last executing test programs:

8m54.420719041s ago: executing program 2 (id=1593):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x11)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)={'U+', 0x7}, 0x16, 0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001600)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000480000002c41000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff010011d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcebc7586186fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35eff00006b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f58fa48f61071f548d411353965615c24c1860fd0dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9778289c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba17a647a171c2fc73a8c7541c7ffaafba62195fce77382ae962f30d4a377d760040975a44aa73a4e687d06f96f0987b980f6f883534dfc71ace539eeeb08cff54e0e05d5e0563660a3664c67d0eb9cdf4eab93ab4bf1972a2acc5c5d43dc2f2b66d7493c390d042d896a1ad772f6d4c2cf38ba0"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)="fa82", 0x7058}], 0x1}, 0x20000000)
bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4f23, 0x100, @private1={0xfc, 0x1, '\x00', 0x1}, 0xffffffff}}, 0x24)
r4 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x2001, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000400000003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

8m51.570972818s ago: executing program 2 (id=1599):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = semget$private(0x0, 0x3, 0x13)
semctl$SETALL(r1, 0x0, 0x11, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10)
r2 = socket(0x10, 0x400000000080803, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x4, 0x0, 0x45, 0xfffffffe, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}})
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f00000000c0), &(0x7f0000000140))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r4 = syz_open_dev$loop(&(0x7f00000006c0), 0x47ffff7, 0x542c42)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000440)={r3, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
preadv(r4, &(0x7f0000000d40), 0x0, 0x7fff, 0x8a6)
socket$kcm(0x10, 0x2, 0x4)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140))
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)

8m49.117952419s ago: executing program 2 (id=1607):
unshare(0x6a040000)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000140)=0xec62, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sw_sync(0xffffff9c, &(0x7f0000000040), 0x80, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={0x5c, r4, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @multicast2}}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x5c}}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f00000000c0)={0x6, "89698ab74a98235749a9a89924cc7208716bde2e9da33997943b7e3eafdabafb"})
syz_emit_ethernet(0x46, &(0x7f0000002e80)=ANY=[], 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000001440)={'veth1_to_bond\x00', &(0x7f00000005c0)=@ethtool_dump={0x3e, 0x1, 0x900000a}})
r5 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0185648, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xfffffffffffffe20)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
quotactl_fd$Q_SYNC(r6, 0x80000305, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x18, &(0x7f0000000a40)=ANY=[@ANYBLOB, @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b70300001eb100008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

8m44.784105343s ago: executing program 2 (id=1616):
io_setup(0x9, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32], 0x50)
sendto$inet(r1, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r3}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r4, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r1}, 0x20)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x2000, 0x0)
sendfile(r5, r6, 0x0, 0x400)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x20441, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_on}, {@userxattr}]})
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000145f405e04bd84b689010203010902240001000000000904ed0002ff5d010009050303000000050009058a"], 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f0000000140)="0a000200010078", 0x7)
r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x101002)
writev(r8, &(0x7f0000000540)=[{&(0x7f00000007c0)="03e6b107", 0x4}], 0x1)
memfd_create(&(0x7f00000000c0)='/dev/qrtr-tun\x00', 0x4)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_vs\x00')

8m41.540518173s ago: executing program 2 (id=1628):
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x5, 0x8a}, 0x0)
syz_emit_ethernet(0xfc1, &(0x7f00000001c0)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0xfb3, 0x0, 0x0, 0x0, 0x84, 0x0, @remote, @broadcast}, "dd9dec79219eb549dbd024c796335bc5ff0e043319357749084ca9d0ae1378f4e88112a2f7c10fd1523b9007773fd2b2bd0ebabccd2e5c35fb3baff587585840f2530c6f4d025f118440ac22a8b34da7b5e1e873bd429686be3ef84439e05fc0fefedb8b897b09445a9e10cf24aec2ff3ca6a86d94df0c4a928ed904dcfb02e6c6c5918a839d33cb9b55dfb3cd89d80eb18dc06415d313b4ea240a65eff4b941ac018e8f81de044239960271333255291b5fbfdcf8db25e175640f36986b859aeb3370ca17e6a20aeeb5c5d27eb097fc1fab796a7ff8fcbe119bbe4be2c8a5c58890191c59bea20bfe4edf9c5453e59f610d3bd1d6eb49b02e464aee0480187c5717936add1347b08cdf5b056adb941708e8a0498900419e98b75658c6dd00f88eebf8c9aaee2e38c80eafcf6ca08ea305da9c7050948ef78a1457a2e933287fe8d2e100cb00078ed829985f8812d543cc5cdb71521f4113829551efe915e4d6773f2d285cc1e8813919356ca5ef202b0d2b8a3d7de51e4635e761ffd7efe5d51dd1325596f0e4e1c0b1ce73240cb931227892d66f3629c9d152372d5790c1c25e2f6f850a5eb83654f423b84adbbf4169d472b2cddaa7137ff14c2944ade3a57613806810707a2e6c078beb4b87cf8cf39c9950bcb3f9bb42308bd5e68d81f7f4d9e528541703059787f5e342be8ebb9841d587f7455b409115d511c130d9641fc74391228bda52d2fa58e2ca74b26583e73e2cfb881945d8ecbc77eb35e783057f6c35ba06b7f639ec516ee54bf3645f6ec436ba859e22ed480a862285aa21f3d5cd3734dde388a7f8920c4a6b4a952f830e0d2811f2f2714e660e961de0b3e0b8d5fd1007690a61e414e82245dbe4e47c73465ed40af1cee2eae4801ee408ad1fce81ff8db77082c5efd93fa9a1a3e3d78eff84f326df1c6fa656cc7d4dab842fe8e0d9ce47ad0a7e74dfe1a53776a346a22dc7a0e476754d385d99aa9cbd3f445ffb2ed61e01b28fc071d706ad204b1e8014481dba0cbc460b67e64d6e955184271cedef7f951021e3595ebe9c3384b53efafb67cbed2aa1ede5d7fcff3abd27d05766fb8894d7948609441759f4c4dfa33b6d486d4fb7e231f04d4f0f9e98f4b156129d9307fb9ebf3b278232062e7fe9ec2db7c4c991f83733368a107bf5798a1df45c919d71cce45ed907240c2f2fa6a4227e8e11cef2e7968c63e7a1adc3edec2170c17ed2cc54d0ea2b34e99b81015ffe51a501c2b73ddac5223e69d0dd451d358c0cd2ff7db256850ec1e9e349901f168d854284da68d80c68298a75c5d859008c82fe08b4cf2e68a2c0190760a03aff1be2c9425b6d5ef5c67bafb6d16fffeeb0211d90abbade4db9d6a9e9c981dde14c1d54e9138f9760bcdccbf17e7416042cfe7bbd8bba2f739f7f900ee45b965316b950e8474f3be92081fb63f43a4858b39e20e14d5a38c0973d680f2fda9e310d0e088523bdcbb728bcd0074447b4ace876da5642cd7d781cdb023a31446e0a0c59d5388674a5c8a97927e014a73d0330bd5c5187db79f1c546a8bcca008263509c23b246dea58fb36c44d373c1c92ffdd1600c27d4b10b3fc86b88ecefe8743bb59a6b8e443f06d2ae3a6908b6bc65b647deee13262225b8879dd79413ffa3d4aef91a0a04d4dc3030b5beb081c5fdf9152c3a17e6b24457fd580d84d3006af27ff44d6ec3664c4955a1d1dc5eb041682644ae564390a3d0aa602b2a18cdd3f8a1efff7b8f3afc31c283c9b74b806a98bd9f1ad8ecce410160c0a27f7ef90a2b0c1bea64e187adc04a04bff7c435659bc4c3ce5c2730e121972541062102e93d2a136e1aaaf3e25d547cad6e2b0874500fc098469494d2654808ee88588fd167f4332061a9b4cae6b22d87624e325e89a269f61ce0d26465ddfedc1f0fa2a5cf1ee7fe3e6cb375f1ff04cf8d22667debe574b8395023bde9a8302376af2e119c4c88433d1722011ade605f3a4201860742b0392ac96cc138d9ddb952f4e4742a7fd9d625465dac35347c1662b2085c357120c6ff69dedc013c5fe46555a4448b0be41e21ad73162bf9aa1cfb70f4702c7051c0a13fae918133f123d33c5c02e66ae8fceb3109b2e13a7a3e71484d59dfcba16db2d21549be1ba6cd5ad7610eefda427982384961f18bd6857ad97e868c2914d0ba934a296eda52646031c4504864061f3cba1df65cd04ef6b1050fb30b5abbbe28f8f7adb8073e452f4c0c5492a5f8d427ddf451ae303a86639e5dbccfe2b2bedb911d534a77c012e2f8a24917d98ab14557caf3e66040f21767685644f0003459762d4ab25a0e33a92b54748cf46a977505074b79b9b0746b2b5b168876a2ca10bb903edc1d1992a4a94c0ee0dd7b37add092163b5fbaf16090f8143187d060b19e3822f3def14717e41558f9582467a5a5f89148450fde235e7a5bb900e4e9d14e2147bfd2a52f84a115eb170bf3d3b9b3de9781960be4e53025c7dce005e1458140bb9cf9da8fa1124ac558fb220d57c23a7f120f5171eb2208d9e6ab7186ae457973da564f1fd45b241c15596035f55034c3995a587b4471068076839420df947f10ab2fc211732d768c135d63cc5eeda1bdfc780e7ed90855fa5a364e63f529703cd0f691b0b6a41232bfd1c1f61ef6b16ed3b9055ca888c8ebcd16a0623ede9e4e37b7d6175e3d0ddba8e7d87639eb8b0ba246131951a581575f1adf4c598a9f2f087d5eb2a0a5834d8cb12b0ad76d9381a838ccfbfcc20bbb970474c48677f10aa57be1d607d5b049d397178035f7f3393cd9000336c83218850ecd64142a22f7ae7e6a7e62013d6d105eb7c862e13979698681d44121ee9e2e552315d4d3913ff7bcd90d6bed72d50107a971a37d5a1d75efeebf03cc91239b7e427fba8df6b79674c15acd2093289fe6155063af81d85840abf4635f66083b3707d34b2149dfdf95cb4deb71e1574118c242b160c770347e6b1f135a985e89fe8e6d7f40281cfb6dc05cd8b9d4f6680c0863acb34516092acdf2bea67f54ab4282ba2d898287f34d9384e335b2ddbb87aaea8cadb8f0b397e99a68a7a214fae5a1f56c95bcd901534c23cd5cff3c168813d7fa1191dd7437c96b07324a7b21b48e205b859dcd080bd62ab7cca4bd7a73959218d0eeb21c887483201eaf3afb19efe1741b57332c5441685a7bb8324dde85faafc785312b58aabef2eef6a8048663bf13db9ae9edd4b1dcebc99890693f11b354b1f1aad19b66251b4bcaed0daed73b87dedd140fd680e7d3355362844d1d7ba2ae6be7ffae59d7b3c679b890448b0de1acf591abfe6f3096794b7e142e0ac0862ab8cb76eb79b17d1138be3747f907c3f11c636a0f0e0d315d1ff05aab0ce62fbac03a2b4ddeac7ee192bba2da93b7a926271f6d594aa14de2c294ad0c77770a624d1ce24cc8d8f5e9b629604fa7897f0cbd641f76a85dc8df33b5715eb100e30e53b85110d2252c22575a7365eb08006b4d62d305e780101965094ce2aaad170df470870e687fb280b772d41ad5d470b71e256af3a0d2c02df95821d38f28cdff26fa7a3f6e920edbd3174d2d2bde854ef68dae8a0a4a63753c825930903a2ca75d4321bad0ad9ff6852f94dd04972a45bb9625b3726dfbcc959e85242f0d327b181aee0fdab7af064dd97151b131a5c4a51a66692cbbd9f1348a16470cedef1b255e172cd2b15184177ad43744de941869af884ff8e59ef0e63ac5e1b99c851e0f915359ce12d9c380bb6f9c2bc773267157afeda7abcc120a31a1b72af6662bff7f5f194dad00b4ebfdcbb4dfc39854412db1ae99b449d741f841239159ea467cf1e38b95bcb7603ebcb400cb31410b2a4e25126caade0019bf667cc998bc4582578da0f8a6268f6d114ccf9dd8379995e8be1b934bb5645d72f97e05628129a7d2bc548e08796341f43dc3c9fcbe89d8284dc6633bee0d17e99f600425f0172b6bc478f5117dadf15e36e850ecc0ca75664ef8e4877a44b4ffa22a6f1d6719f8d81f9937928caa0690b77406a3298aaf446e2f78343267399bb7f64c60f82bf5d07210281eaad09a3810790720c98a041332c809be7aea1480b9e5eb989085c23b4aee75143068def3e89d1c417b63321e68d340a1472d2504088c17cd75de0e700508c55a7246ca9a762cc50ca35cbcaa7dcf4ae3264c32ff2cd67566ed501fb8182b5f16c58295783f3b2b554b06aae700f198c71ad7519868c1e6fbeb0246569b04beeb8b71bcbb9af93372bee365efb1d7424689e8241b1dc346a73a84b5773487f388356b8dbec1a108846e3f8dc74865b156e8ad18b353efc4ad0b11412a381fec8f5d45678b4f8b6805913e7aff71acf9052ae3b73e41e19668f9b53bfd75b778970831b6891a78ffe0d4863e62cbbf6cf8c085032864479cd3a250842984dcc2860f057f86c8e2d4d2afefb8a45b7d5b8c94e752f369a1b434c827cd26cd0276a8b40019a95ebe7c16de4c1ce8efbd5c70e0c507631818aa4fbc937d212e428aefa895069656babdbd921af974da32c49f4ca6d1e1e28319b427c8bad4d650809c673ec6073770b4097e5700a8071110fd07acbc5a59f8d7b0735a98fd40ce03718a9a93c035948859215c59f54343b08bfd95a35d73c5f09a9ebe63c509fe8443fa74e6efd0fd87defc7cb16725ce3c3d5f7664cfe253faf2cbeb307052dd2269b6266acdb31e2006b9355f673ca5c9cb907605ce071824254b139607a069531f9598f4040ddeb9cd018e9dfa1808032dfb65a4af0820da810a7b58fbb65ac8e65b017a40ec2d445a5c7b78d1f0e717b19427ef1fe6cc08c5e9da5a7d1d508fd939854589dcba8d75ff3d8d1c1fb28af1ed6900bcd4cedbe42fd6243c81264fe81be756bfd71ebcd4d96bd7ec50a676bc57e130bd8da21bb6e888eb6c8402516f6fe6dfe25be9a3e33f2cdbed9de00efb867cbe80ec2309458f41924b967d254166e5a0a5f776395214a67900d180704b9fb09f9c4c4c62fd382fcd5efe099e22d2c82f198a39d193f65b68e09454e2ab8f2d7413c64563742f1c34ca9285e501bff5efa30a0da946f875d23162eaa53c4008bed38e9a190b08ff8bfb6bfb91553c4c329fc73b8be308b00347dee2afdc08bab311c75386f452b706d1820c9038998924665010a548c09743a16167b0b09373b5cd2fb1da4f6c9ea5b1f1dd7775f6fcb23eab4fd1990364dacb2a1656b9bcf1c4866b7222872a3a3a03d397499222a3f31a35d3aeaf6a6d39f0fbee1e0f6e1e10ba0774f15f245d955cc8132d86c2d768f8a06274caa5a12c46e9e08ee556c1da49830f1e6c0a0c53a9ef1489c3fba0251c3e6839e891ac298108f3ed05066e48b8bda2c5f6e691c7a7425b7019e0a547f6560a0af41831a4a790c3a8eac9a3a9119da3eef85cb12f3f3115f04ae95534ac847b4ee2cc2fc43cdba382ecae7c4f499ce1be1ca1907313ff665c2fd7d4c8f36716f33b6861f5cf3f1c878feadfa9a664b8d629a16c750c466326a951efaa830e4f328270041f2ca0be49f0affe5806b94b027033f008957e83d167d6fe4168ec4fb79385cc06e257bba807ecfccaba56cf751dac996b7a347d36ec52b0f5d16425402416c735530bd7c545f8c753fb3b1054b82bc368ef4ac3"}}}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@fallback=<r1=>0xffffffffffffffff, 0x2f, 0x0, 0x403ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000001740)=""/138)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b708000000ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0xff, 0x25, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2241, 0x0)
ioctl$mixer_OSS_GETVERSION(r4, 0x80044d76, &(0x7f0000000100))
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000002240)=@gcm_256={{0x303}, "d0baa78683365c21", "90f2142e57f2f9752576d07d748df62221e924e7b42ecaea34669533a35ab169", "7aebc923", "14b6429e3a851d78"}, 0x38)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r1, 0xc0245720, &(0x7f00000011c0))
sendto$inet6(r2, &(0x7f0000000380)="10f16ae0e49e205aa9e8b47a104e02e3e7a1703106cc936c9c906d296c53ef5e2c209a87103be991662087090b5e2ff8bb803454262e68a4f88c00b2c01f9d343cacbdb9c2c0beee8fe6827b5f04739c8b1093a5725682630fa598147152f6557eb200000000000033a86c22542d532c7919b5fffd3bff3c3dac7d68f75eb6730fde482baa1171707e5272165fd58600893361ae86fc81a9af4e9cfd2b092d39b5fe162048560f83c46389821dac58c1edc82a1992ce07d4dde0fc97e0ee01853aa7e718cad7746a4ac3ebc44f4b11bdf0e9c4dacd353125884c517d5a17ca16db7405a2e0ebf1cc7af5504044d654053fa8bf5b7294c5a3e137e142f78b23185ed3feb27ce46283c12b8ad3f5ba2be414", 0x111, 0x8001, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x100000001, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_LAST_MEMBER_CNT={0x8, 0x1c, 0x2}]}}}]}, 0x3c}}, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000001c0)='.\x00', &(0x7f0000000080)='virtiofs\x00', 0x200820, 0x0)

8m40.245152367s ago: executing program 2 (id=1632):
gettid()
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000100)=""/222, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1)
getpgrp(0x0)

8m24.761121669s ago: executing program 32 (id=1632):
gettid()
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000100)=""/222, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1)
getpgrp(0x0)

7m26.754620456s ago: executing program 1 (id=1892):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x19, r1, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, 0x14)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, <r5=>0x0})
setpriority(0x1, r5, 0x3)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r3, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x62, &(0x7f0000000000)=ANY=[], 0x0)

7m26.146668121s ago: executing program 1 (id=1894):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
fallocate(r2, 0x0, 0x5, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
unshare(0x24020400)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
r4 = syz_io_uring_setup(0x3841, &(0x7f00000001c0)={0x0, 0xaee4, 0x8, 0x3, 0x3e1}, &(0x7f0000000180)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = socket$kcm(0x10, 0x2, 0x4)
close(r7)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000c00040006c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r10=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r8, 0xc02064b6, &(0x7f00000002c0)={r10, <r11=>0x0, <r12=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r8, 0xc06864a2, &(0x7f0000000580)={&(0x7f0000000040)=[0x0], 0x1, r11, r12, 0x3, 0x0, 0xffffffff, 0x804, {0xac7c, 0x1, 0x3, 0x67, 0xf4b, 0x1, 0x2, 0x5, 0x412f, 0xe154, 0x1000, 0x7f, 0x6, 0xffffffff, "fe0100000000000000000020b42717057f0000000000d100000800"}})
r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {}, 0x0, {0x0, r13}})
io_uring_enter(r4, 0x47f6, 0x0, 0x2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r14=>r4}, './file0\x00'})
r15 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_MKDIRAT={0x25, 0x4, 0x0, r14, 0x0, &(0x7f0000000140)='./file0\x00', 0x1, 0x0, 0x0, {0x0, r15}})

7m21.932576958s ago: executing program 1 (id=1908):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newsa={0x150, 0x1a, 0x400, 0x8, 0x0, {{@in=@multicast1, @in6=@empty, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x4d4, 0x32}, @in6=@mcast1, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000008}, {0x0, 0x8, 0xcc}, {0xf6}, 0x0, 0x0, 0xa, 0x1, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0xa0, 0x80, "bed40c8022674b0ecf0153d786cfc67c1aa8a9bb"}}]}, 0x150}}, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14, 0x100000)
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x3c}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'team0\x00', <r7=>0x0})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0x1, 0x58, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0}}, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000740)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000700)={&(0x7f0000000480)={0x268, r5, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @ETHTOOL_A_STRSET_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xf8, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xb}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xe}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xe4, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3accf43ef9d1e986}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}]}, 0x268}, 0x1, 0x0, 0x0, 0x20004000}, 0x80)

7m21.744050165s ago: executing program 1 (id=1911):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x1)
r1 = geteuid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
umount2(&(0x7f0000000080)='./file0\x00', 0x9)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2c, r3, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0)
ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000240)={0x3, @null, r1})

7m21.067077771s ago: executing program 1 (id=1914):
munlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
r0 = socket(0x2b, 0x80801, 0x1)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_io_uring_setup(0xa39, &(0x7f00000000c0)={0x0, 0xfdc8, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000340)=<r5=>0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x4, 0xfffffffffffffffd)
vmsplice(r8, &(0x7f0000000300), 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20048805}, 0x0)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r9, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @dev, 0x8}], 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
bind$unix(r0, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))

7m20.612400691s ago: executing program 1 (id=1917):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000140)=0xd, 0x4)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff})
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x900)
move_mount(r3, &(0x7f0000000240)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x240)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01064c2, &(0x7f0000000040)={0x0, 0x0, r3})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000000080)="8e11f98b9ba0bc3a95160e443e556de7", 0x10)

7m20.137621836s ago: executing program 33 (id=1917):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000140)=0xd, 0x4)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff})
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x900)
move_mount(r3, &(0x7f0000000240)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x240)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01064c2, &(0x7f0000000040)={0x0, 0x0, r3})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000000080)="8e11f98b9ba0bc3a95160e443e556de7", 0x10)

27.228838778s ago: executing program 3 (id=3058):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e21, @local}, 0x0, 0x402, 0x4}}, 0x26)
close(0xffffffffffffffff)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x7}, &(0x7f0000000040)=0x8)

26.22308371s ago: executing program 3 (id=3060):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xf, r0, 0x4000fc, &(0x7f00000003c0)="18607651149d7b10b0024fbbdc0889b675cb3976ee8400e2878c9cfa178cac130eb046ed")
ptrace$getregset(0x4205, r0, 0x200, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000002b40), r1)
io_setup(0x3e3, &(0x7f0000000140)=<r3=>0x0)
clock_gettime(0x0, &(0x7f0000000780))
io_pgetevents(r3, 0x2, 0x1, &(0x7f0000000740)=[{}], &(0x7f00000007c0), &(0x7f00000009c0)={&(0x7f0000000800)={[0x1]}, 0x8})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000400)={0x8, 0x2}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r5, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f8035", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000a40)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r8 = accept$alg(r7, 0x0, 0x0)
sendmsg$alg(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0)
write$binfmt_script(r8, &(0x7f0000000600), 0xfec8)
recvmmsg(r8, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000680)=""/147, 0x93}, {&(0x7f0000000280)=""/28, 0x1c}, {&(0x7f0000000880)=""/227, 0xe3}, {&(0x7f0000000500)=""/101, 0xfffffffffffffffe}], 0x4}, 0x3}], 0x1, 0xcb, &(0x7f0000008000)={0x77359400})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002bc0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2cffbbdceddefc022662e23f16000002", @ANYRES16=r2, @ANYBLOB="04002abd7000fddbdf252b0000000c0005000203aaaaaaaaaaaa0a0001007770616e31000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x24004014)

24.939126887s ago: executing program 3 (id=3064):
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
open(0x0, 0xe5000, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0xc000)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0xffffffffffffffff, 0x0, &(0x7f0000000340)=""/55}, 0x20)
openat$rtc(0xffffffffffffff9c, &(0x7f0000002600), 0x101840, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000c0}, 0x20000014)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e00"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)

21.636640218s ago: executing program 3 (id=3070):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000100)={r3}, 0xc)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r6}}, 0x58)
ioctl$KVM_CAP_DISABLE_QUIRKS(r5, 0x4068aea3, &(0x7f0000000300)={0x74, 0x0, 0x6f})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c)

20.530179629s ago: executing program 3 (id=3072):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0xfffffff8)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000001700)=[{&(0x7f0000000380)="58000000140019234017908a840da2560a067fbc45ff81054e220000000058000b480400945f640094000500", 0x2c}], 0x1)
r2 = accept4$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000100)=0x10, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x820, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
inotify_init()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWCHAIN={0x14}], {0x14}}, 0xa4}}, 0x0)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000040)=ANY=[@ANYBLOB="2a01000020000040b7080000000000000301090292000301"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r7, 0x8b2c, &(0x7f0000000040))
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)

11.914970615s ago: executing program 5 (id=3092):
ioperm(0x0, 0x8, 0x8000000000004)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffdd4, &(0x7f0000000140)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x10000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000000010005", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
r1 = memfd_secret(0x0)
read$alg(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative'}}}]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
set_mempolicy(0x3, &(0x7f0000000040)=0x2, 0x5)
r2 = syz_io_uring_setup(0x6a54, &(0x7f0000000080)={0x0, 0xe09, 0x20000, 0x1, 0x130}, &(0x7f0000000100), &(0x7f0000000140))
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)

10.380598023s ago: executing program 5 (id=3095):
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"})
syz_open_pts(r4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_setup(0x7, 0x0)
r5 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
wait4(r5, 0x0, 0x40000000, 0x0)
bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r6 = accept4(r0, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r6)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001880)=ANY=[], 0x141c}, 0x1, 0x0, 0x0, 0x8001}, 0x20040890)

8.832997016s ago: executing program 5 (id=3099):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)

8.726375908s ago: executing program 5 (id=3100):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpriority(0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socket$inet(0x2, 0x800, 0x0)
setpriority(0x2, 0xff, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0x4)
r4 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x5, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES32], 0x30}, 0x40084)
write$binfmt_script(r3, &(0x7f0000000600), 0xfec8)
recvmmsg(r3, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000001, 0x111910, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x100, &(0x7f0000000240)=0x4, 0x0, 0x4)

7.881977266s ago: executing program 0 (id=3101):
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04f5242003"], 0x7)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getpid()
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001e005db706000000000000000700002903b34c26a95b563d84d69fbb51e2ce4a512de31ef8f0997339291bd3ae29b8972f38854d3fe509091fea76847c573babfb8ed85b0dc247", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002440)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b80", @ANYRES32, @ANYBLOB="7f4409451b96589f93cc9ff16ae5b1a2dd0d33da154087bd611656b75b583bcdc3cbf01f3af751f29510bbe9c00e2c6992ba51493c3e7c2b3f2fc89de5114e65df97d1a55cead68838d10db35ad13e45b882c43c36ee826aec06c2f291aae83b4dbb208aadffa2f968c7239cc2c9cefe99231faedebcbaa3fe65e26a27f8cc551206ee138c48b37156e8c5114079ba6b1eb8815f0e96e721f442d240f9735075f5bfc6f5568bc9d4e012123999eb911340fa352e0309255621ade90b4e77aa1504c7dfb6f0f899e0d28c9d7f17d042ee138965d74236439740fcea39e80de25c327aead871cfe5061183eb892feee8cad5b1e7831a95508ebdf19229d355da78a1706ea2772d84a0aff1bceaa8cbd2a56857f627d1cc442aaea5c3f643d5232770eb8959e2f8a7a1b9fafaa149bb3f0819e8924a9028be4bd1335d66bb958add291384348d593c469735b0528adfe070ef796eac92a5d78bbb77ef8a8b1317ff5699400540d7514b0dfec49518c278640a8a943f196f6f0ec9dbefd1ced96dfd8ad7d3255ff3fda8e720a3a9e9ee949ba5355ddb1a9ce4e207199e4c221f12481362ec75ccff4619c355338146f005c43ad9639b7b3bc3e45b5f093e8d4385423279887f08759a14d00eaf887c0a0a71339b22ac1914a6f6126dd77f5dc8388c234a9fbe6225cd35a8df5f2d64b4dd464664e53dacb414bd6865e10ec29729a15a49179b495b1b8d2ad7067dc3f281e25262f2235cda912942b0788181d85d75dbc17ebd98e1b4767e64cc6faed661787212742fb784949caf0b7caebef62bf54fe882aa0c26263ce86993a436e3bd1521aa67d4b68b53643156422a6621b260b4f8be8943eb456b585b685a703cb6f50d89735546c795b36163b620ed548f3c2ffaaace366b61051e85c5b0e0fb4300b7dc210f63db1e3cd8afbe89bb3753733377dbb9c6f1251cb415ccf81d6165cacad79f22644e6a33208648c52c2f2c537f5a63119a1e342bab7ffccc075c411f665227663bc2199979b279d68049601d7722afaef4cd85fdded77f18f918335745a5a9ae544947c2787a2058a1b429d2050d593bc97689f4d07a9e7afa53aa6a9c90781ba46fb23c3a14e354f46e0786aa3119e21cf5ba63b5e0308f51c4c770ff4098c0f3db78f573689db47d913294f35cebe5ff9d8aa51f9a95ac9da6c101a7366c9d405db5e42d7a9367fa105b5f858f4cde023b2c0256ee40ebf538c61ab8aa208f568715f3101b51ab2f946426e096e3564eed694fad5b04ffdc2d5da924c1443af7f4b633397ceb81466ad86d133b10af699f22b572880249689ca743eca1236d5f9d7ce094a39f580c3561bb640bdde0fab5997732e41b6187a49336dd14997d800a2dfe079b51cba57559ccf739788759396b00ba1d5c62c515e40552d4feca4ad9af8d167d23a2370b6047ba311a75ae9b630b18abfb6649a77964ab69a9d5778c5ae454d9b92bbd8096dde3250f80913f83824be99c5f5fffdf3b21ccde32f6c3eccdd18d5f8d588a51ebbb9ffefbe6c11120d5d29602685ad879f8d899979a135bf20a01a95743c6481c4bbed2b6f85beae0bb34f8575a7bf3aec277b3a9b994646eb3ce6fc2c453aea2db3668b8710bfd9358dd8b0081910dd63954c59bdbe289195a2a0ac3f60822ac92a76b51611e319e9ccc202165037ff9177a10c73abc04540cb5b2686a1afc5c3bab2b6659a408d53cfcfe1094c22a6e45d86123a78f69fadae80509b617e0c23188e3cfe8e20f4b83cc4b31c6e97510a81849db62787643af78a6179a1989177d2e8ec4bb6ff663a2e37541049dd62b1e59537ec418ce83916070289676faf8be0f7b43f3abb7066451a5c088ff9ffc300b8c4b43aad9fd35c4c01da8bf1c565dd17ad2ff7cc0cba450a559a68be19790644d52452e83899bf52b37b6922ddd875114620e23082b6da97ba4abee30e5acc3da7726ab9725f49e88ecc561019ddfdb59d09e74f71a4ee35ec1878bc3ade274f75b94ea0070fcf6920892b42500322439c4396588a9b3efd6a769b809cae3ff44abaf16025e1930341a32c16305896459130266bf5a424da0a8a13134b4075c3b81ee6e9819f08da82ea4f8e90a05282eaf1111df1656dfe7e13713c0058476c2dbc49e1548c86f4e919c9f56884cb9c8b37b852ee9ccb2c20eb3415c76b9a09ced6238508a07423b817665583a36fc394d345d8f0068adc1f8cd2aadd80d588cfb4d20a9bea1b51d4b36e1cb9636a892e685aeab931a912785328dc56f2b5b9bc5acaf09d748c8f3dd6407d29bc8aadafceda93a9b35975c75de30f6d94730268bef68075d0526d5392441cb140abb436bb6aa2ee30e90fee7eba59d226abd0e50948b41c9a7ae71b64bd8767e4ce070de1ca50ad54292f8fb636a2e1ed9ccbcd4d8945893aa5d47196eb1d45488b5b63d079af6be9311888e96256f257c3d0d12a766d57329b20f65fb4fd310ea6f14ac8ceb02f0f77c8e29bfb2cf235fcac409929b2a394160a2dee959c052acf0c823f9f53db215e990b3951c996d035d8003707fd93a9f7f1b2c29b09d9821e407f5916a0d8c860653d044a0d49e129720e1dd9d586ae86eb7770faeedde60f12774de5d6c2d8bede7e334abf274af8083f55ffcf25b0cc0a9c19ebba4429db9205735a212abbbbd09f77a3b32f1f51c289e14bc2cccfba6bff2ebd928b5e9c2731a37a66f6cafabe75d38c43efb1f9607871690a763a7ceada7a708fcfaf4e5900ecc5556e6194c0717422c6f07e39a33b60da02fa6ca6ec9af8d9048b570ed2fcaf7e1c0c63c2601f2079f968017622cdce89fbfea5d1bfe4ef097c34f01d60dac869f802356877396f0bffdb685e2cba9968d5bfee6898421dee5b20148998ffd6f1a44de2917080b96f323a352f09c773afc5457e34a04c374f92123d15c70826a30da1c883f27bc5e5e64a4f45c66f5632984fe1a2e34f8c82dabd9c7414731f3bcb4af49d050ee8bcfb3715522cceb13f4a6359cda7f83838b343f2d7834ff7a8de5be0dcecf5d02fa315ee23aa7828f862c1aeef63f7f5dd37568ee2f6a5dfca4bd9579bd9e8c1d98b1360d75bec13be1651122ccf71d3f045a75a3b17d8c36c123c2f4ce54e0346c7727568fab3cbdd62c9eae0d2a6c1e14c838b1bd96215f473c653d26e3a8df846a8fe597791e33ff3ec6ed115f2634d3b3a13c5bcee3861682ce7b5b03eaf38dba2d0d0f26a137c76827d2c73ebe6f673e4a96f5c0e84fa1639e90de84e78c0c048bcd046d6891c8aeef3c703077bd6a48ac58082ea31131bae7686bd99ae8e31e9e60de6e18e83fa303cf97a5230c326f4f130909f3e0661a7b7aa958f4aa98500aa48b4bd9cc1ef6f510ecaf3a484b2260611d46c5e151a7bc1e2d8d149f1df8379cad7ba47e54c8843e28fbf90da0935343e92f39ed9c13b32041c78320327188000e1148fa540fa6033034ad3a0a77112735ea9c1fa70ef1fe09b02cc931780af627a7dc88281c30839e90f39bd9ae15e176e6e0dfd082e85cb804a4a75106bd55da5cabde8c13370bfc19ce81083a535259b1b1c5a36bee72d56e98ea73cfd33843e2e4732e792a9d2902aaf2ef88ae139d1ef3f68dad8274d9df80ebdf6e21e4caabcd887e472d0d5a8e1278d4c17479fdcf6549528eea153e63381654eb5f0f84e41642d11c170267b9c931ab3220746d8af5b76963f98b422e96e20ae8f431dfb2a0803c640005ffcb37d95c9998a43488bbf411fd1f0c18f8452d6cee7451fd9581c135a88b0623f0010dc140ca940d2fe5d4587050c465e55a58714587afa9df9362719b2de254398fb1cb0c38ca473f0404af045977531fbf7dee7ccc34f321fd91c5ddabcb7d8c34b7fd71a6822a2621696ee72aff52fb92eecd37914f89f876670beb70df9b3761771cb9f4ecbf3758509b218df4a9883666323e47c8101aec922bb48dba69f3ad9c45e97385b5d018a697f06ef8f10937176a17de3ebedadbc9232b5c8f9e45fe95b31820df7bec0b14c4e38454f0036d97e264a60bf31b036488187bfb7464980ccaf627bbdd676b2dc59f97730651ad57ebd940309b0fc2bd1f9135c1c9019efd20547feaf2c70142e3dbf5df89e65743dde8679d129c1a83a300398f3d8fb6b07518467d7fa1a6b27b1c11f6dfbed8e52c5fa1a903251825775c40e86a88f28cc7c15990b99cc0f97ded15d73a48e32701d6b0c415210c23fba41445268d670ba04edee97bb8024f3982fcd858922c51b0350e53fecea57532f32552fb4c083381207a7a7fc2e6137abf0bb2a61f5894e9a5ba03fd0732ad5f4125be2957c341de44667db3ad3994a01db3976a95bcdf1550df9b2c915941c2c7730c88e4a510c580f955259fbaac4b0b88149343ec4f9b706dfa3b26ca9728fcee816ebf8475d136b700bda4e1a6d0768a506a0c4f0bdb9e2e6a9dc2da99a6ef3cc176b1449ce09aeddd4e8e054f6aa1060fa149ed7e6c42394996c04f808911e8506d9c5f2c055262646d77e56d118d1577f376a60b9bd528cb6195e478ce931f78b0a9ef84184cd30f33f8dd828871e78217006bfc74bcf33843591dfc5d7df314a2712240c19a7be44dd1161e201ab12d3e6cbbd4f915a0dc7efc7a37f7c4881fc95a9fed927ac91b83e4a3fee683b88b3855a47a7808d0245a122558aea7a160eb36d023a0226f0242020ce1b1b8b879dde9d5b2bdaa79599eb13fff714ce830239e4dba50bbd309c14efbc728edc7c6081bd3734856d0824e9b06c598bceb234cf5bb0909905d2d32947665b9b5f1980aa526b7b419ffc71aaa360c5b5d31f44317a994f44f23e33bb668728915e82ecbadc8aeb4bfd8acb82a57297bc731a4559fdfa0968c22b435a1d514630e66d953da334291ac5e558070db6e858d898adc8b827101c3900633ccc2a917660726ca5d00db5e587c6e1ef6b5fc14be32b184b5fd8c51f3a6e5ff459b01d8535c7dfbf9b5002928388d806754b91f59aaeebcf41d31ec40921f7d25aef65409ba68dda240cc4c3323cc419c091a5a276b22132ae26c3bd19989c11a0ba246c47fdba9cf5ed2fa50e685244f250886c6fedf0745f475009c94f412a10078816d2541c250f0fdef5f0fd1d867c42ebb4e40c212104e5494c3d14f4434ae8185a36e9143a489a4aec4935b346442d5a6df731bf0cde604fc1a96b274543ed72a0ef59b8a00f7bee4d4ea507594f72b39fc22701371be8d2fad14fd4b72d6a33503dcc5e842ef7b1104875ddaff39fd105290d498d750047848ac1bf96117abe410def3972b965e0f2f2e2dc80e66699854287ed70efae1764b36cbfd2445209e1aced3fa71346ace8a3d3ca54fc52512c1a3ca195b26ba538b8da50466d4654735d19d6563ffb906150cf4b5619d7d8a73826b11cd275819204257c51e1f928b42a983227f2756282e09dde3df17691f39d9214dcc101f6c753534563a6e462237f33c4cc319ee8ba17812f18cd8f83c0a8dee9c623d8378b97a93b57b65aab173d97818b78ac75c64e72b61698c5c29260459c713c829c71ec6d65d4146f38e5f585004c57fa4ae75743563b453b023123f193ad7ba487ab7ddac9e705c201801c32a8ce6e406e4ff30639952386f5f202728baa34bf90c6f31baf25165f2b302eb9a79be8f051e780fc6c5306e73091505210b40bf8bae321369e33080ef7f8083f32c9fbcaea04ef7eff5554dc1e7d0bf2473da12cbf7f03e72de7a632934799af6a44c9db766b1e10e16e0d45af3d0bf"], 0x34}}, 0x4004010)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0)

7.8086009s ago: executing program 4 (id=3102):
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"})
bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r0, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r3)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001880)=ANY=[], 0x141c}, 0x1, 0x0, 0x0, 0x8001}, 0x20040890)

7.755563933s ago: executing program 5 (id=3103):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000000040)=""/88, 0x0, 0x3000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001600)={0x3, 0x0, [{0xffff1000, 0x0, &(0x7f0000000340)}, {0x6000, 0x77, &(0x7f0000001500)=""/119}, {0x1, 0x5d, &(0x7f0000001580)=""/93}]})
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x100, 0x0, &(0x7f0000000240)=""/167, 0x0, 0x10000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@host})
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x0, 0x2710, @hyper}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_usb_connect(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201410114070010050b0242714c0102030109022400010103100009047b0402beef45fe3d56cfe1b10009050602000212040a09058202000200fe10"], 0x0)
syz_usb_control_io$cdc_ncm(r4, &(0x7f0000000500)={0x14, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

6.866543514s ago: executing program 0 (id=3104):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x20040814)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r2, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x43, 0x40)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f00000041c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f}}, 0x50)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c0000001000390427bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="3c45070000000000140012800900010076657468000000006800028008001300", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x24004805}, 0xc080)

6.073080261s ago: executing program 4 (id=3106):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file4/file5\x00', 0x81c0, 0x0)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f0000000000)={{0x8, 0x7}, 0x0, 0x7d, 0x9, {0xe, 0xff}, 0x9, 0xdd30})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r5 = landlock_create_ruleset(&(0x7f00000002c0)={0xa001, 0x1}, 0x18, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file4/file7\x00', 0x212480, 0x5)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f0000000340)={0x2000, r6}, 0x0)
landlock_restrict_self(r5, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r8, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="05000000800800"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000010000000000e7ffffff"], 0x80}}, 0x0)
sendmsg$can_bcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="07000000a008"], 0x80}}, 0x0)
r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r9, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0)

5.002777901s ago: executing program 0 (id=3107):
syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0xfdcd, 0x0, @wg=@data}}}}}, 0x0)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x757, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xfffd, 0x0, 0x1, {0x22, 0xa0}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3}}}}}]}}]}}, 0x0)
pipe2$9p(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80880)
fcntl$setpipe(r1, 0x11, 0x7efffeff00000000)
syz_usb_connect$uac1(0x0, 0xcf, &(0x7f0000000540)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbd, 0x3, 0x1, 0x1, 0x20, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x303, 0x2, 0x6, 0x9}, @extension_unit={0xb, 0x24, 0x8, 0x3, 0x3, 0x3, "4f19b825"}, @selector_unit={0xb, 0x24, 0x5, 0x6, 0x1, "0d4e83b18805"}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x300, 0x5, 0x4, 0x2}, @output_terminal={0x9, 0x24, 0x3, 0x1, 0x101, 0x2, 0x6, 0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x6, 0x7, 0x6, {0x7, 0x25, 0x1, 0x2, 0x80, 0x80}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x2, 0x2, 0x5, 0x2, "428c"}, @as_header={0x7, 0x24, 0x1, 0x5, 0x7}, @as_header={0x7, 0x24, 0x1, 0x5, 0xd7, 0x4}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0xf2, 0x2, 0xd7, 0x3, "15afa4", "afa897"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x3}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3, 0xff, 0x9, {0x7, 0x25, 0x1, 0x81, 0x7, 0xde}}}}}}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000640)={0xa, 0x6, 0x110, 0x6, 0x2, 0x1, 0x6955450f4074ec90, 0x8}, 0x28, &(0x7f0000000680)={0x5, 0xf, 0x28, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x9, 0x7, 0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x4, 0x8, 0x5, 0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0xce, 0x9, 0x5, 0x6, 0x7}]}, 0x6, [{0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f0000000dc0)=@lang_id={0x4, 0x3, 0x449}}, {0xa4, &(0x7f0000000e00)=@string={0xa4, 0x3, "87321dd57eef0dcf79bd8194b75cafa24f011947893d88d20753a862d25ab16e9cc588618f93af667f35c39f8a80c28ad18a3bab010fd401aa7dc49cc5389cbb9feff4cb2cf84f594ac61e77bfc5e1412f17be7617fb3f9dae2fdbec86215ce1a2b464c7339523c02233d0f1d71c9f41025c6b8f44c9aaea3c2c53fbdcfc6842a74aa503607394b13615b3c15e98baf4f913fed4c8867a054ff80dd2c05d234932a6"}}, {0x4, &(0x7f0000000ec0)=@lang_id={0x4, 0x3, 0x1c09}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0x1004}}, {0x4, &(0x7f0000000f40)=@lang_id={0x4, 0x3, 0x380a}}]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = getpid()
write$P9_RLERRORu(r2, &(0x7f0000001040)={0x14, 0x7, 0x1, {{0x7, 'filter\x00'}, 0xb9a}}, 0x14)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
process_vm_writev(r4, &(0x7f0000001700)=[{&(0x7f0000001280)=""/85, 0x55}, {&(0x7f0000001300)=""/235, 0xeb}, {&(0x7f0000001400)=""/31, 0x1f}, {&(0x7f0000008880)=""/4096, 0x1000}, {&(0x7f0000001440)=""/51, 0x33}, {&(0x7f0000001480)=""/144, 0x90}, {&(0x7f0000001540)=""/202, 0xca}, {&(0x7f0000001640)=""/158, 0x9e}], 0x8, &(0x7f0000001940)=[{&(0x7f0000009880)=""/4096, 0x1000}, {&(0x7f0000001780)=""/162, 0xa2}, {&(0x7f0000001840)=""/210, 0xd2}, {&(0x7f000000a880)=""/4096, 0x1000}], 0x4, 0x0)
r5 = syz_open_procfs(r4, &(0x7f0000001000)='net/icmp6\x00')
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000700)=@mangle={'mangle\x00', 0x64, 0x6, 0x628, 0x428, 0x1b8, 0x2e0, 0x428, 0x2e0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6, 0x3, 0x0, 0x4a}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x63, 0x2, 0x5, 0x1}}, @common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x4, 0x0, 0x0, 0x0, 0xfffc]}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x688)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300, 0x8002}}, 0x20}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
stat(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
statx(r5, &(0x7f0000001140)='./file0\x00', 0x0, 0x40, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setreuid(r7, r8)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001980), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000004200)={0x50, 0x0, r9}, 0x50)
r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r6, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0xd}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r10, &(0x7f00000063c0)=""/1024, 0x400)
syz_fuse_handle_req(r6, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="50000000000000000000000000000000000000000000000000000000ebff000004"], 0x0, 0x0, 0x0, 0x0})
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x4, 0x398, 0xffffffff, 0x1f8, 0x100, 0x100, 0xffffffff, 0xffffffff, 0x2c8, 0x2c8, 0x2c8, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @loopback, [0xffffffff, 0xff, 0x61fdb635adaee671, 0xffffff00], [0xff, 0xff000000, 0xff000000, 0xffffff00], 'ipvlan0\x00', 'vlan1\x00', {}, {}, 0x40, 0x7, 0x4, 0x4}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}, {0x5c, 0x8, 0x8, 0x1, 0x5c0c, 0x0, 0x40c}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x3cd4, 0xab9}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@icmp6={{0x28}, {0xd, '0e', 0x1}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x4, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2000000d200a7ea311df0"], 0x0, 0x0, 0x0, 0x0}, 0x0)

4.819950805s ago: executing program 4 (id=3109):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)

4.622993902s ago: executing program 4 (id=3111):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
execve(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, &(0x7f0000000000)={&(0x7f00000004c0)={{@hyper, 0x5}, {@host, 0xed82}, 0x430, "3aeb4c7af368cd060b298fa35ce6184e256da9563ddf7fa4aa07dad9cf74c7baaf1133665113785b79f83394195601137878d57a6b696503a5fdefd69062f3883f8fce16189488d4860cb0571a2e36f663c564ff1aca8848ce6d3cb7cccffb19e652c3b3bc8f1312fade63fb02b84a16f31db493103836c538ae9038a9ab04732590056132041bb8f4603ff7b652a878d24621deeb5aeb022e7757cc5c876382175d2c1982cb9d5fcb498b1766011df5ac7b06a7464a3805c1ce3db32678e653ac14fe943992e4cf8d782980303bb22d463adac1b0cadc5c26a40853882392cade04b86230b1173e2810eae1e4dd20e77ca674893be4d2c717be703942faa69d0a149d79e4d8cf083eff8a142dfcec91b2fab18f68b1f7152e26fcc1de9f24b8ab1e60801a1e77be5f8b4f2fc9ab9f9326e14830ce656bb43dcbd7fc1db344ea684fac22f3e6e9b957102bff330bb2149581caa7a141f6478db3503c186431c0dd5e83bf9ce36e46a7bdc5692a93062a2c6fc451e95644b70febb269f541b855f199990eb36da234720640703aeaadf8a649c548442bf044dbdfde9706a03ba9461e049da553302c941a6ca3346c3f2418c530a3d06782629ce99052f14606ffa8021cccd8c21e46e70e5e06f31633545ceb473a102ad778ed31705bd459ff93fb1cdbf7974fa2e7c82f05526901fa42626ad2db444a92e12ec8bf0673adf2e279c6ad52cb55aae63f311db1d8bf89af1096362d4312bb2a58470e470db2ddefdb0c2deed00b56001de31f211403b2eab1ccaa5db1d27b1c1560b73dffee4d10d88910a5c38214398913865a1b864bfc8e3ac5afce7163ad329c60afd6c222ec00e1fbbd106f4801701d57ac2230b2572d87b4c09e1c87184d819794ddf14db53c5fd5156562b1bdb04280cbc0f65430cdc71405771871483262ddd0d32e72ed887560ddddcc0077508c37f9c53d969f6eab1e1f682e9bff99d0d1397230862677db78ec32e37a7c41ffe4920b3b5df91d5c962c050e8757f4784707b1f78a58e4614d7a3e2be3ccd82d2826ae7cd2d2d91cfac7518252d05e1ffb61d9cd84129f8e8455a6e2a95d2bb9df250791a39f5e7f6ef49c045a6cb47ce5442abe1335c40f2a6fbf28e148a381c73f82bfdf2329b6cddeb9ad687da42636a844a6ce90ef692fdb0ec911a42dff419c1a20d6c9b74d134c89954a2cf7f94dc855c12455112bb4a9889e79a1acbcb08eacc254d5e7b271636f078577286cdf354b46e95e758d07cedf16dae7a39db160407d8474968490a37ad016ef89873e9d7e04e1bd807ae908eb61d2c8585e6210dc8542086e521d021fd3138e2aa1c84f5df6fd73fdf16bba03d67443bd5e39fbcc785ab2953b2d6142779b8968f369d9d4c3914e93b66b499aa843fa5d34e882f15ff030a2aaaa92a62f70bfabb6c42fc7ea2519"}, 0x448, 0xb34})
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'team_slave_0\x00'})
ptrace$poke(0x21, r3, 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

4.487906695s ago: executing program 6 (id=3112):
syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
clock_gettime(0xa, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x10000a0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000900)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x7ffe, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008050}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001640)=@deltfilter={0x24, 0x2d, 0x1, 0x70bd2c, 0x25dfdbf7, {0x0, 0x0, 0x0, r5, {0xb, 0x19}, {0x0, 0xfff1}, {0xe, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x8)
syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) (async)
clock_gettime(0xa, 0x0) (async)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x10000a0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
socket(0x400000000010, 0x3, 0x0) (async)
socket$unix(0x1, 0x1, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000900)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x7ffe, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008050}, 0x0) (async)
socket$unix(0x1, 0x1, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001640)=@deltfilter={0x24, 0x2d, 0x1, 0x70bd2c, 0x25dfdbf7, {0x0, 0x0, 0x0, r5, {0xb, 0x19}, {0x0, 0xfff1}, {0xe, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x8) (async)

2.952521311s ago: executing program 4 (id=3113):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x11)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)={'U+', 0x7}, 0x16, 0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001600)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000480000002c41000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff010011d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcebc7586186fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35eff00006b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f58fa48f61071f548d411353965615c24c1860fd0dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9778289c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba17a647a171c2fc73a8c7541c7ffaafba62195fce77382ae962f30d4a377d760040975a44aa73a4e687d06f96f0987b980f6f883534dfc71ace539eeeb08cff54e0e05d5e0563660a3664c67d0eb9cdf4eab93ab4bf1972a2acc5c5d43dc2f2b66d7493c390d042d896a1ad772f6d4c2cf38ba0"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)="fa82", 0x7058}], 0x1}, 0x20000000)
bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4f23, 0x100, @private1={0xfc, 0x1, '\x00', 0x1}, 0xffffffff}}, 0x24)
r6 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, 0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x2001, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000400000003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c11", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r9}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

2.832058809s ago: executing program 5 (id=3114):
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x6031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30000000000900020073797a31000000002c00058008000140000086dd080001400000002c080001400000001608000140000000736afd014000008100080009"], 0x248}}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000200)={0xfda5, 0x1, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0})
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
r7 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, 0x0, 0x0)
listen(r8, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50020021904ffffc"], 0x0)
r9 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r9, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_submit(0x0, 0x0, 0x0)
sync()
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xf, 0x63, 0x79, 0x20, 0x5ac, 0x23f, 0xe0d8, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0xd6, 0x2}}]}}]}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sendmsg$nl_xfrm(r0, 0x0, 0x0)

2.778117337s ago: executing program 6 (id=3115):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_RESIZE_FS(0xffffffffffffffff, 0x4008f510, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r4 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
fcntl$dupfd(r2, 0x0, r3)
keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netlink(r5, 0x10e, 0x5, &(0x7f0000000040)=""/162, &(0x7f0000000100)=0xa2)
r6 = gettid()
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @func={0x1, 0x0, 0x0, 0x12}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e, 0x0, 0x0, 0x61]}}, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'})

1.884518952s ago: executing program 0 (id=3116):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_GET_TSC_KHZ(r3, 0xaea3)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x14)
epoll_create1(0x0)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r5 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r5, &(0x7f0000000200)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x38}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000240)="27050200d40f000f0600002f88a8", 0xe}], 0x1}, 0x40000)
ioctl$LOOP_CHANGE_FD(r4, 0x4c03, 0xffffffffffffffff)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$fb0(0xffffffffffffff9c, &(0x7f00000004c0), 0x40000, 0x0)
r10 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'sit0\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0xfffffffe, {}, [@NHA_GATEWAY={0x14, 0x6, @in6_addr=@loopback}, @NHA_OIF={0x8, 0x5, r11}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x90)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
r13 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'lo\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r14, {0x0, 0x5}, {0xfff1, 0xffff}, {0xf, 0x9}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0x0, 0xe6}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4045}, 0x0)
ioctl$RTC_WKALM_SET(r6, 0x4028700f, &(0x7f0000000140)={0x2, 0x0, {0x0, 0x0, 0x0, 0x18, 0x0, 0x60}})

1.774112478s ago: executing program 6 (id=3117):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000001c0)={0x5, 0x0, 0x2})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x2301, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$inet6(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x10)

1.550140936s ago: executing program 6 (id=3118):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

332.724862ms ago: executing program 0 (id=3119):
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x5607, 0x4)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f00000000c0), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, 0x0, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x4, 0x0, &(0x7f0000000380)='\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x16)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xf, &(0x7f0000000340)={0x2, 0x100008f}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4000084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x100000000)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x4, 0x0, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x3c, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f00000003c0)=0x1ff, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = getpgrp(0xffffffffffffffff)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', 0x0, 0x8000, 0x0)
kcmp(r5, 0x0, 0x4, r1, 0xffffffffffffffff)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1b, 0x6, &(0x7f0000000580)=ANY=[@ANYRES16], &(0x7f0000000080)='GPL\x00', 0x4, 0xc9, &(0x7f00000005c0)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x4)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100), 0x6)
socket$inet6(0xa, 0x3, 0xff)

331.454737ms ago: executing program 6 (id=3120):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2) (async)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000001000/0x4000)=nil, 0x3)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil)
ioprio_set$uid(0x3, 0x0, 0x0) (async)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)

125.490749ms ago: executing program 4 (id=3121):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000000), 0x4)
listen(r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000040)='9', 0x1, 0xfffffffffffffffc)
keyctl$chown(0x4, r3, 0xee00, 0xffffffffffffffff)
keyctl$setperm(0x5, r3, 0x4002410)
keyctl$chown(0x4, r3, 0x0, 0x0)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$fscrypt_provisioning(&(0x7f0000000140), 0x0, &(0x7f0000000100)={0x4}, 0xfffff, r4)
keyctl$unlink(0x9, r3, r4)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x10100)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f0000000400)={0x8001, 0x9, 0x8, 0x6, 0x4, 0x5})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[], 0x10)
shutdown(r1, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) (fail_nth: 9)

46.030008ms ago: executing program 6 (id=3122):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0xfffffff8)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000001700)=[{&(0x7f0000000380)="58000000140019234017908a840da2560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffee09000000", 0x42}], 0x1)
r2 = accept4$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000100)=0x10, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x820, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
inotify_init()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWCHAIN={0x14}], {0x14}}, 0xa4}}, 0x0)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000040)=ANY=[@ANYBLOB="2a01000020000040b7080000000000000301090292000301"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r7, 0x8b2c, &(0x7f0000000040))
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)

44.632785ms ago: executing program 0 (id=3123):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x800452d2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x101182)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x890b, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x0, 0x0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default]})
r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'macvlan0\x00'})
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0xf0f041, 0x0, '\x00', @ptr=0x9}})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000004080d0501320000000000010902240001000000000904000043e800030009210000000122070009058103ffd7030000"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000000)={0x2c, &(0x7f0000000280)={0x0, 0x23, 0x7, {0x4, 0xf, "3d3df816cc"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800d3bbdf3b6dc25382948bcb74d0000000000000000000000000feff00007b000000000800000000005c110033a22a85e3a60e54eda8411c4fae36e65b752371f82528200eae7e64a7be63838e30bce8a72f629d50955d19f07f888906761ff9add9cdaad98091a4690c998f4a7b103f92cf94a90d82c254003e9d040ec6ba8edfa10ea6c09d358ca2b0983c487a884d7e42dbd99524c57bc061a060a56ee7ffee8251d2ba32980f8e0dbb7dad4c38f32b3103e7ca2f0fab7f7fd279dc32b17908bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f00000002c0)="ae24a21f9a824666f9acf0e0163f", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x0)
r6 = io_uring_setup(0x28d5, 0x0)
close(r6)
ioctl$TCSETSW2(r5, 0x5425, 0x0)
getpid()
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$SIOCX25SDTEFACILITIES(r7, 0x89eb, 0x0)

0s ago: executing program 3 (id=3080):
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x6031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30000000000900020073797a31000000002c00058008000140000086dd080001400000002c080001400000001608000140000000736afd014000008100080009"], 0x248}}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000200)={0xfda5, 0x1, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0})
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
r7 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, 0x0, 0x0)
listen(r8, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50020021904ffffc"], 0x0)
r9 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r9, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_submit(0x0, 0x0, 0x0)
sync()
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x4, {{{@in6=@mcast2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@dev={0xac, 0x14, 0x14, 0x43}, 0x0, 0x33}, @in=@broadcast, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x8}, {}, {0x0, 0x8, 0xa229}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0)

kernel console output (not intermixed with test programs):

 netlink: 52 bytes leftover after parsing attributes in process `syz.6.2594'.
[  932.983808][ T5820] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  932.992639][ T5820] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  933.776762][ T5820] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  933.785913][ T5820] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  933.797434][ T5820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7
[  933.808551][ T5820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024
[  933.822928][ T5820] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  933.832262][ T5820] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  933.840701][ T5820] usb 1-1: Product: syz
[  933.844877][ T5820] usb 1-1: Manufacturer: syz
[  933.857122][ T5820] cdc_wdm 1-1:1.0: skipping garbage
[  933.864582][ T5820] cdc_wdm 1-1:1.0: skipping garbage
[  933.870467][ T5820] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  934.156438][T16439] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  934.168023][T16439] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  935.435146][ T5902] usb 1-1: USB disconnect, device number 59
[  935.982025][T16452] 9pnet_fd: p9_fd_create_tcp (16452): problem connecting socket to 127.0.0.1
[  936.815640][   T30] audit: type=1400 audit(1749442110.577:842): avc:  denied  { ioctl } for  pid=16455 comm="syz.0.2607" path="socket:[62073]" dev="sockfs" ino=62073 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  937.117739][ T5938] usb 1-1: new full-speed USB device number 60 using dummy_hcd
[  937.305219][ T5938] usb 1-1: config 1 interface 0 has no altsetting 0
[  937.665692][ T5938] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  937.716536][ T5938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  938.037567][ T5938] usb 1-1: Product: syz
[  938.042889][ T5938] usb 1-1: Manufacturer: syz
[  938.047493][ T5938] usb 1-1: SerialNumber: syz
[  939.409635][T16491] overlayfs: failed to resolve './file1': -2
[  940.076572][T16493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  940.183435][T16493] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  941.083777][T16500] overlayfs: failed to resolve './file1': -2
[  942.140698][ T5938] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 60 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  942.176803][ T5938] usb 1-1: USB disconnect, device number 60
[  942.215115][ T5938] usblp0: removed
[  942.223243][T16502] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2618'.
[  942.852155][T16508] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  943.568599][ T5938] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  943.767766][ T5938] usb 1-1: Using ep0 maxpacket: 16
[  943.774318][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  943.787558][ T5938] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  943.797102][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  943.797971][ T5820] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  943.828957][ T5938] usb 1-1: config 0 descriptor??
[  944.227047][ T5820] usb 6-1: Using ep0 maxpacket: 16
[  944.239012][ T5820] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  944.267809][ T5820] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  944.307238][ T5820] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.325093][ T5820] usb 6-1: config 0 descriptor??
[  944.332086][T16506] SELinux: failed to load policy
[  944.560425][T16519] SELinux:  policydb magic number 0x112 does not match expected magic number 0xf97cff8c
[  944.576409][T16519] SELinux: failed to load policy
[  944.669094][ T5938] mcp2221 0003:04D8:00DD.002F: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  944.916896][ T5820] mcp2221 0003:04D8:00DD.0030: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  944.919707][T16506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  944.950965][T16506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  945.014907][T16506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  945.031645][T16506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  945.083846][ T5938] usb 1-1: USB disconnect, device number 61
[  945.420956][T16519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  945.601033][T16519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  945.751810][T16519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  945.772662][T16519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  946.386288][ T5938] usb 6-1: USB disconnect, device number 27
[  946.647563][T16560] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2634'.
[  946.691003][T16561] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2634'.
[  949.057835][ T5894] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  949.397334][ T5894] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  949.418858][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  949.445866][ T5894] usb 6-1: Product: syz
[  949.931818][ T5894] usb 6-1: Manufacturer: syz
[  949.942953][ T5894] usb 6-1: SerialNumber: syz
[  949.959911][ T5894] usb 6-1: config 0 descriptor??
[  950.186424][T16596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  950.221350][T16596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  950.362277][T16596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  950.374178][T16596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  950.487817][ T5894] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  950.627874][ T5980] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  950.658511][ T5894] usb 4-1: Using ep0 maxpacket: 16
[  950.675142][ T5894] usb 4-1: config 1 has an invalid interface number: 123 but max is 0
[  950.689349][ T5894] usb 4-1: config 1 has an invalid descriptor of length 61, skipping remainder of the config
[  950.700936][ T5894] usb 4-1: config 1 has no interface number 0
[  950.707542][ T5894] usb 4-1: config 1 interface 123 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  950.728035][ T5894] usb 4-1: config 1 interface 123 has no altsetting 0
[  950.737410][ T5894] usb 4-1: New USB device found, idVendor=0b05, idProduct=4202, bcdDevice=4c.71
[  950.752941][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.761610][ T5894] usb 4-1: Product: syz
[  950.765816][ T5894] usb 4-1: Manufacturer: syz
[  950.771203][ T5894] usb 4-1: SerialNumber: syz
[  950.810316][ T5980] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  950.819590][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.833630][ T5980] usb 5-1: config 0 descriptor??
[  950.849536][ T5980] gspca_main: cpia1-2.14.0 probing 0813:0001
[  950.908151][ T5902] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  951.077801][ T5902] usb 7-1: Using ep0 maxpacket: 16
[  951.084875][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  951.096771][ T5902] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  951.106067][ T5902] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.116795][ T5902] usb 7-1: config 0 descriptor??
[  951.147833][ T5820] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  951.299260][ T5820] usb 1-1: Using ep0 maxpacket: 16
[  951.306315][ T5820] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  951.317749][ T5820] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  951.330399][ T5820] usb 1-1: config 0 interface 0 has no altsetting 0
[  951.337142][ T5820] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  951.346357][ T5820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.363879][ T5820] usb 1-1: config 0 descriptor??
[  951.394719][T16622] SELinux: failed to load policy
[  951.465545][ T5980] gspca_cpia1: usb_control_msg 01, error -71
[  951.476532][ T5980] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  951.487347][ T5980] usb 5-1: USB disconnect, device number 88
[  951.612693][ T5902] mcp2221 0003:04D8:00DD.0031: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  951.835199][ T5874] usb 6-1: USB disconnect, device number 28
[  951.856242][T16622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  951.891858][T16622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  951.921665][T16622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  951.935071][T16622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  951.953734][ T5902] usb 7-1: USB disconnect, device number 17
[  951.987766][   T30] audit: type=1400 audit(1749442125.737:843): avc:  denied  { setopt } for  pid=16623 comm="syz.0.2649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  952.012734][ T5820] usbhid 1-1:0.0: can't add hid device: -71
[  952.033131][ T5820] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  952.060114][ T5820] usb 1-1: USB disconnect, device number 62
[  952.098208][T16630] xt_cgroup: xt_cgroup: no path or classid specified
[  952.110891][T16630] netlink: 'syz.4.2651': attribute type 3 has an invalid length.
[  952.129145][T16626] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2650'.
[  952.141342][T16630] xt_cgroup: xt_cgroup: no path or classid specified
[  952.158878][T16626] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  952.224318][ T5894] usb 4-1: USB disconnect, device number 70
[  954.518099][ T5820] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  954.778867][ T5874] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  955.051754][ T5874] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  955.264551][ T5874] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  955.308877][ T5874] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  955.328476][ T5874] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  955.336496][ T5874] usb 7-1: SerialNumber: syz
[  956.433013][T16679] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  956.455457][T16679] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  956.539146][ T5902] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  956.733529][ T5902] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  956.766244][T16682] misc userio: Invalid payload size
[  956.775886][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.796136][ T5902] usb 1-1: Product: syz
[  956.802022][ T5902] usb 1-1: Manufacturer: syz
[  956.808296][ T5902] usb 1-1: SerialNumber: syz
[  956.833930][ T5902] usb 1-1: config 0 descriptor??
[  956.958273][ T5938] usb 7-1: USB disconnect, device number 18
[  957.078681][T16675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.087514][T16675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.113396][T16675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.127997][T16675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.297755][ T5938] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  957.695032][ T5938] usb 7-1: config 0 has an invalid interface number: 18 but max is 0
[  957.703442][ T5938] usb 7-1: config 0 has no interface number 0
[  957.723945][ T5938] usb 7-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=16.e3
[  957.740401][ T5938] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.757363][ T5938] usb 7-1: Product: syz
[  957.767713][ T5938] usb 7-1: Manufacturer: syz
[  957.811865][ T5938] usb 7-1: SerialNumber: syz
[  957.855320][ T5938] usb 7-1: config 0 descriptor??
[  957.884323][ T5938] comedi comedi0: Wrong number of endpoints
[  958.066716][   T30] audit: type=1400 audit(1749442131.827:844): avc:  denied  { bind } for  pid=16697 comm="syz.3.2665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  958.204263][ T5938] dt9812 7-1:0.18: driver 'dt9812' failed to auto-configure device.
[  958.227972][   T30] audit: type=1400 audit(1749442131.837:845): avc:  denied  { write } for  pid=16697 comm="syz.3.2665" path="socket:[64656]" dev="sockfs" ino=64656 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  958.261949][ T5938] usb 7-1: USB disconnect, device number 19
[  958.477292][T16705] trusted_key: encrypted_key: insufficient parameters specified
[  959.447970][ T5938] usb 1-1: USB disconnect, device number 63
[  959.905730][T16720] overlayfs: overlapping lowerdir path
[  960.035338][T16721] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  960.362350][    T9] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  960.975489][T16729] netlink: 'syz.3.2672': attribute type 10 has an invalid length.
[  960.983698][T16729] bond0: (slave wlan1): Opening slave failed
[  960.991949][    T9] usb 6-1: Using ep0 maxpacket: 16
[  962.105190][T16742] FAULT_INJECTION: forcing a failure.
[  962.105190][T16742] name failslab, interval 1, probability 0, space 0, times 0
[  962.200845][T16742] CPU: 0 UID: 0 PID: 16742 Comm: syz.6.2674 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[  962.200872][T16742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  962.200883][T16742] Call Trace:
[  962.200889][T16742]  <TASK>
[  962.200897][T16742]  dump_stack_lvl+0x16c/0x1f0
[  962.200933][T16742]  should_fail_ex+0x512/0x640
[  962.200956][T16742]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  962.200982][T16742]  should_failslab+0xc2/0x120
[  962.201007][T16742]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  962.201042][T16742]  ? __alloc_skb+0x2b2/0x380
[  962.201067][T16742]  ? bpf_lsm_capable+0x9/0x10
[  962.201090][T16742]  __alloc_skb+0x2b2/0x380
[  962.201114][T16742]  ? __pfx___alloc_skb+0x10/0x10
[  962.201136][T16742]  ? genl_rcv_msg+0x4c0/0x800
[  962.201157][T16742]  ? genl_rcv_msg+0x4bb/0x800
[  962.201185][T16742]  netlink_ack+0x15d/0xb80
[  962.201209][T16742]  netlink_rcv_skb+0x332/0x420
[  962.201228][T16742]  ? __pfx_genl_rcv_msg+0x10/0x10
[  962.201250][T16742]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  962.201277][T16742]  ? netlink_deliver_tap+0x1ae/0xd30
[  962.201306][T16742]  genl_rcv+0x28/0x40
[  962.201325][T16742]  netlink_unicast+0x53d/0x7f0
[  962.201348][T16742]  ? __pfx_netlink_unicast+0x10/0x10
[  962.201375][T16742]  netlink_sendmsg+0x8d1/0xdd0
[  962.201397][T16742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  962.201425][T16742]  ____sys_sendmsg+0xa98/0xc70
[  962.201444][T16742]  ? copy_msghdr_from_user+0x10a/0x160
[  962.201468][T16742]  ? __pfx_____sys_sendmsg+0x10/0x10
[  962.201498][T16742]  ___sys_sendmsg+0x134/0x1d0
[  962.201525][T16742]  ? __pfx____sys_sendmsg+0x10/0x10
[  962.201547][T16742]  ? __lock_acquire+0x622/0x1c90
[  962.201604][T16742]  __sys_sendmsg+0x16d/0x220
[  962.201630][T16742]  ? __pfx___sys_sendmsg+0x10/0x10
[  962.201671][T16742]  do_syscall_64+0xcd/0x4c0
[  962.201700][T16742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.201717][T16742] RIP: 0033:0x7f65a4d8e929
[  962.201731][T16742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  962.201748][T16742] RSP: 002b:00007f65a5b63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  962.201765][T16742] RAX: ffffffffffffffda RBX: 00007f65a4fb5fa0 RCX: 00007f65a4d8e929
[  962.201776][T16742] RDX: 0000000000040080 RSI: 0000200000000140 RDI: 0000000000000003
[  962.201787][T16742] RBP: 00007f65a5b63090 R08: 0000000000000000 R09: 0000000000000000
[  962.201797][T16742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.201808][T16742] R13: 0000000000000000 R14: 00007f65a4fb5fa0 R15: 00007ffdb6f6ddd8
[  962.201831][T16742]  </TASK>
[  962.519415][    T9] usb 6-1: device descriptor read/all, error -71
[  962.855649][ T5820] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  962.996405][ T5874] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  963.303994][ T5874] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  963.372303][ T5874] usb 7-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  963.383522][ T5874] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  963.396248][ T5874] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  963.410861][ T5874] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7
[  963.417708][    T9] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  963.422278][ T5874] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024
[  963.448945][ T5874] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  963.449619][ T5820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  963.458339][ T5874] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  963.477683][ T5820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  963.483418][ T5874] usb 7-1: Product: syz
[  963.491894][ T5874] usb 7-1: Manufacturer: syz
[  963.498045][ T5820] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  963.507264][ T5820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.512954][ T5874] cdc_wdm 7-1:1.0: skipping garbage
[  963.517887][ T5820] usb 1-1: config 0 descriptor??
[  963.523484][ T5874] cdc_wdm 7-1:1.0: skipping garbage
[  963.541096][ T5874] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  963.605481][    T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[  963.615078][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.655780][    T9] usb 6-1: config 0 descriptor??
[  963.679381][    T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  963.891536][    T9] gspca_sn9c2028: read1 error -71
[  963.899573][    T9] gspca_sn9c2028: read1 error -71
[  963.929388][    T9] gspca_sn9c2028: read1 error -71
[  963.948427][ T5902] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  964.008365][    T9] sn9c2028 6-1:0.0: probe with driver sn9c2028 failed with error -71
[  964.124954][ T5820] pyra 0003:1E7D:2CF6.0032: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[  964.139115][T16741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  964.147703][T16741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  964.155659][    T9] usb 6-1: USB disconnect, device number 31
[  964.247370][ T5820] pyra 0003:1E7D:2CF6.0032: couldn't init struct pyra_device
[  964.266035][ T5820] pyra 0003:1E7D:2CF6.0032: couldn't install mouse
[  964.277538][ T5902] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  964.301037][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.313462][ T5820] pyra 0003:1E7D:2CF6.0032: probe with driver pyra failed with error -71
[  964.326402][ T5902] usb 5-1: Product: syz
[  964.336468][ T5902] usb 5-1: Manufacturer: syz
[  964.344320][ T5820] usb 1-1: USB disconnect, device number 64
[  964.352329][ T5902] usb 5-1: SerialNumber: syz
[  964.381448][ T5902] usb 5-1: config 0 descriptor??
[  964.444496][ T5874] usb 7-1: USB disconnect, device number 20
[  964.978653][T16757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.000371][T16757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.011309][T16757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.022376][T16757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.217708][    T9] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  965.828156][    T9] usb 4-1: Using ep0 maxpacket: 16
[  965.834535][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.845928][    T9] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  965.885871][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.908828][    T9] usb 4-1: config 0 descriptor??
[  966.762352][ T5874] usb 5-1: USB disconnect, device number 89
[  966.908250][T16767] SELinux: failed to load policy
[  967.195021][    T9] mcp2221 0003:04D8:00DD.0033: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  967.267727][T16797] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  967.278845][T16797] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  967.563125][T16767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  967.761492][T16767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  968.048159][T16785] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2687'.
[  968.062240][T16767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  968.083075][T16767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  968.103778][T16785] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  968.114951][ T5874] usb 4-1: USB disconnect, device number 71
[  969.481453][T16816] binder: 16811:16816 ioctl c0306201 200000000540 returned -22
[  970.138170][T16831] overlayfs: missing 'lowerdir'
[  970.547278][ T5894] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  970.566940][   T30] audit: type=1400 audit(1749442143.807:846): avc:  denied  { mount } for  pid=16824 comm="syz.6.2695" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  970.744756][   T30] audit: type=1400 audit(1749442143.907:847): avc:  denied  { mounton } for  pid=16824 comm="syz.6.2695" path="/130/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  971.054274][   T30] audit: type=1400 audit(1749442144.797:848): avc:  denied  { unmount } for  pid=13115 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  971.109034][T16812] binder: 16811:16812 ioctl c0306201 200000000640 returned -22
[  972.043473][T16835] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2697'.
[  972.069971][T16835] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  972.117708][ T5980] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  972.390917][ T5980] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  972.425994][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.452359][ T5980] usb 1-1: Product: syz
[  972.456557][ T5980] usb 1-1: Manufacturer: syz
[  972.467634][ T5980] usb 1-1: SerialNumber: syz
[  972.495679][ T5980] usb 1-1: config 0 descriptor??
[  972.746753][T16840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.827815][T16840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  972.858778][ T5894] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  972.872146][T16840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.883858][T16840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  973.539066][   T30] audit: type=1400 audit(1749442147.287:849): avc:  denied  { ioctl } for  pid=16863 comm="syz.5.2704" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  974.718057][ T5980] usb 1-1: USB disconnect, device number 65
[  974.803556][T16878] FAULT_INJECTION: forcing a failure.
[  974.803556][T16878] name failslab, interval 1, probability 0, space 0, times 0
[  974.816294][T16878] CPU: 0 UID: 0 PID: 16878 Comm: syz.4.2707 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[  974.816320][T16878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  974.816331][T16878] Call Trace:
[  974.816338][T16878]  <TASK>
[  974.816345][T16878]  dump_stack_lvl+0x16c/0x1f0
[  974.816378][T16878]  should_fail_ex+0x512/0x640
[  974.816402][T16878]  ? __kmalloc_noprof+0xbf/0x510
[  974.816427][T16878]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  974.816450][T16878]  should_failslab+0xc2/0x120
[  974.816476][T16878]  __kmalloc_noprof+0xd2/0x510
[  974.816496][T16878]  ? __rcu_read_unlock+0x2b4/0x580
[  974.816526][T16878]  ? avc_has_perm_noaudit+0x149/0x3b0
[  974.816547][T16878]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  974.816577][T16878]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  974.816602][T16878]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  974.816633][T16878]  ? bpf_lsm_capable+0x9/0x10
[  974.816652][T16878]  ? security_capable+0x7e/0x260
[  974.816673][T16878]  ? ns_capable+0xd7/0x110
[  974.816695][T16878]  genl_rcv_msg+0x55c/0x800
[  974.816721][T16878]  ? __pfx_genl_rcv_msg+0x10/0x10
[  974.816743][T16878]  ? __pfx_batadv_pre_doit+0x10/0x10
[  974.816763][T16878]  ? __pfx_batadv_netlink_set_mesh+0x10/0x10
[  974.816784][T16878]  ? __pfx_batadv_post_doit+0x10/0x10
[  974.816815][T16878]  netlink_rcv_skb+0x155/0x420
[  974.816834][T16878]  ? __pfx_genl_rcv_msg+0x10/0x10
[  974.816857][T16878]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  974.816895][T16878]  genl_rcv+0x28/0x40
[  974.816914][T16878]  netlink_unicast+0x53d/0x7f0
[  974.816937][T16878]  ? __pfx_netlink_unicast+0x10/0x10
[  974.816964][T16878]  netlink_sendmsg+0x8d1/0xdd0
[  974.816996][T16878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  974.817029][T16878]  ____sys_sendmsg+0xa98/0xc70
[  974.817052][T16878]  ? copy_msghdr_from_user+0x10a/0x160
[  974.817078][T16878]  ? __pfx_____sys_sendmsg+0x10/0x10
[  974.817113][T16878]  ___sys_sendmsg+0x134/0x1d0
[  974.817142][T16878]  ? __pfx____sys_sendmsg+0x10/0x10
[  974.817166][T16878]  ? __lock_acquire+0x622/0x1c90
[  974.817229][T16878]  __sys_sendmsg+0x16d/0x220
[  974.817256][T16878]  ? __pfx___sys_sendmsg+0x10/0x10
[  974.817299][T16878]  do_syscall_64+0xcd/0x4c0
[  974.817328][T16878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.817347][T16878] RIP: 0033:0x7fc4ef18e929
[  974.817362][T16878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  974.817379][T16878] RSP: 002b:00007fc4eff8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  974.817397][T16878] RAX: ffffffffffffffda RBX: 00007fc4ef3b6160 RCX: 00007fc4ef18e929
[  974.817410][T16878] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000007
[  974.817421][T16878] RBP: 00007fc4eff8e090 R08: 0000000000000000 R09: 0000000000000000
[  974.817432][T16878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  974.817443][T16878] R13: 0000000000000000 R14: 00007fc4ef3b6160 R15: 00007ffc75696928
[  974.817468][T16878]  </TASK>
[  975.109740][    C0] vkms_vblank_simulate: vblank timer overrun
[  975.551605][T16889] 9pnet_fd: Insufficient options for proto=fd
[  975.569223][T16889] lo speed is unknown, defaulting to 1000
[  975.575284][T16889] lo speed is unknown, defaulting to 1000
[  975.586437][T16889] lo speed is unknown, defaulting to 1000
[  975.653010][T16889] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  975.936486][T16889] lo speed is unknown, defaulting to 1000
[  975.943656][T16889] lo speed is unknown, defaulting to 1000
[  975.950110][T16889] lo speed is unknown, defaulting to 1000
[  975.956480][T16889] lo speed is unknown, defaulting to 1000
[  975.962874][T16889] lo speed is unknown, defaulting to 1000
[  976.001838][ T5980] usb 1-1: new full-speed USB device number 66 using dummy_hcd
[  976.246012][ T5980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  976.418132][ T5980] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  976.437994][ T5980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  976.497452][ T5980] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  976.506687][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.529658][ T5980] usb 1-1: Product: syz
[  976.533843][ T5980] usb 1-1: Manufacturer: syz
[  976.539077][T16896] fuse: Bad value for 'fd'
[  976.544975][T16896] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2713'.
[  976.550599][ T5980] usb 1-1: SerialNumber: syz
[  976.571390][T16896] veth3: entered promiscuous mode
[  976.590150][ T5980] usb 1-1: config 0 descriptor??
[  976.601323][T16880] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  976.613984][T16880] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  976.632505][ T5980] usb 1-1: ucan: probing device on interface #0
[  976.654703][T16903] overlay: Unknown parameter 'measure'
[  976.851095][ T5980] usb 1-1: ucan: device reported invalid device info
[  976.857977][ T5980] usb 1-1: ucan: probe failed; try to update the device firmware
[  976.897772][ T5874] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[  977.137710][ T5874] usb 4-1: device descriptor read/64, error -71
[  977.294571][T16911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=45511 sclass=netlink_route_socket pid=16911 comm=syz.6.2717
[  977.427727][ T5874] usb 4-1: new full-speed USB device number 73 using dummy_hcd
[  977.732674][T16915] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2719'.
[  979.347842][ T5874] usb 4-1: device descriptor read/64, error -71
[  979.415758][ T1207] usb 1-1: USB disconnect, device number 66
[  979.459576][ T5874] usb usb4-port1: attempt power cycle
[  979.567310][T16929] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2722'.
[  980.202302][ T5874] usb 4-1: new full-speed USB device number 74 using dummy_hcd
[  980.563516][ T5874] usb 4-1: device not accepting address 74, error -71
[  981.105744][T16949] fuse: Bad value for 'fd'
[  981.111529][T16949] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2729'.
[  981.138748][T16949] veth3: entered promiscuous mode
[  981.950419][T16966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2731'.
[  982.574402][T16968] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2733'.
[  982.583422][T16968] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  982.591018][T16968] batman_adv: batadv0: Removing interface: batadv_slave_0
[  982.612465][T16922] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  982.627986][T16968] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  982.635470][T16968] batman_adv: batadv0: Removing interface: batadv_slave_1
[  982.702837][   T30] audit: type=1400 audit(1749442156.467:850): avc:  denied  { getopt } for  pid=16974 comm="syz.4.2735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  982.768483][T16922] usb 1-1: Using ep0 maxpacket: 16
[  982.785971][T16922] usb 1-1: unable to get BOS descriptor or descriptor too short
[  982.809702][T16922] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  982.876986][T16922] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  982.912670][T16922] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  982.932376][T16922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  982.941110][T16922] usb 1-1: Product: ä Š
[  982.945285][T16922] usb 1-1: Manufacturer: à ‰
[  982.950083][T16922] usb 1-1: SerialNumber: syz
[  983.518058][ T5874] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  983.548083][T16987] virtio-fs: tag </dev/md0> not found
[  983.728014][ T5874] usb 4-1: Using ep0 maxpacket: 16
[  983.743625][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  983.775589][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  983.786532][ T5874] usb 4-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  983.801440][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.813820][T16922] usb 1-1: 0:2 : does not exist
[  983.839114][T16922] usb 1-1: USB disconnect, device number 67
[  983.863974][ T5874] usb 4-1: config 0 descriptor??
[  983.926321][T13353] udevd[13353]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  984.129175][T17000] lo speed is unknown, defaulting to 1000
[  985.680197][ T5980] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  986.097714][ T5980] usb 7-1: Using ep0 maxpacket: 16
[  986.105539][ T5980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  986.134467][ T5980] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  986.144379][ T5980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  986.153609][ T5874] usbhid 4-1:0.0: can't add hid device: -71
[  986.173295][ T5874] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  986.241811][ T5980] usb 7-1: config 0 descriptor??
[  986.247166][ T5874] usb 4-1: USB disconnect, device number 76
[  987.109959][ T5874] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  987.912373][T17010] SELinux: failed to load policy
[  987.963116][ T5980] mcp2221 0003:04D8:00DD.0034: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  988.176254][T17010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  988.185695][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  988.198163][T17010] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  988.208705][ T5874] usb 4-1: config 0 has an invalid interface number: 146 but max is 0
[  988.235387][ T5874] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  988.293154][T17038] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  988.304586][T17038] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  988.395385][ T5874] usb 4-1: config 0 has no interface number 0
[  988.515753][ T5874] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  988.681951][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.728747][T17010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  988.729302][ T5874] usb 4-1: Product: syz
[  988.738877][T17010] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  988.758698][ T5874] usb 4-1: Manufacturer: syz
[  988.764996][ T5874] usb 4-1: SerialNumber: syz
[  988.785697][    T9] usb 7-1: USB disconnect, device number 22
[  988.787413][ T5874] usb 4-1: config 0 descriptor??
[  988.817307][ T5874] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  990.167850][ T1207] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  990.749308][ T1207] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  990.782619][ T1207] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  990.820114][ T1207] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  990.842119][ T1207] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  990.927764][ T1207] usb 5-1: SerialNumber: syz
[  991.552029][T17063] fuse: Bad value for 'fd'
[  991.568166][T17063] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2759'.
[  992.845954][   T48] usb 5-1: USB disconnect, device number 90
[  992.876040][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  992.896990][T17063] veth5: entered promiscuous mode
[  994.132234][ T5902] usb 4-1: USB disconnect, device number 77
[  994.974798][   T30] audit: type=1400 audit(1749442168.737:851): avc:  denied  { ioctl } for  pid=17088 comm="syz.3.2768" path="socket:[65179]" dev="sockfs" ino=65179 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  995.326680][T17093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2768'.
[  996.291791][T17103] overlayfs: failed to resolve './file1': -2
[  997.197787][    T9] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  997.419254][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  997.525874][    T9] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  997.633717][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.781118][    T9] usb 7-1: config 0 descriptor??
[  997.848401][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  998.562982][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  999.447717][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  999.457282][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  999.539867][T11170] Bluetooth: hci5: unexpected event for opcode 0x2024
[  999.551162][    T9] pwc: recv_control_msg error -71 req 04 val 1000
[  999.564234][    T9] pwc: recv_control_msg error -71 req 04 val 1300
[  999.571417][    T9] pwc: recv_control_msg error -71 req 04 val 1400
[  999.585318][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  999.595827][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  999.620006][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  999.684550][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  999.698139][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[ 1000.185141][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[ 1000.332330][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[ 1000.399419][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[ 1000.561462][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[ 1000.578282][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[ 1000.605529][    T9] pwc: Registered as video103.
[ 1000.898873][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input65
[ 1001.031482][    T9] usb 7-1: USB disconnect, device number 23
[ 1001.213265][T15627] udevd[15627]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory
[ 1001.223762][T15627] udevd[15627]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[ 1001.324655][T17156] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1002.289433][T17168] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1002.300994][T17168] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1002.659516][T17166] program syz.0.2783 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1002.689349][T17163] fuse: Bad value for 'fd'
[ 1002.712100][T17163] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2789'.
[ 1004.758527][T17193] overlayfs: failed to resolve './file1': -2
[ 1005.957241][T17211] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2803'.
[ 1006.002598][T17211] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2803'.
[ 1006.103025][T17217] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2805'.
[ 1006.167771][ T5826] Bluetooth: hci4: command 0x0406 tx timeout
[ 1007.457265][T17237] overlayfs: failed to resolve './file1': -2
[ 1008.715156][T17253] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=30091 sclass=netlink_audit_socket pid=17253 comm=syz.5.2814
[ 1009.716844][T17260] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1009.728426][T17260] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1010.297288][T17267] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2817'.
[ 1011.546799][T17266] netlink: 'syz.0.2818': attribute type 10 has an invalid length.
[ 1011.555609][T17266] bond0: (slave wlan1): Opening slave failed
[ 1011.717181][T17276] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1011.728842][T17276] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1012.142578][T17279] fuse: Bad value for 'fd'
[ 1012.148053][T17279] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2821'.
[ 1012.219618][T17279] veth7: entered promiscuous mode
[ 1012.423168][T17287] overlayfs: failed to resolve './file1': -2
[ 1012.515230][ T5874] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1012.754320][ T5874] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1012.841671][ T5874] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1012.951385][ T5874] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1013.053526][ T5874] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1013.163404][ T5874] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1013.346904][ T5874] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1013.356425][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1013.364825][ T5874] usb 6-1: Product: syz
[ 1013.369196][ T5874] usb 6-1: Manufacturer: syz
[ 1013.377940][ T5874] cdc_wdm 6-1:1.0: skipping garbage
[ 1013.388181][ T5874] cdc_wdm 6-1:1.0: skipping garbage
[ 1013.886894][ T5874] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1013.940164][ T5874] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1013.989436][ T5902] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 1014.158579][ T5902] usb 4-1: Using ep0 maxpacket: 8
[ 1014.166261][T17307] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2830'.
[ 1014.177067][ T5902] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1014.197632][ T5902] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1014.211938][ T5902] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1014.311893][ T5902] usb 4-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[ 1014.331422][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.631144][    T9] usb 6-1: USB disconnect, device number 33
[ 1014.660225][ T5902] usb 4-1: config 0 descriptor??
[ 1014.871994][T17300] SELinux:  policydb version 0 does not match my version range 15-34
[ 1014.899295][T17300] SELinux: failed to load policy
[ 1014.926109][ T5902] usbhid 4-1:0.0: can't add hid device: -71
[ 1014.977752][ T5902] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1015.005624][ T5902] usb 4-1: USB disconnect, device number 78
[ 1015.646089][T17321] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1016.791195][T17325] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1017.492101][T17333] overlayfs: overlapping lowerdir path
[ 1017.581323][T17334] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1017.950958][T17335] overlayfs: failed to resolve './file1': -2
[ 1018.403076][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1018.412522][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1018.421269][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1018.430850][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1018.439770][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1019.024192][T17340] lo speed is unknown, defaulting to 1000
[ 1019.607948][    T9] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1020.029807][    T9] usb 4-1: Using ep0 maxpacket: 16
[ 1020.211766][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1020.247805][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1020.277630][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.306785][    T9] usb 4-1: config 0 descriptor??
[ 1020.322597][    T9] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input66
[ 1020.377124][ T7446] bond0: (slave syz_tun): Releasing backup interface
[ 1020.472892][T17340] chnl_net:caif_netlink_parms(): no params data found
[ 1020.567826][T11170] Bluetooth: hci0: command tx timeout
[ 1020.576979][ T5175] bcm5974 4-1:0.0: could not read from device
[ 1020.659488][ T5175] bcm5974 4-1:0.0: could not read from device
[ 1021.096676][    T9] bcm5974 4-1:0.0: could not read from device
[ 1021.149129][    T9] input: failed to attach handler mousedev to device input66, error: -5
[ 1021.167412][ T5175] bcm5974 4-1:0.0: could not read from device
[ 1021.174823][    T9] usb 4-1: USB disconnect, device number 79
[ 1021.293608][ T8167] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1021.513312][ T8167] netdevsim netdevsim4 netdevsim2 (unregistering): left allmulticast mode
[ 1021.542153][ T8167] netdevsim netdevsim4 netdevsim2 (unregistering): left promiscuous mode
[ 1021.575851][ T8167] bridge0: port 1(netdevsim2) entered disabled state
[ 1021.587503][ T8167] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1021.607990][ T5820] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1021.627204][T17340] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.641523][T17340] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.652699][T17340] bridge_slave_0: entered allmulticast mode
[ 1021.663787][T17340] bridge_slave_0: entered promiscuous mode
[ 1021.674281][T17340] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.686153][T17340] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.694363][T17340] bridge_slave_1: entered allmulticast mode
[ 1021.704341][T17340] bridge_slave_1: entered promiscuous mode
[ 1021.769757][ T5820] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1021.780752][ T5820] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1021.791466][ T5820] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1021.837910][ T5820] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1021.859737][ T8167] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1021.870206][ T5820] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1021.963218][T17381] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1022.350603][ T5820] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1022.359910][ T5820] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1022.371182][ T5820] usb 7-1: Product: syz
[ 1022.419084][ T5820] usb 7-1: Manufacturer: syz
[ 1022.442564][ T5820] cdc_wdm 7-1:1.0: skipping garbage
[ 1022.448094][ T5820] cdc_wdm 7-1:1.0: skipping garbage
[ 1022.466141][ T5820] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[ 1022.482287][ T5820] cdc_wdm 7-1:1.0: Unknown control protocol
[ 1022.710005][T17385] overlayfs: overlapping lowerdir path
[ 1022.800114][T17386] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1022.837644][T11170] Bluetooth: hci0: command tx timeout
[ 1023.078344][ T8167] bond0: (slave netdevsim0): Releasing backup interface
[ 1023.116077][ T8167] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1023.151621][T17340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1023.170009][T17340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1023.250769][T17340] team0: Port device team_slave_0 added
[ 1023.262545][T17340] team0: Port device team_slave_1 added
[ 1023.348730][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -EPIPE
[ 1023.421845][ T5820] usb 7-1: USB disconnect, device number 24
[ 1023.479941][T17340] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1023.513561][T17340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1023.542472][T17340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1023.571664][T17340] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1023.587919][T17340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1023.640506][T17340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1023.767846][T17396] fuse: Bad value for 'fd'
[ 1023.786061][T17340] hsr_slave_0: entered promiscuous mode
[ 1023.792154][T17396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2852'.
[ 1023.805032][T17340] hsr_slave_1: entered promiscuous mode
[ 1023.858383][ T1207] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1024.027692][ T1207] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1024.050868][ T1207] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024
[ 1024.402431][ T1207] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[ 1024.569168][ T1207] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1024.591282][ T1207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.616790][T17394] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1024.633458][ T1207] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1024.887790][ T5826] Bluetooth: hci0: command tx timeout
[ 1025.378427][   T48] usb 1-1: USB disconnect, device number 68
[ 1025.506316][   T30] audit: type=1400 audit(1749442199.257:852): avc:  denied  { getopt } for  pid=17409 comm="syz.5.2855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1025.553516][T17410] could not allocate digest TFM handle blake2s-224-arm
[ 1025.567749][ T8167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1025.585002][ T8167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1025.619515][ T8167] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1025.637908][ T8167] bond0 (unregistering): Released all slaves
[ 1026.147936][ T8167] bond1 (unregistering): Released all slaves
[ 1026.581231][ T8167] bond2 (unregistering): Released all slaves
[ 1026.668473][T17430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2858'.
[ 1026.877751][    T9] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1026.905997][ T8167] bond3 (unregistering): Released all slaves
[ 1026.971447][ T5826] Bluetooth: hci0: command 0x0419 tx timeout
[ 1027.049184][    T9] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1027.062144][ T8167] bond4 (unregistering): Released all slaves
[ 1027.074542][    T9] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1027.085042][    T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1027.096041][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1027.116487][T17429] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1027.129235][    T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1027.310415][ T8167] bond5 (unregistering): Released all slaves
[ 1027.362687][T17396] veth3: entered promiscuous mode
[ 1027.381553][ T1207] usb 7-1: USB disconnect, device number 25
[ 1028.393365][T17442] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1028.404402][T17442] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1028.452343][ T8167] tipc: Disabling bearer <udp:syz2>
[ 1028.463582][ T8167] tipc: Left network mode
[ 1028.803470][T17455] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1028.815020][T17455] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1029.049300][ T5826] Bluetooth: hci0: command 0x0419 tx timeout
[ 1029.679189][T17467] hub 8-0:1.0: USB hub found
[ 1029.684778][T17467] hub 8-0:1.0: 1 port detected
[ 1030.929976][T17479] FAULT_INJECTION: forcing a failure.
[ 1030.929976][T17479] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1030.991885][T17479] CPU: 0 UID: 0 PID: 17479 Comm: syz.6.2867 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[ 1030.991914][T17479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1030.991924][T17479] Call Trace:
[ 1030.991931][T17479]  <TASK>
[ 1030.991937][T17479]  dump_stack_lvl+0x16c/0x1f0
[ 1030.991976][T17479]  should_fail_ex+0x512/0x640
[ 1030.992001][T17479]  _copy_from_user+0x2e/0xd0
[ 1030.992027][T17479]  copy_msghdr_from_user+0x98/0x160
[ 1030.992053][T17479]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1030.992090][T17479]  ___sys_sendmsg+0xfe/0x1d0
[ 1030.992117][T17479]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1030.992139][T17479]  ? __lock_acquire+0x622/0x1c90
[ 1030.992194][T17479]  __sys_sendmsg+0x16d/0x220
[ 1030.992220][T17479]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1030.992262][T17479]  do_syscall_64+0xcd/0x4c0
[ 1030.992292][T17479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1030.992310][T17479] RIP: 0033:0x7f65a4d8e929
[ 1030.992323][T17479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1030.992340][T17479] RSP: 002b:00007f65a5b63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1030.992357][T17479] RAX: ffffffffffffffda RBX: 00007f65a4fb5fa0 RCX: 00007f65a4d8e929
[ 1030.992369][T17479] RDX: 0000000000000014 RSI: 0000200000000340 RDI: 0000000000000003
[ 1030.992380][T17479] RBP: 00007f65a5b63090 R08: 0000000000000000 R09: 0000000000000000
[ 1030.992390][T17479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1030.992401][T17479] R13: 0000000000000000 R14: 00007f65a4fb5fa0 R15: 00007ffdb6f6ddd8
[ 1030.992425][T17479]  </TASK>
[ 1030.997222][ T8167] hsr_slave_0: left promiscuous mode
[ 1031.093415][T17483] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2869'.
[ 1032.653691][ T8167] hsr_slave_1: left promiscuous mode
[ 1032.660145][ T8167] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1032.668156][ T8167] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1032.698590][ T8167] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1032.706035][ T8167] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1032.880913][ T8167] veth1_macvtap: left promiscuous mode
[ 1032.886455][ T8167] veth0_macvtap: left promiscuous mode
[ 1032.892710][ T8167] veth1_vlan: left promiscuous mode
[ 1032.898304][ T8167] veth0_vlan: left promiscuous mode
[ 1033.035588][T17503] overlayfs: failed to resolve './file0': -2
[ 1034.458737][T17516] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2877'.
[ 1034.506887][T17516] netlink: 59 bytes leftover after parsing attributes in process `syz.3.2877'.
[ 1034.516027][T17516] netlink: 59 bytes leftover after parsing attributes in process `syz.3.2877'.
[ 1034.780942][T17524] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1034.792456][T17524] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1035.378989][ T8167] team0 (unregistering): Port device team_slave_1 removed
[ 1035.602081][ T5980] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1035.658933][ T8167] team0 (unregistering): Port device team_slave_0 removed
[ 1035.807723][ T5980] usb 4-1: Using ep0 maxpacket: 16
[ 1035.829848][ T5980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1035.858058][ T5980] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1035.886076][ T5980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1035.898817][   T30] audit: type=1400 audit(1749442209.657:853): avc:  denied  { create } for  pid=17536 comm="syz.6.2884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1035.939177][ T5980] usb 4-1: config 0 descriptor??
[ 1036.215572][T17529] SELinux: failed to load policy
[ 1036.452292][ T5980] mcp2221 0003:04D8:00DD.0035: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[ 1036.859041][T17529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1036.873352][T17529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1037.391424][T17529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1037.431554][T17529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1037.514710][ T5980] usb 4-1: USB disconnect, device number 80
[ 1037.943740][T17340] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1037.988784][T17340] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1038.045736][T17559] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1038.900638][T17340] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1038.992072][T17340] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1039.831256][T17340] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1039.866759][T17340] 8021q: adding VLAN 0 to HW filter on device team0
[ 1039.897286][ T8167] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1039.904480][ T8167] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1039.918599][ T1207] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1039.942673][ T6009] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1039.949836][ T6009] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1040.068014][T17599] fuse: Bad value for 'fd'
[ 1040.080237][T17599] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2896'.
[ 1040.100298][ T1207] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1040.123393][ T1207] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 1040.156905][ T1207] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1040.166105][ T1207] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1040.175306][T17599] veth5: entered promiscuous mode
[ 1040.180819][ T1207] usb 7-1: SerialNumber: syz
[ 1040.370851][T17340] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1040.658984][   T30] audit: type=1400 audit(1749442214.417:854): avc:  denied  { map } for  pid=17612 comm="syz.3.2897" path="socket:[68244]" dev="sockfs" ino=68244 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1040.694960][   T30] audit: type=1400 audit(1749442214.417:855): avc:  denied  { accept } for  pid=17612 comm="syz.3.2897" path="socket:[68244]" dev="sockfs" ino=68244 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1041.936958][T17340] veth0_vlan: entered promiscuous mode
[ 1041.947613][T17340] veth1_vlan: entered promiscuous mode
[ 1042.097680][T16922] usb 7-1: USB disconnect, device number 26
[ 1042.179722][T17340] veth0_macvtap: entered promiscuous mode
[ 1042.200929][T17340] veth1_macvtap: entered promiscuous mode
[ 1042.227682][    T9] usb 4-1: new low-speed USB device number 81 using dummy_hcd
[ 1042.274764][T17340] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1042.304649][   T30] audit: type=1400 audit(1749442216.067:856): avc:  denied  { ioctl } for  pid=17646 comm="syz.5.2902" path="socket:[68323]" dev="sockfs" ino=68323 ioctlcmd=0x8917 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1042.378970][T17340] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1042.412806][T17340] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1042.451074][T17340] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1042.478132][T17340] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1042.486973][T17340] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1042.710507][T17659] loop6: detected capacity change from 0 to 7
[ 1042.720190][T17659] buffer_io_error: 14 callbacks suppressed
[ 1042.720221][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.734564][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.742870][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.751157][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.759424][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.767622][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.775807][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.783887][T17659] ldm_validate_partition_table(): Disk read failed.
[ 1042.790732][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.798966][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.807329][T17659] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1042.815875][T17659] Dev loop6: unable to read RDB block 0
[ 1042.822505][T17659]  loop6: unable to read partition table
[ 1042.828942][T17659] loop6: partition table beyond EOD, truncated
[ 1042.835169][T17659] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[ 1042.835169][T17659] 
) failed (rc=-5)
[ 1042.844283][ T1207] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[ 1042.850526][   T30] audit: type=1326 audit(1749442216.437:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1042.888687][   T30] audit: type=1326 audit(1749442216.437:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1042.995162][   T30] audit: type=1326 audit(1749442216.447:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1043.035528][   T30] audit: type=1326 audit(1749442216.447:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1043.060268][   T30] audit: type=1326 audit(1749442216.447:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1043.075887][T17533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1043.085187][   T30] audit: type=1326 audit(1749442216.457:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1043.103274][ T1207] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1043.121202][   T30] audit: type=1326 audit(1749442216.457:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1043.324768][T17533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1043.332694][ T1207] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1043.344435][ T1207] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1043.355463][ T1207] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1043.356361][   T30] audit: type=1326 audit(1749442216.457:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1043.375724][ T1207] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1044.345470][   T30] audit: type=1326 audit(1749442216.457:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17645 comm="syz.6.2901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f65a4d8e929 code=0x7ffc0000
[ 1044.380021][ T8176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1044.405087][ T8176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1044.417709][ T1207] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1044.630235][ T1207] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1044.640075][ T1207] usb 6-1: Product: syz
[ 1044.644417][ T1207] usb 6-1: Manufacturer: syz
[ 1044.649256][ T1207] usb 6-1: SerialNumber: syz
[ 1045.370281][ T1207] usb 6-1: config 0 descriptor??
[ 1045.694210][T17680] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[ 1045.819949][ T1207] usb 6-1: can't set config #0, error -71
[ 1045.888104][ T1207] usb 6-1: USB disconnect, device number 34
[ 1046.898978][T17694] fuse: Bad value for 'fd'
[ 1047.486152][   T30] kauditd_printk_skb: 19 callbacks suppressed
[ 1047.486177][   T30] audit: type=1400 audit(1749442221.147:885): avc:  denied  { map } for  pid=17712 comm="syz.6.2919" path="/dev/video3" dev="devtmpfs" ino=935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1049.098758][ T5826] Bluetooth: hci4: unexpected event for opcode 0x2024
[ 1049.357676][T17744] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2924'.
[ 1049.704994][    T9] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1049.884476][    T9] usb 1-1: Using ep0 maxpacket: 16
[ 1049.900387][    T9] usb 1-1: device descriptor read/all, error -71
[ 1051.130773][T17763] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1052.174519][    T9] Process accounting resumed
[ 1052.179371][ T5980] usb 5-1: new full-speed USB device number 91 using dummy_hcd
[ 1052.497791][ T5874] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1052.744242][ T5874] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1052.776034][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1052.785500][ T5874] usb 4-1: Product: syz
[ 1052.791334][ T5874] usb 4-1: Manufacturer: syz
[ 1052.796402][ T5874] usb 4-1: SerialNumber: syz
[ 1052.818650][ T5874] usb 4-1: config 0 descriptor??
[ 1052.829659][ T5874] ch341 4-1:0.0: ch341-uart converter detected
[ 1052.949271][ T5980] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1052.967934][ T5980] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1053.005383][ T5980] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1053.029281][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.076124][ T5980] hub 5-1:4.0: USB hub found
[ 1053.218136][T17793] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1053.229574][T17793] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1053.632003][ T5980] hub 5-1:4.0: config failed, hub has too many ports! (err -19)
[ 1053.656824][T17792] loop6: detected capacity change from 0 to 524287999
[ 1053.991863][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.309032][T16922] usb 5-1: USB disconnect, device number 91
[ 1054.348808][T17800] xt_cgroup: xt_cgroup: no path or classid specified
[ 1054.406404][ T5874] usb 4-1: ch341-uart converter now attached to ttyUSB0
[ 1054.657478][ T5980] usb 4-1: USB disconnect, device number 82
[ 1054.686318][ T5980] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[ 1054.727317][ T5980] ch341 4-1:0.0: device disconnected
[ 1055.017750][    T9] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1056.373924][T17810] fuse: Bad value for 'fd'
[ 1056.923256][    T9] usb 6-1: Using ep0 maxpacket: 16
[ 1057.034751][    T9] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1057.072707][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1057.733598][    T9] usb 6-1: string descriptor 0 read error: -71
[ 1057.747442][    T9] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1057.756855][   T30] audit: type=1400 audit(1749442231.517:886): avc:  denied  { mount } for  pid=17820 comm="syz.4.2948" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1057.807924][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1057.827053][    T9] usb 6-1: config 0 descriptor??
[ 1057.833025][T17821] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2948'.
[ 1057.836440][    T9] usb 6-1: can't set config #0, error -71
[ 1057.859342][    T9] usb 6-1: USB disconnect, device number 35
[ 1057.874893][   T30] audit: type=1400 audit(1749442231.637:887): avc:  denied  { search } for  pid=17820 comm="syz.4.2948" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1057.907732][T12878] usb 4-1: new full-speed USB device number 83 using dummy_hcd
[ 1057.927681][   T30] audit: type=1400 audit(1749442231.637:888): avc:  denied  { search } for  pid=17820 comm="syz.4.2948" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1058.001931][   T30] audit: type=1400 audit(1749442231.637:889): avc:  denied  { read open } for  pid=17820 comm="syz.4.2948" path="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1058.001977][   T30] audit: type=1400 audit(1749442231.647:890): avc:  denied  { read write } for  pid=12321 comm="syz-executor" name="loop5" dev="devtmpfs" ino=652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1058.002018][   T30] audit: type=1400 audit(1749442231.647:891): avc:  denied  { open } for  pid=12321 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1058.002059][   T30] audit: type=1400 audit(1749442231.647:892): avc:  denied  { ioctl } for  pid=12321 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=652 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1058.073222][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1058.133530][T12878] usb 4-1: config 0 has an invalid interface number: 113 but max is 0
[ 1058.133559][T12878] usb 4-1: config 0 has no interface number 0
[ 1058.133593][T12878] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[ 1058.133618][T12878] usb 4-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1058.133640][T12878] usb 4-1: config 0 interface 113 has no altsetting 0
[ 1058.148685][T12878] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1058.148712][T12878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1058.148732][T12878] usb 4-1: Product: syz
[ 1058.148752][T12878] usb 4-1: Manufacturer: syz
[ 1058.148767][T12878] usb 4-1: SerialNumber: syz
[ 1058.178522][T12878] usb 4-1: config 0 descriptor??
[ 1058.231057][    C1] usb 4-1: NFC: Urb failure (status -71)
[ 1058.309960][T12878] usb 4-1: NFC: Unable to get FW version
[ 1058.324691][T12878] pn533_usb 4-1:0.113: probe with driver pn533_usb failed with error -90
[ 1059.542897][ T5980] usb 4-1: USB disconnect, device number 83
[ 1059.692727][   T30] audit: type=1400 audit(1749442233.447:893): avc:  denied  { allowed } for  pid=17836 comm="syz.5.2954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1059.921472][    T9] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1059.969813][ T5826] Bluetooth: hci0: unexpected event for opcode 0x2024
[ 1060.118171][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 1060.129225][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1060.234473][T17846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2956'.
[ 1060.592088][    T9] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1060.601244][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1060.618117][    T9] usb 7-1: config 0 descriptor??
[ 1060.627378][   T30] audit: type=1400 audit(1749442234.387:894): avc:  denied  { shutdown } for  pid=17847 comm="syz.5.2957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1061.225967][T17855] overlayfs: missing 'lowerdir'
[ 1061.852740][T17835] SELinux: failed to load policy
[ 1062.116635][    T9] mcp2221 0003:04D8:00DD.0036: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[ 1062.333350][T17863] nft_compat: unsupported protocol 5
[ 1062.368543][T17835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1062.581557][T17835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1062.855887][T17835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1062.917148][T17835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1063.099495][ T1207] usb 7-1: USB disconnect, device number 27
[ 1064.347219][T17877] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2965'.
[ 1064.464427][T17886] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2966'.
[ 1064.917837][T17877] overlayfs: missing 'lowerdir'
[ 1064.953687][   T30] audit: type=1400 audit(1749442238.707:895): avc:  denied  { remove_name } for  pid=17884 comm="syz.3.2967" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1065.107718][   T30] audit: type=1400 audit(1749442238.707:896): avc:  denied  { unlink } for  pid=17884 comm="syz.3.2967" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1065.175602][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 200
[ 1065.203891][   T30] audit: type=1400 audit(1749442238.937:897): avc:  denied  { getopt } for  pid=17894 comm="syz.6.2971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1065.223274][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1065.683626][T17907] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1065.769403][T17908] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1065.780548][T17908] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1068.163969][ T8176] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1068.548331][  T114] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1068.943535][   T30] audit: type=1326 audit(1749442242.707:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17946 comm="syz.4.2986" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f584eb8e929 code=0x0
[ 1069.422457][  T114] usb 4-1: Using ep0 maxpacket: 16
[ 1069.472071][  T114] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1069.499921][  T114] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1069.514313][T17954] FAULT_INJECTION: forcing a failure.
[ 1069.514313][T17954] name failslab, interval 1, probability 0, space 0, times 0
[ 1069.533462][  T114] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1069.559732][  T114] usb 4-1: config 0 descriptor??
[ 1069.893109][T17954] CPU: 0 UID: 0 PID: 17954 Comm: syz.0.2987 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[ 1069.893136][T17954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1069.893147][T17954] Call Trace:
[ 1069.893153][T17954]  <TASK>
[ 1069.893160][T17954]  dump_stack_lvl+0x16c/0x1f0
[ 1069.893191][T17954]  should_fail_ex+0x512/0x640
[ 1069.893215][T17954]  ? __kmalloc_noprof+0xbf/0x510
[ 1069.893239][T17954]  ? nla_strdup+0xc6/0x150
[ 1069.893262][T17954]  should_failslab+0xc2/0x120
[ 1069.893289][T17954]  __kmalloc_noprof+0xd2/0x510
[ 1069.893317][T17954]  nla_strdup+0xc6/0x150
[ 1069.893344][T17954]  nf_tables_newtable+0xdeb/0x1b40
[ 1069.893373][T17954]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1069.893393][T17954]  ? __pfx_nf_tables_newtable+0x10/0x10
[ 1069.893422][T17954]  ? __nla_parse+0x40/0x60
[ 1069.893441][T17954]  nfnetlink_rcv_batch+0x18ed/0x2330
[ 1069.893485][T17954]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[ 1069.893525][T17954]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1069.893567][T17954]  ? __nla_parse+0x40/0x60
[ 1069.893586][T17954]  nfnetlink_rcv+0x3c1/0x430
[ 1069.893607][T17954]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1069.893636][T17954]  netlink_unicast+0x53d/0x7f0
[ 1069.893659][T17954]  ? __pfx_netlink_unicast+0x10/0x10
[ 1069.893685][T17954]  netlink_sendmsg+0x8d1/0xdd0
[ 1069.893707][T17954]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1069.893735][T17954]  ____sys_sendmsg+0xa98/0xc70
[ 1069.893755][T17954]  ? copy_msghdr_from_user+0x10a/0x160
[ 1069.893779][T17954]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1069.893811][T17954]  ___sys_sendmsg+0x134/0x1d0
[ 1069.893835][T17954]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1069.893857][T17954]  ? __lock_acquire+0x622/0x1c90
[ 1069.893914][T17954]  __sys_sendmsg+0x16d/0x220
[ 1069.893941][T17954]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1069.893983][T17954]  do_syscall_64+0xcd/0x4c0
[ 1069.894019][T17954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1069.894037][T17954] RIP: 0033:0x7f2ec3b8e929
[ 1069.894052][T17954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1069.894070][T17954] RSP: 002b:00007f2ec493b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1069.894088][T17954] RAX: ffffffffffffffda RBX: 00007f2ec3db5fa0 RCX: 00007f2ec3b8e929
[ 1069.894101][T17954] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1069.894112][T17954] RBP: 00007f2ec493b090 R08: 0000000000000000 R09: 0000000000000000
[ 1069.894122][T17954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1069.894134][T17954] R13: 0000000000000000 R14: 00007f2ec3db5fa0 R15: 00007ffe4242e548
[ 1069.894160][T17954]  </TASK>
[ 1070.154108][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1070.188789][T17939] SELinux: failed to load policy
[ 1070.303427][T11170] Bluetooth: hci3: command 0x1003 tx timeout
[ 1070.317710][ T5826] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1070.554760][  T114] mcp2221 0003:04D8:00DD.0037: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[ 1070.797154][T12878] kernel read not supported for file /dsp1 (pid: 12878 comm: kworker/1:6)
[ 1072.393357][T17981] overlayfs: missing 'lowerdir'
[ 1072.408009][T17961] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1072.415170][ T5826] Bluetooth: hci1: command 0x0406 tx timeout
[ 1072.886546][T17961] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1072.909393][T17961] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1072.940848][T17961] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1072.949680][T17961] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1072.962992][T17961] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1072.971842][T17961] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1072.983106][T17961] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1073.051504][T12878] usb 4-1: USB disconnect, device number 84
[ 1073.218175][T17985] binder: BINDER_SET_CONTEXT_MGR already set
[ 1073.224194][T17985] binder: 17984:17985 ioctl 4018620d 200000000040 returned -16
[ 1073.271847][T17985] binder: 17984:17985 ioctl c0306201 200000000100 returned -14
[ 1073.967422][  T114] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1073.968906][T17996] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1073.986205][T17996] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1074.282897][T18005] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1074.294389][T18005] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1074.478460][T17997] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1074.516482][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1074.793322][  T114] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1074.817618][  T114] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1074.834589][  T114] usb 5-1: Product: syz
[ 1074.848009][  T114] usb 5-1: Manufacturer: syz
[ 1074.862825][  T114] usb 5-1: SerialNumber: syz
[ 1074.925493][  T114] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1074.954188][T18008] fuse: Bad value for 'fd'
[ 1074.960525][T18008] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3002'.
[ 1074.974897][ T5826] Bluetooth: hci0: command 0x0419 tx timeout
[ 1074.981023][T11170] Bluetooth: hci4: command 0x0406 tx timeout
[ 1075.001642][T17950] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1075.101640][T18008] veth7: entered promiscuous mode
[ 1076.168362][T17950] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1076.183834][T17950] ath9k_htc: Failed to initialize the device
[ 1076.213491][    T9] usb 5-1: USB disconnect, device number 92
[ 1076.253550][    T9] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1076.456305][T18027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3009'.
[ 1076.536997][T18029] fuse: Invalid rootmode
[ 1076.579354][   T30] audit: type=1400 audit(1749442250.337:899): avc:  denied  { read } for  pid=18025 comm="syz.3.3009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1076.653157][T11170] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1076.685533][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1076.704630][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1076.719554][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1076.728877][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1076.737899][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1076.812133][ T8164] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1076.845020][   T30] audit: type=1400 audit(1749442250.607:900): avc:  denied  { ioctl } for  pid=18037 comm="syz.4.3012" path="socket:[70953]" dev="sockfs" ino=70953 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1076.897072][T18033] lo speed is unknown, defaulting to 1000
[ 1076.964296][ T8164] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1077.040185][T12878] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1077.048070][T11170] Bluetooth: hci0: command 0x0419 tx timeout
[ 1077.054180][ T5826] Bluetooth: hci4: command 0x0406 tx timeout
[ 1077.120302][ T8164] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1077.124262][   T30] audit: type=1400 audit(1749442250.887:901): avc:  denied  { shutdown } for  pid=18041 comm="syz.5.3015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1077.315982][   T30] audit: type=1400 audit(1749442250.927:902): avc:  denied  { getopt } for  pid=18041 comm="syz.5.3015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1077.347632][T12878] usb 7-1: Using ep0 maxpacket: 8
[ 1078.162678][T12878] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1078.388887][T12878] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1078.602694][T12878] usb 7-1: config 0 descriptor??
[ 1078.618383][ T8164] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1078.678217][T17950] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1078.791936][T18033] chnl_net:caif_netlink_parms(): no params data found
[ 1078.808165][ T5826] Bluetooth: hci1: command tx timeout
[ 1078.825173][T12878] asix 7-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1078.845086][T17950] usb 6-1: Using ep0 maxpacket: 32
[ 1078.882175][T17950] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1078.911467][T17950] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1078.936165][T17950] usb 6-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00
[ 1078.955563][T17950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1078.975630][T17950] usb 6-1: config 0 descriptor??
[ 1079.137924][ T5826] Bluetooth: hci0: command 0x0419 tx timeout
[ 1079.401462][T18055] capability: warning: `syz.5.3018' uses 32-bit capabilities (legacy support in use)
[ 1079.414698][T17950] usbhid 6-1:0.0: can't add hid device: -71
[ 1079.423260][T17950] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1079.440033][T17950] usb 6-1: USB disconnect, device number 36
[ 1079.551021][T18071] FAULT_INJECTION: forcing a failure.
[ 1079.551021][T18071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1079.565209][T18071] CPU: 0 UID: 0 PID: 18071 Comm: syz.4.3022 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[ 1079.565233][T18071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1079.565244][T18071] Call Trace:
[ 1079.565250][T18071]  <TASK>
[ 1079.565257][T18071]  dump_stack_lvl+0x16c/0x1f0
[ 1079.565285][T18071]  should_fail_ex+0x512/0x640
[ 1079.565310][T18071]  _copy_to_user+0x32/0xd0
[ 1079.565335][T18071]  simple_read_from_buffer+0xcb/0x170
[ 1079.565356][T18071]  proc_fail_nth_read+0x197/0x270
[ 1079.565378][T18071]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1079.565410][T18071]  ? rw_verify_area+0xcf/0x680
[ 1079.565430][T18071]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1079.565452][T18071]  vfs_read+0x1e1/0xc60
[ 1079.565476][T18071]  ? preempt_schedule_thunk+0x16/0x30
[ 1079.565501][T18071]  ? __pfx_vfs_read+0x10/0x10
[ 1079.565521][T18071]  ? preempt_schedule_thunk+0x16/0x30
[ 1079.565548][T18071]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 1079.565572][T18071]  ? __wake_up+0x3f/0x60
[ 1079.565596][T18071]  ? do_signalfd4+0x11e/0x430
[ 1079.565623][T18071]  ksys_read+0x12a/0x250
[ 1079.565643][T18071]  ? __pfx_ksys_read+0x10/0x10
[ 1079.565673][T18071]  do_syscall_64+0xcd/0x4c0
[ 1079.565702][T18071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1079.565719][T18071] RIP: 0033:0x7f584eb8d33c
[ 1079.565735][T18071] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1079.565751][T18071] RSP: 002b:00007f584f978030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1079.565768][T18071] RAX: ffffffffffffffda RBX: 00007f584edb5fa0 RCX: 00007f584eb8d33c
[ 1079.565780][T18071] RDX: 000000000000000f RSI: 00007f584f9780a0 RDI: 0000000000000005
[ 1079.565790][T18071] RBP: 00007f584f978090 R08: 0000000000000000 R09: 0000000000000000
[ 1079.565800][T18071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1079.565811][T18071] R13: 0000000000000000 R14: 00007f584edb5fa0 R15: 00007ffc924898b8
[ 1079.565837][T18071]  </TASK>
[ 1079.566479][ T8164] bond0 (unregistering): Released all slaves
[ 1079.630480][T18036] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3013'.
[ 1079.921787][ T8164] bond1 (unregistering): Released all slaves
[ 1079.943372][T18075] fuse: Bad value for 'fd'
[ 1079.954867][T18075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3024'.
[ 1080.042214][ T8164] bond2 (unregistering): Released all slaves
[ 1080.174596][ T8164] bond3 (unregistering): Released all slaves
[ 1080.251107][ T5874] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1080.305846][ T8164] bond4 (unregistering): Released all slaves
[ 1080.391127][T18080] overlayfs: failed to resolve './file1': -2
[ 1080.538358][ T5874] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1080.598841][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1080.640316][ T5874] usb 4-1: Product: syz
[ 1080.645465][ T5874] usb 4-1: Manufacturer: syz
[ 1080.692773][ T5874] usb 4-1: SerialNumber: syz
[ 1080.709915][ T5874] usb 4-1: config 0 descriptor??
[ 1080.829272][ T8164] bond5 (unregistering): Released all slaves
[ 1080.898014][ T5826] Bluetooth: hci1: command tx timeout
[ 1080.952954][T18073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1080.965055][T18073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1080.980766][T18073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1080.991495][T18073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1081.057663][ T8164] bond6 (unregistering): Released all slaves
[ 1081.130259][T18083] netlink: 156 bytes leftover after parsing attributes in process `syz.5.3026'.
[ 1081.585785][ T8164] bond7 (unregistering): Released all slaves
[ 1081.679608][ T8164] bond8 (unregistering): Released all slaves
[ 1081.775164][T18075] veth3: entered promiscuous mode
[ 1081.780484][T12878] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1081.815886][T12878] asix 7-1:0.0: probe with driver asix failed with error -71
[ 1081.854021][T12878] usb 7-1: USB disconnect, device number 28
[ 1082.060337][ T8164] tipc: Disabling bearer <udp:syz2>
[ 1082.085328][T18093] lo speed is unknown, defaulting to 1000
[ 1082.124646][ T8164] tipc: Left network mode
[ 1082.637655][T12878] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1082.654362][T18107] overlayfs: failed to resolve './file1': -2
[ 1082.865879][T17950] usb 4-1: USB disconnect, device number 85
[ 1082.967703][ T5826] Bluetooth: hci1: command tx timeout
[ 1082.975147][T18033] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1082.997520][T18033] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1083.005360][T18033] bridge_slave_0: entered allmulticast mode
[ 1083.014743][T18033] bridge_slave_0: entered promiscuous mode
[ 1083.023362][T18033] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1083.034763][T18033] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1083.042065][T18033] bridge_slave_1: entered allmulticast mode
[ 1083.050288][T18033] bridge_slave_1: entered promiscuous mode
[ 1083.138579][T18113] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.3032'.
[ 1083.770370][T18117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3032'.
[ 1083.799079][T18033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1083.841668][T18033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1085.051627][ T5826] Bluetooth: hci1: command tx timeout
[ 1085.090646][T18033] team0: Port device team_slave_0 added
[ 1085.310464][T18132] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1085.957890][T18133] overlayfs: failed to resolve './file1': -2
[ 1086.219223][T18033] team0: Port device team_slave_1 added
[ 1086.434394][T18033] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1086.469306][T18033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1086.524605][T18145] fuse: Bad value for 'fd'
[ 1086.532332][T18153] fuse: Bad value for 'rootmode'
[ 1086.543477][T18145] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3039'.
[ 1086.553970][T18033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1087.350473][T18033] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1087.407719][T18033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.487166][T18033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1087.512681][T18145] veth7: entered promiscuous mode
[ 1087.871856][T18168] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1088.046560][T18169] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3045'.
[ 1089.902356][T18159] geneve2: entered promiscuous mode
[ 1089.920532][T18159] geneve2: entered allmulticast mode
[ 1090.357445][T18180] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.3048'.
[ 1090.596016][T18033] hsr_slave_0: entered promiscuous mode
[ 1090.615345][T18033] hsr_slave_1: entered promiscuous mode
[ 1090.617526][T18194] netlink: 1284 bytes leftover after parsing attributes in process `syz.6.3051'.
[ 1091.104961][T18185] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3048'.
[ 1091.124873][T18033] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1091.142820][T18033] Cannot create hsr debugfs directory
[ 1091.217633][T18196] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3051'.
[ 1091.263850][T12878] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1091.474089][ T8164] hsr_slave_0: left promiscuous mode
[ 1091.485232][ T8164] hsr_slave_1: left promiscuous mode
[ 1091.504119][ T8164] veth1_macvtap: left promiscuous mode
[ 1091.513363][ T8164] veth0_macvtap: left promiscuous mode
[ 1091.520309][ T8164] veth1_vlan: left promiscuous mode
[ 1091.526695][ T8164] veth0_vlan: left promiscuous mode
[ 1091.539317][T12878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1091.566629][T12878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1091.582386][T12878] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[ 1091.593132][T12878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1091.606117][T12878] usb 4-1: config 0 descriptor??
[ 1091.725930][T18198] No buffer was provided with the request
[ 1091.810617][T18198] netlink: 596 bytes leftover after parsing attributes in process `syz.4.3052'.
[ 1092.047393][T12878] playstation 0003:054C:0DF2.0038: unknown main item tag 0x0
[ 1092.061015][T12878] playstation 0003:054C:0DF2.0038: unknown main item tag 0x0
[ 1092.069272][T12878] playstation 0003:054C:0DF2.0038: unknown main item tag 0x0
[ 1092.076712][T12878] playstation 0003:054C:0DF2.0038: unknown main item tag 0x0
[ 1092.089728][T12878] playstation 0003:054C:0DF2.0038: unknown main item tag 0x0
[ 1092.104935][T12878] playstation 0003:054C:0DF2.0038: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0
[ 1092.572965][T12878] playstation 0003:054C:0DF2.0038: Invalid byte count transferred, expected 20 got 0
[ 1092.691270][T12878] playstation 0003:054C:0DF2.0038: Failed to retrieve DualSense pairing info: -22
[ 1092.692493][T18206] FAULT_INJECTION: forcing a failure.
[ 1092.692493][T18206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1092.721439][T18206] CPU: 1 UID: 0 PID: 18206 Comm: syz.6.3054 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[ 1092.721463][T18206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1092.721473][T18206] Call Trace:
[ 1092.721480][T18206]  <TASK>
[ 1092.721486][T18206]  dump_stack_lvl+0x16c/0x1f0
[ 1092.721516][T18206]  should_fail_ex+0x512/0x640
[ 1092.721542][T18206]  _copy_to_user+0x32/0xd0
[ 1092.721575][T18206]  simple_read_from_buffer+0xcb/0x170
[ 1092.721598][T18206]  proc_fail_nth_read+0x197/0x270
[ 1092.721620][T18206]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1092.721641][T18206]  ? rw_verify_area+0xcf/0x680
[ 1092.721659][T18206]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1092.721680][T18206]  vfs_read+0x1e1/0xc60
[ 1092.721702][T18206]  ? __pfx___mutex_lock+0x10/0x10
[ 1092.721726][T18206]  ? __pfx_vfs_read+0x10/0x10
[ 1092.721752][T18206]  ? __fget_files+0x20e/0x3c0
[ 1092.721780][T18206]  ksys_read+0x12a/0x250
[ 1092.721799][T18206]  ? __pfx_ksys_read+0x10/0x10
[ 1092.721819][T18206]  ? fput+0x70/0xf0
[ 1092.721838][T18206]  do_syscall_64+0xcd/0x4c0
[ 1092.721864][T18206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1092.721881][T18206] RIP: 0033:0x7f65a4d8d33c
[ 1092.721896][T18206] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1092.721912][T18206] RSP: 002b:00007f65a5b63030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1092.721928][T18206] RAX: ffffffffffffffda RBX: 00007f65a4fb5fa0 RCX: 00007f65a4d8d33c
[ 1092.721939][T18206] RDX: 000000000000000f RSI: 00007f65a5b630a0 RDI: 0000000000000004
[ 1092.721949][T18206] RBP: 00007f65a5b63090 R08: 0000000000000000 R09: 0000000000000000
[ 1092.721960][T18206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1092.721970][T18206] R13: 0000000000000000 R14: 00007f65a4fb5fa0 R15: 00007ffdb6f6ddd8
[ 1092.721993][T18206]  </TASK>
[ 1092.724534][T12878] playstation 0003:054C:0DF2.0038: Failed to get MAC address from DualSense
[ 1092.929797][T12878] playstation 0003:054C:0DF2.0038: Failed to create dualsense.
[ 1093.018142][T12878] playstation 0003:054C:0DF2.0038: probe with driver playstation failed with error -22
[ 1093.058550][    T9] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1093.228530][    T9] usb 7-1: Using ep0 maxpacket: 8
[ 1093.243606][    T9] usb 7-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[ 1093.246051][T18215] adf_ctl_ioctl: 15 callbacks suppressed
[ 1093.246065][T18215] QAT: Invalid ioctl 1075883590
[ 1093.261349][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.266146][T18215] QAT: Invalid ioctl 1075883590
[ 1093.272637][    T9] usb 7-1: Product: syz
[ 1093.279097][T18215] QAT: Invalid ioctl 1075883590
[ 1093.285615][T18215] QAT: Invalid ioctl 1075883590
[ 1093.289867][    T9] usb 7-1: Manufacturer: syz
[ 1093.297062][T18215] QAT: Invalid ioctl 1075883590
[ 1093.306794][    T9] usb 7-1: SerialNumber: syz
[ 1093.311758][T18215] QAT: Invalid ioctl 1075883590
[ 1093.317051][T18215] QAT: Invalid ioctl 1075883590
[ 1093.324578][T18210] QAT: Invalid ioctl -1072131203
[ 1093.332361][    T9] usb 7-1: config 0 descriptor??
[ 1093.341243][    T9] gspca_main: sonixj-2.14.0 probing 0c45:614a
[ 1093.341704][T18215] QAT: Invalid ioctl 1075883590
[ 1093.348424][T17950] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 1093.356741][T18215] QAT: Invalid ioctl 1075883590
[ 1093.509232][T17950] usb 5-1: Using ep0 maxpacket: 16
[ 1093.541193][T17950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1093.563156][T17950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1093.573396][T17950] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1093.638381][ T5980] usb 4-1: USB disconnect, device number 86
[ 1093.658013][T17950] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1093.667302][T17950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1093.700206][T17950] usb 5-1: config 0 descriptor??
[ 1094.065866][T18211] lo speed is unknown, defaulting to 1000
[ 1094.241333][    T9] gspca_sonixj: reg_r err -71
[ 1094.246089][    T9] sonixj 7-1:0.0: probe with driver sonixj failed with error -71
[ 1094.261192][    T9] usb 7-1: USB disconnect, device number 30
[ 1094.353787][T17950] usbhid 5-1:0.0: can't add hid device: -71
[ 1094.382990][T17950] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1094.415748][T17950] usb 5-1: USB disconnect, device number 93
[ 1094.574509][T18033] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1094.667142][T18033] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1094.683865][T18033] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1094.694462][T18033] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1095.122882][T18033] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1095.155821][T18033] 8021q: adding VLAN 0 to HW filter on device team0
[ 1095.702829][ T8173] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1095.709991][ T8173] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1095.724035][ T8173] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1095.724156][ T8173] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1095.955465][T18033] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1096.120488][T18033] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1096.147631][   T30] audit: type=1400 audit(1749442269.907:903): avc:  denied  { sqpoll } for  pid=18244 comm="syz.6.3063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1097.422422][T18254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3064'.
[ 1098.997913][T18033] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1099.022525][T18033] veth0_vlan: entered promiscuous mode
[ 1099.031145][T18033] veth1_vlan: entered promiscuous mode
[ 1099.092219][T18033] veth0_macvtap: entered promiscuous mode
[ 1099.149760][T18033] veth1_macvtap: entered promiscuous mode
[ 1099.220414][T18033] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1099.277207][T18033] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1099.524004][T18033] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.093819][T18033] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.113179][T18033] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.123376][T18033] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.438089][    T9] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 1101.647745][    T9] usb 5-1: Using ep0 maxpacket: 16
[ 1101.857330][T18293] overlayfs: failed to resolve './file1': -2
[ 1102.846158][    T9] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[ 1102.859692][    T9] usb 5-1: config 0 has an invalid descriptor of length 43, skipping remainder of the config
[ 1102.870359][    T9] usb 5-1: config 0 has no interface number 0
[ 1102.879143][    T9] usb 5-1: string descriptor 0 read error: -71
[ 1102.879723][ T3458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1102.885581][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[ 1103.342245][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1103.352834][ T3458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1103.368661][    T9] usb 5-1: config 0 descriptor??
[ 1103.378863][    T9] usb 5-1: can't set config #0, error -71
[ 1103.482117][    T9] usb 5-1: USB disconnect, device number 94
[ 1103.509531][ T8175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1103.517808][ T8175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1103.650602][T18303] tipc: Started in network mode
[ 1103.655617][T18303] tipc: Node identity 080211000001, cluster identity 4711
[ 1103.765709][   T48] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1103.832395][T18303] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1104.409726][   T48] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1104.462813][T18314] netlink: set zone limit has 8 unknown bytes
[ 1104.625451][   T48] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 1104.660518][   T48] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1104.671625][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1104.680961][   T48] usb 4-1: SerialNumber: syz
[ 1104.687689][ T5820] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1104.821422][   T48] usb 4-1: USB disconnect, device number 87
[ 1104.917730][ T5820] usb 1-1: Using ep0 maxpacket: 16
[ 1104.948187][T17950] tipc: Node number set to 134418688
[ 1104.989871][ T5820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1105.024967][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 201
[ 1105.184935][ T5820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1105.240627][ T5820] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1105.254852][T18312] ALSA: mixer_oss: invalid index 40000
[ 1105.272767][ T5820] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1105.310816][ T5820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.331696][ T5820] usb 1-1: config 0 descriptor??
[ 1105.515028][T11170] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1105.524401][T11170] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1105.538479][T11170] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1105.549284][T11170] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1105.557720][T11170] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1105.699693][T18324] lo speed is unknown, defaulting to 1000
[ 1105.737679][ T5980] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1105.803552][ T5820] microsoft 0003:045E:07DA.0039: No inputs registered, leaving
[ 1105.819627][T14238] bond0: (slave syz_tun): Releasing backup interface
[ 1105.849980][ T5820] microsoft 0003:045E:07DA.0039: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[ 1105.921200][ T5980] usb 7-1: config 220 has an invalid interface number: 76 but max is 2
[ 1105.937718][ T5820] microsoft 0003:045E:07DA.0039: no inputs found
[ 1105.959799][ T5980] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1105.979884][ T5820] microsoft 0003:045E:07DA.0039: could not initialize ff, continuing anyway
[ 1105.996303][ T5980] usb 7-1: config 220 has no interface number 2
[ 1106.015543][ T5820] usb 1-1: USB disconnect, device number 71
[ 1106.025564][ T5980] usb 7-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12
[ 1106.065287][ T5980] usb 7-1: config 220 interface 0 has no altsetting 0
[ 1106.072158][ T5980] usb 7-1: config 220 interface 76 has no altsetting 0
[ 1106.080912][ T5980] usb 7-1: config 220 interface 1 has no altsetting 0
[ 1106.089531][ T5980] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1106.100794][ T5980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.116336][ T5980] usb 7-1: Product: syz
[ 1106.122853][ T5980] usb 7-1: Manufacturer: syz
[ 1106.127646][ T5980] usb 7-1: SerialNumber: syz
[ 1106.243351][ T8176] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1106.342724][T18329] lo speed is unknown, defaulting to 1000
[ 1106.354355][ T5980] usb 7-1: selecting invalid altsetting 0
[ 1106.364149][ T5980] usb 7-1: Found UVC 7.01 device syz (8086:0b07)
[ 1106.377670][ T5980] usb 7-1: No valid video chain found.
[ 1106.389906][ T5980] usb 7-1: selecting invalid altsetting 0
[ 1106.408121][ T5980] usbtest 7-1:220.1: probe with driver usbtest failed with error -22
[ 1106.471150][ T5980] usb 7-1: USB disconnect, device number 31
[ 1107.009201][ T8176] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1107.041422][T18324] chnl_net:caif_netlink_parms(): no params data found
[ 1107.102317][ T8176] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1107.191804][ T8176] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1107.221602][T18324] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1107.229928][T18324] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1107.237193][T18324] bridge_slave_0: entered allmulticast mode
[ 1107.248706][T18324] bridge_slave_0: entered promiscuous mode
[ 1107.267544][T18324] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1107.283968][T18324] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1107.315862][T18324] bridge_slave_1: entered allmulticast mode
[ 1107.345184][T18324] bridge_slave_1: entered promiscuous mode
[ 1107.360867][T18348] netlink: 4712 bytes leftover after parsing attributes in process `syz.4.3086'.
[ 1107.525782][T18346] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1107.536920][T18346] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1107.552611][T18324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1107.618214][T11170] Bluetooth: hci3: command tx timeout
[ 1107.637334][T18324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1107.669005][   T48] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1107.738799][T18324] team0: Port device team_slave_0 added
[ 1107.757999][T18324] team0: Port device team_slave_1 added
[ 1107.950791][ T8176] bridge_slave_1: left allmulticast mode
[ 1107.957323][ T8176] bridge_slave_1: left promiscuous mode
[ 1107.984192][ T8176] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1107.998521][   T48] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1108.304868][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1108.382029][ T8176] bridge_slave_0: left allmulticast mode
[ 1108.398077][ T8176] bridge_slave_0: left promiscuous mode
[ 1108.403771][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1108.424258][ T8176] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1108.456488][   T48] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1108.494701][   T48] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1108.534508][   T48] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1108.564459][   T48] usb 6-1: Manufacturer: syz
[ 1108.592805][   T48] usb 6-1: config 0 descriptor??
[ 1108.784080][ T8176] dvmrp1 (unregistering): left allmulticast mode
[ 1108.862004][   T48] usbhid 6-1:0.0: can't add hid device: -71
[ 1108.870429][   T48] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1108.897910][   T48] usb 6-1: USB disconnect, device number 37
[ 1109.093634][T18375] tmpfs: Bad value for 'mpol'
[ 1109.545475][ T8176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1109.560323][ T8176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1109.598787][ T8176] bond0 (unregistering): Released all slaves
[ 1109.689106][T11170] Bluetooth: hci3: command tx timeout
[ 1109.756751][ T8176] bond1 (unregistering): Released all slaves
[ 1109.853359][T18380] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1110.351198][ T8176] bond2 (unregistering): Released all slaves
[ 1110.366202][T18324] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1110.373753][T18324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1110.399971][T18324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1110.506020][T18324] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1110.534390][T18324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1110.769377][T18324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1110.837700][    T9] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1110.914230][T18324] hsr_slave_0: entered promiscuous mode
[ 1110.932730][T18324] hsr_slave_1: entered promiscuous mode
[ 1111.555770][T18396] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1111.906386][T18324] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1111.916428][T18389] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input68
[ 1111.928565][T11170] Bluetooth: hci3: command tx timeout
[ 1111.934494][T18324] Cannot create hsr debugfs directory
[ 1112.056875][    T9] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1112.082094][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1112.097179][    T9] usb 7-1: Product: syz
[ 1112.101525][    T9] usb 7-1: Manufacturer: syz
[ 1112.124323][    T9] usb 7-1: SerialNumber: syz
[ 1112.134555][    T9] usb 7-1: config 0 descriptor??
[ 1112.522698][T18384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1112.541039][T18384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1112.644429][T18384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1112.787892][T18384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1113.503838][T18419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3101'.
[ 1113.906313][ T8176] hsr_slave_0: left promiscuous mode
[ 1113.912340][ T8176] hsr_slave_1: left promiscuous mode
[ 1114.007781][T11170] Bluetooth: hci3: command tx timeout
[ 1114.024363][ T8176] veth1_macvtap: left promiscuous mode
[ 1114.039860][ T8176] veth0_macvtap: left promiscuous mode
[ 1114.052314][ T8176] veth1_vlan: left promiscuous mode
[ 1114.093556][ T5980] usb 7-1: USB disconnect, device number 32
[ 1114.311302][T18424] fuse: Bad value for 'fd'
[ 1114.325382][T18424] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3104'.
[ 1114.399053][T18427] fuse: Bad value for 'fd'
[ 1114.406530][T18427] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3105'.
[ 1115.269033][ T5980] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1115.282906][ T8176] team0 (unregistering): Port device team_slave_1 removed
[ 1115.346380][ T8176] team0 (unregistering): Port device team_slave_0 removed
[ 1115.374622][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.442477][ T5980] usb 6-1: Using ep0 maxpacket: 16
[ 1115.450420][ T5980] usb 6-1: config 1 has an invalid interface number: 123 but max is 0
[ 1115.460141][ T5980] usb 6-1: config 1 has an invalid descriptor of length 61, skipping remainder of the config
[ 1115.470546][ T5980] usb 6-1: config 1 has no interface number 0
[ 1115.477440][ T5980] usb 6-1: config 1 interface 123 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1115.490824][ T5980] usb 6-1: config 1 interface 123 has no altsetting 0
[ 1115.500515][ T5980] usb 6-1: New USB device found, idVendor=0b05, idProduct=4202, bcdDevice=4c.71
[ 1115.520270][ T5980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1115.529081][ T5980] usb 6-1: Product: syz
[ 1115.533342][ T5980] usb 6-1: Manufacturer: syz
[ 1115.538226][ T5980] usb 6-1: SerialNumber: syz
[ 1115.852019][T18424] veth3: entered promiscuous mode
[ 1115.887096][T18427] veth9: entered promiscuous mode
[ 1115.946724][T18437] kthread_run failed with err -4
[ 1116.208167][   T48] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 1116.305678][   T30] audit: type=1804 audit(1749442290.067:904): pid=18447 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.3110" name="/newroot/225/bus/bus" dev="overlay" ino=1303 res=1 errno=0
[ 1116.368872][   T48] usb 1-1: Using ep0 maxpacket: 8
[ 1116.391720][   T48] usb 1-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[ 1116.401919][   T48] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1116.416192][   T48] usb 1-1: config 0 descriptor??
[ 1116.627044][T18442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1116.669449][T18442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1116.806602][T18456] x_tables: duplicate underflow at hook 2
[ 1116.827945][ T5820] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1116.856788][T18324] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1116.869158][T18324] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1116.879952][T18324] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1116.890407][T18324] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1116.975189][T18324] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1116.997061][T18324] 8021q: adding VLAN 0 to HW filter on device team0
[ 1117.007791][ T5820] usb 7-1: Using ep0 maxpacket: 16
[ 1117.016914][ T3458] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1117.024048][ T3458] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1117.035767][ T5820] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 11
[ 1117.046287][ T3458] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1117.053416][ T3458] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1117.061537][ T5820] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[ 1117.072834][ T5820] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[ 1117.083078][ T5820] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1117.093416][ T5820] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[ 1117.103744][ T5820] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1117.110808][ T5820] usb 7-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1117.123109][ T5820] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1117.144258][ T5820] ums-sddr09 7-1:1.0: USB Mass Storage device detected
[ 1117.151526][T18324] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1117.163125][T18324] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1117.890016][ T5980] usb 6-1: USB disconnect, device number 38
[ 1117.935495][T18454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.963287][T18454] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.028785][   T48] usbhid 1-1:0.0: can't add hid device: -71
[ 1118.062117][   T48] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1118.100351][   T48] usb 1-1: USB disconnect, device number 72
[ 1118.187899][ T5820] ums-sddr09 7-1:1.0: probe with driver ums-sddr09 failed with error -22
[ 1118.241079][ T5820] usb 7-1: USB disconnect, device number 33
[ 1118.910548][T18324] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1118.965308][T18471] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3114'.
[ 1119.003156][T18324] veth0_vlan: entered promiscuous mode
[ 1119.014221][T18324] veth1_vlan: entered promiscuous mode
[ 1119.024086][T18477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1119.090290][T18324] veth0_macvtap: entered promiscuous mode
[ 1119.139605][T18324] veth1_macvtap: entered promiscuous mode
[ 1119.218625][T18324] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1119.275290][T18324] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1119.313144][T18324] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.332917][T18324] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.631523][T18324] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.659926][T18324] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1119.885019][T18492] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1120.423950][T17533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1120.475301][T17533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1120.607709][ T5874] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1120.717389][ T8175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1120.734036][ T8175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1120.767831][ T5874] usb 6-1: Using ep0 maxpacket: 32
[ 1120.774947][ T5874] usb 6-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice=e0.d8
[ 1120.792564][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1120.854659][ T5874] usb 6-1: config 0 descriptor??
[ 1120.903542][ T5874] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input69
[ 1121.024169][T18508] random: crng reseeded on system resumption
[ 1121.040804][T18508] FAULT_INJECTION: forcing a failure.
[ 1121.040804][T18508] name failslab, interval 1, probability 0, space 0, times 0
[ 1121.054122][T18508] CPU: 0 UID: 0 PID: 18508 Comm: syz.4.3121 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[ 1121.054147][T18508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1121.054157][T18508] Call Trace:
[ 1121.054163][T18508]  <TASK>
[ 1121.054170][T18508]  dump_stack_lvl+0x16c/0x1f0
[ 1121.054200][T18508]  should_fail_ex+0x512/0x640
[ 1121.054227][T18508]  should_failslab+0xc2/0x120
[ 1121.054249][T18508]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1121.054265][T18508]  ? preempt_schedule_common+0x44/0xc0
[ 1121.054285][T18508]  ? async_schedule_node_domain+0x54/0x120
[ 1121.054308][T18508]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 1121.054327][T18508]  async_schedule_node_domain+0x54/0x120
[ 1121.054350][T18508]  dev_cache_fw_image+0x38e/0x490
[ 1121.054369][T18508]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1121.054388][T18508]  ? dev_cache_fw_image+0x398/0x490
[ 1121.054410][T18508]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1121.054428][T18508]  dpm_for_each_dev+0x5d/0xb0
[ 1121.054445][T18508]  fw_pm_notify+0x81/0x150
[ 1121.054460][T18508]  notifier_call_chain+0xbc/0x410
[ 1121.054480][T18508]  ? __pfx_fw_pm_notify+0x10/0x10
[ 1121.054502][T18508]  blocking_notifier_call_chain_robust+0xc8/0x160
[ 1121.054524][T18508]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[ 1121.054552][T18508]  pm_notifier_call_chain_robust+0x27/0x60
[ 1121.054575][T18508]  snapshot_open+0x218/0x2b0
[ 1121.054595][T18508]  ? __pfx_snapshot_open+0x10/0x10
[ 1121.054616][T18508]  misc_open+0x35d/0x420
[ 1121.054635][T18508]  ? __pfx_misc_open+0x10/0x10
[ 1121.054651][T18508]  chrdev_open+0x231/0x6a0
[ 1121.054672][T18508]  ? __pfx_chrdev_open+0x10/0x10
[ 1121.054693][T18508]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1121.054717][T18508]  do_dentry_open+0x741/0x1c10
[ 1121.054736][T18508]  ? __pfx_chrdev_open+0x10/0x10
[ 1121.054763][T18508]  vfs_open+0x82/0x3f0
[ 1121.054778][T18508]  path_openat+0x1de4/0x2cb0
[ 1121.054806][T18508]  ? __pfx_path_openat+0x10/0x10
[ 1121.054831][T18508]  do_filp_open+0x20b/0x470
[ 1121.054851][T18508]  ? __pfx_do_filp_open+0x10/0x10
[ 1121.054869][T18508]  ? mark_held_locks+0x49/0x80
[ 1121.054907][T18508]  ? alloc_fd+0x471/0x7d0
[ 1121.054933][T18508]  do_sys_openat2+0x11b/0x1d0
[ 1121.054946][T18508]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1121.054962][T18508]  ? __fget_files+0x20e/0x3c0
[ 1121.054985][T18508]  __x64_sys_openat+0x174/0x210
[ 1121.054999][T18508]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1121.055011][T18508]  ? ksys_write+0x1ac/0x250
[ 1121.055039][T18508]  do_syscall_64+0xcd/0x4c0
[ 1121.055063][T18508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.055078][T18508] RIP: 0033:0x7f584eb8e929
[ 1121.055091][T18508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1121.055105][T18508] RSP: 002b:00007f584f957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1121.055119][T18508] RAX: ffffffffffffffda RBX: 00007f584edb6080 RCX: 00007f584eb8e929
[ 1121.055129][T18508] RDX: 0000000000000481 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1121.055138][T18508] RBP: 00007f584f957090 R08: 0000000000000000 R09: 0000000000000000
[ 1121.055147][T18508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1121.055155][T18508] R13: 0000000000000000 R14: 00007f584edb6080 R15: 00007ffc924898b8
[ 1121.055179][T18508]  </TASK>
[ 1121.406897][T18508] 
[ 1121.409248][T18508] ============================================
[ 1121.415392][T18508] WARNING: possible recursive locking detected
[ 1121.421536][T18508] 6.15.0-syzkaller-13804-g939f15e640f1 #0 Not tainted
[ 1121.428289][T18508] --------------------------------------------
[ 1121.434429][T18508] syz.4.3121/18508 is trying to acquire lock:
[ 1121.440471][T18508] ffffffff8f514508 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[ 1121.448373][T18508] 
[ 1121.448373][T18508] but task is already holding lock:
[ 1121.455723][T18508] ffffffff8f514508 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[ 1121.463895][T18508] 
[ 1121.463895][T18508] other info that might help us debug this:
[ 1121.471930][T18508]  Possible unsafe locking scenario:
[ 1121.471930][T18508] 
[ 1121.479365][T18508]        CPU0
[ 1121.482634][T18508]        ----
[ 1121.485895][T18508]   lock(fw_lock);
[ 1121.489617][T18508]   lock(fw_lock);
[ 1121.493327][T18508] 
[ 1121.493327][T18508]  *** DEADLOCK ***
[ 1121.493327][T18508] 
[ 1121.501451][T18508]  May be due to missing lock nesting notation
[ 1121.501451][T18508] 
[ 1121.509753][T18508] 5 locks held by syz.4.3121/18508:
[ 1121.514934][T18508]  #0: ffffffff8f302368 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[ 1121.523369][T18508]  #1: ffffffff8e487d28 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[ 1121.533730][T18508]  #2: ffffffff8e4c84d0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[ 1121.545557][T18508]  #3: ffffffff8f514508 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[ 1121.554152][T18508]  #4: ffffffff8f50ef08 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[ 1121.563498][T18508] 
[ 1121.563498][T18508] stack backtrace:
[ 1121.569399][T18508] CPU: 0 UID: 0 PID: 18508 Comm: syz.4.3121 Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[ 1121.569421][T18508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1121.569431][T18508] Call Trace:
[ 1121.569439][T18508]  <TASK>
[ 1121.569444][T18508]  dump_stack_lvl+0x116/0x1f0
[ 1121.569465][T18508]  print_deadlock_bug+0x1e9/0x240
[ 1121.569482][T18508]  __lock_acquire+0x1106/0x1c90
[ 1121.569500][T18508]  ? __kasan_slab_free+0x51/0x70
[ 1121.569522][T18508]  lock_acquire+0x179/0x350
[ 1121.569545][T18508]  ? assign_fw+0x4e/0x640
[ 1121.569563][T18508]  ? __pfx___might_resched+0x10/0x10
[ 1121.569582][T18508]  ? do_sys_openat2+0x11b/0x1d0
[ 1121.569593][T18508]  ? __x64_sys_openat+0x174/0x210
[ 1121.569603][T18508]  ? do_syscall_64+0xcd/0x4c0
[ 1121.569620][T18508]  __mutex_lock+0x199/0xb90
[ 1121.569636][T18508]  ? assign_fw+0x4e/0x640
[ 1121.569649][T18508]  ? assign_fw+0x4e/0x640
[ 1121.569667][T18508]  ? __pfx___mutex_lock+0x10/0x10
[ 1121.569693][T18508]  ? kasan_quarantine_put+0x10a/0x240
[ 1121.569712][T18508]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1121.569732][T18508]  ? assign_fw+0x4e/0x640
[ 1121.569743][T18508]  assign_fw+0x4e/0x640
[ 1121.569755][T18508]  ? _request_firmware+0x957/0x1470
[ 1121.569768][T18508]  _request_firmware+0x988/0x1470
[ 1121.569783][T18508]  ? __pfx__request_firmware+0x10/0x10
[ 1121.569800][T18508]  ? mark_held_locks+0x49/0x80
[ 1121.569823][T18508]  ? irqentry_exit+0x3b/0x90
[ 1121.569844][T18508]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1121.569866][T18508]  __async_dev_cache_fw_image+0xb1/0x340
[ 1121.569881][T18508]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 1121.569896][T18508]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 1121.569910][T18508]  async_schedule_node_domain+0xd4/0x120
[ 1121.569926][T18508]  dev_cache_fw_image+0x38e/0x490
[ 1121.569943][T18508]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1121.569962][T18508]  ? dev_cache_fw_image+0x398/0x490
[ 1121.569979][T18508]  ? __pfx_dev_cache_fw_image+0x10/0x10
[ 1121.569997][T18508]  dpm_for_each_dev+0x5d/0xb0
[ 1121.570011][T18508]  fw_pm_notify+0x81/0x150
[ 1121.570022][T18508]  notifier_call_chain+0xbc/0x410
[ 1121.570036][T18508]  ? __pfx_fw_pm_notify+0x10/0x10
[ 1121.570049][T18508]  blocking_notifier_call_chain_robust+0xc8/0x160
[ 1121.570065][T18508]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[ 1121.570090][T18508]  pm_notifier_call_chain_robust+0x27/0x60
[ 1121.570114][T18508]  snapshot_open+0x218/0x2b0
[ 1121.570136][T18508]  ? __pfx_snapshot_open+0x10/0x10
[ 1121.570154][T18508]  misc_open+0x35d/0x420
[ 1121.570180][T18508]  ? __pfx_misc_open+0x10/0x10
[ 1121.570192][T18508]  chrdev_open+0x231/0x6a0
[ 1121.570207][T18508]  ? __pfx_chrdev_open+0x10/0x10
[ 1121.570229][T18508]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1121.570252][T18508]  do_dentry_open+0x741/0x1c10
[ 1121.570272][T18508]  ? __pfx_chrdev_open+0x10/0x10
[ 1121.570293][T18508]  vfs_open+0x82/0x3f0
[ 1121.570304][T18508]  path_openat+0x1de4/0x2cb0
[ 1121.570323][T18508]  ? __pfx_path_openat+0x10/0x10
[ 1121.570338][T18508]  do_filp_open+0x20b/0x470
[ 1121.570353][T18508]  ? __pfx_do_filp_open+0x10/0x10
[ 1121.570374][T18508]  ? mark_held_locks+0x49/0x80
[ 1121.570402][T18508]  ? alloc_fd+0x471/0x7d0
[ 1121.570424][T18508]  do_sys_openat2+0x11b/0x1d0
[ 1121.570436][T18508]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1121.570446][T18508]  ? __fget_files+0x20e/0x3c0
[ 1121.570461][T18508]  __x64_sys_openat+0x174/0x210
[ 1121.570471][T18508]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1121.570481][T18508]  ? ksys_write+0x1ac/0x250
[ 1121.570498][T18508]  do_syscall_64+0xcd/0x4c0
[ 1121.570521][T18508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.570538][T18508] RIP: 0033:0x7f584eb8e929
[ 1121.570551][T18508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1121.570567][T18508] RSP: 002b:00007f584f957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1121.570579][T18508] RAX: ffffffffffffffda RBX: 00007f584edb6080 RCX: 00007f584eb8e929
[ 1121.570586][T18508] RDX: 0000000000000481 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1121.570592][T18508] RBP: 00007f584f957090 R08: 0000000000000000 R09: 0000000000000000
[ 1121.570599][T18508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1121.570605][T18508] R13: 0000000000000000 R14: 00007f584edb6080 R15: 00007ffc924898b8
[ 1121.570615][T18508]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1122.238038][ T5175] bcm5974 6-1:0.0: could not read from device
[ 1122.635401][T18515] vivid-000: disconnect
[ 1122.940031][ T5175] bcm5974: mode switch failed
[ 1123.140993][ T5175] bcm5974 6-1:0.0: could not read from device
[ 1123.264238][ T5175] bcm5974: mode switch failed