347f8ff589cead9e646722180fd60bdc9d0923a1a6ec8fc6de5fadc2203344d459ef6f0145ff71a4cacdabaf1b55f262c86733dd109b747f8740a3959a13a32377e522997fbf93c41fe3408a67d7253df6e399345d9216600f82fefcba9db303442ab3f184c012b1359e8601d85d6b0312ea7b0474d0c8dbca06625643e94ffdacd9a0a2839674249370fa67a5681df0442079cf67bd073859cf3d423711639f8addb6a9acceda893f017f3ca1f23f1245473be8bc6b5c51afc5d088fc764b3d96c9bbe7908806e2b64908bd0be73aa09eeb09de1117d0159b17a166bdb1394892b815aabb68dd7aef00bb6660a31088c88d16d433079552f25801472a7302a44fcdaf13410d15ab5e690cabdfddf112046f58ded90f4d4cdc4de5bfbc5259456ace66f7dbde5c49446d377b87181f0ba03598973137ec2f9b038c0a8ddcd46a6d963086c383c9e86b98fafc0a3b8d7ace5e5f96a0414a4afd5ae75847997f982b338901d81a852081bd47ccd553c2a41aac73f2381e611c8c2581052779e0494f0e1efa0974e11659866f8687fae4236556988b24e0bfc2dceb6f71fe09ee3b4e723dbf369dd22b7889ba296d8c4062aeef1113839c793e4bf16a35b1388ec6af47c363855e03137e9e1d4795beef29d4bb62d611e14fd8f880ff1c8267f259b46229b96bd0e8f7068503b223fc01ba9d8986c601e9807bcd3c232babbbb3112c87d7c30ae496841c03b361045a31e9819b69ec7b94a12d1793ee0b9267a3f9b77e965d1089a2356c46a05f6facfe3e1fe10f5257dd1e83972a9bdf1275ed03ee0c32d8021f264ecd67f635051c9f51f69d4848876c7d68703cbdacaaac18c1ea5e43d9554ddfaeb22f72e73e53760ca15ee52fee57e153702f7f78001a282c8389adc9f1a9b33bda27d4ac6b29dca8b082db3f858df468570d2c099a2b2e5c0897e0183ab8b4dfb62d65d7492347d51ed7b69b414d0de1be678664c7209f849d62d0a5e3a64daeccd1f332831c4b91a11a5c48444e39cd19d0e45120d5ac9c03856df66c8615d359e2f89484a068468a3e319166631932b643d73ad3879b8c8854232384ec62bf7d3c68c51deacdf8685870842e57464659fc9cbfe75f97d8a34d730a74828757661040f9f2cd1832d4c15cb774e0af4d4d0dad5e0098e580f6259bcacb3557fd8442910c8222feb58104d075ef976218a6ceaf10a807b0df2fa5b08945ad17dbc17cd88d7a9bbe2d21332d2ce8a29abbfca7df2f498798e0cb0846c10e4a9125c0b7ab06902f15d8521c10def1ddc94e4f563252894f844a3ee109aec35f766001520926351795ecaa582e90598503a22a9d75bd60c8cb631897d98ea5d66d8f9f06345bb889c4aa21115518b444c2d9d45de72abc73659aafc00465cd3564834389576c5c04f911e2ac0082d72c58e2cec954e6ae72dba6c8b7ed682f488e81bc706d34c723fa3a7ba967b6b00e1abea0e7622a0d9ca17d403bcbf5e2316ab4d46734226ed6797c84161384fbb46b8fe8653cd351e526cca50e7ab8885dd7b5d240cfd15a0253830a7ceb9db44bb12529b77e3cc835442b4d58c7db6a762b7e2c5a3fb37ae9f1426a99823c2df6ca2f6fbf886af52e8565abb7904da69ad7f7029cf73ecc37b5a8c1da6a9e9e1cde38506c96bd7c8d2303d494e422fe181c96a6359b377f18917ae78729911b40b7e69cbefea3c25dd9803aee3183ee3933b5c19d84a400e6c57cb20dc7c7e68739edbf1e8e3475e0a64823dedb46c27780ad01a90a4244891c262d8b0f99e3b1adbb906f82e1977a6101a9d2b44b4b9bfc1f102490ae19e657fa8e7f432eb52d2a4ce932d5346566b887ad4c4f4b5d0dbce790a429f546593e52979c8400441bfe8485c8b864f81b627cf1e20c800b0197b562d0f9b173ca3ba0fae69fe11b91909df9a98ba358e59edbd73da0707a170b3e51928c9c27863dbc83bdecf632b0cc757ab90a270312b2949fdd93f6bea54e303fb0a97b380d516a36f86f053e55e81504affaf7d7b1b8bbde5da525d3f60a628ae17918e07b32b408b51ad3ba6030c3555556334f2fe7c11098007f3e232c8953754c794f807b0ac3680b2a3688f5205d90ccce3ba9c7907508cec61287ad0aa55a151e639bb9086444bdcd149bc5c003340b8381d8c35b073729d2e95a21af1d9995c8093d570b59d8730dd04f3e26ac85e20166e5596082680de90522bcb9532d9e9dce3a10e998f25503902fd7814577ded668bbf3de129c024135a8af420ded350479f13d55290274e3ac63f4568ec7c7a8244f610458d85ecf29aa135d0e56ee52d743200a754ee4508e94d5bc15b3cc8a28c8f37de84fb3cf27ad7590dcaedb78fd8c8f46aaa3529fbb1a2536956c940b605eda0668b1a0f763060bba65d471450a2b34c328c9fb5971851b341a092e315e34a6801cc0808559e5de6d2d9508d11d3072426aa2d43e65f8429c48dbd03197c4f616c253a5b1b50e7ff7cd44df88f5f142997adf976cd2f0cffd673c1791ab969f9dad5867abe531227c059e7b7a9c2343aad230c83513a130ce6e0c4d6815e2bd91f99b6c514703f50fb43139f2e83c521b7e5a3ff4603f006bc7d162047e647234b87439278b10ccd92a4fca136f74d211592235e602d3643fa190cecc8edaf2d727dd5db07f9873048b1f75e19e7c39ef839c0703ec53f70c9fe39b43b98fdacd56b49a416e3b8c66604fb912e3672b8b1a6c5ff7db16320b599513d39460098138b7336d9152df98179f2e07c5abffd4ecf8a2cc8903a40563f187da3a99071bf0c93a65708cb36cd6a69545b78be13a3df9b6c336166b591637bc1be3dfc502200ea982d3b428824cf257184ee93f2d0f3168d4179d238497b84cb73abead20f710057b52ed535adee055081cee4aa842c82c220c160477c16bd1baaa73f46442d2a00658303a9433aa858ce880ed80fa04b592da3c3452a0810f759cbfccd7143d10427c1d39b5c5ecffc590377ce68976315db340e0c00d35d34bec22cfe95882f52f40248281c94758c809d5e65cbf9aeb2dffbdbf2f9a7d10dcd6e7eccc5781851c26990d4a2a2e71598dca6973bfabc82a6135bcc1ee3f1611ced7454e271cbd85a07a583fe89ea98dc4c1b52293adaadfd195b95e6fef37525736a048bd3bb7cc769c50b26c42445f2d5aa37c5ae529b90a5638d920a330ce1ebaf9d979e1b8ee70aba747f7f1a0b9a873167fb5829e64ad08facdfed0fdb76718ef97eeb028cbea23578969190d46e27f81d5eae27987007e217d540d11a33cb36e5768d34d7607ea83221cda3cfefb1cc65f171711160eaadc737013ec1d51de97afd4afc67aa15a23f197800a0566ef4937a6bba9f3334c0aa0e1ed7e9b5c3fc52a3ee112169ed5bce66e88a06f7f3fdda21a10b818c080f2e08e16af6eaac777dff81bfc2231f4cd7360d460091929035b268785e54b3704d52b8c32ffcdf00f21e7f8d3434b3e1ee711a8427596a0e8ae606d02b06914ba09c0a75b2858c7a8dcfff15e2a78549a447dd5d0d5ce912623e4b43fa4106d98e0a5f7960deef827fa30e52697f486cc9928e9b614253a461435d9e993f4a2a700dd0bc54519a2044f36e8f02fb78ca1025d1ce8c35366eddc90818ca1cf9e28bb8ae0f337efe98b82af2547fa03c3eb0813e942d92f1dedac412fa6738c73339959d8f620ceb02ef65dc0a9e4ca272d1965c73c2b06810ba6e13d83de07c4eecbb9e43744b414003057bc26fce09696e98146e59b79a6d817e26b132e3c935d8e5230335ae363a42084ba271058fb25268b139397ef984861d4adbec66e66477df46049fcb8e5f0179846ca020284eccac22b51c3273ae69898295686843bfe2c2ce4f43ea8668a3121558c52d4eb967341197f650e3f145877eb1f5de8377434b18eb2a7bdbb5d7db569d0564d2db7b31f174113d8487be7a5f91f97cda158aac83f0b84eb6a787d30f35f8a1e5ce28f9f86999a06cec497fcd1c8c1c570eb00f1946f300a03bf9b08584df33e2050950dcf4010928365d667d8ee42403c9d1bab54a7518428f7679e0a0e172f33bb3b8b0a829ea3d53fe478fc2556fdb4e51bfa638e9343f628ea570a096e016f5e47e4b72b29b445f9eb12d133277b1213eae6a2ea224ee80e30eb2fd12b08bfb56a588f2f2e67b9c2cb4795c025bb257e954a7720f57687482d119b1850208267eefe0e65b0dc022da6c3324a0d4e1d35dea840b6bdf2fc652579ba3fe55c41126ca4cd54636e86089451e97e5ce3d7cc2499f0882a2c761f0c74640d5152a5bad5091187cbc0c11683f53b5f2b8d4202e33f42070f13e77a63e0794c6ac5dc986a531ab49225d408d8da33a3c89ec856b336faaee251afabc4895afc41165fb558e6c26a3dc12037945f47fc6e60d710f68ca3dd2f18ca8d96cb9e60d2d91cd5b5f56168dc8bda3d3d31779e02c9c6349847504fac30a82466cd692becd3aec74238d336e20a31c2b97be3bbd90c3a2ad938d7ff1b033fc899006acb36eb561a37d4397c09403c845f6081a36d9e4c590f335ebffdee96a0208bf18a9a5ce84ee45c76a22786822e296a957920150f5e11c3354329d4dc328552fa3f2a93d506c7159ddc3054cb1447808cd87c78b9cf74ace81847d712a68d5e88f9c75808fe57383d9867b264e7e3ba233a6bc79a13bf35531e40a1c0d8becacf3d51b07a0cd50e81153e4a0a70128d36ffc096c408b55f47496d08b0153a3e669688a4354ba7dcb65fad21760813afa8a8e4789a9466d7997a27f92e9dfd0e3f9e499c188a200dddc7b57794a2239feb263e8421b79df4f0e6444704476e209101ac5fbc55d41ed0ea466b05401148963ae15dbebfb8d6981330e5b9dcdb01c9d6f9f95ccf28a878e891ae69163071eebd1b738861c58c7b8b0022379412596ea8c2914977e419c5ed53c32e7b191cb148784f42044947eb19e61daf6c853364037a9f734732c8fe5ef76fcec755569621aa4cb7cffd79ffb01b18630bff7751a7e13c3e1427f3cc068ff199ddfe132eaeb4ecd69e48ce59230eff0a81f98ed2835afe2f8911bd9b03ea42cf67abe104cc8b6ee648b515c53f082aaf2ff9cccd1c5c11b920ad82b3bab7e301547713acc37a507059d5a854d08c1330827c87bcf9fb8a337f9d786f653ae90fa293285d5b2b8baf0bc97214dceb9ce1f882acdc45fc1b1c9c1ab8b9931c284fdd21a1c459a064b66f9ccecdc34bf616d9c96c44d741410307968b30d5d4512d5e3c130e2837c10a534bdc7598015c2c0fd1ced2b19628494e5726e55816da6f64c599f7617298c5e1cf4459622dfbf795488238ae1c2716843d2c8ecd1427e068d868ff4d1fa4ba4c701ac81962372867d7c021dd1d0056ef9426e5f8f0579cb26c812abf463d954d5776a3b9f52691ba69ef9dc8fbad3bbafabf6080a9811d23fc9ef802a85a5c315c4700b4d8c68544ca96203f606065bd5e42e1f593d34ef6a086a5399505d12dcd85aafb81da899eb2f01d742b735ec7820330cc92e10b243cafb228c195ade2a4f096b0170bb1be7d5265af0b9598740a5a874326e60cf475c99cacecb013d1eb5202169bcc3d8a1b98484d0dd5b06e4c432e6af4b1fe2a897215295febd579ef3ff568cf02ff1a5c6ba147c4505b3a6119a43b0f960e5fafbcf50135b7efe743580d399f1b21dd8566ab93c12efe9a00902e9fdd333c08ddeebd1a0bcad6cf5ad53fbfa2ce04bb6aa24fe9367c63e2f4f90359b7db4d68d9b68d3d40a5722c6c1fb1e62b27ebbf1bdb39ed409fb579572d64078d1391bad71b2816183da174f2d5c956ae58fd926750a272921b919f0a4aa5f824a79ddaab60c7da7c282053274df30d1df6df3e7e023e9675c329f921999c3afd1ba877b1e19ed260f2119795db264fbb9d72f4a31f230d26e12ebfa04ff480f2e6636daf722ef11df1ee5d99cf999f7dd61606c132d5f8ce95e0b154af0cb9f9ad20a49dc86bb2ad7e2f86069123aa8e25347ab2367c10b3835b72f25e953041dea58242a9b6dcd3635c24bc75f69fc7f18e90fc7c02e11c5243fa9ffceb2951eef8538f49b05c08779e8b68ce637a95e41d057522b60e5b1ed27d5a9bbb1400d01c40ce78ca77ba40cfbfbf7a9104b5d3db2f27bc78136599f3c9434167c8c09a8cb159034cac86167174cda08f81f384a8ea3d0fb9344d2eb1ee9171a2ed8e8eb1d60b669db2274c6811a9d254083f5d0f65aacd3dd4dad307c48a1d46f354bab93bcf98b174c40b00717fd55381519ed602675faa9a7f9cad1c46f66bdfd0c8c16f93ab11cb5773227af6a104dd57783b3e03cfa19f5183af3c908bc53d62bcdcb68d767c6afe9fc3be46ff9a9e94833bd39", 0x2000, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x10, 0xfffffffffffffffe, 0x4000000a74e, {0x1, 0x0, 0x0, 0xffff, 0xfffffff8, 0x84, {0x4, 0x5, 0x7, 0x80000000, 0xfff, 0xffff, 0x7d59, 0x7fff, 0x4, 0x2000, 0x7f, r6, r7, 0x78002, 0xff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
mount$9p_unix(0x0, &(0x7f00000002c0)='./file0/file1\x00', 0x0, 0x209000, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r4, @ANYRES8=r7], 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

9.093754256s ago: executing program 4 (id=1520):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r0, 0x40046210, &(0x7f0000000540)=0x1)

8.833604563s ago: executing program 4 (id=1522):
brk(0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x800, 0x0)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
brk(0x979)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000500)="2c385aa3d49100dc6626c892b6bc436a30638ae3bf5847a59be02ebb993f009cedfeea32d8924414972f38d7202337b3c29baebe600180e95ca6105b0eee6c0077a9a592add8b1c785fbd0e16c2fa3f188dd9f53621183a806d594da8a2ce7109880b55ee6784a3691eaa448ec744bdcd40afb03fa51a76c212b085e56b2047c6f6f3db82bb898d53a960b06bcad3b45521735f02dc3c0fdd1e5", 0x9a)
ppoll(&(0x7f0000000300)=[{0xffffffffffffffff, 0xc080}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x60, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYRES8], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20}, 0x94)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0x2}, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000800000000e0ffffff82000400000000000000400006040000000000eb4765899f864d5ab181b6182bb4298619326abcad4102780febfd6733fdf2c4ce2cf8c6b5e49bb6ef217a"], 0x0, 0x32, 0x0, 0x1}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7ce8001602000000008cc01d76bcbb50e8000000", @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
socket(0x10, 0x80003, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8400, 0x0)
ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)

8.240306779s ago: executing program 7 (id=1523):
socket(0x400000000010, 0x3, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'caif0\x00'})
r1 = socket$pppoe(0x18, 0x1, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, r1, 0xfffff000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x22, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
syz_open_dev$dri(0x0, 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="370000001000010000000000000000000000000a78000000060a0b04000000000000000002000000500004804c00018011000100666c6f775f6f66666c6f616400000000340002800900010073797a30000000000900010073797a30000000000900010073797a30000000000900010073797a32000000000900010073797a300000000008000a7f61d68f0acb6d69001100010000000000000000000300000a"], 0xa0}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8, r9, &(0x7f0000000180)="282fa8c2", 0x4, 0x5}])
sendfile(r5, r6, 0x0, 0x20000023896)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="3c0100001a00130700000000fcdbdf2520010000000000000000000000000001200100050000000000000000000000010000fffc4e210018020800203b000000", @ANYRES32=0x0, @ANYRESHEX=r8, @ANYBLOB="fc010000000000000000000000000000000000fe32000000fe80000000000000000000000000001b0000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000430500000000000000000000000000fcffffffffffffff7f00000000000000000000000000000000fcffffff00000000000000002dbd7000003500000a00044000000000000000004c001200726663343130362867636d286165732929000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000008847c8fdff6aca181831558526948bd660b3636b8b9b0c1a3f414eb83887fd93efad3f553221296b830482a9d608dd1562f3ad6eb14d672565c0bb5f89f717f78f67f9418a1b67219cf4b0ded80226ba1c84a1dd5fd846a2062bda0a25bfc3b4a13a5d72eae2c542db536280aca7c8dc31861da00ed8c1acc7a3d952f20f611d654c3d6caa3656a759ebae2b38b9d5df169965c3b4277919470614dfb42b61e931"], 0x13c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
socket$netlink(0x10, 0x3, 0x0)

8.02581004s ago: executing program 7 (id=1526):
r0 = socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = userfaultfd(0x81801)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa07, &(0x7f0000000180)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000370400"/20, @ANYRES32=r9, @ANYBLOB="83040100011402002000128008000100736974001400028008000100ac1414aa050005"], 0x40}}, 0x4)

8.000990829s ago: executing program 4 (id=1527):
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
userfaultfd(0x81801)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20040880)
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

8.000225272s ago: executing program 6 (id=1528):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x20f47)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0xd)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x4004)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r4, 0x28, 0x20006, 0x0, &(0x7f0000000000))
r5 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f000001b700)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

7.676259093s ago: executing program 35 (id=1526):
r0 = socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = userfaultfd(0x81801)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa07, &(0x7f0000000180)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000370400"/20, @ANYRES32=r9, @ANYBLOB="83040100011402002000128008000100736974001400028008000100ac1414aa050005"], 0x40}}, 0x4)

6.512380713s ago: executing program 0 (id=1534):
r0 = socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = userfaultfd(0x81801)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa07, &(0x7f0000000180)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20040880)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000370400"/20, @ANYRES32=r8, @ANYBLOB="83040100011402002000128008000100736974001400028008000100ac1414aa050005"], 0x40}}, 0x4)

6.478460982s ago: executing program 2 (id=1535):
truncate(&(0x7f0000000000)='./file0\x00', 0x96f)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x5, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = eventfd2(0x0, 0x1)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x2000000a})
io_setup(0x3, &(0x7f0000000040)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000140)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7, r1, 0x0, 0x0, 0x6, 0x0, 0x1, r1}])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000004200)=[{{&(0x7f0000000440)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000240)="fdd82fbb08678efbfcbfe48ebd23b9f029", 0x11}, {&(0x7f0000000600)="dc2e14d7cd5b772b371149ffbf9dd21a961c4acdc14252265527b107288ad5a47ca1a0fddafa778f621793808a88b9c8e848eadf582ca185988cb7e36e03e8a9da0f032fbec0d82cd0574f31cfecc72e4920d14a378a0bb6150476a00e5e8e6bafab470996b4e2be3591fc6bd9b4501d320cd1245215ac3b0f18f337b8fc6582f5ad6585d5b2367c89b43de1f9bc9dc26c4f7169f5efc1490ef3c57bab60d40c73c956b24fe5d7ea419c4bcae21c8827", 0xb0}, {&(0x7f00000006c0)="ea4fb01e2fb126c3db3ae6bbd3f4684a31b2cfe7f5fd88ad21493c5081cf661675df75b4e57ce3130a21d57a6faede50432315184380f49f7213dc337e4b7a92e4ef973ef2679ad54554520397115e2a7e3744a0338a863febb2b069ebdb1d72a8abe84aed541706a891eff7c3bd428ea6f8ab443c1a245fd55a603420a8fb27751cdd9e04dbf6140c036c36d20c128f250cc281575908f9a4c5223cd5e154b8f65b429a5f8c66c26dcd485aa0", 0xad}], 0x3, &(0x7f0000002c00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x30, 0x1, 0x1, [r1, r1, 0xffffffffffffffff, r1, r4, r5, r1, r4]}}], 0xe8}}], 0x1, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000001f00010029bd7000fedbdf25fc000000000000000000000000000001000004d2020032000a0101020000000000000000000000001b090000000000800c0015005b073500f2520000b3d6cded9e62ee1bc81fec117070b98e80e0a320b181ce8d00c174c2376f1fea6d6b073b73a76fb67914798ce622cbefd9a4e7b04d1616c96014a6df257b916e53a848ad10233cfd5ffde3c7aa01bfe75b39f97874fa59a203c2e2a35d427c34beb3ba2e8132ffa6e9bbbe9d981660f02afc26beec7848009c8a820763f138204445d36eabd6c8"], 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0xc8)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r7 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x7)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r8, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2})

5.859599605s ago: executing program 6 (id=1536):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xf, &(0x7f0000000000)={0x3, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x388, 0x41d9fda7)
io_uring_setup(0xd71, 0x0)
r5 = io_uring_setup(0x2c86, &(0x7f0000000340)={0x0, 0x1ba4, 0x10040, 0x7, 0x3a2})
r6 = socket$rxrpc(0x21, 0x2, 0xa)
syz_emit_ethernet(0x82, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff1704b45adbde0800450000740000000000019078ac1e0001ac1414aa05009078e00000e0460000000000000000110000ac1414aa000000008303000703fc443c000364010188000000000000000000000000ac1414aa00000000ac1414bb000000000000000000000009ac14140000000000000000000000000000009071a43c2e33d96a64a67d66f4f59d64230b3cf7b64c4c86dd2aeea43968843a17c8d094ee8cfb8526"], 0x0)
bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r6, 0x4)
close_range(r5, r6, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58)
read$usbfs(0xffffffffffffffff, &(0x7f0000000340)=""/135, 0x87)
setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r6}, 0x68)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x4, 0x3, 0x399})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

5.120200519s ago: executing program 0 (id=1537):
truncate(&(0x7f0000000000)='./file0\x00', 0x96f)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x5, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = eventfd2(0x0, 0x1)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x2000000a})
io_setup(0x3, &(0x7f0000000040)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000140)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7, r1, 0x0, 0x0, 0x6, 0x0, 0x1, r1}])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000004200)=[{{&(0x7f0000000440)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000240)="fdd82fbb08678efbfcbfe48ebd23b9f029", 0x11}, {&(0x7f0000000600)="dc2e14d7cd5b772b371149ffbf9dd21a961c4acdc14252265527b107288ad5a47ca1a0fddafa778f621793808a88b9c8e848eadf582ca185988cb7e36e03e8a9da0f032fbec0d82cd0574f31cfecc72e4920d14a378a0bb6150476a00e5e8e6bafab470996b4e2be3591fc6bd9b4501d320cd1245215ac3b0f18f337b8fc6582f5ad6585d5b2367c89b43de1f9bc9dc26c4f7169f5efc1490ef3c57bab60d40c73c956b24fe5d7ea419c4bcae21c8827", 0xb0}, {&(0x7f00000006c0)="ea4fb01e2fb126c3db3ae6bbd3f4684a31b2cfe7f5fd88ad21493c5081cf661675df75b4e57ce3130a21d57a6faede50432315184380f49f7213dc337e4b7a92e4ef973ef2679ad54554520397115e2a7e3744a0338a863febb2b069ebdb1d72a8abe84aed541706a891eff7c3bd428ea6f8ab443c1a245fd55a603420a8fb27751cdd9e04dbf6140c036c36d20c128f250cc281575908f9a4c5223cd5e154b8f65b429a5f8c66c26dcd485aa0", 0xad}], 0x3, &(0x7f0000002c00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x30, 0x1, 0x1, [r1, r1, 0xffffffffffffffff, r1, r4, r5, r1, r4]}}], 0xe8}}], 0x1, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000001f00010029bd7000fedbdf25fc000000000000000000000000000001000004d2020032000a0101020000000000000000000000001b090000000000800c0015005b073500f2520000b3d6cded9e62ee1bc81fec117070b98e80e0a320b181ce8d00c174c2376f1fea6d6b073b73a76fb67914798ce622cbefd9a4e7b04d1616c96014a6df257b916e53a848ad10233cfd5ffde3c7aa01bfe75b39f97874fa59a203c2e2a35d427c34beb3ba2e8132ffa6e9bbbe9d981660f02afc26beec7848009c8a820763f138204445d36eabd6c8"], 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0xc8)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r7 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x7)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r8, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2})

5.119120064s ago: executing program 2 (id=1538):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x2, 0x240400)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000100)={0x1f, 0x11, 0xd, 0x2, 0x69, 0x400, &(0x7f0000000180)="dee5c8b23eb538ce7ec8afbb4bba39a161f6ab05af91dcee533c681c38fbb1e1e3ddd9addb1abaa1481f516c376a585840ee40e38fc4d587b9485197f991614e525682d2500c62df1dbebf0a87aa81e1cb3136e4b51d5f0aa9413cace020e42b871557e130af102876"})
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
syz_open_dev$sndpcmc(&(0x7f0000001bc0), 0x0, 0x48000)
r1 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mknod$loop(0x0, 0x6000, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x1, 0x28, 0x0, 0x0, 0x0, 0x5, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @private=0xa010100}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0xfffe}}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
io_uring_setup(0x31b9, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r5, 0x0) (fail_nth: 3)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f00000001c0), 0x804000, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fZ,rfdno=', @ANYRESHEX=r1, @ANYBLOB])

4.256339869s ago: executing program 2 (id=1539):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000005c0)="f2b314c96d500b66f7fd46", 0xb}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x88, 0x29, 0x4, {0x4, 0xd, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0x80, 0x8, "09e12e5f0b6bdcf7"}, @calipso={0x7, 0x38, {0x1, 0xc, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x400, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}]}}}, @hopopts={{0x150, 0x29, 0x36, {0x5e, 0x26, '\x00', [@generic={0xff, 0x23, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x40, {0x3, 0xe, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1, 0x1]}}, @generic={0x8, 0xae, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e3"}, @generic={0x1, 0x8, "2bdb86d1ce6a20c2"}]}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x73}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x70, 0x0, [@mcast2]}}}], 0x278}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.379407516s ago: executing program 0 (id=1540):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth1_to_bridge\x00'})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
r1 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0)
close(r5)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xa2, 0x7}}, './file0\x00'})
r6 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x4, 0x0, 0x79, 0x9}, {0x5c, 0x0, 0x2, 0x7}]})
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, &(0x7f0000000080))
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newtaction={0xbc, 0x30, 0x100, 0x0, 0x0, {}, [{0xa8, 0x1, [@m_ctinfo={0x50, 0x2, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x80, 0x5, 0x5, 0x1, 0x2}}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, @local, @remote, 0x0, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001400010024050000fddbdf25021f8bc8", @ANYRES32, @ANYBLOB="00f132"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

3.379007371s ago: executing program 6 (id=1541):
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf2507000000080001000100000008000500020000000a0004007770616e330000000c0017000201aaaaaaaa0000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa0}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'ip6gre0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f00000000c0)={0x18, 0x0, {0x1, @broadcast, 'sit0\x00'}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r3, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r8, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

3.378613293s ago: executing program 2 (id=1542):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_emit_ethernet(0x5e, &(0x7f0000000140)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x4100, 0x0, [{0x39, 0x3, "669faeb9808aed37d12ec7a4a494b34ab0b263d63aa8"}]}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2$watch_queue(0x0, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000040)=ANY=[])
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001080)=ANY=[@ANYBLOB="b702000024000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80c0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57abb1af00f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d586270f9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333aab1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486c9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d75007606000000b2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a082c5242c8fa7f01e0873c9c5c604108ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a0338c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b198246d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4c98274eeb666aa1f5fcf91990cf0dcfef9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e91017343e3dc6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000000de00d23dd63b7761d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a38e7868dc32e132124ecf52327631b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f1370d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd038c1817f0d4652a29353b05b16b3c5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df625a47bade4ba41ee014184395a479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2a65246779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04eda001aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f4125377960604f521df5e325efe395a4e3b7ca8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd020000000000000000000000d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a244609ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e7a5dd7503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d58bb5603895f265685f0400000000000000ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0f6f03160ec875b92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c8e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a18668298a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c14233d597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a9adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cb2791add8279c491fa48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89f11a300510776934e87bb3c21394f46954a012b2a3b0760f1bad1dbd6b466e0000000000000000008e5f9004e01fe2b177c5f443d09de4ba8f72d534405f9e7807c864bbca5893376420e38cf47a3660a2ab17b20baa271aa9eaffc19b50f291f51a7cc935023382bd80d7bca313636f3aaa6b788b233097bd545d9bf9715fbf"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe7d}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="b907ef19edfff007049e0ff0888e", 0x0, 0x6500, 0x18000000, 0x0, 0x0, 0x0, 0x0}, 0x48)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000000c0)="94", 0x1}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x6000)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
chdir(&(0x7f0000000080)='./file1\x00')
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000001800)={&(0x7f0000000140)={0x2c, 0x1, 0x0, 0x2c}, 0x10, &(0x7f0000001780), 0x0, 0x0, 0x0, 0x4}, 0x40005)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x970, &(0x7f0000006680)=0x1)

2.33937267s ago: executing program 0 (id=1543):
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00', &(0x7f0000000100)='@\'\x00', 0x3, 0x3)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f00000000c0)={0xf0002000})
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x2400e844)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0xfe800000, 0x0, 0x20040001}, 0x80c0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x20, 0x0, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x14, r0, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)

2.338871195s ago: executing program 6 (id=1544):
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000180)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20040880)
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

2.33622383s ago: executing program 2 (id=1545):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
mremap(&(0x7f0000b00000/0x1000)=nil, 0x1000, 0x3000, 0x6, &(0x7f00000af000/0x3000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002400)=""/102400, 0x19000)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1c00000004000000410000000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0240008c58121e00"/25], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r1, 0x0)
listen(0xffffffffffffffff, 0x3)
fchdir(0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1.184569456s ago: executing program 0 (id=1546):
r0 = socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = userfaultfd(0x81801)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa07, &(0x7f0000000180)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20040880)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000370400"/20, @ANYRES32=r8, @ANYBLOB="83040100011402002000128008000100736974001400028008000100ac1414aa050005"], 0x40}}, 0x4)

1.184175228s ago: executing program 6 (id=1547):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x20f47)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0xd)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x4004)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r4, 0x28, 0x20006, 0x0, &(0x7f0000000000))
r5 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f000001b700)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

26.367402ms ago: executing program 0 (id=1548):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000340)={0x6, 0x0, 0x3, 0x0, 0x1}, 0x8)

23.059221ms ago: executing program 6 (id=1549):
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = socket(0x28, 0x2, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r2=>0x0})
bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r2, 0x3}, 0x18)
sendmmsg$inet(r0, &(0x7f0000002e00)=[{{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000080)="d171e4c4c55f7973", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f00000029c0)=[{&(0x7f0000001500)='i', 0x1}], 0x1}}], 0x2, 0x0)
syz_usb_connect(0x4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000500e180000008001b0000000000"], 0x28}}, 0x0)
socket$netlink(0x10, 0x3, 0xf)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xb)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r8=>0x0]}, &(0x7f0000000240)=0x8)
r9 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0)
ioctl$COMEDI_DEVCONFIG(r9, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x3, 0x2, 0x7fffffff, 0x84e1, 0x2f, 0x2006, 0x6, 0x8, 0x80ffa, 0x1, 0x0, 0x8500, 0x1003, 0x1000004, 0xf, 0x10000, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x9ee, 0x11, 0x40000, 0x8, 0x8, 0x746f, 0x48, 0x5, 0x8, 0x0, 0x4, 0x7ffd]})
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x8efd, 0x0, 0x8005, 0x800, 0xc0, 0x1, 0x67, 0x401, r8}, 0x20)
socket$inet(0x2, 0x80000, 0x7)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)="9092ed06d3743ca7da95d81b97e01dba8dc080e532b7d3e3bd16aec256a307c32fbd", &(0x7f0000002480), 0xce4}, 0x38)

0s ago: executing program 2 (id=1550):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000680)={0x0, 0x465e, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x6000, @fd=r0, 0x0, 0x0, 0x0, 0x0, 0x1})
r4 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x42, &(0x7f0000000000)=0x7, 0x4)
getsockopt$inet6_buf(r8, 0x29, 0x6, 0x0, &(0x7f00000001c0))
sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000104050000000000000000000700000006000640000200000500010002"], 0x34}}, 0x2000004)
r9 = syz_io_uring_setup(0x7dc9, &(0x7f0000000340)={0x0, 0xa12d, 0x10100, 0xfffffff8, 0x234, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000000)=<r10=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xf503, 0x40, 0x0, 0x10}, &(0x7f0000000180)=<r11=>0x0, &(0x7f0000000640))
syz_io_uring_submit(r11, r10, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r9, 0x184c, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ested
[  359.178008][   T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  359.406183][ T4579] team0 (unregistering): Port device team_slave_1 removed
[  359.447550][ T4579] team0 (unregistering): Port device team_slave_0 removed
[  359.455138][ T4161] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  359.823003][ T9642] team0: Port device team_slave_1 added
[  359.848152][ T9810] bond0: (slave gre0): Error: Device can not be enslaved while up
[  359.985572][ T9642] batman_adv: batadv0: Adding interface: batadv_slave_0
[  360.033486][ T9642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  360.081395][ T9642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  360.127812][ T9642] batman_adv: batadv0: Adding interface: batadv_slave_1
[  360.169084][ T9642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  360.209030][ T9642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  360.366990][   T24] usb 3-1: Service connection timeout for: 256
[  360.432978][ T9642] hsr_slave_0: entered promiscuous mode
[  360.439418][   T24] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[  360.475983][ T9642] hsr_slave_1: entered promiscuous mode
[  360.492456][ T9642] debugfs: 'hsr0' already exists in 'hsr'
[  360.500120][ T9642] Cannot create hsr debugfs directory
[  360.788094][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  360.814561][   T24] ath9k_htc: Failed to initialize the device
[  360.847038][   T24] usb 3-1: ath9k_htc: USB layer deinitialized
[  361.063958][ T5888] usb 3-1: USB disconnect, device number 12
[  361.138566][   T10] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  361.313621][   T10] usb 1-1: Using ep0 maxpacket: 8
[  361.385742][   T10] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  361.414816][ T9642] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  361.435258][ T9642] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  361.444821][   T10] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  361.447689][ T9642] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  361.471589][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.473503][ T9642] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  361.508913][   T10] usb 1-1: Product: syz
[  361.529010][ T9868] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžq
Ó†ØÈÌONEOUT'
[  361.557363][   T10] usb 1-1: Manufacturer: syz
[  361.584786][   T10] usb 1-1: SerialNumber: syz
[  361.587585][ T9879] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1022'.
[  361.637168][   T10] usb 1-1: config 0 descriptor??
[  361.681095][   T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  361.726059][   T10] usb 1-1: setting power ON
[  361.733037][ T9642] 8021q: adding VLAN 0 to HW filter on device bond0
[  361.789530][ T9642] 8021q: adding VLAN 0 to HW filter on device team0
[  361.790822][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  361.827813][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.834962][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.851512][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  361.871328][   T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  361.895038][   T10] usb 1-1: media controller created
[  361.904347][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.911489][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.924908][ T9849] dvb-usb: bulk message failed: -22 (3/0)
[  361.932758][ T9849] dvb-usb: bulk message failed: -22 (4/0)
[  361.938561][ T9849] cxusb: i2c read failed
[  361.957562][ T5888] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  361.972955][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  362.090351][   T10] usb 1-1: selecting invalid altsetting 6
[  362.107931][   T10] usb 1-1: digital interface selection failed (-22)
[  362.157329][   T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  362.166038][ T5888] usb 3-1: Using ep0 maxpacket: 8
[  362.181389][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  362.360001][ T5888] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  362.373700][   T10] usb 1-1: setting power OFF
[  362.389261][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  362.397754][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.412651][   T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  362.430006][ T9901] /dev/nullb0: Can't open blockdev
[  362.452681][ T5888] usb 3-1: config 0 descriptor??
[  362.465219][   T10] (NULL device *): no alternate interface
[  362.642695][ T9642] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.678271][ T5888] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  363.061821][ T5888] usb 3-1: USB disconnect, device number 13
[  363.320643][   T29] audit: type=1400 audit(1770844690.818:662): avc:  denied  { name_bind } for  pid=9916 comm="syz.3.1027" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  363.391905][   T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  363.436881][   T10] usb 1-1: USB disconnect, device number 24
[  363.517367][ T9642] veth0_vlan: entered promiscuous mode
[  363.653533][ T9642] veth1_vlan: entered promiscuous mode
[  363.854799][ T9930] /dev/nullb0: Can't open blockdev
[  364.094328][ T9642] veth0_macvtap: entered promiscuous mode
[  364.107979][ T9642] veth1_macvtap: entered promiscuous mode
[  364.125984][ T9642] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.162803][ T9642] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.200470][ T6038] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.212820][ T6038] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.236516][ T6038] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.245476][ T6038] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.328396][ T8406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.338192][ T8406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.409288][ T8406] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  364.456249][ T8406] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.310048][ T9940] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1031'.
[  365.329804][ T8406] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.431316][ T9949] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9949 comm=syz.4.1031
[  365.545243][   T29] audit: type=1400 audit(1770844693.148:663): avc:  denied  { mounton } for  pid=9642 comm="syz-executor" path="/root/syzkaller.uceXI3/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  365.785357][   T29] audit: type=1400 audit(1770844693.148:664): avc:  denied  { mount } for  pid=9642 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  365.853542][ T5931] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  365.896260][   T29] audit: type=1400 audit(1770844693.148:665): avc:  denied  { mounton } for  pid=9642 comm="syz-executor" path="/root/syzkaller.uceXI3/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  365.986702][   T29] audit: type=1400 audit(1770844693.148:666): avc:  denied  { mounton } for  pid=9642 comm="syz-executor" path="/root/syzkaller.uceXI3/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=30139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  366.016452][ T5931] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  366.032626][ T5931] usb 1-1: New USB device found, idVendor=17a1, idProduct=0128, bcdDevice=f4.8b
[  366.046256][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.072404][ T5931] usb 1-1: Product: syz
[  366.095175][ T5931] usb 1-1: Manufacturer: syz
[  366.100012][   T29] audit: type=1400 audit(1770844693.232:667): avc:  denied  { read } for  pid=9950 comm="syz.0.1034" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  366.123784][  T791] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  366.134753][ T5931] usb 1-1: SerialNumber: syz
[  366.150012][   T29] audit: type=1400 audit(1770844693.232:668): avc:  denied  { open } for  pid=9950 comm="syz.0.1034" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  366.178568][ T5931] usb 1-1: config 0 descriptor??
[  366.190170][ T5931] gspca_main: t613-2.14.0 probing 17a1:0128
[  366.196553][   T29] audit: type=1400 audit(1770844693.243:669): avc:  denied  { mounton } for  pid=9642 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2786 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  366.220253][   T29] audit: type=1400 audit(1770844693.243:670): avc:  denied  { mount } for  pid=9642 comm="syz-executor" name="/" dev="gadgetfs" ino=6960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  366.234694][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  366.244313][   T29] audit: type=1400 audit(1770844693.243:671): avc:  denied  { mounton } for  pid=9642 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  366.301550][  T791] usb 6-1: too many configurations: 70, using maximum allowed: 8
[  366.339502][  T791] usb 6-1: config index 0 descriptor too short (expected 65016, got 133)
[  366.348017][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.363251][  T791] usb 6-1: config index 1 descriptor too short (expected 65016, got 133)
[  366.371946][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.392037][  T791] usb 6-1: config index 2 descriptor too short (expected 65016, got 133)
[  366.416233][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.428477][  T791] usb 6-1: config index 3 descriptor too short (expected 65016, got 133)
[  366.438204][ T9962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1034'.
[  366.447327][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.477092][  T791] usb 6-1: config index 4 descriptor too short (expected 65016, got 133)
[  366.492627][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.510320][ T5931] gspca_t613: unknown sensor 0000
[  366.519648][ T5931] t613 1-1:0.0: probe with driver t613 failed with error -22
[  366.532557][  T791] usb 6-1: config index 5 descriptor too short (expected 65016, got 133)
[  366.551723][ T5931] usb 1-1: USB disconnect, device number 25
[  366.579078][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.629674][  T791] usb 6-1: config index 6 descriptor too short (expected 65016, got 133)
[  366.639392][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.659721][  T791] usb 6-1: config index 7 descriptor too short (expected 65016, got 133)
[  366.673786][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.690627][  T791] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  366.705334][ T9964] /dev/nullb0: Can't lookup blockdev
[  366.711541][  T791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.720375][  T791] usb 6-1: Product: syz
[  366.724577][  T791] usb 6-1: Manufacturer: syz
[  366.729204][  T791] usb 6-1: SerialNumber: syz
[  366.746992][  T791] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  366.779848][   T24] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  367.900848][ T5865] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  368.063357][ T5865] usb 1-1: Using ep0 maxpacket: 8
[  368.075480][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  368.100897][ T5865] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  368.110694][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.130206][ T5865] usb 1-1: config 0 descriptor??
[  368.335362][ T5865] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  368.382366][   T24] usb 6-1: Service connection timeout for: 256
[  368.409853][   T24] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  368.450150][   T24] ath9k_htc: Failed to initialize the device
[  368.465113][   T24] usb 6-1: ath9k_htc: USB layer deinitialized
[  368.620222][ T9994] SQUASHFS error: Failed to read block 0x0: -5
[  368.720669][ T5865] usb 1-1: USB disconnect, device number 26
[  368.797908][   T24] usb 6-1: USB disconnect, device number 2
[  369.019426][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  369.028347][ T9998] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  369.040866][ T9998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1047'.
[  369.154705][   T29] audit: type=1400 audit(1770844696.939:672): avc:  denied  { read } for  pid=10002 comm="syz.2.1049" path="socket:[29374]" dev="sockfs" ino=29374 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  369.287378][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  369.293826][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  369.302677][   T49] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  369.511531][T10011] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1050'.
[  369.946962][T10012] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1051'.
[  370.951423][T10039] 8021q: adding VLAN 0 to HW filter on device batadv1
[  370.960293][T10039] team0: Port device batadv1 added
[  370.968204][ T5813] Bluetooth: hci5: command 0x1003 tx timeout
[  370.980051][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  370.997447][T10039] hub 9-0:1.0: USB hub found
[  371.026498][T10039] hub 9-0:1.0: 1 port detected
[  371.111553][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  371.241126][T10046] SQUASHFS error: Failed to read block 0x0: -5
[  371.310627][ T5977] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  371.453534][ T5977] usb 3-1: Using ep0 maxpacket: 8
[  371.459818][ T5977] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  371.470983][ T5977] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  371.480706][ T5977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.491520][ T5977] usb 3-1: config 0 descriptor??
[  371.697036][ T5977] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  371.711988][T10042] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  371.737964][T10042] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  371.753932][T10051] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1062'.
[  371.754271][T10042] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  371.773432][T10042] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  371.789276][T10042] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  371.803895][T10042] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  371.811313][T10051] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10051 comm=syz.3.1062
[  371.973341][   T29] audit: type=1400 audit(1770844699.899:673): avc:  denied  { read } for  pid=10056 comm="syz.3.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  372.126012][ T5865] usb 3-1: USB disconnect, device number 14
[  372.263262][ T5888] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  372.339279][   T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  372.411450][ T5888] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  372.423225][ T5888] usb 6-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  372.432521][ T5888] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.440662][ T5888] usb 6-1: Product: syz
[  372.444925][ T5888] usb 6-1: Manufacturer: syz
[  372.449637][ T5888] usb 6-1: SerialNumber: syz
[  372.457699][ T5888] usb 6-1: config 0 descriptor??
[  372.463629][T10060] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  372.472285][ T5888] option 6-1:0.0: GSM modem (1-port) converter detected
[  372.482366][   T10] usb 1-1: Using ep0 maxpacket: 32
[  372.489979][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  372.501272][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  372.511037][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  372.520462][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.529999][   T10] usb 1-1: config 0 descriptor??
[  372.537544][   T10] hub 1-1:0.0: USB hub found
[  372.766360][T10071] /dev/nullb0: Can't open blockdev
[  372.858437][   T10] hub 1-1:0.0: 1 port detected
[  372.860178][  T791] usb 6-1: USB disconnect, device number 3
[  372.878967][  T791] option 6-1:0.0: device disconnected
[  373.168016][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  373.250294][   T10] usb 1-1: USB disconnect, device number 27
[  373.669601][T10082] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1072'.
[  373.691923][   T29] audit: type=1326 audit(1770844701.695:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10074 comm="syz.2.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876939bf79 code=0x7fc00000
[  373.721183][ T5813] Bluetooth: hci4: command 0x0c1a tx timeout
[  373.727274][ T5813] Bluetooth: hci3: command 0x0c1a tx timeout
[  373.734536][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  373.798374][T10082] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10082 comm=syz.5.1072
[  374.159606][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  374.264406][   T29] audit: type=1326 audit(1770844702.304:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10074 comm="syz.2.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f876939bf79 code=0x7fc00000
[  374.311568][   T10] usb 1-1: Using ep0 maxpacket: 32
[  374.553397][T10109] overlayfs: missing 'lowerdir'
[  374.909991][ T5977] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  375.078447][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  375.109902][   T29] audit: type=1400 audit(1770844703.186:676): avc:  denied  { append } for  pid=10107 comm="syz.2.1076" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  375.171842][T10111] No control pipe specified
[  375.264533][ T5977] usb 5-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[  375.339426][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.474032][ T5977] usb 5-1: Product: syz
[  375.478229][ T5977] usb 5-1: Manufacturer: syz
[  375.488853][ T5977] usb 5-1: SerialNumber: syz
[  375.515548][ T5977] usb 5-1: config 0 descriptor??
[  375.553612][ T5977] usb 5-1: selecting invalid altsetting 3
[  375.568220][ T5977] comedi comedi5: could not set alternate setting 3 in high speed
[  375.587528][ T5977] usbdux 5-1:0.0: driver 'usbdux' failed to auto-configure device.
[  375.617519][ T5977] usbdux 5-1:0.0: probe with driver usbdux failed with error -22
[  375.776082][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  376.434386][T10123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.456595][T10123] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  376.599750][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  376.712714][ T5888] usb 5-1: USB disconnect, device number 26
[  376.860763][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  376.992956][   T10] usb 1-1: unable to read config index 0 descriptor/start: -71
[  377.011990][   T10] usb 1-1: can't read configurations, error -71
[  377.024332][T10136] /dev/nullb0: Can't open blockdev
[  377.054475][ T5865] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  377.235372][ T5865] usb 6-1: Using ep0 maxpacket: 8
[  377.242244][ T5865] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  377.306148][T10138] SQUASHFS error: Failed to read block 0x0: -5
[  377.323310][ T5865] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  377.337955][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.344791][T10147] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1083'.
[  377.400892][T10148] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'.
[  377.851759][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  377.909028][ T5865] usb 6-1: config 0 descriptor??
[  378.102660][ T5888] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  378.118333][T10156] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1084'.
[  378.133503][ T5865] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  378.747913][ T5888] usb 5-1: Using ep0 maxpacket: 16
[  378.772687][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.792390][T10163] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10163 comm=syz.2.1084
[  378.851647][ T5888] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  378.872362][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.931586][ T5888] usb 5-1: config 0 descriptor??
[  379.036020][ T5865] usb 6-1: USB disconnect, device number 4
[  379.140518][ T5888] usbhid 5-1:0.0: can't add hid device: -71
[  379.146535][ T5888] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  379.184883][ T5888] usb 5-1: USB disconnect, device number 27
[  379.263963][T10176] No control pipe specified
[  379.667001][ T7081] block nbd1: Possible stuck request ffff888026958000: control (read@0,1024B). Runtime 90 seconds
[  379.677722][ T7081] block nbd1: Possible stuck request ffff888026958200: control (read@1024,1024B). Runtime 90 seconds
[  379.774989][T10190] comedi comedi0: Minor 3 could not be opened
[  380.255599][   T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  380.681784][ T7081] block nbd1: Possible stuck request ffff888026958400: control (read@2048,1024B). Runtime 90 seconds
[  380.693963][ T7081] block nbd1: Possible stuck request ffff888026958600: control (read@3072,1024B). Runtime 90 seconds
[  380.792796][T10202] xt_hashlimit: max too large, truncated to 1048576
[  380.804518][T10202] No such timeout policy "syz1"
[  380.969516][T10209] /dev/nullb0: Can't lookup blockdev
[  381.591109][T10227] cgroup: subsys name conflicts with all
[  381.631847][T10227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1097'.
[  381.672927][T10227] erspan0: entered promiscuous mode
[  381.680726][T10227] macvtap1: entered promiscuous mode
[  381.686801][T10227] macvtap1: entered allmulticast mode
[  381.692745][T10227] erspan0: entered allmulticast mode
[  381.782708][T10234] SQUASHFS error: Failed to read block 0x0: -5
[  381.898631][T10229] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  381.912439][T10229] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  381.918627][T10229] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  381.925192][T10229] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  382.083527][ T6038] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  382.202684][   T29] audit: type=1400 audit(1770844710.640:677): avc:  denied  { accept } for  pid=10249 comm="syz.2.1103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_socket permissive=1
[  382.242962][T10254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1103'.
[  382.630540][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  383.222730][T10271] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1110'.
[  383.242167][T10271] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  383.292521][ T5977] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  383.378146][T10277] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10277 comm=syz.0.1112
[  383.474504][ T5977] usb 5-1: Using ep0 maxpacket: 8
[  383.479973][T10280] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  383.683295][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  383.774211][ T5977] usb 5-1: unable to get BOS descriptor or descriptor too short
[  383.811463][ T5977] usb 5-1: config 0 has an invalid interface number: 88 but max is 0
[  383.835565][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  383.835592][ T5813] Bluetooth: hci4: command 0x0c1a tx timeout
[  383.835608][T10085] Bluetooth: hci3: command 0x0c1a tx timeout
[  383.895955][ T5977] usb 5-1: config 0 has no interface number 0
[  383.910239][ T5977] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 50, changing to 9
[  383.922238][ T5977] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid maxpacket 25710, setting to 1024
[  383.935298][ T5977] usb 5-1: config 0 interface 88 has no altsetting 0
[  383.972199][ T5977] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  383.981907][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  384.078965][ T5977] usb 5-1: Product: syz
[  384.083173][ T5977] usb 5-1: Manufacturer: syz
[  384.087851][ T5977] usb 5-1: SerialNumber: syz
[  384.094640][ T5977] usb 5-1: config 0 descriptor??
[  384.175472][T10292] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio1-input.0)
[  384.192556][T10292] sp0: Synchronizing with TNC
[  384.198630][T10292] sp0: Found TNC
[  384.451969][T10287] [U] è`
[  384.484065][T10289] bridge0: port 3(vlan2) entered blocking state
[  384.490386][T10289] bridge0: port 3(vlan2) entered disabled state
[  384.496778][T10289] vlan2: entered allmulticast mode
[  384.502161][T10289] bridge0: entered allmulticast mode
[  384.509848][T10259] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  384.518283][T10289] vlan2: left allmulticast mode
[  384.523240][T10289] bridge0: left allmulticast mode
[  384.930755][   T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  385.083746][   T10] usb 1-1: Using ep0 maxpacket: 16
[  385.192971][   T10] usb 1-1: config 0 has an invalid interface number: 35 but max is 0
[  385.202237][   T10] usb 1-1: config 0 has no interface number 0
[  385.213442][   T10] usb 1-1: config 0 interface 35 altsetting 189 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.231833][   T10] usb 1-1: config 0 interface 35 altsetting 189 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.249264][   T10] usb 1-1: config 0 interface 35 has no altsetting 0
[  385.265948][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00
[  385.278827][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.292845][ T5931] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  385.477578][   T10] usb 1-1: config 0 descriptor??
[  385.569071][ T5931] usb 3-1: Using ep0 maxpacket: 16
[  385.618211][ T5931] usb 3-1: config 0 has no interfaces?
[  385.624855][ T5931] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  385.636166][ T5931] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  385.644284][ T5931] usb 3-1: Manufacturer: syz
[  385.655284][ T5931] usb 3-1: config 0 descriptor??
[  385.750362][ T4579] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  385.814484][ T5977] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input25
[  385.842640][ T5977] usb 5-1: USB disconnect, device number 28
[  385.842780][    C0] usb_acecad 5-1:0.88: can't resubmit intr, dummy_hcd.4-1/input0, status -19
[  385.923596][   T29] audit: type=1400 audit(1770844714.546:678): avc:  denied  { ioctl } for  pid=10315 comm="syz.4.1123" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  385.985802][   T10] logitech-djreceiver 0003:046D:C52B.0012: unknown main item tag 0x0
[  385.994148][   T10] logitech-djreceiver 0003:046D:C52B.0012: unknown main item tag 0x0
[  386.006988][   T10] logitech-djreceiver 0003:046D:C52B.0012: unknown main item tag 0x0
[  386.019607][   T10] logitech-djreceiver 0003:046D:C52B.0012: unknown main item tag 0x0
[  386.029981][   T10] logitech-djreceiver 0003:046D:C52B.0012: unknown main item tag 0x0
[  386.047859][   T10] logitech-djreceiver 0003:046D:C52B.0012: hidraw0: USB HID v0.05 Device [HID 046d:c52b] on usb-dummy_hcd.0-1/input35
[  386.177213][T10303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.185890][T10303] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.199452][   T29] audit: type=1400 audit(1770844714.840:679): avc:  denied  { execmod } for  pid=10302 comm="syz.0.1120" path="/229/blkio.bfq.io_merged" dev="tmpfs" ino=1243 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  386.224332][   T10] usb 1-1: USB disconnect, device number 30
[  386.250306][T10319] fido_id[10319]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  386.382669][T10310] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  387.569680][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  387.618579][T10342] x_tables: duplicate underflow at hook 2
[  388.294152][ T5931] usb 3-1: USB disconnect, device number 15
[  389.440788][   T29] audit: type=1400 audit(1770844718.241:680): avc:  denied  { ioctl } for  pid=10357 comm="syz.4.1134" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x3b88 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  389.466012][ T5888] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  390.070483][ T5888] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  390.088428][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.120257][ T5888] usb 3-1: config 0 descriptor??
[  390.330508][ T5888] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  390.536456][ T5888] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  390.541248][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  390.560001][ T5888] [drm] Initialized udl on minor 2
[  390.756635][ T5888] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed
[  390.780031][ T5888] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  390.955125][T10371] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1138'.
[  391.508963][ T5931] usb 3-1: USB disconnect, device number 16
[  391.583958][T10135] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  391.608863][T10135] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  393.076324][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  394.705408][ T5865] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  394.840482][   T29] audit: type=1400 audit(1770844723.911:681): avc:  denied  { connect } for  pid=10442 comm="syz.3.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  394.882472][ T5865] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  394.912695][ T5865] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  394.938529][ T5865] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  394.960426][ T5865] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  394.964849][T10447] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  394.988389][ T5865] usb 1-1: Manufacturer: syz
[  394.998279][ T5865] usb 1-1: config 0 descriptor??
[  395.039677][ T5865] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  395.174548][T10457] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1155'.
[  395.343567][T10463] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10463 comm=syz.4.1155
[  395.595974][   T29] audit: type=1400 audit(1770844724.698:682): avc:  denied  { bind } for  pid=10466 comm="syz.2.1157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  395.617769][   T29] audit: type=1400 audit(1770844724.719:683): avc:  denied  { connect } for  pid=10466 comm="syz.2.1157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  395.645779][   T29] audit: type=1400 audit(1770844724.751:684): avc:  denied  { ioctl } for  pid=10466 comm="syz.2.1157" path="socket:[31529]" dev="sockfs" ino=31529 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  395.715544][T10469] syz_tun: entered allmulticast mode
[  395.800884][T10468] syz_tun: left allmulticast mode
[  396.938502][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  396.971497][T10482] bond0: (slave gre0): Error: Device can not be enslaved while up
[  398.013547][ T5865] usb 1-1: USB disconnect, device number 31
[  398.708466][ T4579] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  399.042401][T10497] /dev/nullb0: Can't open blockdev
[  399.468157][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  399.477864][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  399.491503][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  399.499768][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  399.507378][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  399.560515][T10511] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  399.945387][T10520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1169'.
[  400.394078][T10523] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1170'.
[  400.693415][T10530] loop7: detected capacity change from 0 to 524255232
[  400.702936][T10523] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10523 comm=syz.4.1170
[  400.824429][T10508] chnl_net:caif_netlink_parms(): no params data found
[  400.997635][T10508] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.026196][T10508] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.076477][T10508] bridge_slave_0: entered allmulticast mode
[  401.084174][T10508] bridge_slave_0: entered promiscuous mode
[  401.092868][T10508] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.100296][T10508] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.108001][T10508] bridge_slave_1: entered allmulticast mode
[  401.115693][T10508] bridge_slave_1: entered promiscuous mode
[  401.169323][T10508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  401.237890][T10508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  401.300022][T10545] sp0: Synchronizing with TNC
[  401.318978][T10508] team0: Port device team_slave_0 added
[  401.338334][T10549] sp0: Found TNC
[  401.345895][T10508] team0: Port device team_slave_1 added
[  401.376696][T10544] No control pipe specified
[  401.789813][   T51] Bluetooth: hci5: command tx timeout
[  401.836788][T10540] [U] è`
[  401.855253][T10508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  401.863462][T10508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  401.889770][T10508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.982669][T10508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.991541][T10508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  402.019744][T10508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  402.108568][T10508] hsr_slave_0: entered promiscuous mode
[  402.123895][T10508] hsr_slave_1: entered promiscuous mode
[  402.141872][T10508] debugfs: 'hsr0' already exists in 'hsr'
[  402.147620][T10508] Cannot create hsr debugfs directory
[  402.199492][   T59] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  402.520883][T10553] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  402.730469][T10557] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1181'.
[  403.200558][T10508] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  403.260478][T10508] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  403.289105][T10557] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10557 comm=syz.0.1181
[  403.326662][T10508] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  403.365112][   T29] audit: type=1400 audit(1770844732.856:685): avc:  denied  { accept } for  pid=10569 comm="syz.3.1184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  403.386844][T10508] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  403.732505][   T51] Bluetooth: hci5: command tx timeout
[  403.803761][   T29] audit: type=1400 audit(1770844733.287:686): avc:  denied  { create } for  pid=10569 comm="syz.3.1184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  403.855959][T10582] SQUASHFS error: Failed to read block 0x0: -5
[  403.877759][   T29] audit: type=1400 audit(1770844733.287:687): avc:  denied  { write } for  pid=10569 comm="syz.3.1184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  403.983437][T10508] 8021q: adding VLAN 0 to HW filter on device bond0
[  404.030227][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  404.044368][   T29] audit: type=1400 audit(1770844733.297:688): avc:  denied  { ioctl } for  pid=10569 comm="syz.3.1184" path="socket:[32487]" dev="sockfs" ino=32487 ioctlcmd=0xf504 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  404.156428][T10508] 8021q: adding VLAN 0 to HW filter on device team0
[  404.165233][T10579] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  404.180319][T10579] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  404.186831][T10579] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  404.188682][ T4579] bridge0: port 1(bridge_slave_0) entered blocking state
[  404.193240][T10579] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  404.199897][ T4579] bridge0: port 1(bridge_slave_0) entered forwarding state
[  404.223905][ T4579] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.228022][T10579] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  404.231090][ T4579] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.285085][T10579] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  404.309184][T10579] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  404.666199][T10508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.828112][ T5931] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  404.972104][ T5931] usb 5-1: Using ep0 maxpacket: 32
[  405.207154][T10610] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  405.216136][T10610] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  405.227951][T10610] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  406.069063][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  406.082637][   T29] audit: type=1400 audit(1770844735.555:689): avc:  denied  { create } for  pid=10614 comm="syz.0.1190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  406.098048][T10508] veth0_vlan: entered promiscuous mode
[  406.161706][   T51] Bluetooth: hci5: command 0x0419 tx timeout
[  406.168315][ T5813] Bluetooth: hci1: command 0x0c1a tx timeout
[  406.182315][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  406.194645][ T5813] Bluetooth: hci3: command 0x0c1a tx timeout
[  406.260112][T10508] veth1_vlan: entered promiscuous mode
[  406.459035][T10622] bond0: (slave gre0): Error: Device can not be enslaved while up
[  406.493475][T10508] veth0_macvtap: entered promiscuous mode
[  406.518145][T10508] veth1_macvtap: entered promiscuous mode
[  406.568597][T10508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  406.603405][T10508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  406.622487][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  406.639270][T10629] SQUASHFS error: Failed to read block 0x0: -5
[  406.646327][   T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  406.660797][   T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  406.670414][   T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  407.075664][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  407.134714][T10635] overlayfs: failed to clone upperpath
[  407.289313][T10628] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  407.297691][T10628] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  407.334790][T10628] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  407.345258][T10628] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  407.767402][T10628] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  407.844377][ T5931] usb 5-1: unable to get BOS descriptor or descriptor too short
[  407.868632][ T5931] usb 5-1: unable to read config index 0 descriptor/start: -71
[  407.876507][ T5931] usb 5-1: can't read configurations, error -71
[  407.906342][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  407.988273][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  409.008662][ T5813] Bluetooth: hci2: command 0x0c1a tx timeout
[  409.010503][ T7081] block nbd1: Possible stuck request ffff888026958000: control (read@0,1024B). Runtime 120 seconds
[  409.025448][ T7081] block nbd1: Possible stuck request ffff888026958200: control (read@1024,1024B). Runtime 120 seconds
[  409.055489][   T29] audit: type=1400 audit(1770844738.820:690): avc:  denied  { map } for  pid=10641 comm="syz.0.1197" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  409.152305][   T29] audit: type=1400 audit(1770844738.820:691): avc:  denied  { execute } for  pid=10641 comm="syz.0.1197" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  409.192584][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  409.209330][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  409.212944][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  409.277761][ T7081] block nbd1: Possible stuck request ffff888026958400: control (read@2048,1024B). Runtime 120 seconds
[  409.288835][ T5813] Bluetooth: hci4: command 0x0c1a tx timeout
[  409.288879][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  409.305097][ T7081] block nbd1: Possible stuck request ffff888026958600: control (read@3072,1024B). Runtime 120 seconds
[  409.524865][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  409.742662][   T51] Bluetooth: hci5: command 0x0419 tx timeout
[  410.112752][T10663] No control pipe specified
[  410.876335][ T5931] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  410.928102][T10673] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1206'.
[  411.285404][ T5931] usb 5-1: Using ep0 maxpacket: 8
[  411.302415][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  411.328656][ T5931] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  411.352524][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.392718][ T5931] usb 5-1: config 0 descriptor??
[  411.640440][ T5931] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  411.723629][   T51] Bluetooth: hci5: command 0x0419 tx timeout
[  411.820610][T10678] SQUASHFS error: Failed to read block 0x0: -5
[  412.095217][T10135] usb 5-1: USB disconnect, device number 31
[  412.327981][   T29] audit: type=1400 audit(1770844742.264:692): avc:  denied  { write } for  pid=10684 comm="syz.6.1208" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  412.394341][   T29] audit: type=1400 audit(1770844742.264:693): avc:  denied  { ioctl } for  pid=10684 comm="syz.6.1208" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  412.420302][T10688] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1208'.
[  412.507618][T10677] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  412.515723][T10677] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  412.529307][T10677] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  412.529565][T10689] fuse: Bad value for 'fd'
[  412.556167][T10677] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  412.565650][T10677] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  412.565986][T10689] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.1208'.
[  412.581526][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  412.798030][T10697] FAULT_INJECTION: forcing a failure.
[  412.798030][T10697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.837660][T10697] CPU: 0 UID: 0 PID: 10697 Comm: syz.0.1210 Not tainted syzkaller #0 PREEMPT(full) 
[  412.837678][T10697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  412.837685][T10697] Call Trace:
[  412.837688][T10697]  <TASK>
[  412.837693][T10697]  dump_stack_lvl+0x100/0x190
[  412.837715][T10697]  should_fail_ex.cold+0x5/0xa
[  412.837730][T10697]  _copy_to_user+0x32/0xd0
[  412.837749][T10697]  simple_read_from_buffer+0xcb/0x170
[  412.837762][T10697]  proc_fail_nth_read+0x1af/0x230
[  412.837778][T10697]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.837792][T10697]  ? rw_verify_area+0xce/0x6d0
[  412.837807][T10697]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.837821][T10697]  vfs_read+0x1e4/0xb30
[  412.837832][T10697]  ? __pfx_vfs_read+0x10/0x10
[  412.837843][T10697]  ? __fget_files+0x215/0x3d0
[  412.837858][T10697]  ? __fget_files+0x21f/0x3d0
[  412.837873][T10697]  ksys_read+0x12a/0x250
[  412.837882][T10697]  ? __pfx_ksys_read+0x10/0x10
[  412.837895][T10697]  do_syscall_64+0x106/0xf80
[  412.837911][T10697]  ? clear_bhb_loop+0x40/0x90
[  412.837924][T10697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.837934][T10697] RIP: 0033:0x7f349875c84e
[  412.837943][T10697] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  412.837953][T10697] RSP: 002b:00007f34995d8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  412.837963][T10697] RAX: ffffffffffffffda RBX: 00007f34995d96c0 RCX: 00007f349875c84e
[  412.837970][T10697] RDX: 000000000000000f RSI: 00007f34995d90a0 RDI: 0000000000000004
[  412.837976][T10697] RBP: 00007f34995d9090 R08: 0000000000000000 R09: 0000000000000000
[  412.837981][T10697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.837987][T10697] R13: 00007f3498a16038 R14: 00007f3498a15fa0 R15: 00007ffef8a86938
[  412.838001][T10697]  </TASK>
[  413.375059][ T5931] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  413.542737][ T5931] usb 5-1: Using ep0 maxpacket: 8
[  413.549371][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  413.569002][ T5931] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  413.594030][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.617767][ T5931] usb 5-1: config 0 descriptor??
[  413.704542][ T5813] Bluetooth: hci2: command 0x0c1a tx timeout
[  413.733468][ T5865] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  413.838000][ T5931] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  413.888383][ T5865] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.956535][ T5865] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  414.027487][ T5865] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  414.038418][ T5865] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  414.114985][ T5865] usb 7-1: Manufacturer: syz
[  414.174550][ T5865] usb 7-1: config 0 descriptor??
[  414.226450][ T5865] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  414.325006][ T5865] usb 5-1: USB disconnect, device number 32
[  414.466696][ T5809] Bluetooth: hci4: command 0x0c1a tx timeout
[  414.472852][ T5809] Bluetooth: hci3: command 0x0c1a tx timeout
[  414.480487][ T5813] Bluetooth: hci1: command 0x0c1a tx timeout
[  414.514166][ T5977] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  414.542720][T10741] Bluetooth: hci5: command 0x0419 tx timeout
[  414.658682][ T5977] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  414.686169][ T5977] usb 3-1: config 0 has no interfaces?
[  414.702745][ T5977] usb 3-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  414.714413][ T5977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.722614][ T5977] usb 3-1: Product: syz
[  414.727689][ T5977] usb 3-1: Manufacturer: syz
[  414.732474][ T5977] usb 3-1: SerialNumber: syz
[  414.750848][ T5977] usb 3-1: rejected 1 configuration due to insufficient available bus power
[  414.759914][ T5977] usb 3-1: no configuration chosen from 1 choice
[  415.014980][ T8406] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  415.152304][ T5977] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  415.295326][ T5977] usb 5-1: Using ep0 maxpacket: 8
[  415.301699][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  415.315168][ T5977] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  415.324642][ T5977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.335424][ T5977] usb 5-1: config 0 descriptor??
[  415.344118][ T5865] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  415.505044][ T5865] usb 1-1: Using ep0 maxpacket: 32
[  415.511586][ T5865] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[  415.520751][ T5865] usb 1-1: config 0 has no interface number 0
[  415.526944][ T5865] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  415.537406][ T5865] usb 1-1: config 0 interface 196 has no altsetting 0
[  415.537706][ T5977] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  415.546090][ T5865] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  415.564445][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.576108][ T5865] usb 1-1: Product: syz
[  415.580337][ T5865] usb 1-1: Manufacturer: syz
[  415.585005][ T5865] usb 1-1: SerialNumber: syz
[  415.591589][ T5865] usb 1-1: config 0 descriptor??
[  415.597033][T10758] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  415.879957][T10762] bridge0: port 2(bridge_slave_1) entered disabled state
[  415.887213][T10762] bridge0: port 1(bridge_slave_0) entered disabled state
[  415.950679][T10762] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  415.967696][T10762] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  415.977952][ T5888] usb 5-1: USB disconnect, device number 33
[  416.074859][ T8406] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.092734][ T8406] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.102508][ T8406] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.111514][ T8406] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.182355][T10758] bridge0: port 3(syz_tun) entered blocking state
[  416.188920][T10758] bridge0: port 3(syz_tun) entered disabled state
[  416.197834][T10758] syz_tun: entered allmulticast mode
[  416.204616][T10758] syz_tun: entered promiscuous mode
[  416.232344][ T5865] ipheth 1-1:0.196: ipheth_enable_ncm: usb_control_msg: -71
[  416.244397][ T5865] ipheth 1-1:0.196: Apple iPhone USB Ethernet device attached
[  416.255970][ T5865] usb 1-1: USB disconnect, device number 32
[  416.286672][ T5865] ipheth 1-1:0.196: Apple iPhone USB Ethernet now disconnected
[  416.383509][ T5888] usb 7-1: USB disconnect, device number 2
[  416.452033][T10767] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.459479][T10767] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.593749][   T51] Bluetooth: hci5: command 0x0419 tx timeout
[  416.802730][T10773] comedi comedi0: Minor 2 could not be opened
[  416.822651][T10767] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  416.843433][T10767] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  416.951558][   T13] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.972038][   T13] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.989121][   T13] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  417.003208][   T13] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  417.068638][ T5865] usb 3-1: USB disconnect, device number 17
[  417.453943][ T4579] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  417.864580][   T29] audit: type=1400 audit(1770844748.080:694): avc:  denied  { ioctl } for  pid=10797 comm="syz.4.1229" path="socket:[34156]" dev="sockfs" ino=34156 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  417.891785][T10799] fuse: Unknown parameter '5ootmode'
[  417.913900][   T29] audit: type=1400 audit(1770844748.112:695): avc:  denied  { create } for  pid=10797 comm="syz.4.1229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  417.983178][   T29] audit: type=1400 audit(1770844748.164:696): avc:  denied  { bind } for  pid=10797 comm="syz.4.1229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  418.295802][ T5888] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  418.377108][T10813] SQUASHFS error: Failed to read block 0x0: -5
[  418.438629][ T5888] usb 3-1: Using ep0 maxpacket: 8
[  418.449733][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  418.467288][ T5888] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  418.479377][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.489272][ T5888] usb 3-1: config 0 descriptor??
[  418.689224][ T5888] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  418.866544][T10812] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  418.884141][T10812] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  418.894930][T10812] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  418.906495][T10812] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  418.913425][T10812] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  419.152982][   T10] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  419.421947][ T5888] usb 3-1: USB disconnect, device number 18
[  419.448020][   T10] usb 5-1: Using ep0 maxpacket: 8
[  419.463711][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  419.487509][   T10] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  419.505498][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.525207][   T10] usb 5-1: config 0 descriptor??
[  419.720932][T10828] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1238'.
[  419.739356][   T10] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  419.764551][T10828] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10828 comm=syz.3.1238
[  419.955168][ T5931] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  420.343259][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  420.446993][T10839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1240'.
[  420.509560][ T8406] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  420.608213][ T5888] usb 5-1: USB disconnect, device number 34
[  420.637594][ T5931] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  420.648051][ T5931] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  420.667022][ T5931] usb 7-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  421.634507][T10741] Bluetooth: hci5: command 0x0419 tx timeout
[  421.640561][T10741] Bluetooth: hci1: command 0x0c1a tx timeout
[  421.646534][T10741] Bluetooth: hci4: command 0x0c1a tx timeout
[  421.657052][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  421.683480][ T5931] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.712935][ T5931] usb 7-1: Product: syz
[  421.741734][ T5931] usb 7-1: Manufacturer: syz
[  421.748040][ T5931] usb 7-1: SerialNumber: syz
[  421.759749][ T5931] usb 7-1: rejected 1 configuration due to insufficient available bus power
[  421.800859][ T5931] usb 7-1: no configuration chosen from 1 choice
[  422.110180][T10849] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.117413][T10849] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.248128][T10857] comedi comedi0: Minor 2 could not be opened
[  422.428546][   T10] usb 7-1: USB disconnect, device number 3
[  422.515987][T10849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  422.532931][T10849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  422.584714][T10870] SQUASHFS error: Failed to read block 0x0: -5
[  422.734152][  T791] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  422.993431][  T791] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.008218][  T791] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.034949][  T791] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  423.074285][  T791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.100365][  T791] usb 1-1: config 0 descriptor??
[  423.117963][T10849] erspan0: left allmulticast mode
[  423.168423][ T4579] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.183727][ T4579] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.219672][T10866] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  423.229595][ T4579] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.239514][T10866] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  423.259123][ T4579] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.290423][T10866] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  423.307526][T10866] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  423.324657][T10866] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  423.351493][T10874] /dev/nullb0: Can't lookup blockdev
[  423.497087][  T791] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0
[  423.504448][  T791] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0
[  423.519720][  T791] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0013/input/input29
[  423.608728][  T791] cm6533_jd 0003:0D8C:0022.0013: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  423.700415][T10864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.834214][T10879] /dev/nullb0: Can't open blockdev
[  424.009393][T10864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.031685][   T10] usb 1-1: USB disconnect, device number 33
[  424.091404][T10876] fido_id[10876]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  424.934701][   T10] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  425.004393][T10913] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1258'.
[  425.019387][T10913] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10913 comm=syz.6.1258
[  425.134544][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  425.143864][   T10] usb 1-1: Using ep0 maxpacket: 8
[  425.247117][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  425.247124][T10085] Bluetooth: hci3: command 0x0c1a tx timeout
[  425.262714][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  425.274803][   T10] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  425.284212][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.286679][T10085] Bluetooth: hci5: command 0x0419 tx timeout
[  425.292552][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  425.363688][T10920] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1260'.
[  425.383832][T10920] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1260'.
[  425.763461][   T10] usb 1-1: config 0 descriptor??
[  426.019978][   T10] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  426.224756][T10922] SQUASHFS error: Failed to read block 0x0: -5
[  426.349082][T10916] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  426.371929][T10916] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  426.426163][T10916] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  426.488512][T10926] No control pipe specified
[  426.494607][ T5931] usb 1-1: USB disconnect, device number 34
[  426.630092][T10916] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  426.689412][T10916] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  427.701645][T10941] sp0: Synchronizing with TNC
[  427.748395][T10941] sp0: Found TNC
[  427.806018][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  427.812679][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  428.147939][T10945] wg1: left promiscuous mode
[  428.153271][T10945] ip6gre1: left promiscuous mode
[  428.232782][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  428.254319][T10938] [U] è`
[  428.362097][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  428.369743][T10085] Bluetooth: hci4: command 0x0c1a tx timeout
[  428.563238][T10085] Bluetooth: hci1: command 0x0c1a tx timeout
[  428.639067][T10085] Bluetooth: hci5: command 0x0419 tx timeout
[  428.649374][ T5888] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  428.810572][ T5888] usb 1-1: Using ep0 maxpacket: 32
[  428.830207][ T5888] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  428.858119][ T5888] usb 1-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  428.887261][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.910785][ T5888] usb 1-1: config 0 descriptor??
[  428.940139][ T5888] usb 1-1: bad CDC descriptors
[  431.034400][T10979] random: crng reseeded on system resumption
[  431.567657][  T791] usb 1-1: USB disconnect, device number 35
[  433.025892][   T29] audit: type=1400 audit(1770844763.976:697): avc:  denied  { write } for  pid=11001 comm="syz.4.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  435.147723][T11019] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1286'.
[  435.244048][T11023] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1287'.
[  435.255427][   T29] audit: type=1400 audit(1770844766.338:698): avc:  denied  { name_connect } for  pid=11021 comm="syz.2.1287" dest=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  435.281869][T11023] netlink: 'syz.2.1287': attribute type 10 has an invalid length.
[  435.289986][T11023] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1287'.
[  435.634723][   T29] audit: type=1400 audit(1770844766.716:699): avc:  denied  { read } for  pid=11021 comm="syz.2.1287" lport=60549 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  435.715881][ T5888] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  435.796587][T11034] random: crng reseeded on system resumption
[  436.045812][ T5888] usb 1-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice=67.7a
[  436.054996][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.141031][ T5888] usb 1-1: Product: syz
[  436.335234][ T5888] usb 1-1: Manufacturer: syz
[  436.352795][ T5888] usb 1-1: SerialNumber: syz
[  436.375945][ T5888] gspca_main: spca501-2.14.0 probing 0497:c001
[  436.598966][ T5888] gspca_spca501: reg write: error -71
[  436.604506][T10135] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  436.619908][ T5888] spca501 1-1:68.0: Reg write failed for 0x02,0x07,0x05
[  436.641867][ T5888] spca501 1-1:68.0: probe with driver spca501 failed with error -22
[  436.661637][ T5888] usb 1-1: USB disconnect, device number 36
[  436.773043][T10135] usb 3-1: Using ep0 maxpacket: 16
[  436.782231][T10135] usb 3-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[  436.794256][T10135] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.806541][T10135] usb 3-1: Product: syz
[  436.814998][T10135] usb 3-1: Manufacturer: syz
[  436.824382][T10135] usb 3-1: SerialNumber: syz
[  437.035201][T11036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.059969][T11036] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.103403][T11036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.244780][T11036] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.280579][T11036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.871686][T11036] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.915470][T10135] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  438.061192][T10135] snd-usb-audio 3-1:222.0: probe with driver snd-usb-audio failed with error -71
[  438.090898][T10135] usb 3-1: USB disconnect, device number 19
[  438.119434][ T7424] udevd[7424]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  438.164515][ T7081] block nbd1: Possible stuck request ffff888026958000: control (read@0,1024B). Runtime 150 seconds
[  438.176316][ T7081] block nbd1: Possible stuck request ffff888026958200: control (read@1024,1024B). Runtime 150 seconds
[  438.188227][ T7081] block nbd1: Possible stuck request ffff888026958400: control (read@2048,1024B). Runtime 150 seconds
[  438.200208][ T7081] block nbd1: Possible stuck request ffff888026958600: control (read@3072,1024B). Runtime 150 seconds
[  438.459285][T11051] sp0: Synchronizing with TNC
[  438.465224][T11051] sp0: Found TNC
[  438.709085][T11046] [U] è`
[  439.762211][T11070] random: crng reseeded on system resumption
[  440.387357][   T29] audit: type=1400 audit(1770844771.714:700): avc:  denied  { getopt } for  pid=11076 comm="syz.0.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  440.411763][T11078] Cannot find add_set index 0 as target
[  440.915025][T11088] SQUASHFS error: Failed to read block 0x0: -5
[  441.192892][T10135] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  441.745313][T10135] usb 1-1: Using ep0 maxpacket: 8
[  441.751666][T10135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  441.762829][T10135] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  441.772194][T10135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.786194][T10135] usb 1-1: config 0 descriptor??
[  442.240567][T10135] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  442.884942][  T791] usb 1-1: USB disconnect, device number 37
[  443.128592][T11123] random: crng reseeded on system resumption
[  444.363185][   T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  444.375771][   T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  444.385813][   T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  444.396336][   T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  444.403883][   T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  445.787749][T11156] random: crng reseeded on system resumption
[  446.156471][T11138] chnl_net:caif_netlink_parms(): no params data found
[  446.310771][T11138] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.340557][T11138] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.348078][ T5888] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  446.376375][T11138] bridge_slave_0: entered allmulticast mode
[  446.388000][T11177] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[  446.400546][T10085] Bluetooth: hci6: command tx timeout
[  446.413255][T11138] bridge_slave_0: entered promiscuous mode
[  446.450475][T11138] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.471255][   T29] audit: type=1400 audit(1770844778.118:701): avc:  denied  { mounton } for  pid=11176 comm="syz.4.1330" path="/272/file0" dev="tmpfs" ino=1488 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  446.471298][T11179] fuse: Bad value for 'fd'
[  446.503575][T11138] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.531981][T11138] bridge_slave_1: entered allmulticast mode
[  446.538076][ T5888] usb 1-1: Using ep0 maxpacket: 8
[  446.560563][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  446.578006][T11138] bridge_slave_1: entered promiscuous mode
[  446.585574][ T5888] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  446.604721][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.622942][T11138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  446.635417][ T5888] usb 1-1: config 0 descriptor??
[  446.644289][T11138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  446.712398][T11138] team0: Port device team_slave_0 added
[  446.721707][T11138] team0: Port device team_slave_1 added
[  446.759445][T11138] batman_adv: batadv0: Adding interface: batadv_slave_0
[  446.766979][T11138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  446.793135][T11138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  446.806259][T11138] batman_adv: batadv0: Adding interface: batadv_slave_1
[  446.813895][T11138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  446.840069][T11138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  446.855347][ T5888] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  446.932516][T11138] hsr_slave_0: entered promiscuous mode
[  446.941795][T11138] hsr_slave_1: entered promiscuous mode
[  446.948057][T11138] debugfs: 'hsr0' already exists in 'hsr'
[  446.953867][T11138] Cannot create hsr debugfs directory
[  447.175819][T11138] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  447.190949][T11138] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  447.206305][T11138] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  447.220077][T11138] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  447.337328][   T10] usb 1-1: USB disconnect, device number 38
[  447.354714][T11138] 8021q: adding VLAN 0 to HW filter on device bond0
[  447.412512][T11138] 8021q: adding VLAN 0 to HW filter on device team0
[  447.425794][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.432910][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  447.477111][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.484226][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  447.547261][  T791] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  447.878279][  T791] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  447.940028][  T791] usb 5-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  447.949346][  T791] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.964697][  T791] usb 5-1: Product: syz
[  447.977869][  T791] usb 5-1: Manufacturer: syz
[  447.993539][  T791] usb 5-1: SerialNumber: syz
[  448.004787][  T791] usb 5-1: config 0 descriptor??
[  448.049709][T11138] 8021q: adding VLAN 0 to HW filter on device batadv0
[  448.212865][  T791] usb 5-1: USB disconnect, device number 35
[  449.036244][T10085] Bluetooth: hci6: command tx timeout
[  450.519167][T11215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  450.567113][T11138] veth0_vlan: entered promiscuous mode
[  450.574402][T11236] random: crng reseeded on system resumption
[  450.589226][T11138] veth1_vlan: entered promiscuous mode
[  450.769428][T11138] veth0_macvtap: entered promiscuous mode
[  450.817278][T11138] veth1_macvtap: entered promiscuous mode
[  450.953594][T11138] batman_adv: batadv0: Interface activated: batadv_slave_0
[  450.964694][T10085] Bluetooth: hci6: command tx timeout
[  450.977146][T11138] batman_adv: batadv0: Interface activated: batadv_slave_1
[  451.078477][ T4161] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  451.104809][ T6038] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  451.138183][ T6038] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  451.170631][T11242] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  451.213429][   T29] audit: type=1400 audit(1770844783.095:702): avc:  denied  { watch watch_reads } for  pid=11237 comm="syz.6.1340" path="cgroup:[4026532841]" dev="nsfs" ino=4026532841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  451.267857][ T6038] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  451.476951][T11251] /dev/nullb0: Can't open blockdev
[  451.540382][ T4579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.555569][ T4579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.590707][ T6038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.631292][ T6038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  452.945762][T10085] Bluetooth: hci6: command tx timeout
[  453.977943][T11277] FAULT_INJECTION: forcing a failure.
[  453.977943][T11277] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.003861][T11277] CPU: 0 UID: 0 PID: 11277 Comm: syz.6.1349 Not tainted syzkaller #0 PREEMPT(full) 
[  454.003888][T11277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  454.003898][T11277] Call Trace:
[  454.003904][T11277]  <TASK>
[  454.003911][T11277]  dump_stack_lvl+0x100/0x190
[  454.003941][T11277]  should_fail_ex.cold+0x5/0xa
[  454.003962][T11277]  _copy_to_user+0x32/0xd0
[  454.003989][T11277]  simple_read_from_buffer+0xcb/0x170
[  454.004008][T11277]  proc_fail_nth_read+0x1af/0x230
[  454.004029][T11277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  454.004051][T11277]  ? rw_verify_area+0xce/0x6d0
[  454.004076][T11277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  454.004098][T11277]  vfs_read+0x1e4/0xb30
[  454.004117][T11277]  ? __pfx_vfs_read+0x10/0x10
[  454.004132][T11277]  ? __fget_files+0x215/0x3d0
[  454.004154][T11277]  ? __fget_files+0x21f/0x3d0
[  454.004175][T11277]  ksys_read+0x12a/0x250
[  454.004190][T11277]  ? __pfx_ksys_read+0x10/0x10
[  454.004211][T11277]  do_syscall_64+0x106/0xf80
[  454.004233][T11277]  ? clear_bhb_loop+0x40/0x90
[  454.004253][T11277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.004267][T11277] RIP: 0033:0x7f0320b5c84e
[  454.004280][T11277] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  454.004298][T11277] RSP: 002b:00007f0321b07fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  454.004314][T11277] RAX: ffffffffffffffda RBX: 00007f0321b086c0 RCX: 00007f0320b5c84e
[  454.004325][T11277] RDX: 000000000000000f RSI: 00007f0321b080a0 RDI: 0000000000000003
[  454.004335][T11277] RBP: 00007f0321b08090 R08: 0000000000000000 R09: 0000000000000000
[  454.004344][T11277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.004354][T11277] R13: 00007f0320e16038 R14: 00007f0320e15fa0 R15: 00007fff48534578
[  454.004376][T11277]  </TASK>
[  454.427173][T11280] /dev/nullb0: Can't open blockdev
[  454.851195][ T5977] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  454.917664][T11289] random: crng reseeded on system resumption
[  455.134739][ T5977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  455.152448][ T5977] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  455.180519][ T5977] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  455.560762][ T5977] usb 1-1: Manufacturer: syz
[  455.565351][T11296] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1354'.
[  455.591344][ T5977] usb 1-1: config 0 descriptor??
[  455.626364][ T5977] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  456.097591][T11307] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1357'.
[  457.642264][ T5977] usb 1-1: USB disconnect, device number 39
[  458.112086][T11327] /dev/nullb0: Can't open blockdev
[  458.147602][   T29] audit: type=1400 audit(1770844790.381:703): avc:  denied  { shutdown } for  pid=11318 comm="syz.7.1360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  459.499353][T11348] No control pipe specified
[  461.192614][T11356] comedi comedi0: Minor 2 could not be opened
[  463.041991][T11376] random: crng reseeded on system resumption
[  463.139817][ T5888] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  463.317990][ T5888] usb 5-1: Using ep0 maxpacket: 8
[  463.324831][ T5888] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  463.338484][ T5888] usb 5-1: config 0 has no interface number 0
[  463.375125][ T5888] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  463.426477][ T5888] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  463.463601][ T5888] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  463.500868][ T5888] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  464.064099][   T29] audit: type=1400 audit(1770844796.198:704): avc:  denied  { bind } for  pid=11386 comm="syz.6.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  464.149657][   T29] audit: type=1400 audit(1770844796.198:705): avc:  denied  { connect } for  pid=11386 comm="syz.6.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  464.178317][ T5888] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  464.211784][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.349910][ T5888] usb 5-1: config 0 descriptor??
[  464.417617][ T5888] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  464.630004][ T5888] usb 5-1: USB disconnect, device number 36
[  464.650761][ T5888] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  466.119364][T11409] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1382'.
[  466.426282][  T791] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  466.682555][  T791] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  466.709565][  T791] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  466.765024][T11415] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  466.775583][  T791] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  466.816650][ T7081] block nbd1: Possible stuck request ffff888026958000: control (read@0,1024B). Runtime 180 seconds
[  466.829433][ T7081] block nbd1: Possible stuck request ffff888026958200: control (read@1024,1024B). Runtime 180 seconds
[  466.840692][ T7081] block nbd1: Possible stuck request ffff888026958400: control (read@2048,1024B). Runtime 180 seconds
[  466.851886][ T7081] block nbd1: Possible stuck request ffff888026958600: control (read@3072,1024B). Runtime 180 seconds
[  467.100130][  T791] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  467.173175][  T791] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  467.200392][  T791] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  467.248441][  T791] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  467.280659][  T791] usb 7-1: Product: syz
[  467.284861][  T791] usb 7-1: Manufacturer: syz
[  467.327676][T11420] FAULT_INJECTION: forcing a failure.
[  467.327676][T11420] name failslab, interval 1, probability 0, space 0, times 0
[  467.340465][T11420] CPU: 1 UID: 0 PID: 11420 Comm: syz.7.1387 Not tainted syzkaller #0 PREEMPT(full) 
[  467.340496][T11420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  467.340507][T11420] Call Trace:
[  467.340515][T11420]  <TASK>
[  467.340522][T11420]  dump_stack_lvl+0x100/0x190
[  467.340565][T11420]  should_fail_ex.cold+0x5/0xa
[  467.340589][T11420]  should_failslab+0xc2/0x120
[  467.340610][T11420]  __kmalloc_cache_noprof+0x80/0x810
[  467.340637][T11420]  ? tcf_block_get_ext+0x158/0x1950
[  467.340660][T11420]  ? lockdep_init_map_type+0x5c/0x250
[  467.340688][T11420]  ? tcf_block_get_ext+0x158/0x1950
[  467.340709][T11420]  tcf_block_get_ext+0x158/0x1950
[  467.340730][T11420]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  467.340750][T11420]  ? tc_modify_qdisc+0xdcf/0x2120
[  467.340773][T11420]  ? rtnetlink_rcv_msg+0x3c9/0xe90
[  467.340795][T11420]  tcf_block_get+0xa8/0x100
[  467.340816][T11420]  ? __pfx_tcf_block_get+0x10/0x10
[  467.340837][T11420]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  467.340864][T11420]  ? lockdep_init_map_type+0x5c/0x250
[  467.340892][T11420]  ? __pfx_qfq_init_qdisc+0x10/0x10
[  467.340913][T11420]  qfq_init_qdisc+0x3d/0x370
[  467.340931][T11420]  ? _raw_read_unlock+0x28/0x50
[  467.340956][T11420]  ? __pfx_qfq_init_qdisc+0x10/0x10
[  467.340977][T11420]  qdisc_create+0x47b/0x1050
[  467.341004][T11420]  tc_modify_qdisc+0xdcf/0x2120
[  467.341031][T11420]  ? __mutex_lock+0x26a/0x1b90
[  467.341049][T11420]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  467.341074][T11420]  ? __lock_acquire+0x4a5/0x2630
[  467.341115][T11420]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  467.341141][T11420]  rtnetlink_rcv_msg+0x3c9/0xe90
[  467.341164][T11420]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  467.341191][T11420]  ? ref_tracker_free+0x37e/0x6c0
[  467.341213][T11420]  netlink_rcv_skb+0x159/0x420
[  467.341236][T11420]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  467.341258][T11420]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  467.341288][T11420]  ? netlink_deliver_tap+0x1ae/0xcc0
[  467.341314][T11420]  netlink_unicast+0x5aa/0x870
[  467.341340][T11420]  ? __pfx_netlink_unicast+0x10/0x10
[  467.341377][T11420]  netlink_sendmsg+0x8b0/0xda0
[  467.341403][T11420]  ? __pfx_netlink_sendmsg+0x10/0x10
[  467.341424][T11420]  ? __might_fault+0x10/0x140
[  467.341461][T11420]  ____sys_sendmsg+0xa54/0xc30
[  467.341488][T11420]  ? __pfx_____sys_sendmsg+0x10/0x10
[  467.341524][T11420]  ___sys_sendmsg+0x190/0x1e0
[  467.341552][T11420]  ? __pfx____sys_sendmsg+0x10/0x10
[  467.341608][T11420]  __sys_sendmsg+0x170/0x220
[  467.341629][T11420]  ? __pfx___sys_sendmsg+0x10/0x10
[  467.341665][T11420]  do_syscall_64+0x106/0xf80
[  467.341691][T11420]  ? clear_bhb_loop+0x40/0x90
[  467.341713][T11420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.341730][T11420] RIP: 0033:0x7f7fae19bf79
[  467.341746][T11420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.341763][T11420] RSP: 002b:00007f7faf09e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  467.341781][T11420] RAX: ffffffffffffffda RBX: 00007f7fae415fa0 RCX: 00007f7fae19bf79
[  467.341793][T11420] RDX: 0000000024040084 RSI: 00002000000012c0 RDI: 000000000000000b
[  467.341803][T11420] RBP: 00007f7faf09e090 R08: 0000000000000000 R09: 0000000000000000
[  467.341814][T11420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.341824][T11420] R13: 00007f7fae416038 R14: 00007f7fae415fa0 R15: 00007ffe7af3e238
[  467.341849][T11420]  </TASK>
[  468.542144][  T791] cdc_wdm 7-1:1.0: skipping garbage
[  468.547427][  T791] cdc_wdm 7-1:1.0: skipping garbage
[  468.576295][  T791] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  468.582359][  T791] cdc_wdm 7-1:1.0: Unknown control protocol
[  468.832724][   T10] usb 7-1: USB disconnect, device number 4
[  468.905225][T11427] random: crng reseeded on system resumption
[  469.063274][T11432] No control pipe specified
[  469.367913][T11436] comedi comedi0: Minor 2 could not be opened
[  469.486819][T11442] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  470.728185][   T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  470.756477][T11454] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  471.158213][   T10] usb 8-1: Using ep0 maxpacket: 8
[  471.181747][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  471.209690][   T10] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  471.236509][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.263717][   T10] usb 8-1: config 0 descriptor??
[  471.476199][   T10] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  471.920417][  T791] usb 8-1: USB disconnect, device number 2
[  473.928994][ T5865] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  474.035982][  T791] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  474.166986][ T5865] usb 3-1: Using ep0 maxpacket: 32
[  474.335237][T11491] sd 0:0:1:0: device reset
[  474.346149][T11491] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1404'.
[  476.099522][  T791] usb 5-1: Using ep0 maxpacket: 8
[  476.137064][  T791] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  476.163025][  T791] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.200011][  T791] usb 5-1: Product: syz
[  476.214511][  T791] usb 5-1: Manufacturer: syz
[  477.738689][  T791] usb 5-1: SerialNumber: syz
[  477.744554][ T5865] usb 3-1: unable to get BOS descriptor or descriptor too short
[  477.760938][ T5865] usb 3-1: unable to read config index 0 descriptor/start: -71
[  477.768026][  T791] usb 5-1: config 0 descriptor??
[  477.770595][ T5865] usb 3-1: can't read configurations, error -71
[  477.805232][  T791] usb 5-1: can't set config #0, error -71
[  477.853818][  T791] usb 5-1: USB disconnect, device number 37
[  478.827348][T11513] /dev/nullb0: Can't open blockdev
[  479.263114][T11518] No control pipe specified
[  480.226622][T11535] xt_hashlimit: max too large, truncated to 1048576
[  480.233817][T11535] No such timeout policy "syz1"
[  480.777317][T11533] netlink: 'syz.4.1414': attribute type 1 has an invalid length.
[  480.845743][T11533] nbd: error processing sock list
[  480.872832][T11533] block nbd2: shutting down sockets
[  481.100401][ T5977] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  481.377343][ T5977] usb 7-1: too many configurations: 70, using maximum allowed: 8
[  481.405938][ T5977] usb 7-1: config index 0 descriptor too short (expected 65016, got 133)
[  481.414433][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.456922][ T5977] usb 7-1: config index 1 descriptor too short (expected 65016, got 133)
[  481.478174][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.546819][ T5977] usb 7-1: config index 2 descriptor too short (expected 65016, got 133)
[  481.573279][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.613015][ T5977] usb 7-1: config index 3 descriptor too short (expected 65016, got 133)
[  481.633763][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.776757][ T5977] usb 7-1: config index 4 descriptor too short (expected 65016, got 133)
[  481.813107][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.814507][ T5977] usb 7-1: config index 5 descriptor too short (expected 65016, got 133)
[  482.086768][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.152188][ T5977] usb 7-1: config index 6 descriptor too short (expected 65016, got 133)
[  482.180223][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.205561][T10085] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  482.271474][ T5977] usb 7-1: config index 7 descriptor too short (expected 65016, got 133)
[  482.329291][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.386499][ T5977] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  482.395569][ T5977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.448433][ T5977] usb 7-1: Product: syz
[  482.452639][ T5977] usb 7-1: Manufacturer: syz
[  482.478346][ T5977] usb 7-1: SerialNumber: syz
[  482.498611][ T5977] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  482.542506][ T5931] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  482.653081][   T10] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  482.663183][   T24] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  482.815046][ T5977] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  482.833960][   T24] usb 1-1: Using ep0 maxpacket: 32
[  482.849363][   T10] usb 3-1: Using ep0 maxpacket: 32
[  482.901418][   T10] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[  482.909659][   T10] usb 3-1: config 0 has no interface number 0
[  483.024891][T11542] bond0: (slave gre0): Error: Device type is different from other slaves
[  483.091163][ T5977] usb 5-1: Using ep0 maxpacket: 32
[  483.115133][ T5977] usb 5-1: config 0 has an invalid interface number: 196 but max is 0
[  483.422524][   T10] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  483.434779][   T10] usb 3-1: config 0 interface 196 has no altsetting 0
[  484.035185][ T5931] usb 7-1: Service connection timeout for: 256
[  484.041489][ T5931] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services
[  484.055330][ T5977] usb 5-1: config 0 has no interface number 0
[  484.065378][ T5977] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  484.073346][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  484.082581][ T5977] usb 5-1: config 0 interface 196 has no altsetting 0
[  484.172489][ T5977] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  484.182404][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.190661][ T5977] usb 5-1: Product: syz
[  484.195032][ T5977] usb 5-1: Manufacturer: syz
[  484.198703][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.200139][ T5977] usb 5-1: SerialNumber: syz
[  484.214056][ T5931] ath9k_htc: Failed to initialize the device
[  484.227148][ T5931] usb 7-1: ath9k_htc: USB layer deinitialized
[  484.235224][ T5977] usb 5-1: config 0 descriptor??
[  484.243068][T11552] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  484.259809][   T10] usb 3-1: Product: syz
[  484.271715][   T10] usb 3-1: Manufacturer: syz
[  484.292992][   T10] usb 3-1: SerialNumber: syz
[  484.336465][   T10] usb 3-1: config 0 descriptor??
[  484.356921][T11550] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  484.368904][T11559] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1419'.
[  484.434690][T11559] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11559 comm=syz.7.1419
[  484.791349][ T5888] usb 7-1: USB disconnect, device number 5
[  484.891889][T11552] bridge0: port 3(syz_tun) entered blocking state
[  484.920346][T11552] bridge0: port 3(syz_tun) entered disabled state
[  484.963555][T11552] syz_tun: entered allmulticast mode
[  485.052070][T11552] syz_tun: entered promiscuous mode
[  485.164439][   T24] usb 1-1: unable to get BOS descriptor or descriptor too short
[  485.179519][ T5977] ipheth 5-1:0.196: ipheth_enable_ncm: usb_control_msg: -110
[  485.189754][   T24] usb 1-1: unable to read config index 0 descriptor/start: -71
[  485.206326][T11552] bridge0: port 3(syz_tun) entered blocking state
[  485.212860][T11552] bridge0: port 3(syz_tun) entered forwarding state
[  485.243335][T11563] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.248533][   T24] usb 1-1: can't read configurations, error -71
[  485.253365][   T10] ipheth 3-1:0.196: ipheth_enable_ncm: usb_control_msg: -110
[  485.303172][ T5977] ipheth 5-1:0.196: Apple iPhone USB Ethernet device attached
[  485.342411][   T10] ipheth 3-1:0.196: Apple iPhone USB Ethernet device attached
[  485.374375][   T10] usb 3-1: USB disconnect, device number 22
[  485.952591][ T5977] usb 5-1: USB disconnect, device number 38
[  486.003779][   T10] ipheth 3-1:0.196: Apple iPhone USB Ethernet now disconnected
[  486.122660][ T5977] ipheth 5-1:0.196: Apple iPhone USB Ethernet now disconnected
[  486.325544][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  486.333163][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  486.418532][T11589] comedi comedi0: Minor 2 could not be opened
[  486.731593][T11600] sd 0:0:1:0: device reset
[  488.474634][T11580] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.482304][T11580] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.021208][T11580] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  491.083875][T11580] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  491.101666][ T5931] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  491.330225][ T5931] usb 1-1: Using ep0 maxpacket: 32
[  491.342072][ T5931] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[  491.385323][ T5931] usb 1-1: config 0 has no interface number 0
[  491.811208][ T5931] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  491.838606][ T5931] usb 1-1: config 0 interface 196 has no altsetting 0
[  491.849798][ T5931] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  491.889473][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.916548][ T5931] usb 1-1: Product: syz
[  491.927255][ T5931] usb 1-1: Manufacturer: syz
[  491.939793][ T5931] usb 1-1: SerialNumber: syz
[  491.963744][ T5931] usb 1-1: config 0 descriptor??
[  491.984158][T11645] SQUASHFS error: Failed to read block 0x0: -5
[  491.987739][T11635] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  491.999051][T11641] [U] é
[  492.262308][ T8406] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.381915][ T8406] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.388311][T11649] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.1438'.
[  492.406548][ T8406] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.423949][ T8406] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.425861][T11644] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  492.531604][T11644] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  492.545171][T11644] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  492.813284][ T5931] ipheth 1-1:0.196: ipheth_get_macaddr: usb_control_msg: -110
[  492.841555][ T5931] ipheth 1-1:0.196: probe with driver ipheth failed with error -110
[  492.942660][T11644] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  492.949023][T11644] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  492.955841][T11644] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  492.962195][T11644] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  492.972256][T11644] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  493.105755][T11662] sd 0:0:1:0: device reset
[  495.238783][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  495.238808][T10741] Bluetooth: hci3: command 0x0c1a tx timeout
[  495.245033][   T51] Bluetooth: hci5: command 0x0419 tx timeout
[  495.250815][ T5813] Bluetooth: hci1: command 0x0c1a tx timeout
[  495.256809][   T51] Bluetooth: hci6: command 0x0c1a tx timeout
[  495.263024][T10085] Bluetooth: hci4: command 0x0c1a tx timeout
[  495.296086][ T5977] usb 1-1: USB disconnect, device number 42
[  495.592053][ T7081] block nbd1: Possible stuck request ffff888026958000: control (read@0,1024B). Runtime 210 seconds
[  495.603077][ T7081] block nbd1: Possible stuck request ffff888026958200: control (read@1024,1024B). Runtime 210 seconds
[  495.616139][ T7081] block nbd1: Possible stuck request ffff888026958400: control (read@2048,1024B). Runtime 210 seconds
[  495.627150][ T7081] block nbd1: Possible stuck request ffff888026958600: control (read@3072,1024B). Runtime 210 seconds
[  495.668104][T11697] random: crng reseeded on system resumption
[  496.591363][T11707] No control pipe specified
[  496.676561][T11708] Cannot find add_set index 0 as target
[  496.956897][T11708] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1446'.
[  497.044103][T11718] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1446'.
[  497.050476][T11708] bond1: peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  497.080791][T11718] bond1: peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  497.216184][T11689] Bluetooth: hci6: command 0x0c1a tx timeout
[  497.259388][T11715] comedi comedi0: Minor 2 could not be opened
[  497.345964][T11720] bridge0: port 3(syz_tun) entered disabled state
[  497.512181][T11720] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.892613][T11720] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  497.955173][T11720] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  498.683611][T10135] syz1: Port: 1 Link DOWN
[  498.697104][   T59] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  498.730453][   T59] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  498.774027][   T59] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  498.799963][   T59] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  499.257709][T11689] Bluetooth: hci6: command 0x0c1a tx timeout
[  499.361472][T11743] xt_hashlimit: max too large, truncated to 1048576
[  499.368424][T11743] No such timeout policy "syz1"
[  499.782133][ T5931] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  499.921160][   T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  499.940137][ T5931] usb 3-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  499.958541][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.967772][ T5931] usb 3-1: Product: syz
[  499.972642][ T5931] usb 3-1: Manufacturer: syz
[  499.977560][ T5931] usb 3-1: SerialNumber: syz
[  499.986100][ T5931] usb 3-1: config 0 descriptor??
[  500.083060][   T24] usb 1-1: Using ep0 maxpacket: 32
[  500.098914][ T5931] usb 3-1: interface 1 not found
[  500.121803][   T24] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[  500.377796][   T24] usb 1-1: config 0 has no interface number 0
[  500.507168][   T29] audit: type=1400 audit(1770844834.845:706): avc:  denied  { write } for  pid=11744 comm="syz.2.1456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  500.851985][   T24] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  500.866476][   T24] usb 1-1: config 0 interface 196 has no altsetting 0
[  500.880498][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  500.889740][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.899098][   T24] usb 1-1: Product: syz
[  500.911928][   T24] usb 1-1: Manufacturer: syz
[  501.005217][   T24] usb 1-1: SerialNumber: syz
[  501.021380][   T24] usb 1-1: config 0 descriptor??
[  501.032744][T11749] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  501.330772][T11689] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  501.839817][   T24] ipheth 1-1:0.196: ipheth_enable_ncm: usb_control_msg: -71
[  501.909840][   T24] ipheth 1-1:0.196: Apple iPhone USB Ethernet device attached
[  501.977431][T11770] random: crng reseeded on system resumption
[  502.017974][   T24] usb 1-1: USB disconnect, device number 43
[  502.095298][T11771] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1461'.
[  502.106455][   T24] ipheth 1-1:0.196: Apple iPhone USB Ethernet now disconnected
[  502.243159][T11771] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11771 comm=syz.6.1461
[  502.430674][   T10] usb 3-1: USB disconnect, device number 23
[  502.971664][T11779] SQUASHFS error: Failed to read block 0x0: -5
[  503.457311][   T29] audit: type=1400 audit(1770844837.953:707): avc:  denied  { create } for  pid=11790 comm="syz.7.1468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  504.388104][ T5977] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  505.131363][ T5977] usb 7-1: Using ep0 maxpacket: 32
[  506.091800][ T5977] usb 7-1: unable to get BOS descriptor or descriptor too short
[  506.139807][ T5977] usb 7-1: unable to read config index 0 descriptor/start: -71
[  506.147460][ T5977] usb 7-1: can't read configurations, error -71
[  506.318389][   T24] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  506.975454][   T24] usb 1-1: Using ep0 maxpacket: 32
[  506.988054][   T24] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[  507.073660][T11831] xt_hashlimit: max too large, truncated to 1048576
[  507.081700][T11831] No such timeout policy "syz1"
[  507.428217][   T24] usb 1-1: config 0 has no interface number 0
[  507.434373][   T24] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  507.452664][   T24] usb 1-1: config 0 interface 196 has no altsetting 0
[  507.486651][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  507.499599][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.635440][   T24] usb 1-1: Product: syz
[  507.640352][   T24] usb 1-1: Manufacturer: syz
[  507.644982][   T24] usb 1-1: SerialNumber: syz
[  507.731331][T11836] xt_hashlimit: max too large, truncated to 1048576
[  507.740991][T11836] No such timeout policy "syz1"
[  508.086561][   T24] usb 1-1: config 0 descriptor??
[  508.105610][T11817] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  508.150261][ T5977] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  508.257891][   T24] ipheth 1-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  508.277188][   T24] ipheth 1-1:0.196: probe with driver ipheth failed with error -71
[  508.321332][ T5977] usb 7-1: too many configurations: 70, using maximum allowed: 8
[  508.339014][   T24] usb 1-1: USB disconnect, device number 44
[  508.349153][ T5977] usb 7-1: config index 0 descriptor too short (expected 65016, got 133)
[  508.358275][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  508.371961][ T5977] usb 7-1: config index 1 descriptor too short (expected 65016, got 133)
[  508.385522][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  508.392170][T11839] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1480'.
[  508.397698][ T5977] usb 7-1: config index 2 descriptor too short (expected 65016, got 133)
[  508.413499][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  508.432000][ T5977] usb 7-1: config index 3 descriptor too short (expected 65016, got 133)
[  508.442009][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  508.454312][ T5977] usb 7-1: config index 4 descriptor too short (expected 65016, got 133)
[  508.464547][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  508.468534][T11839] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11839 comm=syz.0.1480
[  508.476348][ T5977] usb 7-1: config index 5 descriptor too short (expected 65016, got 133)
[  508.507416][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  509.442981][T10085] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  509.452117][ T5977] usb 7-1: config index 6 descriptor too short (expected 65016, got 133)
[  509.584253][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  509.776898][ T5977] usb 7-1: config index 7 descriptor too short (expected 65016, got 133)
[  509.785979][ T5977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  509.800159][ T5977] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  509.911922][ T5977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.923260][ T5977] usb 7-1: Product: syz
[  509.938037][ T5977] usb 7-1: Manufacturer: syz
[  510.277980][ T5865] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  510.285726][T11689] Bluetooth: hci8: Opcode 0x1003 failed: -110
[  510.711036][ T5977] usb 7-1: SerialNumber: syz
[  510.737626][ T5977] usb 7-1: can't set config #1, error -71
[  510.884305][ T5865] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  510.915654][ T5865] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  511.065304][T10135] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  511.078229][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.151322][ T5865] usb 3-1: config 0 descriptor??
[  511.374290][T10135] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  511.389860][T10135] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  511.850112][T10135] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  511.859440][T10135] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  511.867521][T10135] usb 8-1: Manufacturer: syz
[  511.875642][T10135] usb 8-1: config 0 descriptor??
[  511.892738][T10135] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  511.897362][ T5977] usb 7-1: USB disconnect, device number 8
[  512.067114][ T5865] lenovo 0003:17EF:6067.0014: reserved main item tag 0xe
[  512.078935][ T5865] lenovo 0003:17EF:6067.0014: hidraw0: USB HID vff.fc Device [HID 17ef:6067] on usb-dummy_hcd.2-1/input0
[  512.825609][ T5977] usb 3-1: USB disconnect, device number 24
[  512.990425][T11867] fido_id[11867]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:17EF:6067.0014/report_descriptor': No such device
[  513.968081][ T5865] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  514.122358][ T5865] usb 7-1: Using ep0 maxpacket: 32
[  514.151241][ T5865] usb 7-1: config 0 has an invalid interface number: 196 but max is 0
[  514.159544][ T5865] usb 7-1: config 0 has no interface number 0
[  514.172406][ T5865] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  514.968427][ T5865] usb 7-1: config 0 interface 196 has no altsetting 0
[  514.990215][ T5865] usb 7-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  515.010952][ T5865] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.026343][ T5865] usb 7-1: Product: syz
[  515.070642][ T5865] usb 7-1: Manufacturer: syz
[  515.082531][ T5865] usb 7-1: SerialNumber: syz
[  515.102101][ T5865] usb 7-1: config 0 descriptor??
[  515.197716][T11876] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  515.505685][T11896] pimreg: entered allmulticast mode
[  515.978490][   T10] usb 8-1: USB disconnect, device number 3
[  516.193077][T11876] bridge0: port 3(syz_tun) entered blocking state
[  516.208176][T11876] bridge0: port 3(syz_tun) entered disabled state
[  516.224751][T11876] syz_tun: entered allmulticast mode
[  516.302738][T11876] syz_tun: entered promiscuous mode
[  516.340222][ T5865] ipheth 7-1:0.196: ipheth_enable_ncm: usb_control_msg: -71
[  516.787884][ T5865] ipheth 7-1:0.196: Apple iPhone USB Ethernet device attached
[  516.819698][ T5865] usb 7-1: USB disconnect, device number 9
[  517.025189][ T5865] ipheth 7-1:0.196: Apple iPhone USB Ethernet now disconnected
[  517.256602][ T5977] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  517.305010][ T5931] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  517.735009][ T5931] usb 1-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  517.767365][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.864904][ T5931] usb 1-1: Product: syz
[  517.871391][ T5931] usb 1-1: Manufacturer: syz
[  517.876702][ T5931] usb 1-1: SerialNumber: syz
[  517.897918][ T5931] usb 1-1: config 0 descriptor??
[  517.907944][ T5931] usb 1-1: interface 1 not found
[  518.308936][ T5977] usb 3-1: too many configurations: 70, using maximum allowed: 8
[  519.622636][ T5977] usb 3-1: config index 0 descriptor too short (expected 65016, got 133)
[  519.646970][ T5977] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  520.205241][ T5977] usb 3-1: unable to read config index 1 descriptor/start: -71
[  520.213291][ T5977] usb 3-1: can't read configurations, error -71
[  520.786947][  T791] usb 1-1: USB disconnect, device number 45
[  522.333989][T11943] random: crng reseeded on system resumption
[  524.428988][T11689] Bluetooth: hci7: command 0x1003 tx timeout
[  524.446937][ T5809] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  524.758976][ T5931] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  524.780246][   T55] block nbd1: Possible stuck request ffff888026958000: control (read@0,1024B). Runtime 240 seconds
[  524.791347][   T55] block nbd1: Possible stuck request ffff888026958200: control (read@1024,1024B). Runtime 240 seconds
[  524.802532][   T55] block nbd1: Possible stuck request ffff888026958400: control (read@2048,1024B). Runtime 240 seconds
[  524.916798][   T55] block nbd1: Possible stuck request ffff888026958600: control (read@3072,1024B). Runtime 240 seconds
[  524.992124][ T5931] usb 8-1: Using ep0 maxpacket: 32
[  525.000970][ T5931] usb 8-1: config 0 has an invalid interface number: 196 but max is 0
[  525.011368][ T5931] usb 8-1: config 0 has no interface number 0
[  525.018344][ T5931] usb 8-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  525.030767][ T5931] usb 8-1: config 0 interface 196 has no altsetting 0
[  525.042271][ T5931] usb 8-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  525.052823][ T5931] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.060954][ T5931] usb 8-1: Product: syz
[  525.065374][ T5931] usb 8-1: Manufacturer: syz
[  525.072760][ T5931] usb 8-1: SerialNumber: syz
[  525.122790][ T5931] usb 8-1: config 0 descriptor??
[  525.131359][T11963] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  525.208820][  T791] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  525.387738][T11978] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1515'.
[  525.397492][  T791] usb 1-1: too many configurations: 70, using maximum allowed: 8
[  525.405369][ T5977] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  525.425348][  T791] usb 1-1: config index 0 descriptor too short (expected 65016, got 133)
[  525.435548][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.471381][  T791] usb 1-1: config index 1 descriptor too short (expected 65016, got 133)
[  525.491913][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.515115][  T791] usb 1-1: config index 2 descriptor too short (expected 65016, got 133)
[  525.532629][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.561078][  T791] usb 1-1: config index 3 descriptor too short (expected 65016, got 133)
[  525.571068][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  525.583619][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.594544][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.622913][  T791] usb 1-1: config index 4 descriptor too short (expected 65016, got 133)
[  525.631667][T11978] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11978 comm=syz.2.1515
[  525.657889][ T5977] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  525.675697][ T5977] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  525.694157][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.705971][ T5977] usb 5-1: Manufacturer: syz
[  525.721646][ T5977] usb 5-1: config 0 descriptor??
[  525.734557][  T791] usb 1-1: config index 5 descriptor too short (expected 65016, got 133)
[  525.743993][T11963] bridge0: port 3(syz_tun) entered blocking state
[  525.751126][T11963] bridge0: port 3(syz_tun) entered disabled state
[  525.760444][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.771217][T11963] syz_tun: entered allmulticast mode
[  525.787611][  T791] usb 1-1: config index 6 descriptor too short (expected 65016, got 133)
[  525.800558][T11963] syz_tun: entered promiscuous mode
[  525.805978][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.821363][ T5931] ipheth 8-1:0.196: ipheth_enable_ncm: usb_control_msg: -71
[  525.842532][  T791] usb 1-1: config index 7 descriptor too short (expected 65016, got 133)
[  525.868688][  T791] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  525.888760][ T5931] ipheth 8-1:0.196: Apple iPhone USB Ethernet device attached
[  525.904247][  T791] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  525.913375][  T791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.932359][ T5931] usb 8-1: USB disconnect, device number 4
[  525.940239][  T791] usb 1-1: Product: syz
[  527.063695][ T5977] usbhid 5-1:0.0: can't add hid device: -71
[  527.127595][  T791] usb 1-1: Manufacturer: syz
[  527.132236][  T791] usb 1-1: SerialNumber: syz
[  527.137579][ T5977] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  527.364072][ T5977] usb 5-1: USB disconnect, device number 39
[  527.372887][ T5931] ipheth 8-1:0.196: Apple iPhone USB Ethernet now disconnected
[  527.406087][  T791] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  527.451753][ T5872] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  527.598322][T11992] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1519'.
[  527.883880][T11973] bond0: (slave gre0): Error: Device type is different from other slaves
[  527.957601][T12000] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  528.039211][   T29] audit: type=1400 audit(1770844863.760:708): avc:  denied  { mount } for  pid=12001 comm="syz.4.1522" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  528.083857][   T29] audit: type=1404 audit(1770844863.802:709): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[  528.111711][   T29] audit: type=1400 audit(1770844863.823:710): avc:  denied  { ioctl } for  pid=11972 comm="syz.0.1513" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5507 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0
[  528.266752][   T29] audit: type=1400 audit(1770844863.886:711): avc:  denied  { ioctl } for  pid=11999 comm="syz.2.1521" path="socket:[42076]" dev="sockfs" ino=42076 ioctlcmd=0x9363 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0
[  528.296209][   T29] audit: type=1400 audit(1770844863.886:712): avc:  denied  { allowed } for  pid=11999 comm="syz.2.1521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=0
[  528.352649][   T29] audit: type=1400 audit(1770844863.928:713): avc:  denied  { create } for  pid=12001 comm="syz.4.1522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=0
[  528.523586][T10135] usb 1-1: USB disconnect, device number 46
[  528.532526][   T29] audit: type=1400 audit(1770844863.938:714): avc:  denied  { create } for  pid=12001 comm="syz.4.1522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=0
[  528.596369][   T29] audit: type=1400 audit(1770844863.959:715): avc:  denied  { ioctl } for  pid=11972 comm="syz.0.1513" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5507 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0
[  528.627621][   T29] audit: type=1400 audit(1770844863.970:716): avc:  denied  { create } for  pid=11972 comm="syz.0.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  528.660385][T11138] syz_tun (unregistering): left allmulticast mode
[  528.668543][T11138] syz_tun (unregistering): left promiscuous mode
[  528.675053][T11138] bridge0: port 3(syz_tun) entered disabled state
[  528.682879][   T29] audit: type=1400 audit(1770844863.980:717): avc:  denied  { create } for  pid=11972 comm="syz.0.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  528.704546][ T5872] usb 1-1: Service connection timeout for: 256
[  528.710916][ T5872] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  528.719176][ T5872] ath9k_htc: Failed to initialize the device
[  528.729088][T10135] usb 1-1: ath9k_htc: USB layer deinitialized
[  529.428672][   T13] bridge_slave_1: left allmulticast mode
[  529.434347][   T13] bridge_slave_1: left promiscuous mode
[  529.469985][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  529.496748][   T13] bridge_slave_0: left allmulticast mode
[  529.511894][   T13] bridge_slave_0: left promiscuous mode
[  529.523135][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.286783][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  530.364977][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  530.381996][   T13] bond0 (unregistering): Released all slaves
[  530.403698][   T13] bond1 (unregistering): Released all slaves
[  531.026878][   T13] hsr_slave_0: left promiscuous mode
[  531.045943][   T13] hsr_slave_1: left promiscuous mode
[  531.074774][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.125223][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  532.288735][   T13] team0 (unregistering): Port device team_slave_1 removed
[  532.374242][   T13] team0 (unregistering): Port device team_slave_0 removed
[  532.813001][   T29] kauditd_printk_skb: 10013 callbacks suppressed
[  532.813018][   T29] audit: type=1400 audit(1770844868.768:8812): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  532.856227][ T5470] audit: audit_backlog=65 > audit_backlog_limit=64
[  532.862857][ T5470] audit: audit_lost=641 audit_rate_limit=0 audit_backlog_limit=64
[  532.870875][ T5470] audit: backlog limit exceeded
[  532.875844][ T5470] audit: audit_backlog=65 > audit_backlog_limit=64
[  532.883040][   T29] audit: type=1400 audit(1770844868.768:8813): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  532.910041][ T5470] audit: audit_lost=642 audit_rate_limit=0 audit_backlog_limit=64
[  532.918132][ T5470] audit: backlog limit exceeded
[  532.923263][ T5470] audit: audit_backlog=65 > audit_backlog_limit=64
[  532.930246][   T29] audit: type=1400 audit(1770844868.768:8814): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  533.553432][T12067] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1540'.
[  536.377770][ T5175] udevd[5175]: worker [7425] /devices/virtual/block/nbd1 timeout; kill it
[  536.402803][ T5175] udevd[5175]: seq 13256 '/devices/virtual/block/nbd1' killed
[  537.524662][   T30] INFO: task syz.5.1119:10301 blocked for more than 143 seconds.
[  537.535892][   T30]       Not tainted syzkaller #0
[  537.540849][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  537.562820][   T30] task:syz.5.1119      state:D stack:29048 pid:10301 tgid:10300 ppid:9642   task_flags:0x400040 flags:0x00080002
[  537.591342][   T30] Call Trace:
[  537.594673][   T29] kauditd_printk_skb: 15383 callbacks suppressed
[  537.594684][   T29] audit: type=1400 audit(1770844873.786:21943): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  537.622378][   T30]  <TASK>
[  537.625327][   T30]  __schedule+0x1023/0x6000
[  537.632180][   T30]  ? __lock_acquire+0x4a5/0x2630
[  537.637139][   T30]  ? __pfx___schedule+0x10/0x10
[  537.653139][   T30]  ? find_held_lock+0x2b/0x80
[  537.659636][   T29] audit: type=1400 audit(1770844873.786:21944): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  537.660753][ T5470] audit: audit_backlog=65 > audit_backlog_limit=64
[  537.686295][   T30]  ? schedule+0x2bf/0x390
[  537.696098][   T30]  schedule+0xdd/0x390
[  537.700176][   T30]  schedule_preempt_disabled+0x13/0x30
[  537.715147][   T30]  __mutex_lock+0xc9a/0x1b90
[  537.715722][ T5470] audit: audit_lost=1395 audit_rate_limit=0 audit_backlog_limit=64
[  537.719764][   T30]  ? irqentry_exit+0x180/0x670
[  537.719794][   T30]  ? sync_bdevs+0x153/0x480
[  537.728775][ T5470] audit: backlog limit exceeded
[  537.733997][   T29] audit: type=1400 audit(1770844873.786:21945): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  537.737505][ T5470] audit: audit_backlog=65 > audit_backlog_limit=64
[  537.753232][   T29] audit: type=1400 audit(1770844873.786:21946): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  537.763390][ T5470] audit: audit_lost=1396 audit_rate_limit=0 audit_backlog_limit=64
[  537.769430][   T30]  ? __lock_acquire+0x4a5/0x2630
[  537.810197][   T29] audit: type=1400 audit(1770844873.786:21947): avc:  denied  { read } for  pid=5470 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0
[  537.862998][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  537.875073][   T30]  ? iput.part.0+0x1a0/0xf50
[  537.885869][   T30]  ? sync_bdevs+0x153/0x480
[  537.897284][   T30]  sync_bdevs+0x153/0x480
[  537.905144][   T30]  ksys_sync+0xb2/0x150
[  537.909646][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  537.917128][   T30]  ? rcu_is_watching+0x12/0xc0
[  537.927411][   T30]  ? do_syscall_64+0x95/0xf80
[  537.938350][   T30]  __do_sys_sync+0xe/0x20
[  537.948425][   T30]  do_syscall_64+0x106/0xf80
[  537.957732][   T30]  ? clear_bhb_loop+0x40/0x90
[  537.968206][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.981078][   T30] RIP: 0033:0x7f5aafb9bf79
[  537.994005][   T30] RSP: 002b:00007f5ab0a58028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  538.012442][   T30] RAX: ffffffffffffffda RBX: 00007f5aafe15fa0 RCX: 00007f5aafb9bf79
[  538.029196][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  538.046246][   T30] RBP: 00007f5aafe15fa0 R08: 0000000000000000 R09: 0000000000000000
[  538.062998][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  538.075119][   T30] R13: 00007f5aafe16038 R14: 00007f5aafe15fa0 R15: 00007fff5ceaa7c8
[  538.090175][   T30]  </TASK>
[  538.103410][   T30] INFO: task syz.5.1119:10304 blocked for more than 143 seconds.
[  538.129526][   T30]       Not tainted syzkaller #0
[  538.147115][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  538.177473][   T30] task:syz.5.1119      state:D stack:29048 pid:10304 tgid:10300 ppid:9642   task_flags:0x400040 flags:0x00080002
[  538.228067][   T30] Call Trace:
[  538.243509][   T30]  <TASK>
[  538.267535][   T30]  __schedule+0x1023/0x6000
[  538.272118][   T30]  ? __lock_acquire+0x4a5/0x2630
[  538.370358][   T30]  ? __pfx___schedule+0x10/0x10
[  538.378318][   T30]  ? find_held_lock+0x2b/0x80
[  538.384168][   T30]  ? schedule+0x2bf/0x390
[  538.388536][   T30]  schedule+0xdd/0x390
[  538.402561][   T30]  schedule_preempt_disabled+0x13/0x30
[  538.415086][   T30]  __mutex_lock+0xc9a/0x1b90
[  538.420699][   T30]  ? sync_bdevs+0x153/0x480
[  538.439666][   T30]  ? __lock_acquire+0x4a5/0x2630
[  538.444682][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  538.451623][   T30]  ? __mutex_unlock_slowpath+0x15c/0x790
[  538.457294][   T30]  ? iput.part.0+0x1a0/0xf50
[  538.467789][   T30]  ? sync_bdevs+0x153/0x480
[  538.472325][   T30]  sync_bdevs+0x153/0x480
[  538.476668][   T30]  ksys_sync+0xb2/0x150
[  538.497149][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  538.501962][   T30]  ? kcov_ioctl+0x16a/0x720
[  538.517068][   T30]  ? rcu_is_watching+0x12/0xc0
[  538.521873][   T30]  ? do_syscall_64+0x95/0xf80
[  538.537515][   T30]  __do_sys_sync+0xe/0x20
[  538.541894][   T30]  do_syscall_64+0x106/0xf80
[  538.557997][   T30]  ? clear_bhb_loop+0x40/0x90
[  538.568368][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.574669][   T30] RIP: 0033:0x7f5aafb9bf79
[  538.579370][   T30] RSP: 002b:00007f5ab0a37028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  538.589628][   T30] RAX: ffffffffffffffda RBX: 00007f5aafe16090 RCX: 00007f5aafb9bf79
[  538.598850][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  538.608128][   T30] RBP: 00007f5aafe16090 R08: 0000000000000000 R09: 0000000000000000
[  538.618351][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  538.626988][   T30] R13: 00007f5aafe16128 R14: 00007f5aafe16090 R15: 00007fff5ceaa7c8
[  538.635753][   T30]  </TASK>
[  538.639179][   T30] INFO: task syz.5.1119:10305 blocked for more than 144 seconds.
[  538.647004][   T30]       Not tainted syzkaller #0
[  538.653800][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  538.667588][   T30] task:syz.5.1119      state:D stack:28200 pid:10305 tgid:10300 ppid:9642   task_flags:0x400040 flags:0x00080002
[  538.680538][   T30] Call Trace:
[  538.684636][   T30]  <TASK>
[  538.689761][   T30]  __schedule+0x1023/0x6000
[  538.695051][   T30]  ? __lock_acquire+0x4a5/0x2630
[  538.701145][   T30]  ? __pfx___schedule+0x10/0x10
[  538.706946][   T30]  ? find_held_lock+0x2b/0x80
[  538.712404][   T30]  ? schedule+0x2bf/0x390
[  538.717461][   T30]  schedule+0xdd/0x390
[  538.722042][   T30]  schedule_preempt_disabled+0x13/0x30
[  538.728143][   T30]  __mutex_lock+0xc9a/0x1b90
[  538.733309][   T30]  ? sync_bdevs+0x153/0x480
[  538.738424][   T30]  ? __lock_acquire+0x4a5/0x2630
[  538.744036][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  538.749646][   T30]  ? __mutex_unlock_slowpath+0x15c/0x790
[  538.756161][   T30]  ? iput.part.0+0x1a0/0xf50
[  538.761302][   T30]  ? sync_bdevs+0x153/0x480
[  538.766374][   T30]  sync_bdevs+0x153/0x480
[  538.771208][   T30]  ksys_sync+0xb2/0x150
[  538.775944][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  538.781261][   T30]  ? kcov_ioctl+0x16a/0x720
[  538.786275][   T30]  ? rcu_is_watching+0x12/0xc0
[  538.791583][   T30]  ? do_syscall_64+0x95/0xf80
[  538.797398][   T30]  __do_sys_sync+0xe/0x20
[  538.802112][   T30]  do_syscall_64+0x106/0xf80
[  538.806720][   T30]  ? clear_bhb_loop+0x40/0x90
[  538.812743][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.819297][   T30] RIP: 0033:0x7f5aafb9bf79
[  538.823884][   T30] RSP: 002b:00007f5ab0a16028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  538.832440][   T30] RAX: ffffffffffffffda RBX: 00007f5aafe16180 RCX: 00007f5aafb9bf79
[  538.840468][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  538.849439][   T30] RBP: 00007f5aafe16180 R08: 0000000000000000 R09: 0000000000000000
[  538.857444][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  538.866389][   T30] R13: 00007f5aafe16218 R14: 00007f5aafe16180 R15: 00007fff5ceaa7c8
[  538.875125][   T30]  </TASK>
[  538.887981][ T9617] syz_tun (unregistering): left allmulticast mode
[  538.895081][ T9617] syz_tun (unregistering): left promiscuous mode
[  538.901574][ T9617] bridge0: port 3(syz_tun) entered disabled state
[  538.932248][   T30] 
[  538.932248][   T30] Showing all locks held in the system:
[  538.941142][   T30] 3 locks held by kworker/u8:1/13:
[  538.969875][   T30]  #0: ffff88813fe29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840
[  538.986228][   T30]  #1: ffffc90000127d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840
[  538.997853][   T30]  #2: ffffffff903fb328 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  539.007402][   T30] 1 lock held by khungtaskd/30:
[  539.012699][   T30]  #0: ffffffff8e5e7060 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  539.023308][   T30] 2 locks held by getty/5560:
[  539.027988][   T30]  #0: ffff88814e0890a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  539.038416][   T30]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500
[  539.052763][   T30] 1 lock held by syz-executor/5804:
[  539.058854][   T30]  #0: ffffffff903fb328 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220
[  539.070236][   T30] 3 locks held by kworker/0:4/5865:
[  539.075946][   T30] 3 locks held by kworker/1:4/5872:
[  539.081954][   T30]  #0: ffff88813fe19948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840
[  539.094000][   T30]  #1: ffffc9000496fd08 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840
[  539.106347][   T30]  #2: ffffffff903fb328 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  539.139322][   T30] 1 lock held by udevd/7425:
[  539.150891][   T30]  #0: ffff888026899358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  539.174474][   T30] 1 lock held by syz.0.974/9617:
[  539.179448][   T30]  #0: ffffffff903fb328 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220
[  539.207446][   T30] 3 locks held by kworker/0:3/10135:
[  539.220509][   T30]  #0: ffff88813fe19948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840
[  539.245016][   T30]  #1: ffffc9000409fd08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840
[  539.268164][   T30]  #2: ffffffff8e5f2c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  539.296163][   T30] 1 lock held by syz.5.1119/10301:
[  539.301291][   T30]  #0: ffff888026899358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  539.324746][   T30] 1 lock held by syz.5.1119/10304:
[  539.329882][   T30]  #0: ffff888026899358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  539.354322][   T30] 1 lock held by syz.5.1119/10305:
[  539.359437][   T30]  #0: ffff888026899358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  539.391371][   T30] 1 lock held by syz.3.1272/10960:
[  539.396511][   T30]  #0: ffff888026899358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  539.419958][   T30] 1 lock held by syz.6.1549/12091:
[  539.425119][   T30]  #0: ffffffff903fb328 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220
[  539.448766][   T30] 
[  539.451117][   T30] =============================================
[  539.451117][   T30] 
[  539.463057][   T30] NMI backtrace for cpu 1
[  539.463073][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  539.463091][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  539.463099][   T30] Call Trace:
[  539.463105][   T30]  <TASK>
[  539.463112][   T30]  dump_stack_lvl+0x100/0x190
[  539.463142][   T30]  nmi_cpu_backtrace.cold+0x12d/0x151
[  539.463169][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  539.463193][   T30]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  539.463215][   T30]  sys_info+0x141/0x190
[  539.463231][   T30]  watchdog+0xcc3/0xfe0
[  539.463253][   T30]  ? __pfx_watchdog+0x10/0x10
[  539.463269][   T30]  ? __kthread_parkme+0x18c/0x230
[  539.463289][   T30]  ? kthread+0x13a/0x450
[  539.463307][   T30]  ? __pfx_watchdog+0x10/0x10
[  539.463320][   T30]  kthread+0x370/0x450
[  539.463339][   T30]  ? __pfx_kthread+0x10/0x10
[  539.463360][   T30]  ret_from_fork+0x754/0xd80
[  539.463383][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  539.463408][   T30]  ? __switch_to+0x7b4/0x10c0
[  539.463424][   T30]  ? __pfx_kthread+0x10/0x10
[  539.463447][   T30]  ret_from_fork_asm+0x1a/0x30
[  539.463473][   T30]  </TASK>
[  539.463481][   T30] Sending NMI from CPU 1 to CPUs 0:
[  539.584022][    C0] NMI backtrace for cpu 0
[  539.584039][    C0] CPU: 0 UID: 0 PID: 6038 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  539.584056][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  539.584065][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  539.584086][    C0] RIP: 0010:unwind_next_frame+0x2ec/0x1ea0
[  539.584104][    C0] Code: 4f 8d 84 00 9c 32 4c 91 49 81 f8 20 65 10 92 0f 87 62 09 00 00 29 ca 48 8d 3c bd 44 66 c9 90 4c 89 f9 48 89 c6 e8 34 f5 ff ff <48> 89 c1 48 85 c9 0f 85 c5 01 00 00 48 b8 00 00 00 00 00 fc ff df
[  539.584117][    C0] RSP: 0018:ffffc90004dbece0 EFLAGS: 00000282
[  539.584127][    C0] RAX: ffffffff91639dc2 RBX: 0000000000000001 RCX: dffffc0000000000
[  539.584137][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff90d90308
[  539.584145][    C0] RBP: ffffc90004dbed98 R08: ffffffff91639dc8 R09: 0000000000000007
[  539.584153][    C0] R10: 0000000000000200 R11: 00000000000166d1 R12: ffffc90004dbeda0
[  539.584162][    C0] R13: ffffc90004dbed50 R14: ffffc90004dbed85 R15: ffffffff8266d186
[  539.584171][    C0] FS:  0000000000000000(0000) GS:ffff8881245b3000(0000) knlGS:0000000000000000
[  539.584186][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  539.584195][    C0] CR2: 00005597ef3c0028 CR3: 000000003359f000 CR4: 00000000003526f0
[  539.584203][    C0] Call Trace:
[  539.584207][    C0]  <TASK>
[  539.584212][    C0]  ? kfree+0x1c7/0x690
[  539.584233][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  539.584248][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  539.584263][    C0]  arch_stack_walk+0x94/0xf0
[  539.584278][    C0]  ? kfree+0x1c7/0x690
[  539.584296][    C0]  stack_trace_save+0x8e/0xc0
[  539.584309][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  539.584323][    C0]  ? __lock_acquire+0x4a5/0x2630
[  539.584342][    C0]  kasan_save_stack+0x30/0x50
[  539.584354][    C0]  ? kasan_save_stack+0x30/0x50
[  539.584366][    C0]  ? kasan_save_track+0x14/0x30
[  539.584377][    C0]  ? kasan_save_free_info+0x3b/0x70
[  539.584394][    C0]  ? __kasan_slab_free+0x5f/0x80
[  539.584407][    C0]  ? kfree+0x1c7/0x690
[  539.584438][    C0]  kasan_save_track+0x14/0x30
[  539.584450][    C0]  kasan_save_free_info+0x3b/0x70
[  539.584467][    C0]  __kasan_slab_free+0x5f/0x80
[  539.584481][    C0]  kfree+0x1c7/0x690
[  539.584497][    C0]  ? mark_held_locks+0x40/0x70
[  539.584512][    C0]  ? ieee80211_inform_bss+0x8d5/0x1150
[  539.584531][    C0]  ? ieee80211_inform_bss+0x8d5/0x1150
[  539.584547][    C0]  ieee80211_inform_bss+0x8d5/0x1150
[  539.584566][    C0]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[  539.584587][    C0]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[  539.584605][    C0]  cfg80211_inform_single_bss_data+0x898/0x1d40
[  539.584622][    C0]  ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[  539.584635][    C0]  ? __lock_acquire+0x4a5/0x2630
[  539.584657][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  539.584671][    C0]  ? stack_depot_save_flags+0x27/0x9d0
[  539.584687][    C0]  ? cfg80211_inform_bss_data+0x230/0x39f0
[  539.584700][    C0]  cfg80211_inform_bss_data+0x230/0x39f0
[  539.584713][    C0]  ? process_one_work+0x9c2/0x1840
[  539.584731][    C0]  ? kthread+0x370/0x450
[  539.584752][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  539.584769][    C0]  ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[  539.584785][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  539.584800][    C0]  ? _ieee802_11_parse_elems_full+0x5d9/0x4610
[  539.584826][    C0]  ? __lock_acquire+0x4a5/0x2630
[  539.584845][    C0]  ? ieee802_11_parse_elems_full+0xed5/0x3720
[  539.584867][    C0]  cfg80211_inform_bss_frame_data+0x247/0x730
[  539.584883][    C0]  ieee80211_bss_info_update+0x310/0xab0
[  539.584901][    C0]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[  539.584922][    C0]  ? find_held_lock+0x2b/0x80
[  539.584935][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x18df/0x2f30
[  539.584954][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x18df/0x2f30
[  539.584973][    C0]  ieee80211_ibss_rx_queued_mgmt+0x1919/0x2f30
[  539.584991][    C0]  ? find_held_lock+0x2b/0x80
[  539.585007][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  539.585026][    C0]  ? rcu_is_watching+0x12/0xc0
[  539.585038][    C0]  ? trace_contention_end+0xd6/0x110
[  539.585062][    C0]  ? kcov_remote_start+0x374/0x660
[  539.585079][    C0]  ieee80211_iface_work+0xbf1/0x1350
[  539.585098][    C0]  ? rcu_is_watching+0x12/0xc0
[  539.585110][    C0]  cfg80211_wiphy_work+0x3f7/0x560
[  539.585126][    C0]  process_one_work+0x9c2/0x1840
[  539.585148][    C0]  ? __pfx_process_one_work+0x10/0x10
[  539.585169][    C0]  ? assign_work+0x19c/0x250
[  539.585187][    C0]  worker_thread+0x5da/0xe40
[  539.585208][    C0]  ? __pfx_worker_thread+0x10/0x10
[  539.585226][    C0]  ? kthread+0x13a/0x450
[  539.585242][    C0]  ? __pfx_worker_thread+0x10/0x10
[  539.585260][    C0]  kthread+0x370/0x450
[  539.585276][    C0]  ? __pfx_kthread+0x10/0x10
[  539.585293][    C0]  ret_from_fork+0x754/0xd80
[  539.585312][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  539.585331][    C0]  ? __switch_to+0x7b4/0x10c0
[  539.585345][    C0]  ? __pfx_kthread+0x10/0x10
[  539.585362][    C0]  ret_from_fork_asm+0x1a/0x30
[  539.585381][    C0]  </TASK>
[  540.094828][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  540.101711][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  540.110831][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  540.120894][   T30] Call Trace:
[  540.124179][   T30]  <TASK>
[  540.127111][   T30]  dump_stack_lvl+0x100/0x190
[  540.131802][   T30]  vpanic+0x20d/0x630
[  540.135797][   T30]  panic+0xd1/0xd1
[  540.139520][   T30]  ? __pfx_panic+0x10/0x10
[  540.143938][   T30]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  540.150101][   T30]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  540.156262][   T30]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  540.162428][   T30]  ? watchdog.cold+0x198/0x1ca
[  540.167196][   T30]  ? watchdog+0xcd3/0xfe0
[  540.171528][   T30]  watchdog.cold+0x1a9/0x1ca
[  540.176126][   T30]  ? __pfx_watchdog+0x10/0x10
[  540.180809][   T30]  ? __kthread_parkme+0x18c/0x230
[  540.185838][   T30]  ? kthread+0x13a/0x450
[  540.190091][   T30]  ? __pfx_watchdog+0x10/0x10
[  540.194769][   T30]  kthread+0x370/0x450
[  540.198833][   T30]  ? __pfx_kthread+0x10/0x10
[  540.203408][   T30]  ret_from_fork+0x754/0xd80
[  540.207987][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  540.213088][   T30]  ? __switch_to+0x7b4/0x10c0
[  540.217748][   T30]  ? __pfx_kthread+0x10/0x10
[  540.222320][   T30]  ret_from_fork_asm+0x1a/0x30
[  540.227072][   T30]  </TASK>
[  540.230340][   T30] Kernel Offset: disabled
[  540.234639][   T30] Rebooting in 86400 seconds..