last executing test programs:

23m54.067941985s ago: executing program 4 (id=257):
syz_open_dev$evdev(&(0x7f0000005e80), 0x4, 0x42)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffffb}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (fail_nth: 2)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r3, 0x0, 0x0)
syz_fuse_handle_req(r3, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

23m53.114445281s ago: executing program 4 (id=259):
socket$inet6(0xa, 0x802, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000160001000000000000000000ac141400000000040000000000000000fe8000000001000000000000000000004e2400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000800000002b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1a000000c0015005907350004000000"], 0x104}}, 0x10040080)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps_rollup\x00')
r2 = fanotify_init(0x0, 0x400)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0022220000000acb6d839fea28c8170c0000002b7d7b3800b1"], 0x0}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b75000905832270f3a8"], 0x0)
capget(&(0x7f0000000280)={0x20071026}, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, 0x0)

23m49.514422279s ago: executing program 4 (id=267):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x4004000)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getresuid(0x0, &(0x7f00000000c0), 0xffffffffffffffff)
r4 = io_uring_setup(0x3eaf, &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000161)
r5 = socket(0x40000000015, 0x5, 0x0)
bind$inet6(r5, &(0x7f0000000280)={0xa, 0x1, 0x2, @loopback, 0x84}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

23m47.628543406s ago: executing program 4 (id=271):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xb)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[{0x10, 0x110, 0xa}], 0x10}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f00000002c0)={0x4, 0xc9a, {0xffffffffffffffff}, {0xee01}, 0x2d07, 0xfffffffffffeffff})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
r4 = open$dir(&(0x7f0000001640)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f00000002c0)=ANY=[])
fcntl$getown(r1, 0x9)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
syz_clone3(&(0x7f00000003c0)={0x800, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x35}, &(0x7f0000000140)=""/72, 0x48, &(0x7f0000000440)=""/230, &(0x7f0000000380), 0x0, {r0}}, 0x58)
syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0x541b, 0x0)

23m45.462281249s ago: executing program 4 (id=278):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = io_uring_setup(0x3eaf, &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000161)
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x1, 0x2, @loopback, 0x84}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

23m44.408075737s ago: executing program 4 (id=282):
r0 = socket(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0xb, 0x9, 0x0, @local}, 0x10)
r5 = syz_io_uring_setup(0x7a9b, &(0x7f0000000300)={0x0, 0x9b63, 0x4000, 0x0, 0x220}, &(0x7f00000001c0), &(0x7f0000000180))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000b21000/0x1000)=nil, 0x1000, 0x5, 0x42010, r5, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000000)={0x4, 0x1000}, 0x4)
dup3(r7, r8, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0x32)
setresuid(0x0, r9, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/cgroup', 0x0, 0x0)
fchdir(r10)

23m43.923330099s ago: executing program 32 (id=282):
r0 = socket(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0xb, 0x9, 0x0, @local}, 0x10)
r5 = syz_io_uring_setup(0x7a9b, &(0x7f0000000300)={0x0, 0x9b63, 0x4000, 0x0, 0x220}, &(0x7f00000001c0), &(0x7f0000000180))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000b21000/0x1000)=nil, 0x1000, 0x5, 0x42010, r5, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000000)={0x4, 0x1000}, 0x4)
dup3(r7, r8, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0x32)
setresuid(0x0, r9, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/cgroup', 0x0, 0x0)
fchdir(r10)

21m6.574228337s ago: executing program 1 (id=781):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
socket$inet_smc(0x2b, 0x1, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2, '\x00', 0x0, r0, 0x3, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r5}, &(0x7f0000000240), &(0x7f0000000580)=r2}, 0x20) (async)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0) (async)
r6 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r10, 0x0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)=""/197, 0xc5}], 0x1}, 0x0, 0x80002080}) (async)
io_uring_enter(r6, 0xd81, 0xfffffffe, 0x0, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'lo\x00', <r12=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) (async)
write(r9, &(0x7f0000000200)='~', 0xb7) (async)
r13 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
readv(r3, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/145, 0x91}], 0x1)
tkill(r13, 0x9)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)

21m4.414792317s ago: executing program 1 (id=785):
socket(0x2b, 0x80801, 0x1)
syz_io_uring_setup(0x53c9, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f0000000040)={0x9, [0x8000, 0xfff, 0x4, 0x6, 0x15, 0xfff, 0x0, 0xe, 0x9, 0x1, 0xf29f, 0x6, 0x594, 0xb2f4, 0x2, 0x8, 0x209, 0xfca2, 0x0, 0x7e, 0x8, 0xa, 0x54c, 0x1, 0x2, 0x1b8, 0x7ff, 0x3, 0x7, 0x0, 0x1, 0x1, 0x401, 0x6, 0x8, 0x3, 0x8000, 0x7, 0xf9f8, 0x2, 0x25, 0x1ff, 0x4, 0x8, 0x1, 0xad1, 0xb], 0x9})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1, 0x5, &(0x7f0000002fc0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x10000000}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r2, 0x0, 0xe40, 0x5e, &(0x7f0000000100)="5c71f91b05c413550230b4c817a628", 0x0, 0x8, 0x0, 0x302, 0x0, &(0x7f0000000180)='\x00', 0x0}, 0x48)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x1, 0x8}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81], [0x0, 0x8, 0x4, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r6 = open$dir(&(0x7f0000000680)='./file0\x00', 0x10000, 0x104)
execveat(r6, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={[&(0x7f00000006c0)='$+--+\x15-%J([&})!\xcb\x92+\xdc-,@{\x00', 0x0, &(0x7f00000001c0)='\x00', &(0x7f00000005c0)='\x00', &(0x7f0000000240)='*\x9d\x00']}, &(0x7f0000000500)={[&(0x7f0000000380)='*\xbd\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000640)='\x00', &(0x7f00000004c0)='\x00']}, 0x100)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="b011d08afc99cf6754d4c259d71c7596afc4a76608a319a454412a02a4c22930", 0x20)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)="c01803001d000b63d25a8064fe5a94f90124fc60100c064001000009053582c137153e370248078000f01700d1bd2ccb8e436d9891b888a432983308ee6a077d342677785948e3c1f81ba9215ec1ef3744c31bffea2a5602717c75bb84", 0x5d}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

21m3.066342292s ago: executing program 1 (id=788):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280))
r0 = socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r0], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xec9223f0ec860c78, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0)
r4 = epoll_create(0x207ffd)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r6 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r4, 0x0, 0x24002de7)
ioctl$LOOP_SET_STATUS(r5, 0x4c02, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x38}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
close(r7)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r7, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100ffffffff"})
r8 = syz_io_uring_setup(0x207, &(0x7f0000000340)={0x0, 0x1a35, 0x52f, 0xfffffffe, 0xa7}, 0x0, 0x0)
connect$unix(r8, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CLEAR_HALT(r9, 0xc0105502, &(0x7f0000000340)={0x1, 0x1})
ioctl$LOOP_CLR_FD(r5, 0x4c01)

21m2.584590943s ago: executing program 1 (id=791):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000002580)='./file0/../file0\x00', 0x9)
r2 = gettid()
prlimit64(r2, 0x6, &(0x7f0000000000)={0xc, 0x6}, &(0x7f0000000080))
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r3, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
r4 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000580)=0xf631)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
clock_gettime(0x7, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='H\x00\x00', @ANYRES16=r5, @ANYBLOB="000127bd7000fddbdf251400000008000300", @ANYRES32=r6, @ANYBLOB="22001300b6029b64b61b02891818806c008289c80b8992ec244f890c9809e612928b0000050029000c000000"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004000)
ioctl$sock_netdev_private(r3, 0x8943, &(0x7f0000000000))
pread64(r0, &(0x7f0000000280)=""/219, 0xdb, 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB="03000000", @ANYRES16=r8, @ANYBLOB="af83000000000000000033000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r9, 0x9362, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r9, 0x80984120, &(0x7f00000004c0))
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="bf53d9a8", @ANYRES16=r8, @ANYBLOB="00042abd7000fcdbdf2513000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4044001)

21m1.857540947s ago: executing program 1 (id=793):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB="666405", @ANYRES32=0x0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2ce5d906bd89d0122e26", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000004c0)={0x50, 0x0, 0x0, {0x7, 0x9, 0x3}}, 0x50)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000000c0)='svc_xprt_enqueue\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500010300000000000000000a"], 0x14}}, 0x0)
readv(r1, &(0x7f0000000980)=[{&(0x7f0000000580)=""/137, 0x89}], 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x6, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000000300)={0x77359400})
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x5e)
bind$netrom(r0, &(0x7f0000000340)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000380)={'wlan0\x00'})

21m1.394368349s ago: executing program 1 (id=797):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
poll(0x0, 0x0, 0x5)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000007acbaaaaaa000800450000bd675e"], 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
lseek(r5, 0xc6c3, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000300)=0x4)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000000c0)={0x28, 0x4}, 0x28)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0), 0x6db6e559)

21m1.020355439s ago: executing program 33 (id=797):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
poll(0x0, 0x0, 0x5)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000007acbaaaaaa000800450000bd675e"], 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
lseek(r5, 0xc6c3, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000300)=0x4)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000000c0)={0x28, 0x4}, 0x28)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0), 0x6db6e559)

14.144030025s ago: executing program 6 (id=4374):
r0 = socket(0x2c, 0x2, 0x400)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_normal', 0x42, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r4, 0x7a9, &(0x7f0000000000)={{@hyper, 0x8}, 0x4, 0x9, 0x80f, 0xfffffffffffffff8, 0x80000000, 0x80, 0x40, 0x9})
r5 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfad6, 0x0, 0x2}, &(0x7f00000003c0)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0xb2}})
ioctl$KVM_SET_XCRS(r4, 0x4188aea7, &(0x7f0000000480)=ANY=[@ANYBLOB="a9a3a1e90d74672357799b3a8a12592aa495d6ac8f226521bb23e71e37ca7d47495d28cc4f45ce027ebbdec198a4f0557bf747a226beb5b235055762d329fdd3495b8919210af503ef24f4a76c4f53dea2a87fb1137a1cd9e61b757c387921b4bdb4e982eb997ac1be043a8eefba1da98d37e80472a13ab3ce3e002265b17bf2ca810d1ea32f9728539fd64474cf22a87c295f7b21e04c6f7e00b8537c373f46c293f218df2a7129c568dd34fcb67525941184d1c77e6730b04d3e2a"])
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x5)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010300e1ffffffff9d39c5fcb6ff07000100000000000c00990008000000637b09550000000000"], 0x28}}, 0x0)
io_uring_enter(r5, 0x47f5, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000))

13.580412645s ago: executing program 6 (id=4380):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1ff, 0x20000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000001080)={0x1, &(0x7f0000000040)=[{0x200, 0xbe, 0x3, 0xa9}]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000000000000b009e6d8dda001473798e3000000000"], 0x28}}, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0xfdf, 0x20000)
r7 = syz_io_uring_setup(0x82e, &(0x7f00000005c0)={0x0, 0x20000020, 0x10100, 0x1, 0xfffffffd}, &(0x7f0000000100), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
epoll_create1(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

12.04817092s ago: executing program 6 (id=4383):
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='\x00\x00\x00\x00\x00', &(0x7f0000000300)='\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$sysctl(0xffffff9c, 0x0, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r3, 0x84, 0x20, 0x0, &(0x7f00000000c0))
mount$bind(0x0, 0x0, 0x0, 0x11080, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x8c)
ioctl$VIDIOC_LOG_STATUS(0xffffffffffffffff, 0x5646, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r4, 0x4068aea3, &(0x7f0000000040)={0xed, 0x0, 0x1})
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="28000000320009000000000000000000010000000c0001800f0000000547000008000200fcb2dd8b74d5f530c9", @ANYRES32, @ANYBLOB], 0x28}}, 0x844)

10.041274268s ago: executing program 6 (id=4390):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xf, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x1a, &(0x7f0000000000)="c1", 0x1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={r0, 0x12e, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000036c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0)
write$sequencer(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="0293"], 0x9)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000004c0)={@in6={{0xa, 0x4e21, 0x100, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}}, 0x0, 0x0, 0x7, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5650070173fbd1883303b6ac4749393ad08f139a68f00"}, 0xd8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x1f)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000180), 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="04"], 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="0100000002080000fcffffff00000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="7900000001000000000000003f000000cb7d302847bb1a28085e7d88e8a4004b789607ed47df355645f2178a039ed508ff76df3536741848cc6cb65c6e77aad714472cb8856fcdd536f9d9655dcf800549436e96"], 0x80}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

9.060857521s ago: executing program 6 (id=4398):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="142abd7000fbdbcf251006000000000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20040)
r1 = socket(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80800)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r1, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x20000000, 0x4000000000003, 0x2, @thr={0x0, 0x0}})
r2 = syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xc, 0x80, 0x8, [{{0x9, 0x4, 0x0, 0xfd, 0x1, 0x7, 0x1, 0x1, 0x2, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x4, 0x0, 0xb}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(r2, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000c40)=ANY=[@ANYBLOB="120100003a982a08cd0cce00000000000000090212000100000000090400000057331900cc2165638d8ba3f9925c12800068fa37452021ad2630d117db034c2513e5f1d93a3623d2f5cdba51c531474370c83f8092b0d4ccf08dd6118f6e26cc174cc8ffcf6fafca120421932a558fd8671008c1aeefcd54e027c89fd9262cc5fadc3f8e4cec64e571b09c4eedacb94badb4339e751ba0b97876139ae74bbb488fe73df7b0237f3eae5229db8c035e6d40aa862f784aa2e5e3f0eede1a4ce7c4c2c442e3451113fa30d26848ccea84dba4f3b0a4bda1ecd909973b7ac6311e803f25b76ecd4619fdb471dab30cb15f63d2fd036adfaca5162f232db432289565876e0c70f13668e5d278648197aaa4a9fdb9e68cbc20a4a03b88b0ab5938816e17b3aa4c00"/305], 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r3 = socket$rds(0x15, 0x5, 0x0)
ppoll(&(0x7f00000001c0)=[{r3}], 0x1, 0x0, 0x0, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setresgid(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r4)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000f40)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x2f, r6, {0x7, 0x29, 0x2, 0x8, 0x0, 0x1, 0x80000001, 0x1000, 0x0, 0x0, 0x1, 0x401}}, 0x50)
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, 0x0, 0x0)

8.255071677s ago: executing program 5 (id=4400):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0x7fffffff, 0x3, 0x0, 0x6, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000)=0x74000000)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)

6.646536823s ago: executing program 2 (id=4409):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0xc0, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x6}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x94, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0x1, 0x9, 0x7, 0x4, 0x9, 0x4, 0x6, 0xfffffffb, [{0x4, 0xfff, 0x9, 0x2}, {0x1, 0x8, 0x1, 0x6}, {0xb00, 0x0, 0x80000001, 0x6}, {0xff, 0xffff, 0x1, 0x7}, {0x7, 0x1ff, 0xf8000000, 0x208}, {0x6, 0x1, 0xec8, 0x7}]}}, @TCA_U32_INDEV={0x14, 0x8, 'ip6gretap0\x00'}, @TCA_U32_LINK={0x8}]}}]}, 0xc0}}, 0x4044040)

6.439402493s ago: executing program 2 (id=4410):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, 0x0, &(0x7f0000000140))
r1 = syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000002c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x8, 0x80, 0x8, [{{0x9, 0x4, 0x0, 0x5, 0xfd, 0x7, 0x1, 0x1, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x4, 0x6, 0xb}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000700)={0x0, 0x3, 0x102, @string={0x102, 0x3, "c83eafdc768b982cc0d8282bab77a9b26fa4a1a76e92e43026009f6b4a0796058287aa44a2714e7d45a9eb29bbe4ed52160287299109684dbefbec1e69047c250f6828a9006d9dfd3bed8ea6aae478b4afb1317dce7826bbd9eed396692b389e72b84461997307b33c615af91909209b9103e84f66f7ab7d5e329c106919d8fa889398aae5a73ec949fd6eba13c7dd0132126c971a084e2bb46a47590b7e06dd4ea69a787a61b30195f21904b0533e52b70ad30ca0de86e21d3150b50138ed0b57fdcbab5550ebf90c4bf86af4cf08f3465b4804dad249638404b8cda638af000ecac902765467e0121555cfedc0312713d107ccbc85cc4c4cd838eb9d600e60"}}}, 0x0)
syz_usb_control_io(r1, &(0x7f00000015c0)={0x2c, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000003d00)={0xfffffffffffffc75, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
capset(&(0x7f00000000c0)={0x20080522}, &(0x7f0000000040)={0xffffffff, 0x40, 0xfffffffd, 0x0, 0xcd, 0x8000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f00000003c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000d00)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000cc0)={<r4=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000d40)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @local}, r4}}, 0x48)
write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
ptrace(0x10, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, 0x0)
r7 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0x1ffffe, 0x400, 0x0, 0x182}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmmsg(r10, &(0x7f0000000100), 0x0, 0x302, 0x0)
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x0)
r11 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
write$char_usb(r11, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

4.859893468s ago: executing program 5 (id=4415):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4)
shutdown(r0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, 0x0, 0x0, 0x200001, &(0x7f0000000100)=ANY=[@ANYBLOB='dyn'])
preadv2(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000002240)=""/148, 0x94}], 0x1, 0xd0d, 0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)

4.218277263s ago: executing program 3 (id=4417):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000140), 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xb, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0/file0\x00', 0x0)
clock_adjtime(0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000040))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000308010100000000000000000a00000105000300060000002c000480080006400000000208000740000000030800084000bc17050800024000000008"], 0x50}, 0x1, 0x0, 0x0, 0x2000c800}, 0x400c0) (fail_nth: 5)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

3.204472379s ago: executing program 3 (id=4418):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x4, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x5cb941)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
mprotect(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x208802, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioprio_get$uid(0x3, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x5412, &(0x7f0000000080)=0x13)
prctl$PR_SCHED_CORE(0x3e, 0x8, 0xffffffffffffffff, 0x0, &(0x7f0000000180))
r7 = syz_io_uring_setup(0x6908, &(0x7f00000006c0)={0x0, 0x1c48, 0x0, 0x80000}, &(0x7f0000000200), &(0x7f00000000c0)=<r8=>0x0)
syz_io_uring_setup(0x4e3d, &(0x7f00000003c0)={0x0, 0x3, 0x0, 0x0, 0xfffffffd}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r7, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETA(r6, 0x5406, &(0x7f0000000140)={0xff02, 0x4, 0x0, 0x3, 0x0, "f78c5603939fd820"})
ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x5412, &(0x7f00000006c0)=0xa)
mlockall(0x5)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000300)={0x0, 0x12, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb, 0xfffffffa})
write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b)

3.113148593s ago: executing program 5 (id=4419):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x9, r2)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0, <r4=>0x0}, 0x2020)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x0)
setresuid(0x0, r5, 0x0)
setresuid(r3, r4, r5)
tkill(r2, 0x12)
wait4(0x0, 0x0, 0x40000000, &(0x7f0000000080))
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000740)='./file0\x00', 0x0, 0x0)
link(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r6)
sendmsg$TIPC_NL_MON_GET(r7, &(0x7f0000002940)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002900)={&(0x7f00000025c0)={0x314, r8, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xfc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x40}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4023}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x116f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x17af}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9f}]}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5c2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x100000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1c0e}]}, @TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}]}, @TIPC_NLA_NET={0x50, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1400000000000}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x100000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf0}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7f}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9f0}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffffd}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x27}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf9a4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x79a}]}]}, 0x314}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='./file0\x00')
ioctl$sock_rose_SIOCADDRT(r6, 0x541b, 0xffffffffffffffff)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), r1)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a200000000e0a01080000000000000000010000030900020073797a300000000020000000060a01040000000000000000050000040900010073797a300000000040000000140a01080000000000000000020000080900010073797a310000000008000340000000050900010073797a31000000000900020073797a310000000038000000080a010200000000000000000100000008000a4000000002080009400000000108000940000000030900010073797a300000000028000000090a010300000000000000000700000a0c001040000000000000000408000640ffffff00780100000c0a010300000000000000000a00000608000440000000000800044000000002540103806c00008068000180380002800900020073797a30000000000900020073797a3200000000080003400000000108000180000000000900020073797a30000000002c0002800900020073797a310000000008000340000000030900020073797a320000000008000180fffffffce4000080e00001800c00028008000180fffffffc3c0002800900020073797a310000000008000180fffffffe080003400200000108000180fffffffd0900020073797a320000000008000180fffffffe9100010085debfdfa99934a55fa6ec1e84f893cfecd199f7e97b0a08b2a113c19200d6faf65f985fc88cc8f16bb5a47f6081f068a8c57c5e822611588feee6531d69e93c86f13d14630cb34b108ac27fa4e567ff9a011e1ed02c565be1819f3c90d27ebbcf460ca6b5a09236ee14057f2e6f180df76f9f001ef97fd37c773e31c37cd1ebc53dde35b669fab103cc1415db000000140000001100010000000000000000000000000a"], 0x280}, 0x1, 0x0, 0x0, 0x40001}, 0x20004005)

3.035620501s ago: executing program 2 (id=4420):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe0d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002"], 0x122}}, 0x4008090)

3.019511044s ago: executing program 2 (id=4421):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000100000a000000000095000000005f0000d4693a10a3d35a929a13a580b679"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000003c0), 0x1, 0x0)
ioctl$RTC_UIE_ON(r3, 0x7003)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000007340)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
syz_pidfd_open(r5, 0x0)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, &(0x7f0000000100)={{0x8, 0xfc}, {0xe}, 0x1, 0x6})
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x160, 0x4c, 0x2500, 0x290, 0x73, 0x290, 0x258, 0x258, 0x290, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x3}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'vxcan1\x00', 'team0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="401100", @ANYRES16=0x0, @ANYBLOB="8b33000001000000000015000000180a1d80100000800400040005000c000000000034000080060005004b0000000c000200010000000000000005000c000200000005000c00000000000c000200020000000000000048000080050006000000000005000b00000000000400040005000700910000000c000200000200000000000004000400050008000a00000005000800a9000000050009000100000088090080e8010d80f8000080300002001d2a275400534c4c4e484432382a0c302d1b52153049111d2c5703090d102c350e132657223e372a4e353c3f4d00020009394f452649194754463b3a1da62132501d15354a575000181d0e4e13510d432d492f2025331e282a373815564b31374636384d360744493819341c440a3d412e241d0e4d373006010000001a00010003061606063600030c043004040c480b12c002603b300000140003001fe107000500090007000500d000070014000500070005000600010008000800e30009002e000200424e210f1b3109320a37551746203d57033d3a3b31270b1b44184a4b01052c461d3804013336201a2834000074000180290002001b3141252529341f460629311b490331421e390926152e032c1a0c101e11442801524d571500000005000600060000001400030007000100010001000300010007000600050007000000000005000600010000000500070002000000050007000200000005000600000000007800038005000700000000000500070000000000050006000000000005000700000000000d0002000f20203d0c5418154700000042000200454b2b212d1e4c46411c0d50290c12202a2d2628371812054b2a4f0f550c341d243e104b1a2e470f422f3327250b0b164b3b1f3424444d42223c083e1625000005000b00010000002c030d805800018005000700010000000500070000000000050004000200000005000600010000002200010002050848482468091802121806222806051248090106360305240c18050b000005000400010000000500040002000000680000803b0002003a3e0056221e0d1145023c332e100c101d0a512c301d4c1e50181a0857563b4c4a02200c2f3918000828341a004e1352252949001b0a07001400050002000000050002000f0003000400f1001400050007000f0052b3010000000202000203009c000280050007000200000005000700000000000500040000000000050006000200000036000200203743023b4730400340180214434e2b304c233c06552f1c10454d09110a46380c301955134b12071c253a0512051f5151080000140005008409f30c05000400010007000f000800140003008100690006ff040003000900090000081800010002246c03022412603004264812060616030260028800038005000700020000001400030000007f0008000a00e0ff00043f0e3a0014000300ff7f03000400ba0004000008030003002400010002061b24680b241b2c000203320b06091b0324020305606016051809160b051b0500070000000000140005000800400005000f0000b0060001000400140005000008040002008000ffff030005000000580001801400030004000400060005000100a68bff0108002b000200300f124854483d2a0b4a244a544a56124b38202b4144052c17230f4c54523f5551313b4e112d0300140003000100050000000100b70002000500400018000280140003000d004000020000005c7aff7f010105009400018005000600000000000500040003000000160001000c1d0412091502020b301816602d0f0524ce00001a000100121630303604030b120b0909361602180b3609011602000021000100422430051b01120905486c246c60300216056c09046c12160b0b061b600000001400030000080000090000080000060007000000140001002403186c046c3636244806601812060640000380140003000009090008000700020003009effff03140005000400000503008105060008000300090014000300000404000f0002000400060003000100050008007100000050040d8014000080050006000100000005000700000000000001038005000700000000000d0001001218300c60030124000000004a0002004e3e0831002852212d2f4541092b184d1220074a242f413525012e0f1e20393d131f3f300a015054083000322e4e3641324d0011460a0136050b57221e4410343e1e330c3830000005000700020000001700020019473926235005274b3756094a3e174d1a093c00410002000732170c46002530013521484915510a2c04544919144e0b3138282521340f2e0c14552d422b1d092a0f353052261f000040063746080118573440533d0000001400030007000900380002002d0705000000010009000100061b050c36000000140003000600000107000b000300040009000100800003800b000200201235393240130014000500127b05000400f9ffff7f04000200000019000100033f0c5d0b020c18010101480612011b160c0c061800000017000200143a5617195515242e491a014026453813464400110002003c3a0d4d310a1852214152072a000000140005000600080006000d00bceb02000100100094000180140005000800ff0302007a0000000400ff0f00041400050004000000f1aaf8ffceec06001a33ffff14000500000009000100ffff0400ff0f01000100050004000200000014000500070000020300f5fff7ffe7ca01007af9050006000200000014000300b7780b0004000200ffff0500050053c605000600000000001400050007007f000300faff0700ca0005006963f8000180510002001218332445574e511431002e3248070526552f39513942380e302c2e000609283c0c4c2553280c210f203132242816434a18454951254d3017010121341347154c33091e4908173f4d311654050000001e000100360445603601010116186c3024600b1b06056c24011830050002000005000700010000000b0001006c1b300c67601600050004000200000014000500ffff5e65030000000400020006000b00050006000200000014000300409a02000300010008000400020000002c00020029493e0c26142e1241102b090f23301b0747254f521319573a1d141229513c2c054f014a5704374a0500040003000000640002801700010005186006600b18056c48120b0004091b186c040005000600020000001f000100300b02060218120660481618091f243003051b050f360b0905120e00050006000000000018000200552d19410548414d550d170f442e40082b412108340003800e000100066c30096c0c6048120500000b0002002040403007145400140003000f000a000d0301800900ff03190bff07640003801e000100180b060948186c0648020660306c023660033416240602091618000005000400020000001400050001000a0005000500b600000002007f00050007000100000008000100601b020414000300faff0400ffff06000300c500060002003000028005000100600000000500070001000000190002003e3c540533321c37040c0204344009131e34093a53000000050009000000000005000b000100000004001d8010071d801800008006000500d00000000c0003000300000000000000e80200800c0002000d0000000000000004000400b8020d8034000080050006000200000026000200474b080211483933140810204829031f0a13354319301e233f5341170f26193423120000b000038026000200494626060f1e1655260e2a2328362729243c1f1d274f07190a280000183f49212d410000050004000200000016000200033f4152093c4c3b19111811270e562b0557000014000500010080001000000009005e0010083cf44f0002002943284740500c33180d060203164f4b00514f442023112c525451032102551930184c190a19313b3a303f423a41221026201105111235541600340c015034512e0010141a3d5357070d30001400008005000400000000000600020021460000140000800500040002000000050004000200000028000080050006000100000014000500040003000e0006008a8f09000800060005000400020000002c000280140003000000000001800900efff020002001000140005000600030009000600d90ba6000e008dffa40002801400030000008100030006000200030001040800050007000000000005000700010000001d0002000c080b322e4b1917502d4620393b4f3938093b020811002706000000140001006c0005160537126c0b480c0501000c09140005000040b6000600070009000a00bef40900100001001b1d0c4c0b0c0c020204241b1400030007007b090600d1000800f8ff0100000205000400000000000500060000000000040001807800038005000700020000001400050000fc09000500010003000b000500dd002500020068304724483132263c41513d0753283a2d463133251757533f164c200c15490a110000001400050001000a84001006000000100006000600050007000000000011000100366c366c090905243660240424000000340003801c00010009301d650c03301b05361230536c1b04161805360505030b140005000c06d7030900090007007e33020008000c000300ff7f00000000000005000800ba00000005000a00010000001800008005000900010000000c0002000900000000000000340000800c000200070000000000000005000900000000000c000200010000000000000004000d800c00020081000000000000004c00008004000400050009000000000006000500a50000000c00020003000000000000000400040004000400050009000100000005000b000000000005000b000100000005000700c900000038000080050008007000000005000a00000000000400040005000b00010000000400040005000800650000000400040005000a00010000002400008005000800a10000000500060001000000040004000c00020002000000000000002400008006000500f10000000500070092000000050006000100000005000b00010000002000008005000b000000000004000400050006000100000006000500f0000000d4020080040004000500090000000000b4020d802000008005000400000000001300020008195618430c04330a551842112a50008000018005000600020000000e000200474650444f4227163f2a00003f0002002c433d5647103d2f0f292546060430464b311d441a090a06293f49392106342f39094c3e133a4128421d551c301f49554a002420141e104908153100140005000400060001000600020009000700c96f05000400000000000500060000000000140002800500040003000000050007000000000048000380140005000400980000010900ff070700870a0c0014000300d500080007000300010000000a000400190002003c192b03112d220f182f20032b190f5121360f295100000064000080050007000100000014000300040001000100000009000d00030006001c0001000318060b121601d4481618606c020216091603043630120c14000300da00060007000b008aff01000100d2c21400030001000700080001040300ff0f0800ff008000038005000600000000000500070000000000170002001f1e13230e4250073b294932201e35230101210014000300020000020300ff7f06000000090001003d0002002d1a10344a230c1b342f051e1a424b25253b002d20093d144d152b5542554d1235571f09314c3e14015526563006072e50423a57230b3c1c1c000000300003801600010012043612480016006c60160c0c0b1b1b02020000140003005120f1ff0200000001010800f8ff050050000180440002003303204e20211c094c39474350342123554808260355182d3137254e5520423d242117350c404747165305132d1713393001510a33190453104d1c260043371905000700010000005000018005000400020000000500070001000000080002002f300b13140005000000cc2202001000090006006b078a641f00020040561c08302b174d19283e3908351d0f15104a3b03020d1a1b531000040004000c000200ff00000000000000"], 0x1140}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c10001fff0000000000", @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067656e65766500000c00028005000c0000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)

2.835415763s ago: executing program 6 (id=4422):
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
listen(0xffffffffffffffff, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$inet6(0x10, 0x80000, 0x0)
r0 = socket$inet_sctp(0x2, 0x400000000001, 0x84)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r1)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r2, 0x3b66, 0x1)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io$hid(r3, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000140), 0x0}, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000440)={0x24, 0x0, &(0x7f0000000dc0)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f0000000d80)={0x0, 0x22, 0x8, {[@main=@item_012={0x0, 0x0, 0x9}, @main=@item_012={0x1, 0x0, 0xa, "d9"}, @global=@item_4={0x3, 0x1, 0x9, "aa9b5887"}]}}, 0x0}, &(0x7f0000000d40)={0x2c, &(0x7f0000000b00)={0x20, 0x17, 0x4c, "3d6d949a5c7ade8c06e3eab1ee84e115fb70d9e79f71ead5147d1581cc2b3a703b60d36277389f78d3a0045fc9b99643797440d2fdfa3e98df8182ea6322ef4bbe652c56b4b31c3aa2d40c2e"}, 0x0, 0x0, 0x0, &(0x7f0000000d00)={0x20, 0x3, 0x1, 0x6}})
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0xf0, 0x600, 0x800, 0xbb8, 0x1, 0x4, 0xf, 0x1, {0x8f, 0xd7}, {0x3, 0x91, 0x1}, {0x2, 0x8, 0x1}, {0x5, 0x7, 0x1}, 0x2, 0x0, 0x1, 0x8, 0x0, 0x21, 0x3, 0xf9cf, 0xff577b4, 0xd25d, 0x5, 0x3, 0x10, 0x0, 0x1, 0x5})
shutdown(0xffffffffffffffff, 0x0)
syz_usb_ep_write(r3, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084")
shutdown(0xffffffffffffffff, 0x0)

2.524788488s ago: executing program 0 (id=4423):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff6c, 0x0}, 0x2000c000)
r1 = socket$netlink(0x10, 0x3, 0xe)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r3)
getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xf1d, 0x1, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x2}, {0xffff, 0xffff}, {0xc, 0x4}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000008b00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r8}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x1, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0x0, 0x2}, {0xfff1, 0x9}}}, 0x24}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r12 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r12, 0x8208ae63, &(0x7f00000004c0)={0x3, 0x0, @pic={0x1, 0x36, 0xf9, 0xea, 0x0, 0xf, 0x5, 0x80, 0x6, 0x0, 0x9, 0x2, 0x9, 0x3, 0x1, 0xb5}})
r13 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r11, @ANYRES32=r13, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r11}, &(0x7f00000006c0), &(0x7f0000000700)=r10}, 0x20)
sendmsg$inet(r9, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
close_range(r10, 0xffffffffffffffff, 0x0)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x20, 0x1, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8081}, 0x4000084)

2.101239873s ago: executing program 5 (id=4424):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket(0x28, 0x800, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x43, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7}, 0x1c)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0xc8, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x6, 0x2, 0xecf3, 0x1, 0x0, 0xd}}, {0x4}}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
read$FUSE(r2, &(0x7f0000000300)={0x2020}, 0x2020)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000003540), 0x0, 0x8, 0x83)
listen(r1, 0xef)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000013c00)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000013b80)=ANY=[@ANYBLOB="280000001b14010000000000000000000800030001fc0000080001000000000008003f"], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.973896202s ago: executing program 3 (id=4425):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = socket(0x1, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

1.972922827s ago: executing program 0 (id=4426):
r0 = socket$inet(0x2, 0x802, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000006c0)=ANY=[], 0x118)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000240)={0x0, 0x80, 0x4, 0x0, 0x0, "7f12ddb357f7adf96affffffff7d1800"})
r3 = syz_open_pts(r2, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r4 = dup3(r2, r3, 0x0)
ioctl$TCSETA(r4, 0x5406, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, 0x9, "ddffffffffdcffff"})
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000180)={<r5=>0x0, 0xffff, 0x2}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={r5}, 0x8)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
ioperm(0x0, 0x7fff, 0x15f9)
r6 = syz_io_uring_setup(0x664e, &(0x7f0000000400)={0x0, 0x0, 0x10100, 0x2}, &(0x7f00000000c0), &(0x7f0000000000)=<r7=>0x0)
syz_io_uring_setup(0xa91, &(0x7f0000000100), &(0x7f0000000040)=<r8=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r8, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x6e6a9ace1e35a607})
io_uring_enter(r6, 0xec4, 0x0, 0x0, 0x0, 0x0)
kexec_load(0x0, 0x0, 0x0, 0x3e0000)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000280)=0x2, 0xfffffffffffffde9)
write(r0, &(0x7f0000000080)="08008edf773c8000", 0xfd)
setsockopt(r0, 0x2, 0xfffffffe, &(0x7f0000000000)="f99d6888940d3f15fd4502129c1673273f501c62b79274", 0x17)
recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)

1.897799334s ago: executing program 2 (id=4427):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='stack\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_read_local_version={{0x5}, {0x52, 0xc, 0x7, 0x3, 0x4, 0x1}}}}, 0xf)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000005fc0), &(0x7f0000006000)=0xc)

1.694032507s ago: executing program 3 (id=4428):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_INITSTATE(r0, 0x113, 0x4, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000000000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f00000000c0)=<r6=>0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r9=>0x0})
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r11, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x503, 0x4000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r12}]}, 0x44}}, 0x20008040)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x6c, 0x10, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88ad9925, 0x4000}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x34, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x6}, @IFLA_GRE_FWMARK={0x8, 0x14, 0xe8}, @IFLA_GRE_ENCAP_LIMIT={0x5, 0xb, 0x3}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x9777f}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_LINK={0x8, 0x1, r9}]}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x6177}]}, 0x6c}}, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000040)=0x8000)

1.208000754s ago: executing program 0 (id=4429):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000026c0)=[{{&(0x7f0000000800)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000ac0)=[{0x0}], 0x1, &(0x7f0000000c40)}}], 0x1, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x20020084, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b32"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000150400003d0301000000000095000f00000000006926000000000000bf67000000000000450700000fff07003506000002000000170600000ee50014bf250000000000005d670000000000006507000006000000070500004c0001000f75000000000000bf54000000000000070400000400f9ff2d4401000000000095000000000000000500000000000000950007000000000001722fabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6155cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe74d599543ac604d8dd42fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f71b7eb70c174d885232e522aad0f13b0e5b43d837d040f813d0115387e36f092d9aaafe7afc637d3d107451f4854613cfd43ac63ad6141ddb0311b8c96fef49af414e49be7c23b2e8eb686fbcdd2dab4cbdb02e30e4e1a6c25b2791facac56e4c5dc036c8d80e5c7c206d24603be75850927e02fd4eea168681498d1170478408c43bb90d9df3964b64fee41745f6785419ac8de8788398e3653f34970988866043136ada4771bf8d96eeb0f565d626a3e9089"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f, 0x0, 0xffffffffffffffff, 0xffffffffffffff74, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

1.034034478s ago: executing program 5 (id=4430):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x2, 0xbf22, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r6, 0x1})
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000040)={0x7a2, 0x0, 0x4, r6, 0x1})
getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x17c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0xb}, [@IFLA_AF_SPEC={0x15c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8}]}}, @AF_INET6={0x40, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8, 0x2000}]}}, @AF_BRIDGE={0x4}, @AF_INET6={0x88, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}, @AF_MPLS={0x4}]}]}, 0x17c}}, 0x40000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x33f}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000000040)={'team_slave_0\x00', {0x2, 0x4e23, @empty}})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r8, {0x2, 0x0, @rand_addr=0x64010100}, 0xb}}, 0x26)
sendmmsg$inet(r9, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040)

227.803697ms ago: executing program 0 (id=4431):
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x400, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000280)={0x67, 0x17, '\x00', [@hao={0xc9, 0x10, @mcast1}, @hao={0xc9, 0x10, @remote}, @generic={0x8, 0x92, "bf71a37ab36d1235666a44f90b3644b2288fdbfca3012b14c02e7c7e693e9b6b685044d6d2cf7b451167235468bb56cb158124e205b3fdd3ed326af7ebabdda9044d11c70b9677ebb93309445224924d707835d6ff9b82e642503fe792fdd78bfe5e4b5fb268a298383001834301ba86da465a55ee9c74c937b4b7fb9c501cc48c0c6fed4200a03a8967b38761c62a927d43"}]}, 0xc0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000500)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b=\xab[X\x10\x18\x8d\xbf\xe1\x88\x16YJa\xf5\x82\xbc\x11\xda\x82\"\x00\x00\x00\x00\xcc\x82\xef]\x83\xf1w\xcb\x9ew\xa8\x85\xc5\xcc2F\xf1\xacp\xdf\x1e\x9f\xd5Y\x03\xe0\xd0\x90\xea\x06\xf6\x18\x84d\r\xc0\x84\x85j3^M\xea\x00m\xe55\x83\xec\xe1eD\xf8\xe3\xd84=JC\xae4+', 0x0)

224.793657ms ago: executing program 2 (id=4432):
open(0x0, 0xc162, 0x0)
io_uring_setup(0x63d6, 0x0)
mkdir(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x535, 0x200)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000180)=""/135)

189.180231ms ago: executing program 3 (id=4433):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x263982, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa441, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000001440)={0x0, 0x87e, 0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)
clock_nanosleep(0x6, 0x1, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x2, 0xffffffffffffffff, 0x0, &(0x7f0000000100))

74.387773ms ago: executing program 0 (id=4434):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100000000000000000008000100000000000800088004000780040004801334f4880eb4137d758e3f1c7460416d841638c4f88bc9c43a023bfe414c37dd43e6793617b1bc7cbe8ab000000000000000000000006c00"/96], 0x30}}, 0x0)

71.873619ms ago: executing program 0 (id=4435):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x7ff, 0x2, 0x3, 0x8, 0xe, 0x4}, 0x20)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xe3, 0x1b1c07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7cce8c743ee810df})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
r5 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x4089, 0x80}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r5, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
msgget$private(0x0, 0x0)
msgsnd(0x0, &(0x7f0000000480)={0x2}, 0x2000, 0x0)

41.224577ms ago: executing program 5 (id=4436):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCGABS20(r0, 0x40044591, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$UHID_DESTROY(r1, &(0x7f0000000040), 0x4)
r2 = openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, 0x0, 0x0)
mremap(&(0x7f00002f6000/0x4000)=nil, 0x4000, 0x400000, 0x2, &(0x7f0000000000/0x400000)=nil)
pipe(0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0xc, 0xa3, 0x8f, 0x40, 0x13d8, 0x11, 0xd062, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa6, 0x1, 0x56}}]}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x90140, 0x0)
io_uring_enter(r5, 0xe0d, 0x7c78, 0x2, &(0x7f0000000080)={[0xfffffffffffff526]}, 0x8)

0s ago: executing program 3 (id=4437):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
epoll_create(0xa3)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000004300)={0x0, 0x0, &(0x7f00000042c0)={&(0x7f0000004240)={0x34, 0x0, 0x8, 0x401, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a8}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}]}, 0x34}, 0x1, 0x0, 0x0, 0x24040001}, 0x50)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000)

kernel console output (not intermixed with test programs):

_t tclass=peer permissive=1
[ 1375.362063][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1375.498466][    T9] usb 3-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1375.507806][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1375.543663][    T9] usb 3-1: config 0 descriptor??
[ 1375.782759][   T29] audit: type=1400 audit(1737349338.486:2246): avc:  denied  { getopt } for  pid=20571 comm="syz.6.3829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1375.963890][T20576] ubi: mtd0 is already attached to ubi0
[ 1376.029259][    T9] ntrig 0003:1B96:000C.002E: unknown main item tag 0x0
[ 1376.047726][    T9] ntrig 0003:1B96:000C.002E: unknown main item tag 0x0
[ 1376.074475][    T9] ntrig 0003:1B96:000C.002E: hidraw0: USB HID v0.00 Device [HID 1b96:000c] on usb-dummy_hcd.2-1/input0
[ 1376.243517][    T9] usb 3-1: USB disconnect, device number 64
[ 1376.479111][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[ 1376.561018][T20585] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3831'.
[ 1377.201571][T20584] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1377.491327][T20592] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1377.506078][T20592] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1380.067460][T20619] ubi: mtd0 is already attached to ubi0
[ 1380.392795][T20620] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1382.270632][T20640] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1383.632273][ T5864] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1384.510528][ T5864] usb 4-1: Using ep0 maxpacket: 16
[ 1384.519131][ T5864] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1384.530080][ T5864] usb 4-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1384.539314][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1384.548852][ T5864] usb 4-1: config 0 descriptor??
[ 1384.628226][    T9] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1384.788831][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1384.796508][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1384.808352][    T9] usb 3-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1384.817475][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1384.827598][    T9] usb 3-1: config 0 descriptor??
[ 1385.106300][T20669] 9pnet_fd: Insufficient options for proto=fd
[ 1385.506046][ T5864] ntrig 0003:1B96:000C.002F: item fetching failed at offset 3/5
[ 1385.555067][ T5864] ntrig 0003:1B96:000C.002F: parse failed
[ 1385.561436][ T5864] ntrig 0003:1B96:000C.002F: probe with driver ntrig failed with error -22
[ 1386.699764][    T9] ntrig 0003:1B96:000C.0030: item fetching failed at offset 3/5
[ 1386.850770][    T9] ntrig 0003:1B96:000C.0030: parse failed
[ 1386.856629][    T9] ntrig 0003:1B96:000C.0030: probe with driver ntrig failed with error -22
[ 1387.001912][T20682] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1387.013207][T20277] usb 4-1: USB disconnect, device number 64
[ 1387.514703][    T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 1387.795830][   T29] audit: type=1400 audit(1737349349.365:2247): avc:  denied  { egress } for  pid=20677 comm="syz.0.3855" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[ 1388.075655][    T9] usb 1-1: Using ep0 maxpacket: 32
[ 1388.116008][    T9] usb 1-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1388.145365][    T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1388.155997][   T29] audit: type=1400 audit(1737349349.365:2248): avc:  denied  { sendto } for  pid=20677 comm="syz.0.3855" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[ 1388.189305][    T9] usb 1-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1388.207806][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1388.220262][    T9] usb 1-1: Product: syz
[ 1388.238429][    T9] usb 1-1: Manufacturer: syz
[ 1388.245831][    T9] usb 1-1: SerialNumber: syz
[ 1388.254920][    T9] usb 1-1: config 0 descriptor??
[ 1388.862232][    T9] usb 3-1: USB disconnect, device number 65
[ 1390.617416][T20277] usb 1-1: USB disconnect, device number 36
[ 1390.765676][T20705] xt_CT: No such helper "syz0"
[ 1390.880143][T20716] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1391.216664][T20724] 9pnet_fd: Insufficient options for proto=fd
[ 1391.692593][T20725] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3866'.
[ 1393.202549][T16896] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1396.424351][T20768] xt_CT: No such helper "syz0"
[ 1396.492079][T20767] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3875'.
[ 1396.875315][T20767] bridge_slave_1: left allmulticast mode
[ 1396.886168][T20767] bridge_slave_1: left promiscuous mode
[ 1396.914161][T20767] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1396.941156][T20767] bridge_slave_0: left allmulticast mode
[ 1396.960865][T20767] bridge_slave_0: left promiscuous mode
[ 1397.211712][T20779] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3880'.
[ 1397.375160][T20767] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1399.853710][T20804] 9pnet_fd: Insufficient options for proto=fd
[ 1399.860496][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1400.310820][T20803] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1401.061629][T20821] 9pnet_fd: Insufficient options for proto=fd
[ 1401.662685][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1402.724259][T20277] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1402.853810][T20832] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3893'.
[ 1402.941120][T20277] usb 3-1: Using ep0 maxpacket: 32
[ 1402.953116][T20277] usb 3-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1402.971089][T20277] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1402.991013][T20277] usb 3-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1403.000588][T20277] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1403.009039][T20277] usb 3-1: Product: syz
[ 1403.013424][T20277] usb 3-1: Manufacturer: syz
[ 1403.018277][T20277] usb 3-1: SerialNumber: syz
[ 1403.025122][T20277] usb 3-1: config 0 descriptor??
[ 1405.410585][T20277] usb 3-1: USB disconnect, device number 66
[ 1406.180392][T17937] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1406.372826][T17937] usb 4-1: Using ep0 maxpacket: 32
[ 1406.397727][T17937] usb 4-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1406.418813][T17937] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1406.431834][T17937] usb 4-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1406.443903][T17937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1406.483126][T17937] usb 4-1: Product: syz
[ 1406.509837][T17937] usb 4-1: Manufacturer: syz
[ 1406.570294][T17937] usb 4-1: SerialNumber: syz
[ 1406.602353][T17937] usb 4-1: config 0 descriptor??
[ 1406.899562][T20872] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1407.609250][T20881] 9pnet_fd: Insufficient options for proto=fd
[ 1407.659431][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1407.669665][T20882] input: syz0 as /devices/virtual/input/input222
[ 1407.758507][T20883] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3907'.
[ 1407.986460][T20277] usb 4-1: USB disconnect, device number 65
[ 1408.237986][T20893] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1410.391770][T20908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1410.410552][T20908] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1412.089773][T20918] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20918 comm=syz.0.3917
[ 1413.578451][T17937] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1413.755925][T20940] 9pnet_fd: Insufficient options for proto=fd
[ 1414.643474][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1415.021344][T20930] 9pnet_fd: Insufficient options for proto=fd
[ 1415.545383][T17937] usb 4-1: Using ep0 maxpacket: 32
[ 1415.558733][T17937] usb 4-1: device descriptor read/all, error -71
[ 1415.775692][T20952] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1416.157532][T20961] input: syz0 as /devices/virtual/input/input224
[ 1416.290479][T20964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1416.306154][T20964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1418.260943][    T9] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1418.432204][    T9] usb 7-1: Using ep0 maxpacket: 32
[ 1418.974263][    T9] usb 7-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1418.995042][    T9] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1419.034466][    T9] usb 7-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1419.051960][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1419.060091][    T9] usb 7-1: Product: syz
[ 1419.064409][    T9] usb 7-1: Manufacturer: syz
[ 1419.069068][    T9] usb 7-1: SerialNumber: syz
[ 1419.077038][    T9] usb 7-1: config 0 descriptor??
[ 1420.258962][T21004] 9pnet_fd: Insufficient options for proto=fd
[ 1420.409852][T21001] xt_CT: No such helper "syz0"
[ 1420.783821][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1420.822381][T16128] usb 7-1: USB disconnect, device number 45
[ 1421.047549][T21002] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1421.063856][T16511] Bluetooth: hci2: unexpected event for opcode 0x0c6d
[ 1421.423619][T17937] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1421.518190][T21019] input: syz0 as /devices/virtual/input/input226
[ 1421.634872][T21018] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1421.643649][T17937] usb 3-1: Using ep0 maxpacket: 32
[ 1422.111322][T17937] usb 3-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1422.131673][T17937] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1422.145574][T17937] usb 3-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1422.169064][T17937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1422.186935][T17937] usb 3-1: Product: syz
[ 1422.195580][T17937] usb 3-1: Manufacturer: syz
[ 1422.205589][T17937] usb 3-1: SerialNumber: syz
[ 1422.217467][T17937] usb 3-1: config 0 descriptor??
[ 1422.463530][    T8] usb 3-1: USB disconnect, device number 67
[ 1423.472703][T14993] syz_tun (unregistering): left allmulticast mode
[ 1424.882100][T21052] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1424.892615][T21052] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1424.901131][T21052] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1424.909091][T21052] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1424.972606][T21051] xt_CT: No such helper "syz0"
[ 1425.052538][T21052] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1425.065861][T21052] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1426.378266][T16902] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1426.631077][T16902] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1426.706936][T21081] input: syz0 as /devices/virtual/input/input227
[ 1427.091982][T21091] 9pnet_fd: Insufficient options for proto=fd
[ 1427.125864][T16902] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1427.140651][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1427.166417][T21048] chnl_net:caif_netlink_parms(): no params data found
[ 1427.252081][T16511] Bluetooth: hci3: command tx timeout
[ 1427.270863][T16902] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1427.845031][T21048] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1427.852402][T21048] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1427.859612][T21048] bridge_slave_0: entered allmulticast mode
[ 1427.879539][T21048] bridge_slave_0: entered promiscuous mode
[ 1427.986979][T21048] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1428.024708][T21048] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1428.038926][T21048] bridge_slave_1: entered allmulticast mode
[ 1428.051540][T21048] bridge_slave_1: entered promiscuous mode
[ 1428.160713][T21048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1428.177468][T21048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1428.220569][T21048] team0: Port device team_slave_0 added
[ 1428.238906][T21048] team0: Port device team_slave_1 added
[ 1428.282314][T21048] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1428.296356][T21048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1428.373593][T21048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1428.973216][T21114] xt_CT: No such helper "syz0"
[ 1429.243171][T16902] bond1 (unregistering): (slave ip6erspan0): Releasing active interface
[ 1429.465379][T16511] Bluetooth: hci3: command tx timeout
[ 1429.542819][T16898] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1429.561052][    C1] SELinux: failure in sel_netif_sid_slow(), invalid network interface (3)
[ 1429.569594][    C1] SELinux: failure in sel_netif_sid_slow(), invalid network interface (3)
[ 1429.826154][T21126] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1430.766399][T21138] 9pnet_fd: Insufficient options for proto=fd
[ 1430.787179][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1430.906164][T16902] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1430.940162][T16902] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1431.243850][T16902] bond0 (unregistering): Released all slaves
[ 1431.806180][T21142] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1431.814457][T16511] Bluetooth: hci3: command tx timeout
[ 1431.909811][T16902] bond1 (unregistering): Released all slaves
[ 1431.936655][T21048] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1432.038521][T21048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1432.109389][T21048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1432.727847][T21146] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1432.860565][T16902] tipc: Disabling bearer <udp:syz1>
[ 1432.866861][T16902] tipc: Left network mode
[ 1432.891727][T21048] hsr_slave_0: entered promiscuous mode
[ 1432.913467][T21048] hsr_slave_1: entered promiscuous mode
[ 1432.926959][T21048] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1432.938112][T21048] Cannot create hsr debugfs directory
[ 1433.236842][T21157] input: syz0 as /devices/virtual/input/input228
[ 1433.325568][T16902] hsr_slave_0: left promiscuous mode
[ 1433.338439][T16902] hsr_slave_1: left promiscuous mode
[ 1433.356324][T16902] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1433.363729][T16902] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1433.373176][T16902] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1433.380840][T16902] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1433.405515][T16902] veth1_macvtap: left promiscuous mode
[ 1433.411379][T16902] veth0_macvtap: left promiscuous mode
[ 1433.417006][T16902] veth1_vlan: left promiscuous mode
[ 1433.427391][T16902] veth0_vlan: left promiscuous mode
[ 1433.997951][T16511] Bluetooth: hci3: command tx timeout
[ 1434.015977][T16902] team0 (unregistering): Port device team_slave_1 removed
[ 1434.131685][T16902] team0 (unregistering): Port device team_slave_0 removed
[ 1434.458274][T21169] ubi: mtd0 is already attached to ubi0
[ 1437.947274][T21048] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1438.087392][T21048] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1438.111437][T21048] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1438.141259][T21048] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1438.222471][T21207] input: syz0 as /devices/virtual/input/input229
[ 1438.307643][T16902] IPVS: stop unused estimator thread 0...
[ 1438.350774][T21048] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1438.400894][T21048] 8021q: adding VLAN 0 to HW filter on device team0
[ 1438.487651][T16905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1438.494765][T16905] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1438.735350][T21212] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1438.747302][T16905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1438.754362][T16905] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1439.393369][T21218] 9pnet_fd: Insufficient options for proto=fd
[ 1440.306579][T21048] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1440.535521][T21048] veth0_vlan: entered promiscuous mode
[ 1440.626074][T21048] veth1_vlan: entered promiscuous mode
[ 1440.643925][T21048] veth0_macvtap: entered promiscuous mode
[ 1440.654355][T21048] veth1_macvtap: entered promiscuous mode
[ 1440.684478][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1440.875276][T21241] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1441.694579][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1441.715965][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1441.726409][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1441.744227][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1441.756249][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1441.850534][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1442.129380][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[ 1442.129423][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.211606][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1442.237505][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.264180][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1442.286591][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.299415][T21048] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1442.313906][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1442.338851][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.374156][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1442.384717][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.394875][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1442.406116][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.416018][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1442.426718][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.436943][T21048] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1442.447965][T21048] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1442.464239][T21048] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1442.520472][T21256] ubi: mtd0 is already attached to ubi0
[ 1443.032671][T21048] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.042887][T21048] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.051627][T21048] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.073012][T21048] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1443.285732][ T3849] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1443.309869][ T3849] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1443.513254][T16898] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1443.521438][T16898] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1444.559866][T21269] xt_CT: No such helper "syz0"
[ 1446.550027][T21292] input: syz0 as /devices/virtual/input/input230
[ 1447.062634][T16128] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1447.142984][T21303] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4004'.
[ 1447.243084][T16128] usb 4-1: Using ep0 maxpacket: 16
[ 1447.252458][T16128] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1447.432986][T21307] 9pnet_fd: Insufficient options for proto=fd
[ 1447.441286][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1447.574587][T21309] ubi: mtd0 is already attached to ubi0
[ 1448.046517][T16128] usb 4-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1448.078447][T16128] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1448.102725][T16128] usb 4-1: config 0 descriptor??
[ 1448.250887][T21313] FAULT_INJECTION: forcing a failure.
[ 1448.250887][T21313] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1448.265594][T21313] CPU: 1 UID: 0 PID: 21313 Comm: syz.5.4007 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1448.276383][T21313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1448.286446][T21313] Call Trace:
[ 1448.289729][T21313]  <TASK>
[ 1448.292665][T21313]  dump_stack_lvl+0x16c/0x1f0
[ 1448.297365][T21313]  should_fail_ex+0x497/0x5b0
[ 1448.302064][T21313]  _copy_from_user+0x2e/0xd0
[ 1448.306655][T21313]  copy_from_sockptr_offset+0x164/0x1a0
[ 1448.312199][T21313]  ? copy_to_sockptr_offset.constprop.0+0xe5/0x190
[ 1448.318697][T21313]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[ 1448.324757][T21313]  ? __might_fault+0xe3/0x190
[ 1448.329434][T21313]  do_tcp_getsockopt+0x1765/0x2900
[ 1448.334537][T21313]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[ 1448.339988][T21313]  ? mark_lock+0xb5/0xc60
[ 1448.344307][T21313]  ? __pfx___lock_acquire+0x10/0x10
[ 1448.349496][T21313]  ? __pfx_mark_lock+0x10/0x10
[ 1448.354255][T21313]  ? avc_has_perm_noaudit+0x119/0x3a0
[ 1448.359625][T21313]  ? __pfx_lock_release+0x10/0x10
[ 1448.364640][T21313]  ? trace_lock_acquire+0x14e/0x1f0
[ 1448.369837][T21313]  ? hlock_class+0x4e/0x130
[ 1448.374338][T21313]  ? __lock_acquire+0x15a9/0x3c40
[ 1448.379361][T21313]  ? __pfx___lock_acquire+0x10/0x10
[ 1448.384550][T21313]  ? hlock_class+0x4e/0x130
[ 1448.389049][T21313]  ? __lock_acquire+0xcc5/0x3c40
[ 1448.393978][T21313]  ? find_held_lock+0x2d/0x110
[ 1448.398738][T21313]  ? __might_fault+0x13b/0x190
[ 1448.403498][T21313]  ? lock_acquire+0x2f/0xb0
[ 1448.407989][T21313]  ? __might_fault+0xe3/0x190
[ 1448.412661][T21313]  tcp_getsockopt+0xdf/0x100
[ 1448.417240][T21313]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1448.423128][T21313]  do_sock_getsockopt+0x3fe/0x800
[ 1448.428146][T21313]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1448.433684][T21313]  ? lock_acquire+0x2f/0xb0
[ 1448.438176][T21313]  ? __fget_files+0x40/0x3a0
[ 1448.442760][T21313]  ? __fget_files+0x206/0x3a0
[ 1448.447429][T21313]  __sys_getsockopt+0x12f/0x260
[ 1448.452271][T21313]  __x64_sys_getsockopt+0xbd/0x160
[ 1448.457368][T21313]  ? do_syscall_64+0x91/0x250
[ 1448.462040][T21313]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1448.467229][T21313]  do_syscall_64+0xcd/0x250
[ 1448.471726][T21313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1448.477617][T21313] RIP: 0033:0x7ffa65785d29
[ 1448.482019][T21313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1448.501620][T21313] RSP: 002b:00007ffa66573038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1448.510023][T21313] RAX: ffffffffffffffda RBX: 00007ffa65975fa0 RCX: 00007ffa65785d29
[ 1448.517984][T21313] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003
[ 1448.525945][T21313] RBP: 00007ffa66573090 R08: 0000000020000200 R09: 0000000000000000
[ 1448.533904][T21313] R10: 0000000020006480 R11: 0000000000000246 R12: 0000000000000001
[ 1448.541863][T21313] R13: 0000000000000000 R14: 00007ffa65975fa0 R15: 00007fffb955d0f8
[ 1448.549832][T21313]  </TASK>
[ 1448.574460][T21315] tipc: Started in network mode
[ 1448.579861][T21315] tipc: Node identity 126af321f43c, cluster identity 4711
[ 1448.621592][T21315] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1448.631139][T21319] syzkaller0: entered promiscuous mode
[ 1448.718384][T21319] syzkaller0: entered allmulticast mode
[ 1448.753789][T21315] tipc: Resetting bearer <eth:syzkaller0>
[ 1448.782650][T21314] tipc: Resetting bearer <eth:syzkaller0>
[ 1448.790825][T16128] ntrig 0003:1B96:000C.0031: item fetching failed at offset 3/5
[ 1448.804719][T16128] ntrig 0003:1B96:000C.0031: parse failed
[ 1448.811875][T16128] ntrig 0003:1B96:000C.0031: probe with driver ntrig failed with error -22
[ 1448.905591][T21314] tipc: Disabling bearer <eth:syzkaller0>
[ 1450.458091][T12916] usb 4-1: USB disconnect, device number 68
[ 1451.176277][T21359] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1451.360889][T21360] ubi: mtd0 is already attached to ubi0
[ 1452.660710][T21372] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1453.061043][T21376] input: syz0 as /devices/virtual/input/input233
[ 1453.080341][T21379] input: syz1 as /devices/virtual/input/input234
[ 1454.287475][T21400] 9pnet_fd: Insufficient options for proto=fd
[ 1455.891686][   T29] audit: type=1400 audit(1737349413.421:2249): avc:  denied  { audit_write } for  pid=21413 comm="syz.2.4032" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1455.930815][   T29] audit: type=1107 audit(1737349413.440:2250): pid=21413 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='P'
[ 1456.021652][T21418] ubi: mtd0 is already attached to ubi0
[ 1456.550718][T21427] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1459.575648][T21460] 9pnet_fd: Insufficient options for proto=fd
[ 1459.643423][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1460.042479][T21462] QAT: failed to copy from user.
[ 1461.271217][T21474] 9pnet_fd: Insufficient options for proto=fd
[ 1461.346655][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1461.771496][ T5822] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1461.935838][T21481] input: syz0 as /devices/virtual/input/input236
[ 1461.962464][T21478] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1461.985683][ T5822] usb 3-1: Using ep0 maxpacket: 32
[ 1462.363569][ T5822] usb 3-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1462.381518][ T5822] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1462.402383][ T5822] usb 3-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1462.423946][ T5822] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1462.432161][ T5822] usb 3-1: Product: syz
[ 1462.460730][ T5822] usb 3-1: Manufacturer: syz
[ 1462.474914][ T5822] usb 3-1: SerialNumber: syz
[ 1462.500580][ T5822] usb 3-1: config 0 descriptor??
[ 1463.513184][T16903] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1463.822331][T21501] FAULT_INJECTION: forcing a failure.
[ 1463.822331][T21501] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1463.835569][T21501] CPU: 1 UID: 0 PID: 21501 Comm: syz.0.4054 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1463.846337][T21501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1463.856393][T21501] Call Trace:
[ 1463.859673][T21501]  <TASK>
[ 1463.862604][T21501]  dump_stack_lvl+0x16c/0x1f0
[ 1463.867292][T21501]  should_fail_ex+0x497/0x5b0
[ 1463.871983][T21501]  _copy_from_user+0x2e/0xd0
[ 1463.876578][T21501]  copy_msghdr_from_user+0x99/0x160
[ 1463.881779][T21501]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1463.887600][T21501]  ___sys_sendmsg+0xff/0x1e0
[ 1463.892192][T21501]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1463.897403][T21501]  ? __pfx_lock_release+0x10/0x10
[ 1463.902443][T21501]  ? trace_lock_acquire+0x14e/0x1f0
[ 1463.907650][T21501]  ? vfs_write+0xa9b/0x1150
[ 1463.912164][T21501]  ? __fget_files+0x206/0x3a0
[ 1463.916853][T21501]  __sys_sendmsg+0x16e/0x220
[ 1463.921450][T21501]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1463.926580][T21501]  do_syscall_64+0xcd/0x250
[ 1463.931093][T21501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1463.936992][T21501] RIP: 0033:0x7fb95bf85d29
[ 1463.941407][T21501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1463.961020][T21501] RSP: 002b:00007fb95cd74038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1463.969441][T21501] RAX: ffffffffffffffda RBX: 00007fb95c176160 RCX: 00007fb95bf85d29
[ 1463.977411][T21501] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000006
[ 1463.985387][T21501] RBP: 00007fb95cd74090 R08: 0000000000000000 R09: 0000000000000000
[ 1463.993359][T21501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1464.001330][T21501] R13: 0000000000000000 R14: 00007fb95c176160 R15: 00007ffcb2abaee8
[ 1464.009313][T21501]  </TASK>
[ 1464.177147][T12916] usb 3-1: USB disconnect, device number 68
[ 1464.321436][T21510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1464.337946][T21510] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1465.130235][T21515] xt_CT: No such helper "syz0"
[ 1465.908618][T21538] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1468.360710][T21555] input: syz0 as /devices/virtual/input/input237
[ 1468.576260][T21560] ubi: mtd0 is already attached to ubi0
[ 1468.783354][T21565] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1469.108074][T21570] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1470.816295][T21578] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1472.539016][ T5864] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1472.782508][T21597] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4079'.
[ 1472.795452][ T5864] usb 7-1: Using ep0 maxpacket: 32
[ 1472.815034][ T5864] usb 7-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1472.836296][ T5864] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1472.856741][ T5864] usb 7-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1472.883586][ T5864] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1472.904176][ T5864] usb 7-1: Product: syz
[ 1472.913139][ T5864] usb 7-1: Manufacturer: syz
[ 1472.917985][ T5864] usb 7-1: SerialNumber: syz
[ 1473.048934][ T5864] usb 7-1: config 0 descriptor??
[ 1474.811748][T21612] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1474.984027][T21620] ubi: mtd0 is already attached to ubi0
[ 1475.295846][ T5864] usb 7-1: USB disconnect, device number 46
[ 1475.634215][T21631] 9pnet_fd: Insufficient options for proto=fd
[ 1476.139768][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1476.332644][T21638] FAULT_INJECTION: forcing a failure.
[ 1476.332644][T21638] name failslab, interval 1, probability 0, space 0, times 0
[ 1476.374658][T21638] CPU: 1 UID: 0 PID: 21638 Comm: syz.5.4088 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1476.385454][T21638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1476.395518][T21638] Call Trace:
[ 1476.398799][T21638]  <TASK>
[ 1476.401731][T21638]  dump_stack_lvl+0x16c/0x1f0
[ 1476.406421][T21638]  should_fail_ex+0x497/0x5b0
[ 1476.411110][T21638]  ? fs_reclaim_acquire+0xae/0x150
[ 1476.416228][T21638]  should_failslab+0xc2/0x120
[ 1476.420914][T21638]  __kmalloc_noprof+0xcb/0x510
[ 1476.425693][T21638]  lsm_blob_alloc+0x68/0x90
[ 1476.430210][T21638]  security_sk_alloc+0x30/0x270
[ 1476.435069][T21638]  sk_prot_alloc+0x1c7/0x2a0
[ 1476.439669][T21638]  sk_alloc+0x36/0xb90
[ 1476.443750][T21638]  ? __pfx_genl_release+0x10/0x10
[ 1476.448781][T21638]  __netlink_create+0x5e/0x2c0
[ 1476.453552][T21638]  ? __wake_up+0x3f/0x60
[ 1476.457799][T21638]  netlink_create+0x3a4/0x630
[ 1476.462483][T21638]  ? __pfx_genl_bind+0x10/0x10
[ 1476.467260][T21638]  ? __pfx_genl_unbind+0x10/0x10
[ 1476.472212][T21638]  __sock_create+0x335/0x8d0
[ 1476.476815][T21638]  __sys_socket+0x14f/0x260
[ 1476.481328][T21638]  ? __pfx___sys_socket+0x10/0x10
[ 1476.486364][T21638]  ? do_user_addr_fault+0x83d/0x13f0
[ 1476.491654][T21638]  __x64_sys_socket+0x72/0xb0
[ 1476.496328][T21638]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1476.501523][T21638]  do_syscall_64+0xcd/0x250
[ 1476.506027][T21638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1476.511913][T21638] RIP: 0033:0x7ffa65787c47
[ 1476.516315][T21638] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1476.535915][T21638] RSP: 002b:00007ffa66550fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[ 1476.544321][T21638] RAX: ffffffffffffffda RBX: 00007ffa65976080 RCX: 00007ffa65787c47
[ 1476.552278][T21638] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[ 1476.560237][T21638] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[ 1476.568200][T21638] R10: 00000000200000c0 R11: 0000000000000286 R12: 0000000000000001
[ 1476.576165][T21638] R13: 0000000000000000 R14: 00007ffa65976080 R15: 00007fffb955d0f8
[ 1476.584135][T21638]  </TASK>
[ 1476.931845][T21643] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1477.227170][T21644] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1478.935856][T21666] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1480.428384][T21681] ubi: mtd0 is already attached to ubi0
[ 1482.083333][T21705] input: syz0 as /devices/virtual/input/input240
[ 1482.211607][T21706] 9pnet_fd: Insufficient options for proto=fd
[ 1482.329534][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1484.775012][T21731] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4113'.
[ 1485.148790][T21695] netlink: 'syz.6.4104': attribute type 7 has an invalid length.
[ 1486.035758][T21729] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1486.633904][T21743] ubi: mtd0 is already attached to ubi0
[ 1487.301287][T21753] 9pnet_fd: Insufficient options for proto=fd
[ 1487.909058][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1489.179360][T21761] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1489.260785][T21770] 9pnet_fd: Insufficient options for proto=fd
[ 1489.286514][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1490.356927][T21775] FAULT_INJECTION: forcing a failure.
[ 1490.356927][T21775] name failslab, interval 1, probability 0, space 0, times 0
[ 1490.369874][T21775] CPU: 1 UID: 0 PID: 21775 Comm: syz.0.4124 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1490.380645][T21775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1490.390706][T21775] Call Trace:
[ 1490.393982][T21775]  <TASK>
[ 1490.396893][T21775]  dump_stack_lvl+0x16c/0x1f0
[ 1490.401553][T21775]  should_fail_ex+0x497/0x5b0
[ 1490.406214][T21775]  ? fs_reclaim_acquire+0xae/0x150
[ 1490.411304][T21775]  should_failslab+0xc2/0x120
[ 1490.415963][T21775]  __kmalloc_noprof+0xcb/0x510
[ 1490.420707][T21775]  lsm_blob_alloc+0x68/0x90
[ 1490.425194][T21775]  security_sk_alloc+0x30/0x270
[ 1490.430024][T21775]  sk_prot_alloc+0x1c7/0x2a0
[ 1490.434595][T21775]  sk_alloc+0x36/0xb90
[ 1490.438647][T21775]  bpf_prog_test_run_skb+0x32b/0x2270
[ 1490.444000][T21775]  ? lock_acquire+0x2f/0xb0
[ 1490.448482][T21775]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1490.454268][T21775]  ? fput+0x67/0x440
[ 1490.458143][T21775]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1490.463928][T21775]  __sys_bpf+0xfc6/0x49c0
[ 1490.468239][T21775]  ? __pfx_lock_release+0x10/0x10
[ 1490.473239][T21775]  ? __pfx___sys_bpf+0x10/0x10
[ 1490.478049][T21775]  ? vfs_write+0x306/0x1150
[ 1490.482543][T21775]  ? __mutex_unlock_slowpath+0x164/0x690
[ 1490.488165][T21775]  ? fput+0x67/0x440
[ 1490.492042][T21775]  ? ksys_write+0x1ba/0x250
[ 1490.496535][T21775]  ? __pfx_ksys_write+0x10/0x10
[ 1490.501386][T21775]  __x64_sys_bpf+0x78/0xc0
[ 1490.505802][T21775]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1490.510990][T21775]  do_syscall_64+0xcd/0x250
[ 1490.515478][T21775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.521354][T21775] RIP: 0033:0x7fb95bf85d29
[ 1490.525743][T21775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1490.545347][T21775] RSP: 002b:00007fb95cdb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1490.553743][T21775] RAX: ffffffffffffffda RBX: 00007fb95c175fa0 RCX: 00007fb95bf85d29
[ 1490.561695][T21775] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a
[ 1490.569641][T21775] RBP: 00007fb95cdb6090 R08: 0000000000000000 R09: 0000000000000000
[ 1490.577586][T21775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1490.585535][T21775] R13: 0000000000000000 R14: 00007fb95c175fa0 R15: 00007ffcb2abaee8
[ 1490.593504][T21775]  </TASK>
[ 1490.700820][T21779] FAULT_INJECTION: forcing a failure.
[ 1490.700820][T21779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1490.722051][T21779] CPU: 0 UID: 0 PID: 21779 Comm: syz.3.4126 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1490.732835][T21779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1490.742891][T21779] Call Trace:
[ 1490.746171][T21779]  <TASK>
[ 1490.749104][T21779]  dump_stack_lvl+0x16c/0x1f0
[ 1490.753800][T21779]  should_fail_ex+0x497/0x5b0
[ 1490.758502][T21779]  _copy_from_user+0x2e/0xd0
[ 1490.763097][T21779]  video_usercopy+0xedb/0x1620
[ 1490.767845][T21779]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1490.773198][T21779]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1490.780036][T21779]  ? __pfx_video_usercopy+0x10/0x10
[ 1490.785239][T21779]  v4l2_ioctl+0x1ba/0x250
[ 1490.789551][T21779]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1490.794398][T21779]  __x64_sys_ioctl+0x190/0x200
[ 1490.799146][T21779]  do_syscall_64+0xcd/0x250
[ 1490.803643][T21779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.809531][T21779] RIP: 0033:0x7f62b0185d29
[ 1490.813951][T21779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1490.814336][T21783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1490.833549][T21779] RSP: 002b:00007f62b1002038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1490.833574][T21779] RAX: ffffffffffffffda RBX: 00007f62b0375fa0 RCX: 00007f62b0185d29
[ 1490.833587][T21779] RDX: 00000000200001c0 RSI: 00000000c02c563a RDI: 0000000000000003
[ 1490.833599][T21779] RBP: 00007f62b1002090 R08: 0000000000000000 R09: 0000000000000000
[ 1490.833611][T21779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1490.833623][T21779] R13: 0000000000000000 R14: 00007f62b0375fa0 R15: 00007ffd73827568
[ 1490.833647][T21779]  </TASK>
[ 1490.893908][T21783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1491.046908][T21785] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4127'.
[ 1492.438104][T21797] input: syz0 as /devices/virtual/input/input243
[ 1493.251654][T21804] ubi: mtd0 is already attached to ubi0
[ 1493.545579][T21806] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1494.086243][T21810] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1494.454225][T21815] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4133'.
[ 1494.506227][T21815] bridge0: entered allmulticast mode
[ 1494.784388][ T5864] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1494.878090][T21823] binder: 21822:21823 ioctl c0306201 20000580 returned -22
[ 1494.977273][ T5864] usb 7-1: too many configurations: 9, using maximum allowed: 8
[ 1494.986213][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1494.996290][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.007731][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.015077][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.024166][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.035159][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.043940][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.052926][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.069622][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.077141][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.092153][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.105553][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.113689][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.134716][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.161362][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.165657][T21829] FAULT_INJECTION: forcing a failure.
[ 1495.165657][T21829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1495.170338][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.193828][T21829] CPU: 1 UID: 0 PID: 21829 Comm: syz.5.4141 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1495.195800][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.204585][T21829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1495.204600][T21829] Call Trace:
[ 1495.204607][T21829]  <TASK>
[ 1495.204615][T21829]  dump_stack_lvl+0x16c/0x1f0
[ 1495.204645][T21829]  should_fail_ex+0x497/0x5b0
[ 1495.215551][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.225505][T21829]  _copy_to_user+0x32/0xd0
[ 1495.225528][T21829]  keyctl_capabilities+0x5d/0x140
[ 1495.225552][T21829]  __do_sys_keyctl+0x4a7/0x590
[ 1495.225574][T21829]  do_syscall_64+0xcd/0x250
[ 1495.225601][T21829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1495.225627][T21829] RIP: 0033:0x7ffa65785d29
[ 1495.225643][T21829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1495.225662][T21829] RSP: 002b:00007ffa66573038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1495.225682][T21829] RAX: ffffffffffffffda RBX: 00007ffa65975fa0 RCX: 00007ffa65785d29
[ 1495.225696][T21829] RDX: fffffffffffffd6f RSI: 0000000020000280 RDI: 000000000000001f
[ 1495.225708][T21829] RBP: 00007ffa66573090 R08: 0000000000000000 R09: 0000000000000000
[ 1495.225720][T21829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1495.225732][T21829] R13: 0000000000000000 R14: 00007ffa65975fa0 R15: 00007fffb955d0f8
[ 1495.225756][T21829]  </TASK>
[ 1495.227392][ T5822] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1495.231609][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.359148][T21833] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1495.371575][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.400804][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.414581][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1495.423714][ T5864] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1495.442808][ T5864] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1495.451610][ T5864] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1495.466547][ T5864] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1495.475596][ T5864] usb 7-1: Product: syz
[ 1495.486168][ T5864] usb 7-1: Manufacturer: syz
[ 1495.533276][ T5822] usb 3-1: Using ep0 maxpacket: 16
[ 1495.537322][ T5864] usb 7-1: SerialNumber: syz
[ 1495.542239][ T5822] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1495.546399][ T5864] usb 7-1: config 0 descriptor??
[ 1495.556457][ T5822] usb 3-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1495.569823][ T5864] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[ 1496.614438][T21817] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1496.625485][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.155927][ T5864] usb 7-1: USB disconnect, device number 47
[ 1497.162483][ T5822] usb 3-1: config 0 descriptor??
[ 1497.191544][ T5864] yurex 7-1:0.0: USB YUREX #0 now disconnected
[ 1497.564396][T21845] 9pnet_fd: Insufficient options for proto=fd
[ 1497.575656][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1497.662751][T21846] ubi: mtd0 is already attached to ubi0
[ 1498.007965][T16905] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1498.252288][T21851] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4146'.
[ 1498.292390][ T5822] ntrig 0003:1B96:000C.0032: item fetching failed at offset 3/5
[ 1498.313273][ T5822] ntrig 0003:1B96:000C.0032: parse failed
[ 1498.319230][ T5822] ntrig 0003:1B96:000C.0032: probe with driver ntrig failed with error -22
[ 1498.815808][T21855] input: syz0 as /devices/virtual/input/input244
[ 1499.395209][ T5822] usb 3-1: USB disconnect, device number 69
[ 1499.530718][ T5864] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1499.702381][ T5864] usb 7-1: Using ep0 maxpacket: 8
[ 1499.714953][ T5864] usb 7-1: config index 0 descriptor too short (expected 59172, got 36)
[ 1499.890624][ T5864] usb 7-1: config 0 has an invalid interface number: 0 but max is -1
[ 1500.013040][ T5864] usb 7-1: config 0 has an invalid descriptor of length 67, skipping remainder of the config
[ 1500.200601][ T5864] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1500.282454][ T5864] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1500.320808][ T5864] usb 7-1: New USB device found, idVendor=056a, idProduct=0326, bcdDevice= 0.00
[ 1500.342376][ T5864] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1500.374208][ T5864] usb 7-1: config 0 descriptor??
[ 1500.398051][ T5864] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 1500.640161][T21881] FAULT_INJECTION: forcing a failure.
[ 1500.640161][T21881] name failslab, interval 1, probability 0, space 0, times 0
[ 1500.660387][T21881] CPU: 1 UID: 0 PID: 21881 Comm: syz.5.4155 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1500.671158][T21881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1500.681194][T21881] Call Trace:
[ 1500.684458][T21881]  <TASK>
[ 1500.687368][T21881]  dump_stack_lvl+0x16c/0x1f0
[ 1500.692026][T21881]  should_fail_ex+0x497/0x5b0
[ 1500.696685][T21881]  ? fs_reclaim_acquire+0xae/0x150
[ 1500.701787][T21881]  should_failslab+0xc2/0x120
[ 1500.706444][T21881]  __kmalloc_noprof+0xcb/0x510
[ 1500.711203][T21881]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1500.718293][T21881]  ? cred_has_capability.isra.0+0x192/0x2f0
[ 1500.724165][T21881]  genl_family_rcv_msg_doit+0xbf/0x2f0
[ 1500.729599][T21881]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1500.735643][T21881]  ? bpf_lsm_capable+0x9/0x10
[ 1500.740294][T21881]  ? security_capable+0x7e/0x260
[ 1500.745212][T21881]  genl_rcv_msg+0x565/0x800
[ 1500.749693][T21881]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1500.754692][T21881]  ? __pfx_nl802154_pre_doit+0x10/0x10
[ 1500.760143][T21881]  ? __pfx_nl802154_set_tx_power+0x10/0x10
[ 1500.765940][T21881]  ? __pfx_nl802154_post_doit+0x10/0x10
[ 1500.771466][T21881]  ? __pfx___lock_acquire+0x10/0x10
[ 1500.776645][T21881]  netlink_rcv_skb+0x16b/0x440
[ 1500.781389][T21881]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1500.786389][T21881]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1500.791659][T21881]  ? down_read+0xc9/0x330
[ 1500.795969][T21881]  ? __pfx_down_read+0x10/0x10
[ 1500.800713][T21881]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1500.805981][T21881]  genl_rcv+0x28/0x40
[ 1500.809944][T21881]  netlink_unicast+0x53c/0x7f0
[ 1500.814690][T21881]  ? __pfx_netlink_unicast+0x10/0x10
[ 1500.819958][T21881]  netlink_sendmsg+0x8b8/0xd70
[ 1500.824716][T21881]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1500.830020][T21881]  ____sys_sendmsg+0xaaf/0xc90
[ 1500.834793][T21881]  ? copy_msghdr_from_user+0x10b/0x160
[ 1500.840249][T21881]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1500.845521][T21881]  ___sys_sendmsg+0x135/0x1e0
[ 1500.850184][T21881]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1500.855363][T21881]  ? __pfx_lock_release+0x10/0x10
[ 1500.860364][T21881]  ? trace_lock_acquire+0x14e/0x1f0
[ 1500.865546][T21881]  ? __fget_files+0x206/0x3a0
[ 1500.870208][T21881]  __sys_sendmsg+0x16e/0x220
[ 1500.874775][T21881]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1500.879870][T21881]  do_syscall_64+0xcd/0x250
[ 1500.884353][T21881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1500.890225][T21881] RIP: 0033:0x7ffa65785d29
[ 1500.894614][T21881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1500.914212][T21881] RSP: 002b:00007ffa66573038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1500.922624][T21881] RAX: ffffffffffffffda RBX: 00007ffa65975fa0 RCX: 00007ffa65785d29
[ 1500.930574][T21881] RDX: 0000000000008010 RSI: 0000000020009740 RDI: 0000000000000004
[ 1500.938521][T21881] RBP: 00007ffa66573090 R08: 0000000000000000 R09: 0000000000000000
[ 1500.946468][T21881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1500.954416][T21881] R13: 0000000000000000 R14: 00007ffa65975fa0 R15: 00007fffb955d0f8
[ 1500.962368][T21881]  </TASK>
[ 1503.009260][  T900] usb 7-1: USB disconnect, device number 48
[ 1503.987902][T21903] netlink: 'syz.5.4161': attribute type 1 has an invalid length.
[ 1504.679623][T21913] FAULT_INJECTION: forcing a failure.
[ 1504.679623][T21913] name failslab, interval 1, probability 0, space 0, times 0
[ 1504.713967][T21913] CPU: 1 UID: 0 PID: 21913 Comm: syz.3.4163 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1504.724752][T21913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1504.734810][T21913] Call Trace:
[ 1504.738087][T21913]  <TASK>
[ 1504.741019][T21913]  dump_stack_lvl+0x16c/0x1f0
[ 1504.745710][T21913]  should_fail_ex+0x497/0x5b0
[ 1504.750400][T21913]  ? fs_reclaim_acquire+0xae/0x150
[ 1504.755515][T21913]  should_failslab+0xc2/0x120
[ 1504.760199][T21913]  __kmalloc_noprof+0xcb/0x510
[ 1504.764975][T21913]  lsm_blob_alloc+0x68/0x90
[ 1504.769480][T21913]  security_sk_alloc+0x30/0x270
[ 1504.774307][T21913]  sk_prot_alloc+0x1c7/0x2a0
[ 1504.778877][T21913]  sk_alloc+0x36/0xb90
[ 1504.782932][T21913]  bpf_prog_test_run_skb+0x32b/0x2270
[ 1504.788292][T21913]  ? lock_acquire+0x2f/0xb0
[ 1504.792775][T21913]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1504.798562][T21913]  ? fput+0x67/0x440
[ 1504.802439][T21913]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1504.808234][T21913]  __sys_bpf+0xfc6/0x49c0
[ 1504.812545][T21913]  ? __pfx_lock_release+0x10/0x10
[ 1504.817546][T21913]  ? __pfx___sys_bpf+0x10/0x10
[ 1504.822305][T21913]  ? vfs_write+0x306/0x1150
[ 1504.826799][T21913]  ? __mutex_unlock_slowpath+0x164/0x690
[ 1504.832431][T21913]  ? fput+0x67/0x440
[ 1504.836306][T21913]  ? ksys_write+0x1ba/0x250
[ 1504.840783][T21913]  ? __pfx_ksys_write+0x10/0x10
[ 1504.845612][T21913]  __x64_sys_bpf+0x78/0xc0
[ 1504.850012][T21913]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1504.855201][T21913]  do_syscall_64+0xcd/0x250
[ 1504.860153][T21913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1504.866037][T21913] RIP: 0033:0x7f62b0185d29
[ 1504.870454][T21913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1504.890068][T21913] RSP: 002b:00007f62b1002038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1504.898487][T21913] RAX: ffffffffffffffda RBX: 00007f62b0375fa0 RCX: 00007f62b0185d29
[ 1504.906462][T21913] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a
[ 1504.914432][T21913] RBP: 00007f62b1002090 R08: 0000000000000000 R09: 0000000000000000
[ 1504.922398][T21913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1504.930355][T21913] R13: 0000000000000000 R14: 00007f62b0375fa0 R15: 00007ffd73827568
[ 1504.938321][T21913]  </TASK>
[ 1505.346554][T16128] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1505.362776][T21933] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1505.488511][T21934] input: syz0 as /devices/virtual/input/input246
[ 1505.528357][T16128] usb 1-1: Using ep0 maxpacket: 16
[ 1505.547589][T16128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1505.562341][T21936] FAULT_INJECTION: forcing a failure.
[ 1505.562341][T21936] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1505.583515][   T29] audit: type=1400 audit(1737349459.901:2251): avc:  denied  { write } for  pid=21935 comm="syz.3.4170" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1505.630425][T16128] usb 1-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1505.650782][T21936] CPU: 0 UID: 0 PID: 21936 Comm: syz.3.4170 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1505.661554][T21936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1505.671598][T21936] Call Trace:
[ 1505.674863][T21936]  <TASK>
[ 1505.677791][T21936]  dump_stack_lvl+0x16c/0x1f0
[ 1505.682463][T21936]  should_fail_ex+0x497/0x5b0
[ 1505.687138][T21936]  _copy_from_user+0x2e/0xd0
[ 1505.691715][T21936]  _autofs_dev_ioctl+0x118/0xb10
[ 1505.696646][T21936]  ? __pfx__autofs_dev_ioctl+0x10/0x10
[ 1505.702098][T21936]  ? selinux_file_ioctl+0x180/0x270
[ 1505.707287][T21936]  ? selinux_file_ioctl+0xb4/0x270
[ 1505.712390][T21936]  autofs_dev_ioctl+0x1a/0x30
[ 1505.717055][T21936]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 1505.722417][T21936]  __x64_sys_ioctl+0x190/0x200
[ 1505.727174][T21936]  do_syscall_64+0xcd/0x250
[ 1505.731672][T21936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.737557][T21936] RIP: 0033:0x7f62b0185d29
[ 1505.741960][T21936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1505.761554][T21936] RSP: 002b:00007f62b1002038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1505.769955][T21936] RAX: ffffffffffffffda RBX: 00007f62b0375fa0 RCX: 00007f62b0185d29
[ 1505.777913][T21936] RDX: 00000000200004c0 RSI: 00000000c0189375 RDI: 0000000000000004
[ 1505.785869][T21936] RBP: 00007f62b1002090 R08: 0000000000000000 R09: 0000000000000000
[ 1505.793832][T21936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1505.801802][T21936] R13: 0000000000000000 R14: 00007f62b0375fa0 R15: 00007ffd73827568
[ 1505.809768][T21936]  </TASK>
[ 1505.814663][T16128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.825850][T16128] usb 1-1: config 0 descriptor??
[ 1506.455575][T21943] 9pnet: p9_errstr2errno: server reported unknown error —
[ 1506.473351][T21943] overlayfs: missing 'lowerdir'
[ 1506.502281][T16128] ntrig 0003:1B96:000C.0033: item fetching failed at offset 3/5
[ 1506.516287][T21943] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=21943 comm=syz.2.4172
[ 1506.523511][T16128] ntrig 0003:1B96:000C.0033: parse failed
[ 1506.575290][T16128] ntrig 0003:1B96:000C.0033: probe with driver ntrig failed with error -22
[ 1506.809949][T21950] fuse: Bad value for 'fd'
[ 1506.837432][T21950] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1506.867792][T21951] 9pnet_fd: Insufficient options for proto=fd
[ 1506.982197][T16511] Bluetooth: hci1: unexpected event for opcode 0x1001
[ 1507.870547][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[ 1508.088573][ T5822] usb 1-1: USB disconnect, device number 37
[ 1508.122306][T21961] overlayfs: failed to get inode (-116)
[ 1508.129369][T21961] overlayfs: failed to get inode (-116)
[ 1508.285887][T21963] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4178'.
[ 1508.307922][T16128] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1508.460609][T17937] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1509.034100][T16128] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 1509.042893][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.075442][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.100212][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.111589][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.136373][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.164383][T17937] usb 7-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1509.173439][T17937] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1509.205795][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.217829][T17937] usb 7-1: Product: syz
[ 1509.222294][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.231441][T17937] usb 7-1: Manufacturer: syz
[ 1509.236529][T17937] usb 7-1: SerialNumber: syz
[ 1509.241210][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.253713][T17937] usb 7-1: config 0 descriptor??
[ 1509.258804][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.269757][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.348380][T17937] i2c-tiny-usb 7-1:0.0: version 6d.cc found at bus 007 address 049
[ 1509.367946][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.385010][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.393196][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.457394][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.498309][T17937]  (null): failure setting delay to 10us
[ 1509.511276][T17937] i2c-tiny-usb 7-1:0.0: probe with driver i2c-tiny-usb failed with error -5
[ 1509.522004][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.539564][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.550017][T17937] usb 7-1: USB disconnect, device number 49
[ 1509.574672][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.600392][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.646507][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.676218][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.697585][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.715670][T16128] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1509.736646][T16128] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1509.761823][T16128] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1509.774291][T16128] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1509.787334][T21984] input: syz0 as /devices/virtual/input/input247
[ 1509.802980][T16128] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1509.964153][T16128] usb 3-1: Product: syz
[ 1509.968578][T16128] usb 3-1: Manufacturer: syz
[ 1509.973182][T16128] usb 3-1: SerialNumber: syz
[ 1509.987872][T16128] usb 3-1: config 0 descriptor??
[ 1509.999570][T16128] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[ 1510.660146][  T900] usb 3-1: USB disconnect, device number 70
[ 1510.684945][  T900] yurex 3-1:0.0: USB YUREX #0 now disconnected
[ 1511.531522][T21997] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1512.202796][T21999] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4187'.
[ 1512.963952][T22009] lo speed is unknown, defaulting to 1000
[ 1512.973825][T22009] lo speed is unknown, defaulting to 1000
[ 1512.980245][T22009] lo speed is unknown, defaulting to 1000
[ 1513.030021][T22013] »»»»»»: renamed from lo (while UP)
[ 1513.058720][T22014] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22014 comm=syz.5.4192
[ 1513.072822][T22014] netlink: 'syz.5.4192': attribute type 1 has an invalid length.
[ 1513.099006][T22014] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1513.105791][T22009] infiniband s
z1: set active
[ 1513.114249][T16128] »»»»»» speed is unknown, defaulting to 1000
[ 1513.121753][T22009] infiniband s
z1: added »»»»»»
[ 1513.127865][T22014] bond1: (slave bridge1): making interface the new active one
[ 1513.141029][T22014] bond1: (slave bridge1): Enslaving as an active interface with an up link
[ 1513.156238][T22014] vlan2: entered promiscuous mode
[ 1513.163998][T22014] bond1: entered promiscuous mode
[ 1513.169038][T22014] bridge1: entered promiscuous mode
[ 1513.173326][T22009] RDS/IB: s
z1: added
[ 1513.178149][T22014] vlan2: entered allmulticast mode
[ 1513.179826][T22009] smc: adding ib device s
z1 with port count 1
[ 1513.185803][T22014] bond1: entered allmulticast mode
[ 1513.191580][T22009] smc:    ib device s
z1 port 1 has pnetid 
[ 1513.195751][T22014] bridge1: entered allmulticast mode
[ 1513.212535][ T5864] »»»»»» speed is unknown, defaulting to 1000
[ 1513.224076][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1513.332718][  T900] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[ 1513.364368][ T5864] usb 4-1: new full-speed USB device number 69 using dummy_hcd
[ 1513.404383][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1513.504023][  T900] usb 1-1: Using ep0 maxpacket: 16
[ 1513.512701][  T900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1513.533615][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1513.540195][  T900] usb 1-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00
[ 1513.550930][ T5864] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1513.559086][ T5864] usb 4-1: config 0 has no interface number 0
[ 1513.568926][  T900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1513.583746][ T5864] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1513.602501][  T900] usb 1-1: config 0 descriptor??
[ 1513.610415][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1513.625788][ T5864] usb 4-1: config 0 descriptor??
[ 1513.634429][ T5864] usb 4-1: selecting invalid altsetting 1
[ 1513.644943][ T5864] dvb_ttusb_budget: ttusb_init_controller: error
[ 1513.652073][ T5864] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1513.741605][ T5864] DVB: Unable to find symbol cx22700_attach()
[ 1513.759790][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1513.819959][ T5864] DVB: Unable to find symbol tda10046_attach()
[ 1513.827652][ T5864] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1514.054408][  T900] ntrig 0003:1B96:000C.0034: item fetching failed at offset 3/5
[ 1514.068736][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1514.075790][  T900] ntrig 0003:1B96:000C.0034: parse failed
[ 1514.084180][  T900] ntrig 0003:1B96:000C.0034: probe with driver ntrig failed with error -22
[ 1514.222249][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1514.262438][ T5822] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 1514.305634][T16128] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1514.324326][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1514.449680][T22009] »»»»»» speed is unknown, defaulting to 1000
[ 1514.476246][T16128] usb 3-1: Using ep0 maxpacket: 16
[ 1514.481753][ T5822] usb 7-1: Using ep0 maxpacket: 8
[ 1514.496655][T16128] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1514.498066][  T900] usb 1-1: USB disconnect, device number 38
[ 1514.516998][T16128] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 96
[ 1514.529196][ T5822] usb 7-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1514.538483][ T5822] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1514.546740][ T5822] usb 7-1: Product: syz
[ 1514.551158][T16128] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[ 1514.560876][T16128] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[ 1514.574861][ T5822] usb 7-1: Manufacturer: syz
[ 1514.579465][ T5822] usb 7-1: SerialNumber: syz
[ 1514.586761][T16128] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1514.596070][T16128] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1514.613389][T16128] usb 3-1: SerialNumber: syz
[ 1514.618717][ T5822] usb 7-1: config 0 descriptor??
[ 1514.625732][ T5822] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1514.645700][T22028] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[ 1514.669727][T22028] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[ 1514.696904][T17611] usb 4-1: USB disconnect, device number 69
[ 1514.716736][T16128] hub 3-1:1.0: bad descriptor, ignoring hub
[ 1514.730814][T16128] hub 3-1:1.0: probe with driver hub failed with error -5
[ 1514.945451][T22028] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[ 1514.954735][T22028] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[ 1515.682263][T16128] cdc_ether 3-1:1.0 eth9: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42
[ 1516.154420][T22040] ubi: mtd0 is already attached to ubi0
[ 1516.499019][ T5822] gspca_sonixj: reg_w1 err -110
[ 1516.849597][ T5822] sonixj 7-1:0.0: probe with driver sonixj failed with error -110
[ 1516.980825][T22046] netlink: 39 bytes leftover after parsing attributes in process `syz.3.4200'.
[ 1517.091421][T16128] usb 3-1: USB disconnect, device number 71
[ 1517.098538][T16128] cdc_ether 3-1:1.0 eth9: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device
[ 1517.253075][T22055] FAULT_INJECTION: forcing a failure.
[ 1517.253075][T22055] name failslab, interval 1, probability 0, space 0, times 0
[ 1517.296465][T16128] usb 7-1: USB disconnect, device number 50
[ 1517.297611][T22056] input: syz0 as /devices/virtual/input/input251
[ 1517.303471][T22055] CPU: 1 UID: 0 PID: 22055 Comm: syz.0.4201 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1517.319496][T22055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1517.329554][T22055] Call Trace:
[ 1517.332834][T22055]  <TASK>
[ 1517.335770][T22055]  dump_stack_lvl+0x16c/0x1f0
[ 1517.340467][T22055]  should_fail_ex+0x497/0x5b0
[ 1517.345158][T22055]  ? fs_reclaim_acquire+0xae/0x150
[ 1517.350277][T22055]  should_failslab+0xc2/0x120
[ 1517.354963][T22055]  __kmalloc_cache_noprof+0x68/0x410
[ 1517.360256][T22055]  ? br_ioctl_stub+0x97/0x8b0
[ 1517.364945][T22055]  ? br_add_if+0x3b1/0x1b70
[ 1517.369467][T22055]  br_add_if+0x41d/0x1b70
[ 1517.373811][T22055]  ? bpf_lsm_capable+0x9/0x10
[ 1517.378488][T22055]  ? security_capable+0x7e/0x260
[ 1517.383435][T22055]  add_del_if+0x114/0x160
[ 1517.387776][T22055]  br_ioctl_stub+0x2ef/0x8b0
[ 1517.392376][T22055]  ? __pfx___mutex_lock+0x10/0x10
[ 1517.397414][T22055]  ? __pfx_br_ioctl_stub+0x10/0x10
[ 1517.402538][T22055]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1517.407833][T22055]  ? do_syscall_64+0xcd/0x250
[ 1517.412516][T22055]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1517.418604][T22055]  ? __pfx_br_ioctl_stub+0x10/0x10
[ 1517.423727][T22055]  br_ioctl_call+0x62/0xb0
[ 1517.428155][T22055]  dev_ifsioc+0x940/0x10b0
[ 1517.432582][T22055]  ? __pfx_dev_ifsioc+0x10/0x10
[ 1517.437443][T22055]  ? __pfx___mutex_lock+0x10/0x10
[ 1517.442477][T22055]  ? __pfx_lock_release+0x10/0x10
[ 1517.447498][T22055]  ? full_name_hash+0xbc/0x110
[ 1517.452265][T22055]  dev_ioctl+0x224/0x10c0
[ 1517.456592][T22055]  sock_do_ioctl+0x19e/0x280
[ 1517.461185][T22055]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1517.466293][T22055]  ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[ 1517.472786][T22055]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[ 1517.479280][T22055]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1517.486123][T22055]  sock_ioctl+0x228/0x6c0
[ 1517.490446][T22055]  ? __pfx_sock_ioctl+0x10/0x10
[ 1517.495292][T22055]  ? selinux_file_ioctl+0x180/0x270
[ 1517.500480][T22055]  ? selinux_file_ioctl+0xb4/0x270
[ 1517.505583][T22055]  ? __pfx_sock_ioctl+0x10/0x10
[ 1517.510426][T22055]  __x64_sys_ioctl+0x190/0x200
[ 1517.515185][T22055]  do_syscall_64+0xcd/0x250
[ 1517.519682][T22055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1517.525569][T22055] RIP: 0033:0x7fb95bf85d29
[ 1517.529969][T22055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1517.549580][T22055] RSP: 002b:00007fb95cd74038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1517.557987][T22055] RAX: ffffffffffffffda RBX: 00007fb95c176160 RCX: 00007fb95bf85d29
[ 1517.565948][T22055] RDX: 0000000020000000 RSI: 00000000000089a2 RDI: 0000000000000006
[ 1517.573904][T22055] RBP: 00007fb95cd74090 R08: 0000000000000000 R09: 0000000000000000
[ 1517.581862][T22055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1517.589818][T22055] R13: 0000000000000000 R14: 00007fb95c176160 R15: 00007ffcb2abaee8
[ 1517.597790][T22055]  </TASK>
[ 1518.638737][T22069] FAULT_INJECTION: forcing a failure.
[ 1518.638737][T22069] name failslab, interval 1, probability 0, space 0, times 0
[ 1518.663314][T22069] CPU: 1 UID: 0 PID: 22069 Comm: syz.5.4206 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1518.674094][T22069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1518.684148][T22069] Call Trace:
[ 1518.687425][T22069]  <TASK>
[ 1518.690355][T22069]  dump_stack_lvl+0x16c/0x1f0
[ 1518.695041][T22069]  should_fail_ex+0x497/0x5b0
[ 1518.699735][T22069]  should_failslab+0xc2/0x120
[ 1518.704418][T22069]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 1518.709797][T22069]  ? skb_clone+0x190/0x3f0
[ 1518.714214][T22069]  skb_clone+0x190/0x3f0
[ 1518.718445][T22069]  netlink_deliver_tap+0xabd/0xd30
[ 1518.723552][T22069]  netlink_unicast+0x5e1/0x7f0
[ 1518.728309][T22069]  ? __pfx_netlink_unicast+0x10/0x10
[ 1518.733593][T22069]  netlink_sendmsg+0x8b8/0xd70
[ 1518.738351][T22069]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1518.743636][T22069]  ____sys_sendmsg+0xaaf/0xc90
[ 1518.748389][T22069]  ? copy_msghdr_from_user+0x10b/0x160
[ 1518.753836][T22069]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1518.759121][T22069]  ___sys_sendmsg+0x135/0x1e0
[ 1518.763788][T22069]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1518.768984][T22069]  ? __pfx_lock_release+0x10/0x10
[ 1518.773997][T22069]  ? trace_lock_acquire+0x14e/0x1f0
[ 1518.779193][T22069]  ? __fget_files+0x206/0x3a0
[ 1518.783865][T22069]  __sys_sendmsg+0x16e/0x220
[ 1518.788441][T22069]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1518.793549][T22069]  do_syscall_64+0xcd/0x250
[ 1518.798048][T22069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1518.803934][T22069] RIP: 0033:0x7ffa65785d29
[ 1518.808335][T22069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1518.827929][T22069] RSP: 002b:00007ffa66573038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1518.836327][T22069] RAX: ffffffffffffffda RBX: 00007ffa65975fa0 RCX: 00007ffa65785d29
[ 1518.844283][T22069] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[ 1518.852238][T22069] RBP: 00007ffa66573090 R08: 0000000000000000 R09: 0000000000000000
[ 1518.860193][T22069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1518.868149][T22069] R13: 0000000000000000 R14: 00007ffa65975fa0 R15: 00007fffb955d0f8
[ 1518.876117][T22069]  </TASK>
[ 1520.433763][T22088] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2
[ 1520.458900][T22087] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4212'.
[ 1520.464543][T22088] netlink: 'syz.0.4213': attribute type 12 has an invalid length.
[ 1520.476197][T22088] netlink: 'syz.0.4213': attribute type 29 has an invalid length.
[ 1520.484099][T22088] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4213'.
[ 1520.494080][T22088] netlink: 'syz.0.4213': attribute type 1 has an invalid length.
[ 1520.502205][T22088] netlink: 'syz.0.4213': attribute type 2 has an invalid length.
[ 1520.511444][T22088] netlink: 19 bytes leftover after parsing attributes in process `syz.0.4213'.
[ 1520.521151][T22091] tipc: Started in network mode
[ 1520.526146][T22091] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[ 1520.540305][T22091] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1520.560033][T22090] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1521.211356][T22095] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1521.400720][T22105] No such timeout policy "syz0"
[ 1521.457366][T22105] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4216'.
[ 1521.779822][T17611] tipc: Node number set to 4269801491
[ 1523.122065][T22112] xt_CT: No such helper "syz0"
[ 1523.345334][T16511] Bluetooth: hci1: unexpected event for opcode 0x2042
[ 1523.436753][T22124] input: syz0 as /devices/virtual/input/input252
[ 1524.776161][T22148] FAULT_INJECTION: forcing a failure.
[ 1524.776161][T22148] name failslab, interval 1, probability 0, space 0, times 0
[ 1524.792810][T22148] CPU: 0 UID: 0 PID: 22148 Comm: syz.6.4229 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1524.803593][T22148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1524.813659][T22148] Call Trace:
[ 1524.816940][T22148]  <TASK>
[ 1524.819877][T22148]  dump_stack_lvl+0x16c/0x1f0
[ 1524.824568][T22148]  should_fail_ex+0x497/0x5b0
[ 1524.829256][T22148]  ? fs_reclaim_acquire+0xae/0x150
[ 1524.834373][T22148]  should_failslab+0xc2/0x120
[ 1524.839065][T22148]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[ 1524.844881][T22148]  ? __alloc_skb+0x2b1/0x380
[ 1524.849488][T22148]  __alloc_skb+0x2b1/0x380
[ 1524.853919][T22148]  ? __pfx___alloc_skb+0x10/0x10
[ 1524.858876][T22148]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1524.864871][T22148]  netlink_alloc_large_skb+0x69/0x130
[ 1524.870258][T22148]  netlink_sendmsg+0x689/0xd70
[ 1524.875040][T22148]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1524.880350][T22148]  ____sys_sendmsg+0xaaf/0xc90
[ 1524.885126][T22148]  ? copy_msghdr_from_user+0x10b/0x160
[ 1524.890595][T22148]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1524.895905][T22148]  ___sys_sendmsg+0x135/0x1e0
[ 1524.900591][T22148]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1524.905804][T22148]  ? __pfx_lock_release+0x10/0x10
[ 1524.910835][T22148]  ? trace_lock_acquire+0x14e/0x1f0
[ 1524.916057][T22148]  ? __fget_files+0x206/0x3a0
[ 1524.920749][T22148]  __sys_sendmsg+0x16e/0x220
[ 1524.925344][T22148]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1524.930474][T22148]  do_syscall_64+0xcd/0x250
[ 1524.934993][T22148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1524.940898][T22148] RIP: 0033:0x7f2b3e985d29
[ 1524.945317][T22148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1524.964932][T22148] RSP: 002b:00007f2b3f7d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1524.973353][T22148] RAX: ffffffffffffffda RBX: 00007f2b3eb75fa0 RCX: 00007f2b3e985d29
[ 1524.981327][T22148] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004
[ 1524.989299][T22148] RBP: 00007f2b3f7d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1524.997271][T22148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1525.005249][T22148] R13: 0000000000000000 R14: 00007f2b3eb75fa0 R15: 00007ffca5e38028
[ 1525.013241][T22148]  </TASK>
[ 1525.298614][T22156] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4232'.
[ 1525.398821][T22158] 9pnet_fd: Insufficient options for proto=fd
[ 1525.425278][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1527.647146][T16511] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1527.659366][T16511] Bluetooth: hci1: Injecting HCI hardware error event
[ 1527.668438][T16511] Bluetooth: hci1: hardware error 0x00
[ 1527.719639][   T29] audit: type=1326 audit(1737349480.630:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22175 comm="syz.5.4237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa65785d29 code=0x7ffc0000
[ 1527.960654][T22178] input: syz0 as /devices/virtual/input/input253
[ 1528.284125][T22179] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4237'.
[ 1528.334876][T22179] bond2: entered promiscuous mode
[ 1528.339925][T22179] bond2: entered allmulticast mode
[ 1528.345300][T22179] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1528.384793][   T29] audit: type=1326 audit(1737349480.630:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22175 comm="syz.5.4237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa65785d29 code=0x7ffc0000
[ 1528.588406][   T29] audit: type=1326 audit(1737349480.705:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22175 comm="syz.5.4237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7ffa65785d29 code=0x7ffc0000
[ 1528.898683][T22186] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1529.304947][   T29] audit: type=1326 audit(1737349481.172:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22175 comm="syz.5.4237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa65785d29 code=0x7ffc0000
[ 1529.329139][   T29] audit: type=1326 audit(1737349481.172:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22175 comm="syz.5.4237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa65785d29 code=0x7ffc0000
[ 1529.956843][T16511] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1530.581938][T22202] 9pnet_fd: Insufficient options for proto=fd
[ 1530.716455][T22204] 9pnet_fd: Insufficient options for proto=fd
[ 1530.742898][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1531.566732][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1532.071110][T22221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1532.102911][T22221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1532.103713][T22224] 9pnet_fd: Insufficient options for proto=fd
[ 1532.160110][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1532.216241][T22229] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1533.696313][   T29] audit: type=1326 audit(1737349486.102:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.339548][   T29] audit: type=1326 audit(1737349486.102:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.451035][   T29] audit: type=1326 audit(1737349486.111:2259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.616353][   T29] audit: type=1326 audit(1737349486.111:2260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.627106][T22256] 9pnet_fd: Insufficient options for proto=fd
[ 1534.646584][   T29] audit: type=1326 audit(1737349486.111:2261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.704897][   T29] audit: type=1326 audit(1737349486.111:2262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.735083][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1534.774440][   T29] audit: type=1326 audit(1737349486.111:2263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1534.818090][T22233] serio: Serial port ptm0
[ 1534.997900][T22262] ubi: mtd0 is already attached to ubi0
[ 1535.483214][   T29] audit: type=1326 audit(1737349486.111:2264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1535.843718][   T29] audit: type=1326 audit(1737349486.111:2265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1535.904415][   T29] audit: type=1326 audit(1737349486.111:2266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22242 comm="syz.6.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b3e985d29 code=0x7ffc0000
[ 1536.041423][T22264] Bluetooth: MGMT ver 1.23
[ 1537.309566][T22292] dvmrp1: entered allmulticast mode
[ 1537.514458][T22292] dvmrp1: left allmulticast mode
[ 1537.592723][T22290] openvswitch: netlink: Port -1 exceeds max allowable 65535
[ 1537.872089][T22285] FAULT_INJECTION: forcing a failure.
[ 1537.872089][T22285] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1537.885340][T22285] CPU: 0 UID: 0 PID: 22285 Comm: syz.6.4265 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1537.896102][T22285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1537.906138][T22285] Call Trace:
[ 1537.909395][T22285]  <TASK>
[ 1537.912305][T22285]  dump_stack_lvl+0x16c/0x1f0
[ 1537.916969][T22285]  should_fail_ex+0x497/0x5b0
[ 1537.921642][T22285]  _copy_from_user+0x2e/0xd0
[ 1537.926228][T22285]  do_sock_getsockopt+0x5f6/0x800
[ 1537.931234][T22285]  ? trace_lock_acquire+0x140/0x1f0
[ 1537.936416][T22285]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1537.941940][T22285]  ? lock_acquire+0x2f/0xb0
[ 1537.946424][T22285]  ? __fget_files+0x40/0x3a0
[ 1537.950990][T22285]  ? __fget_files+0x206/0x3a0
[ 1537.955659][T22285]  __sys_getsockopt+0x12f/0x260
[ 1537.960515][T22285]  __x64_sys_getsockopt+0xbd/0x160
[ 1537.965629][T22285]  ? do_syscall_64+0x91/0x250
[ 1537.970319][T22285]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1537.975513][T22285]  do_syscall_64+0xcd/0x250
[ 1537.980011][T22285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1537.985896][T22285] RIP: 0033:0x7f2b3e985d29
[ 1537.990297][T22285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1538.009890][T22285] RSP: 002b:00007f2b3f7b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1538.018290][T22285] RAX: ffffffffffffffda RBX: 00007f2b3eb76080 RCX: 00007f2b3e985d29
[ 1538.026248][T22285] RDX: 0000000000000002 RSI: 0000000000000118 RDI: 0000000000000007
[ 1538.034205][T22285] RBP: 00007f2b3f7b5090 R08: 0000000020000057 R09: 0000000000000000
[ 1538.042162][T22285] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001
[ 1538.050116][T22285] R13: 0000000000000000 R14: 00007f2b3eb76080 R15: 00007ffca5e38028
[ 1538.058082][T22285]  </TASK>
[ 1538.329884][T22296] FAULT_INJECTION: forcing a failure.
[ 1538.329884][T22296] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1538.343273][T22296] CPU: 0 UID: 0 PID: 22296 Comm: syz.5.4267 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1538.354038][T22296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1538.364094][T22296] Call Trace:
[ 1538.367375][T22296]  <TASK>
[ 1538.370305][T22296]  dump_stack_lvl+0x16c/0x1f0
[ 1538.374993][T22296]  should_fail_ex+0x497/0x5b0
[ 1538.379682][T22296]  _copy_from_iter+0x2a1/0x1560
[ 1538.384547][T22296]  ? trace_lock_acquire+0x14e/0x1f0
[ 1538.389756][T22296]  ? __alloc_skb+0x1fe/0x380
[ 1538.394358][T22296]  ? __pfx__copy_from_iter+0x10/0x10
[ 1538.399650][T22296]  ? __virt_addr_valid+0x1a4/0x590
[ 1538.404774][T22296]  ? __virt_addr_valid+0x5e/0x590
[ 1538.409801][T22296]  ? __phys_addr_symbol+0x30/0x80
[ 1538.414831][T22296]  ? __check_object_size+0x488/0x710
[ 1538.420125][T22296]  netlink_sendmsg+0x813/0xd70
[ 1538.424904][T22296]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1538.430204][T22296]  ____sys_sendmsg+0xaaf/0xc90
[ 1538.434975][T22296]  ? copy_msghdr_from_user+0x10b/0x160
[ 1538.440434][T22296]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1538.445742][T22296]  ___sys_sendmsg+0x135/0x1e0
[ 1538.450424][T22296]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1538.455645][T22296]  ? __fget_files+0x206/0x3a0
[ 1538.460329][T22296]  __sys_sendmsg+0x16e/0x220
[ 1538.464920][T22296]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1538.470050][T22296]  do_syscall_64+0xcd/0x250
[ 1538.474564][T22296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.480466][T22296] RIP: 0033:0x7ffa65785d29
[ 1538.484882][T22296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1538.504488][T22296] RSP: 002b:00007ffa66531038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1538.512904][T22296] RAX: ffffffffffffffda RBX: 00007ffa65976160 RCX: 00007ffa65785d29
[ 1538.520876][T22296] RDX: 0000000000000800 RSI: 0000000020000180 RDI: 0000000000000004
[ 1538.528844][T22296] RBP: 00007ffa66531090 R08: 0000000000000000 R09: 0000000000000000
[ 1538.536807][T22296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1538.544765][T22296] R13: 0000000000000000 R14: 00007ffa65976160 R15: 00007fffb955d0f8
[ 1538.552760][T22296]  </TASK>
[ 1539.181278][T22311] FAULT_INJECTION: forcing a failure.
[ 1539.181278][T22311] name failslab, interval 1, probability 0, space 0, times 0
[ 1539.229596][T22312] 9pnet_fd: Insufficient options for proto=fd
[ 1539.300278][T22311] CPU: 0 UID: 0 PID: 22311 Comm: syz.5.4274 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1539.311038][T22311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1539.321074][T22311] Call Trace:
[ 1539.324345][T22311]  <TASK>
[ 1539.327255][T22311]  dump_stack_lvl+0x16c/0x1f0
[ 1539.331934][T22311]  should_fail_ex+0x497/0x5b0
[ 1539.336630][T22311]  ? fs_reclaim_acquire+0xae/0x150
[ 1539.341752][T22311]  should_failslab+0xc2/0x120
[ 1539.346448][T22311]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 1539.351830][T22311]  ? skb_clone+0x190/0x3f0
[ 1539.356238][T22311]  skb_clone+0x190/0x3f0
[ 1539.360473][T22311]  pfkey_process+0xc7/0x840
[ 1539.364973][T22311]  ? rcu_is_watching+0x12/0xc0
[ 1539.369730][T22311]  ? __pfx_pfkey_process+0x10/0x10
[ 1539.374850][T22311]  ? __virt_addr_valid+0x5e/0x590
[ 1539.379866][T22311]  ? __phys_addr_symbol+0x30/0x80
[ 1539.384884][T22311]  pfkey_sendmsg+0x43b/0x840
[ 1539.389475][T22311]  ____sys_sendmsg+0xaaf/0xc90
[ 1539.394229][T22311]  ? copy_msghdr_from_user+0x10b/0x160
[ 1539.399675][T22311]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1539.404962][T22311]  ___sys_sendmsg+0x135/0x1e0
[ 1539.409628][T22311]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1539.414823][T22311]  ? __pfx_lock_release+0x10/0x10
[ 1539.419835][T22311]  ? trace_lock_acquire+0x14e/0x1f0
[ 1539.425033][T22311]  ? __fget_files+0x206/0x3a0
[ 1539.429707][T22311]  __sys_sendmsg+0x16e/0x220
[ 1539.434282][T22311]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1539.439393][T22311]  do_syscall_64+0xcd/0x250
[ 1539.443896][T22311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.449782][T22311] RIP: 0033:0x7ffa65785d29
[ 1539.454181][T22311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1539.473791][T22311] RSP: 002b:00007ffa66573038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1539.482193][T22311] RAX: ffffffffffffffda RBX: 00007ffa65975fa0 RCX: 00007ffa65785d29
[ 1539.490150][T22311] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[ 1539.498107][T22311] RBP: 00007ffa66573090 R08: 0000000000000000 R09: 0000000000000000
[ 1539.506066][T22311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1539.514023][T22311] R13: 0000000000000000 R14: 00007ffa65975fa0 R15: 00007fffb955d0f8
[ 1539.521990][T22311]  </TASK>
[ 1540.041130][T22326] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4279'.
[ 1541.243685][T22335] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1541.635427][T22345] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1541.987902][T22352] fuse: Unknown parameter 'fd'
[ 1542.272888][T22348] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1542.584523][T22359] fuse: Unknown parameter 'fd'
[ 1543.827498][T22367] 9pnet_fd: Insufficient options for proto=fd
[ 1543.941418][T21052] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1546.660751][T22391] xt_CT: No such helper "syz0"
[ 1547.488414][T22386] ALSA: mixer_oss: invalid OSS volume '000000000000000000110xfffffffff'
[ 1547.496810][T22386] ALSA: mixer_oss: invalid OSS volume ''
[ 1548.729238][   T29] kauditd_printk_skb: 57 callbacks suppressed
[ 1548.735647][   T29] audit: type=1400 audit(1737349500.226:2324): avc:  denied  { recv } for  pid=0 comm="swapper/0" saddr=10.128.0.169 src=38732 daddr=10.128.1.82 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[ 1549.251083][T22420] fuse: Unknown parameter 'fd'
[ 1549.455242][T22421] 9pnet_fd: Insufficient options for proto=fd
[ 1549.764197][ T5822] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[ 1550.512532][ T5822] usb 1-1: Using ep0 maxpacket: 8
[ 1550.526952][ T5822] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[ 1550.591768][ T5822] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1550.665756][ T5822] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1550.789183][ T5822] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[ 1550.802740][ T5822] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1550.811720][ T5822] usb 1-1: Product: syz
[ 1550.817942][ T5822] usb 1-1: Manufacturer: syz
[ 1550.822659][ T5822] usb 1-1: SerialNumber: syz
[ 1550.829117][ T5822] usb 1-1: config 0 descriptor??
[ 1550.843646][ T5822] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input257
[ 1551.860062][T17611] usb 1-1: USB disconnect, device number 39
[ 1553.562331][T17611] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[ 1553.927864][T22457] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4313'.
[ 1554.213438][T17611] usb 7-1: device descriptor read/64, error -71
[ 1554.514555][T22471] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1554.593853][    T8] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1555.015506][T17611] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 1555.068581][    T8] usb 3-1: Using ep0 maxpacket: 16
[ 1555.088157][    T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1555.098527][    T8] usb 3-1: config 0 has no interface number 0
[ 1555.112789][    T8] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1555.165213][T17611] usb 7-1: device descriptor read/64, error -71
[ 1555.171984][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.184100][    T8] usb 3-1: Product: syz
[ 1555.188568][    T8] usb 3-1: Manufacturer: syz
[ 1555.195533][    T8] usb 3-1: SerialNumber: syz
[ 1555.206309][    T8] usb 3-1: config 0 descriptor??
[ 1555.218980][T22479] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1555.222421][    T8] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1555.739902][T17611] usb usb7-port1: attempt power cycle
[ 1555.805484][ T5865] libceph: connect (1)[c::]:6789 error -101
[ 1555.815325][ T5865] libceph: mon0 (1)[c::]:6789 connect error
[ 1556.117342][T22480] ceph: No mds server is up or the cluster is laggy
[ 1556.126392][ T5865] libceph: connect (1)[c::]:6789 error -101
[ 1556.132510][ T5865] libceph: mon0 (1)[c::]:6789 connect error
[ 1557.080189][    T8] gspca_spca1528: reg_w err -110
[ 1557.153121][    T8] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[ 1557.203761][T22462] SELinux: failure in selinux_parse_skb(), unable to parse packet
[ 1557.223258][T22492] fuse: Unknown parameter 'fd'
[ 1557.319088][T22462] SELinux: failure in selinux_parse_skb(), unable to parse packet
[ 1559.110270][T22510] ISOFS: Unable to identify CD-ROM format.
[ 1559.248970][    T9] usb 3-1: USB disconnect, device number 72
[ 1559.295606][T21052] Bluetooth: hci3: command 0x0406 tx timeout
[ 1559.399992][T22516] FAULT_INJECTION: forcing a failure.
[ 1559.399992][T22516] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.434916][T22516] CPU: 0 UID: 0 PID: 22516 Comm: syz.2.4328 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1559.445693][T22516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1559.455752][T22516] Call Trace:
[ 1559.459038][T22516]  <TASK>
[ 1559.461974][T22516]  dump_stack_lvl+0x16c/0x1f0
[ 1559.466667][T22516]  should_fail_ex+0x497/0x5b0
[ 1559.471363][T22516]  should_failslab+0xc2/0x120
[ 1559.476051][T22516]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 1559.481446][T22516]  ? skb_clone+0x190/0x3f0
[ 1559.485879][T22516]  skb_clone+0x190/0x3f0
[ 1559.490130][T22516]  netlink_deliver_tap+0xabd/0xd30
[ 1559.495264][T22516]  netlink_unicast+0x5e1/0x7f0
[ 1559.500044][T22516]  ? __pfx_netlink_unicast+0x10/0x10
[ 1559.505347][T22516]  netlink_sendmsg+0x8b8/0xd70
[ 1559.510129][T22516]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1559.515433][T22516]  ____sys_sendmsg+0xaaf/0xc90
[ 1559.520217][T22516]  ? copy_msghdr_from_user+0x10b/0x160
[ 1559.525681][T22516]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1559.530993][T22516]  ___sys_sendmsg+0x135/0x1e0
[ 1559.535683][T22516]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1559.540903][T22516]  ? __pfx_lock_release+0x10/0x10
[ 1559.545934][T22516]  ? trace_lock_acquire+0x14e/0x1f0
[ 1559.551156][T22516]  ? __fget_files+0x206/0x3a0
[ 1559.555849][T22516]  __sys_sendmsg+0x16e/0x220
[ 1559.560443][T22516]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1559.565574][T22516]  do_syscall_64+0xcd/0x250
[ 1559.570090][T22516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.576003][T22516] RIP: 0033:0x7f8608185d29
[ 1559.580406][T22516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1559.600010][T22516] RSP: 002b:00007f8608fb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1559.608403][T22516] RAX: ffffffffffffffda RBX: 00007f8608375fa0 RCX: 00007f8608185d29
[ 1559.616356][T22516] RDX: 0000000000000080 RSI: 0000000020000440 RDI: 0000000000000003
[ 1559.624318][T22516] RBP: 00007f8608fb1090 R08: 0000000000000000 R09: 0000000000000000
[ 1559.632297][T22516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1559.640273][T22516] R13: 0000000000000000 R14: 00007f8608375fa0 R15: 00007fffcb0330d8
[ 1559.648260][T22516]  </TASK>
[ 1559.725841][T22516] vlan2: entered promiscuous mode
[ 1559.739486][T22516] vlan2: entered allmulticast mode
[ 1559.891922][T22523] 9pnet_fd: Insufficient options for proto=fd
[ 1559.948199][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1560.429564][T22529] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4332'.
[ 1560.549742][T22529] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1560.652170][T22529] vlan3: entered promiscuous mode
[ 1560.657565][T22529] syz_tun: entered promiscuous mode
[ 1560.662993][T22529] vlan3: entered allmulticast mode
[ 1560.668708][T22529] syz_tun: entered allmulticast mode
[ 1560.674082][T22524] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4329'.
[ 1560.687345][T22529] team0: Device vlan3 is up. Set it down before adding it as a team port
[ 1560.728950][T22529] syz_tun: left allmulticast mode
[ 1560.735259][T22529] syz_tun: left promiscuous mode
[ 1560.841428][T16128] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1560.854601][T22541] bond0: entered promiscuous mode
[ 1560.859646][T22541] bond_slave_0: entered promiscuous mode
[ 1560.888227][T22544] FAULT_INJECTION: forcing a failure.
[ 1560.888227][T22544] name failslab, interval 1, probability 0, space 0, times 0
[ 1560.891514][T22541] bond_slave_1: entered promiscuous mode
[ 1560.916752][T22544] CPU: 0 UID: 0 PID: 22544 Comm: syz.6.4337 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1560.927527][T22544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1560.937586][T22544] Call Trace:
[ 1560.940868][T22544]  <TASK>
[ 1560.943801][T22544]  dump_stack_lvl+0x16c/0x1f0
[ 1560.948503][T22544]  should_fail_ex+0x497/0x5b0
[ 1560.953199][T22544]  should_failslab+0xc2/0x120
[ 1560.957886][T22544]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 1560.963267][T22544]  ? skb_clone+0x190/0x3f0
[ 1560.967694][T22544]  skb_clone+0x190/0x3f0
[ 1560.971946][T22544]  netlink_deliver_tap+0xabd/0xd30
[ 1560.977081][T22544]  netlink_unicast+0x5e1/0x7f0
[ 1560.981865][T22544]  ? __pfx_netlink_unicast+0x10/0x10
[ 1560.987175][T22544]  netlink_sendmsg+0x8b8/0xd70
[ 1560.991961][T22544]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1560.997277][T22544]  ____sys_sendmsg+0xaaf/0xc90
[ 1561.001824][T16128] usb 3-1: Using ep0 maxpacket: 32
[ 1561.002043][T22544]  ? copy_msghdr_from_user+0x10b/0x160
[ 1561.012579][T22544]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1561.017869][T22544]  ___sys_sendmsg+0x135/0x1e0
[ 1561.022541][T22544]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1561.027744][T22544]  ? __pfx_lock_release+0x10/0x10
[ 1561.032758][T22544]  ? trace_lock_acquire+0x14e/0x1f0
[ 1561.037958][T22544]  ? __fget_files+0x206/0x3a0
[ 1561.042627][T22544]  __sys_sendmsg+0x16e/0x220
[ 1561.047205][T22544]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1561.052319][T22544]  do_syscall_64+0xcd/0x250
[ 1561.056818][T22544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1561.062702][T22544] RIP: 0033:0x7f2b3e985d29
[ 1561.067123][T22544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1561.086719][T22544] RSP: 002b:00007f2b3f7d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1561.095123][T22544] RAX: ffffffffffffffda RBX: 00007f2b3eb75fa0 RCX: 00007f2b3e985d29
[ 1561.103084][T22544] RDX: 0000000000000080 RSI: 0000000020000440 RDI: 0000000000000003
[ 1561.111043][T22544] RBP: 00007f2b3f7d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1561.119001][T22544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1561.126957][T22544] R13: 0000000000000000 R14: 00007f2b3eb75fa0 R15: 00007ffca5e38028
[ 1561.134925][T22544]  </TASK>
[ 1561.140723][T16128] usb 3-1: config 0 has an invalid descriptor of length 215, skipping remainder of the config
[ 1561.161914][T16128] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 21
[ 1561.182670][T16128] usb 3-1: New USB device found, idVendor=1a06, idProduct=0108, bcdDevice=36.66
[ 1561.182794][T22541] batadv0: entered promiscuous mode
[ 1561.195314][T16128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1561.214669][T16128] usb 3-1: Product: syz
[ 1561.220479][T16128] usb 3-1: Manufacturer: syz
[ 1561.225963][T16128] usb 3-1: SerialNumber: syz
[ 1561.524712][T22541] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1561.543906][T16128] usb 3-1: config 0 descriptor??
[ 1561.570360][T22552] fuse: Unknown parameter 'fd'
[ 1562.763648][T22571] FAULT_INJECTION: forcing a failure.
[ 1562.763648][T22571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1562.778322][T22571] CPU: 1 UID: 0 PID: 22571 Comm: syz.0.4344 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1562.789129][T22571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1562.799187][T22571] Call Trace:
[ 1562.802464][T22571]  <TASK>
[ 1562.805398][T22571]  dump_stack_lvl+0x16c/0x1f0
[ 1562.810094][T22571]  should_fail_ex+0x497/0x5b0
[ 1562.814788][T22571]  _copy_from_iter+0x2a1/0x1560
[ 1562.819660][T22571]  ? trace_lock_acquire+0x14e/0x1f0
[ 1562.824871][T22571]  ? __alloc_skb+0x1fe/0x380
[ 1562.829476][T22571]  ? __pfx__copy_from_iter+0x10/0x10
[ 1562.834773][T22571]  ? __virt_addr_valid+0x1a4/0x590
[ 1562.839899][T22571]  ? __virt_addr_valid+0x5e/0x590
[ 1562.844936][T22571]  ? __phys_addr_symbol+0x30/0x80
[ 1562.849969][T22571]  ? __check_object_size+0x488/0x710
[ 1562.855271][T22571]  netlink_sendmsg+0x813/0xd70
[ 1562.860052][T22571]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1562.865362][T22571]  ____sys_sendmsg+0xaaf/0xc90
[ 1562.870137][T22571]  ? copy_msghdr_from_user+0x10b/0x160
[ 1562.875600][T22571]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1562.880909][T22571]  ___sys_sendmsg+0x135/0x1e0
[ 1562.885591][T22571]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1562.890805][T22571]  ? __pfx_lock_release+0x10/0x10
[ 1562.895830][T22571]  ? trace_lock_acquire+0x14e/0x1f0
[ 1562.901030][T22571]  ? __fget_files+0x206/0x3a0
[ 1562.905700][T22571]  __sys_sendmsg+0x16e/0x220
[ 1562.910276][T22571]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1562.915390][T22571]  do_syscall_64+0xcd/0x250
[ 1562.919891][T22571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.925777][T22571] RIP: 0033:0x7fb95bf85d29
[ 1562.930176][T22571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1562.949772][T22571] RSP: 002b:00007fb95cdb6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1562.958172][T22571] RAX: ffffffffffffffda RBX: 00007fb95c175fa0 RCX: 00007fb95bf85d29
[ 1562.966129][T22571] RDX: 0000000000000800 RSI: 0000000020000180 RDI: 0000000000000003
[ 1562.974085][T22571] RBP: 00007fb95cdb6090 R08: 0000000000000000 R09: 0000000000000000
[ 1562.982040][T22571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1562.990004][T22571] R13: 0000000000000000 R14: 00007fb95c175fa0 R15: 00007ffcb2abaee8
[ 1562.997982][T22571]  </TASK>
[ 1563.375877][T22581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1563.392228][T22581] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1563.476682][T22586] sg_write: data in/out 12362/4 bytes for SCSI command 0x0-- guessing data in;
[ 1563.476682][T22586]    program syz.6.4349 not setting count and/or reply_len properly
[ 1563.613833][T22584] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4348'.
[ 1563.643769][  T900] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1563.728836][T16128] usb 3-1: USB disconnect, device number 73
[ 1563.790348][T22589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1563.813804][  T900] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[ 1563.823716][  T900] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1563.843451][T22589] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1563.855571][  T900] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[ 1563.872480][  T900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1563.884172][T22589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1563.902905][  T900] usb 4-1: Product: syz
[ 1563.914181][  T900] usb 4-1: Manufacturer: syz
[ 1563.923707][T22589] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1563.934479][  T900] usb 4-1: SerialNumber: syz
[ 1563.947855][T22589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1563.975191][T22589] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1563.999614][  T900] usb 4-1: config 0 descriptor??
[ 1564.004931][T22580] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1564.012582][T22580] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1564.542658][  T900] dm9601 4-1:0.0: probe with driver dm9601 failed with error -71
[ 1564.564790][T22601] FAULT_INJECTION: forcing a failure.
[ 1564.564790][T22601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1564.580067][T22601] CPU: 1 UID: 0 PID: 22601 Comm: syz.6.4355 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1564.590815][T22601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1564.600847][T22601] Call Trace:
[ 1564.604104][T22601]  <TASK>
[ 1564.607015][T22601]  dump_stack_lvl+0x16c/0x1f0
[ 1564.611675][T22601]  should_fail_ex+0x497/0x5b0
[ 1564.616337][T22601]  _copy_from_user+0x2e/0xd0
[ 1564.620918][T22601]  tipc_setsockopt+0xa4d/0xdf0
[ 1564.625698][T22601]  ? __pfx_tipc_setsockopt+0x10/0x10
[ 1564.631003][T22601]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1564.636648][T22601]  ? __pfx_tipc_setsockopt+0x10/0x10
[ 1564.641937][T22601]  do_sock_setsockopt+0x222/0x480
[ 1564.646941][T22601]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1564.652469][T22601]  ? lock_acquire+0x2f/0xb0
[ 1564.656964][T22601]  __sys_setsockopt+0x1a0/0x230
[ 1564.661808][T22601]  __x64_sys_setsockopt+0xbd/0x160
[ 1564.666898][T22601]  ? do_syscall_64+0x91/0x250
[ 1564.671569][T22601]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1564.676765][T22601]  do_syscall_64+0xcd/0x250
[ 1564.677243][  T900] usb 4-1: USB disconnect, device number 70
[ 1564.681274][T22601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1564.681304][T22601] RIP: 0033:0x7f2b3e985d29
[ 1564.697488][T22601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1564.717103][T22601] RSP: 002b:00007f2b3f7d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1564.725528][T22601] RAX: ffffffffffffffda RBX: 00007f2b3eb75fa0 RCX: 00007f2b3e985d29
[ 1564.733503][T22601] RDX: 000000000000008a RSI: 000000000000010f RDI: 0000000000000003
[ 1564.741478][T22601] RBP: 00007f2b3f7d6090 R08: 0000000000000010 R09: 0000000000000000
[ 1564.749457][T22601] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[ 1564.757435][T22601] R13: 0000000000000000 R14: 00007f2b3eb75fa0 R15: 00007ffca5e38028
[ 1564.765408][T22601]  </TASK>
[ 1565.628679][T22614] fuse: Unknown parameter 'fd'
[ 1565.683876][T22616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1565.823492][T22616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1565.831919][T16901] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1565.899027][T22621] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1566.416853][T22630] 9pnet_fd: Insufficient options for proto=fd
[ 1566.762276][T22632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1566.772727][T22632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1566.968935][T22634] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1572.092265][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1572.586686][T22675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4375'.
[ 1573.770529][T22686] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1573.777781][T22686] overlayfs: failed to set xattr on upper
[ 1573.783498][T22686] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1573.790366][T22686] overlayfs: ...falling back to index=off.
[ 1573.796164][T22686] overlayfs: ...falling back to uuid=null.
[ 1573.802000][T22686] overlayfs: maximum fs stacking depth exceeded
[ 1573.836732][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[ 1573.853462][   T29] audit: type=1400 audit(1737349523.705:2325): avc:  denied  { mounton } for  pid=22679 comm="syz.6.4380" path="/68/file1/bus" dev="hugetlbfs" ino=84659 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1
[ 1573.988745][   T29] audit: type=1400 audit(1737349523.845:2326): avc:  denied  { shutdown } for  pid=22682 comm="syz.3.4379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1574.260640][T22701] FAULT_INJECTION: forcing a failure.
[ 1574.260640][T22701] name failslab, interval 1, probability 0, space 0, times 0
[ 1574.273373][T22701] CPU: 1 UID: 0 PID: 22701 Comm: syz.2.4381 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1574.284136][T22701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1574.294187][T22701] Call Trace:
[ 1574.297463][T22701]  <TASK>
[ 1574.300394][T22701]  dump_stack_lvl+0x16c/0x1f0
[ 1574.305081][T22701]  should_fail_ex+0x497/0x5b0
[ 1574.309766][T22701]  ? fs_reclaim_acquire+0xae/0x150
[ 1574.314879][T22701]  should_failslab+0xc2/0x120
[ 1574.319571][T22701]  __kmalloc_noprof+0xcb/0x510
[ 1574.324349][T22701]  ? d_absolute_path+0x137/0x1b0
[ 1574.329293][T22701]  ? rcu_is_watching+0x12/0xc0
[ 1574.334069][T22701]  tomoyo_encode2+0x100/0x3e0
[ 1574.338755][T22701]  tomoyo_encode+0x29/0x50
[ 1574.343176][T22701]  tomoyo_realpath_from_path+0x19d/0x720
[ 1574.348821][T22701]  tomoyo_path_number_perm+0x248/0x590
[ 1574.354283][T22701]  ? tomoyo_path_number_perm+0x235/0x590
[ 1574.359918][T22701]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1574.365926][T22701]  ? __pfx_lock_release+0x10/0x10
[ 1574.370955][T22701]  ? trace_lock_acquire+0x14e/0x1f0
[ 1574.376169][T22701]  ? lock_acquire+0x2f/0xb0
[ 1574.380673][T22701]  ? __fget_files+0x40/0x3a0
[ 1574.385273][T22701]  ? __fget_files+0x206/0x3a0
[ 1574.389956][T22701]  security_file_ioctl+0x9b/0x240
[ 1574.394991][T22701]  __x64_sys_ioctl+0xb7/0x200
[ 1574.399684][T22701]  do_syscall_64+0xcd/0x250
[ 1574.404200][T22701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1574.410100][T22701] RIP: 0033:0x7f8608185d29
[ 1574.414517][T22701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1574.434133][T22701] RSP: 002b:00007f8608f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1574.442551][T22701] RAX: ffffffffffffffda RBX: 00007f8608376160 RCX: 00007f8608185d29
[ 1574.450524][T22701] RDX: 0000000020000440 RSI: 0000000000003ba0 RDI: 0000000000000005
[ 1574.458494][T22701] RBP: 00007f8608f6f090 R08: 0000000000000000 R09: 0000000000000000
[ 1574.466470][T22701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1574.474435][T22701] R13: 0000000000000000 R14: 00007f8608376160 R15: 00007fffcb0330d8
[ 1574.482416][T22701]  </TASK>
[ 1574.486566][T22701] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1574.493987][T22701] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1575.568332][T22708] netlink: 'syz.6.4383': attribute type 1 has an invalid length.
[ 1575.723142][T22717] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4387'.
[ 1576.127094][T16511] Bluetooth: hci2: unexpected event for opcode 0x1001
[ 1576.138336][   T29] audit: type=1400 audit(1737349525.922:2327): avc:  denied  { write } for  pid=22715 comm="syz.2.4386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1576.746785][T22738] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4393'.
[ 1576.829464][T22743] netlink: 'syz.3.4396': attribute type 1 has an invalid length.
[ 1576.934317][T22747] batman_adv: batadv0: Adding interface: dummy0
[ 1576.944964][T22747] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1576.982051][T22747] batman_adv: batadv0: Interface activated: dummy0
[ 1577.094927][  T900] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1577.302527][  T900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[ 1577.860892][T22743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4396'.
[ 1577.892938][T22743] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4396'.
[ 1577.905211][T22743] vlan2: entered allmulticast mode
[ 1577.958460][  T900] usb 3-1: New USB device found, idVendor=413c, idProduct=8186, bcdDevice=a0.a2
[ 1577.967521][  T900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1577.979194][  T900] usb 3-1: Product: syz
[ 1577.985174][  T900] usb 3-1: Manufacturer: syz
[ 1577.993912][  T900] usb 3-1: SerialNumber: syz
[ 1578.010839][  T900] usb 3-1: config 0 descriptor??
[ 1578.036596][  T900] qmi_wwan 3-1:0.0: probe with driver qmi_wwan failed with error -22
[ 1578.246145][    T9] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[ 1578.259661][T20277] usb 3-1: USB disconnect, device number 74
[ 1578.923676][    T9] usb 7-1: Using ep0 maxpacket: 32
[ 1578.979887][T22759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1578.991359][T22759] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1579.098910][T22777] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4403'.
[ 1579.257428][T22786] IPVS: sync thread started: state = MASTER, mcast_ifn = macvlan1, syncid = -1, id = 0
[ 1579.526264][T22792] IPVS: sync thread started: state = MASTER, mcast_ifn = macvlan1, syncid = -1, id = 0
[ 1579.581365][T16511] Bluetooth: hci5: unexpected event for opcode 0x1001
[ 1580.052874][T16128] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1580.234795][T16128] usb 3-1: Using ep0 maxpacket: 32
[ 1580.249945][T16128] usb 3-1: too many endpoints for config 1 interface 0 altsetting 5: 253, using maximum allowed: 30
[ 1580.268913][T16128] usb 3-1: config 1 interface 0 altsetting 5 bulk endpoint 0x1 has invalid maxpacket 32
[ 1580.328751][T16128] usb 3-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1580.347168][T16128] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1580.357068][T16128] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1580.366573][T16128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1580.375868][T16128] usb 3-1: Product: syz
[ 1580.380088][T16128] usb 3-1: Manufacturer: syz
[ 1580.384765][T16128] usb 3-1: SerialNumber: syz
[ 1580.391574][T22797] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1580.430182][T22808] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1581.142865][T20277] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 1581.341311][T20277] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1581.371394][T20277] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1581.388818][T20277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1581.401338][T20277] usb 1-1: config 0 descriptor??
[ 1581.553800][T22817] FAULT_INJECTION: forcing a failure.
[ 1581.553800][T22817] name failslab, interval 1, probability 0, space 0, times 0
[ 1581.647357][T22817] CPU: 1 UID: 0 PID: 22817 Comm: syz.3.4416 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1581.658548][T22817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1581.668602][T22817] Call Trace:
[ 1581.671867][T22817]  <TASK>
[ 1581.674781][T22817]  dump_stack_lvl+0x16c/0x1f0
[ 1581.679466][T22817]  should_fail_ex+0x497/0x5b0
[ 1581.684132][T22817]  ? fs_reclaim_acquire+0xae/0x150
[ 1581.689226][T22817]  should_failslab+0xc2/0x120
[ 1581.693888][T22817]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 1581.699268][T22817]  ? lock_acquire+0x2f/0xb0
[ 1581.703773][T22817]  ? __might_fault+0xe3/0x190
[ 1581.708456][T22817]  ? getname_flags.part.0+0x4c/0x550
[ 1581.713733][T22817]  ? __might_fault+0xe3/0x190
[ 1581.718391][T22817]  getname_flags.part.0+0x4c/0x550
[ 1581.723487][T22817]  getname_flags+0x93/0xf0
[ 1581.727897][T22817]  user_path_at+0x24/0x60
[ 1581.732223][T22817]  __x64_sys_mount+0x1fc/0x320
[ 1581.736983][T22817]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1581.742271][T22817]  do_syscall_64+0xcd/0x250
[ 1581.746777][T22817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.752673][T22817] RIP: 0033:0x7f62b0185d29
[ 1581.757083][T22817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1581.776671][T22817] RSP: 002b:00007f62b1002038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1581.785069][T22817] RAX: ffffffffffffffda RBX: 00007f62b0375fa0 RCX: 00007f62b0185d29
[ 1581.793039][T22817] RDX: 00000000200003c0 RSI: 0000000020000380 RDI: 0000000020000340
[ 1581.801008][T22817] RBP: 00007f62b1002090 R08: 0000000000000000 R09: 0000000000000000
[ 1581.808968][T22817] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[ 1581.816932][T22817] R13: 0000000000000001 R14: 00007f62b0375fa0 R15: 00007ffd73827568
[ 1581.824901][T22817]  </TASK>
[ 1581.903230][T20277] keytouch 0003:0926:3333.0035: fixing up Keytouch IEC report descriptor
[ 1581.948054][T20277] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0035/input/input259
[ 1582.119433][T20277] keytouch 0003:0926:3333.0035: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[ 1582.310354][T22824] FAULT_INJECTION: forcing a failure.
[ 1582.310354][T22824] name failslab, interval 1, probability 0, space 0, times 0
[ 1582.323303][T22824] CPU: 0 UID: 0 PID: 22824 Comm: syz.3.4417 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1582.323332][T22824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1582.323343][T22824] Call Trace:
[ 1582.323351][T22824]  <TASK>
[ 1582.323359][T22824]  dump_stack_lvl+0x16c/0x1f0
[ 1582.323387][T22824]  should_fail_ex+0x497/0x5b0
[ 1582.323416][T22824]  should_failslab+0xc2/0x120
[ 1582.323434][T22824]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 1582.323448][T22824]  ? skb_clone+0x190/0x3f0
[ 1582.323465][T22824]  skb_clone+0x190/0x3f0
[ 1582.323486][T22824]  netlink_deliver_tap+0xabd/0xd30
[ 1582.323516][T22824]  netlink_unicast+0x5e1/0x7f0
[ 1582.323543][T22824]  ? __pfx_netlink_unicast+0x10/0x10
[ 1582.323562][T22824]  ? security_netlink_send+0x99/0x210
[ 1582.323576][T22824]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1582.323592][T22824]  netlink_sendmsg+0x8b8/0xd70
[ 1582.323613][T22824]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.323647][T22824]  ____sys_sendmsg+0xaaf/0xc90
[ 1582.323670][T22824]  ? copy_msghdr_from_user+0x10b/0x160
[ 1582.323688][T22824]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1582.323713][T22824]  ___sys_sendmsg+0x135/0x1e0
[ 1582.323725][T22824]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1582.323741][T22824]  ? __pfx_lock_release+0x10/0x10
[ 1582.323753][T22824]  ? trace_lock_acquire+0x14e/0x1f0
[ 1582.323788][T22824]  ? __fget_files+0x206/0x3a0
[ 1582.323814][T22824]  __sys_sendmsg+0x16e/0x220
[ 1582.323833][T22824]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1582.323861][T22824]  do_syscall_64+0xcd/0x250
[ 1582.323877][T22824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.323893][T22824] RIP: 0033:0x7f62b0185d29
[ 1582.323902][T22824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1582.323931][T22824] RSP: 002b:00007f62b0fe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1582.323951][T22824] RAX: ffffffffffffffda RBX: 00007f62b0376080 RCX: 00007f62b0185d29
[ 1582.323963][T22824] RDX: 00000000000400c0 RSI: 00000000200001c0 RDI: 0000000000000006
[ 1582.323975][T22824] RBP: 00007f62b0fe1090 R08: 0000000000000000 R09: 0000000000000000
[ 1582.323986][T22824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1582.323997][T22824] R13: 0000000000000000 R14: 00007f62b0376080 R15: 00007ffd73827568
[ 1582.324010][T22824]  </TASK>
[ 1582.324072][T22824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4417'.
[ 1582.324218][T22824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4417'.
[ 1582.802066][ T5865] usb 1-1: USB disconnect, device number 40
[ 1583.128846][T16128] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 75 if 0 alt 5 proto 1 vid 0x0525 pid 0xA4A8
[ 1583.137217][T16128] usb 3-1: USB disconnect, device number 75
[ 1583.138719][T16128] usblp0: removed
[ 1583.163902][T22829] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4420'.
[ 1583.347128][    T9] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1583.347865][    T9] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1583.347896][    T9] usb 7-1: can't read configurations, error -71
[ 1584.121208][    T9] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[ 1584.130473][T22846] xt_CT: No such helper "syz0"
[ 1584.187640][T22826] tty tty26: ldisc open failed (-12), clearing slot 25
[ 1584.321173][   T29] audit: type=1400 audit(1737349533.573:2328): avc:  denied  { getopt } for  pid=22854 comm="syz.0.4426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1584.464956][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1584.482581][    T9] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1584.532505][   T29] audit: type=1400 audit(1737349533.695:2329): avc:  denied  { read } for  pid=22854 comm="syz.0.4426" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1584.953294][   T29] audit: type=1400 audit(1737349533.733:2330): avc:  denied  { setopt } for  pid=22863 comm="syz.3.4428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1584.965120][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1585.004373][    T9] usb 7-1: config 0 descriptor??
[ 1585.106359][T22864] ipvlan2: entered allmulticast mode
[ 1585.121853][T22864] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[ 1585.151360][T22864] batman_adv: batadv0: Adding interface: ipvlan2
[ 1585.171718][T22864] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1585.202086][T22864] batman_adv: batadv0: Interface activated: ipvlan2
[ 1585.977838][    T9] keytouch 0003:0926:3333.0036: fixing up Keytouch IEC report descriptor
[ 1585.988953][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0926:3333.0036/input/input260
[ 1586.054462][T22879] CIFS: VFS: Malformed UNC in devname
[ 1586.146263][    T9] keytouch 0003:0926:3333.0036: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0
[ 1586.314093][    T8] 
[ 1586.314101][    T8] ======================================================
[ 1586.314108][    T8] WARNING: possible circular locking dependency detected
[ 1586.314115][    T8] 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 Not tainted
[ 1586.314126][    T8] ------------------------------------------------------
[ 1586.314132][    T8] kworker/0:0/8 is trying to acquire lock:
[ 1586.314142][    T8] ffff88801b0990b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x72/0x310
[ 1586.314185][    T8] 
[ 1586.314185][    T8] but task is already holding lock:
[ 1586.314191][    T8] ffffffff8e1a9040 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x310
[ 1586.314233][    T8] 
[ 1586.314233][    T8] which lock already depends on the new lock.
[ 1586.314233][    T8] 
[ 1586.314239][    T8] 
[ 1586.314239][    T8] the existing dependency chain (in reverse order) is:
[ 1586.314245][    T8] 
[ 1586.314245][    T8] -> #2 (console_lock){+.+.}-{0:0}:
[ 1586.314269][    T8]        console_lock+0x7a/0xa0
[ 1586.314291][    T8]        con_flush_chars+0x5e/0x80
[ 1586.314315][    T8]        n_tty_write+0xe17/0x1140
[ 1586.314335][    T8]        file_tty_write.constprop.0+0x506/0x9a0
[ 1586.314352][    T8]        vfs_write+0x5ae/0x1150
[ 1586.314368][    T8]        ksys_write+0x12b/0x250
[ 1586.314384][    T8]        do_syscall_64+0xcd/0x250
[ 1586.314407][    T8]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1586.314431][    T8] 
[ 1586.314431][    T8] -> #1 (&tty->termios_rwsem){++++}-{4:4}:
[ 1586.314454][    T8]        down_write+0x93/0x200
[ 1586.314477][    T8]        n_tty_flush_buffer+0x25/0x1b0
[ 1586.314496][    T8]        tty_buffer_flush+0x236/0x310
[ 1586.314510][    T8]        tty_ldisc_flush+0x64/0xe0
[ 1586.314532][    T8]        tty_port_close_start+0x337/0x540
[ 1586.314550][    T8]        tty_port_close+0x26/0x160
[ 1586.314567][    T8]        uart_close+0x7b/0x220
[ 1586.314589][    T8]        tty_release+0x3a8/0x1410
[ 1586.314604][    T8]        __fput+0x3f8/0xb60
[ 1586.314624][    T8]        task_work_run+0x14e/0x250
[ 1586.314641][    T8]        syscall_exit_to_user_mode+0x27b/0x2a0
[ 1586.314663][    T8]        do_syscall_64+0xda/0x250
[ 1586.314685][    T8]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1586.314708][    T8] 
[ 1586.314708][    T8] -> #0 (&buf->lock){+.+.}-{4:4}:
[ 1586.314732][    T8]        __lock_acquire+0x249e/0x3c40
[ 1586.314750][    T8]        lock_acquire.part.0+0x11b/0x380
[ 1586.314768][    T8]        __mutex_lock+0x19b/0xa60
[ 1586.314790][    T8]        tty_buffer_flush+0x72/0x310
[ 1586.314806][    T8]        tty_ldisc_flush+0x64/0xe0
[ 1586.314827][    T8]        __do_SAK+0x6a1/0x800
[ 1586.314843][    T8]        vc_SAK+0x7f/0x310
[ 1586.314868][    T8]        process_one_work+0x9c5/0x1ba0
[ 1586.314886][    T8]        worker_thread+0x6c8/0xf00
[ 1586.314903][    T8]        kthread+0x2c1/0x3a0
[ 1586.314923][    T8]        ret_from_fork+0x45/0x80
[ 1586.314940][    T8]        ret_from_fork_asm+0x1a/0x30
[ 1586.314963][    T8] 
[ 1586.314963][    T8] other info that might help us debug this:
[ 1586.314963][    T8] 
[ 1586.314968][    T8] Chain exists of:
[ 1586.314968][    T8]   &buf->lock --> &tty->termios_rwsem --> console_lock
[ 1586.314968][    T8] 
[ 1586.314994][    T8]  Possible unsafe locking scenario:
[ 1586.314994][    T8] 
[ 1586.314998][    T8]        CPU0                    CPU1
[ 1586.315003][    T8]        ----                    ----
[ 1586.315008][    T8]   lock(console_lock);
[ 1586.315019][    T8]                                lock(&tty->termios_rwsem);
[ 1586.315031][    T8]                                lock(console_lock);
[ 1586.315043][    T8]   lock(&buf->lock);
[ 1586.315054][    T8] 
[ 1586.315054][    T8]  *** DEADLOCK ***
[ 1586.315054][    T8] 
[ 1586.315059][    T8] 4 locks held by kworker/0:0/8:
[ 1586.315070][    T8]  #0: ffff88801b078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[ 1586.315114][    T8]  #1: ffffc900000d7d80 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[ 1586.315157][    T8]  #2: ffffffff8e1a9040 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x310
[ 1586.315200][    T8]  #3: ffff88804830d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x1c/0xe0
[ 1586.315245][    T8] 
[ 1586.315245][    T8] stack backtrace:
[ 1586.315251][    T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[ 1586.315271][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1586.315283][    T8] Workqueue: events vc_SAK
[ 1586.315303][    T8] Call Trace:
[ 1586.315310][    T8]  <TASK>
[ 1586.315317][    T8]  dump_stack_lvl+0x116/0x1f0
[ 1586.315342][    T8]  print_circular_bug+0x419/0x5d0
[ 1586.315362][    T8]  check_noncircular+0x31a/0x400
[ 1586.315380][    T8]  ? __pfx_check_noncircular+0x10/0x10
[ 1586.315399][    T8]  ? lockdep_lock+0xc6/0x200
[ 1586.315423][    T8]  ? __pfx_lockdep_lock+0x10/0x10
[ 1586.315450][    T8]  __lock_acquire+0x249e/0x3c40
[ 1586.315473][    T8]  ? __pfx___lock_acquire+0x10/0x10
[ 1586.315495][    T8]  lock_acquire.part.0+0x11b/0x380
[ 1586.315514][    T8]  ? tty_buffer_flush+0x72/0x310
[ 1586.315531][    T8]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1586.315551][    T8]  ? rcu_is_watching+0x12/0xc0
[ 1586.315575][    T8]  ? trace_lock_acquire+0x14e/0x1f0
[ 1586.315599][    T8]  ? __pfx___lock_acquire+0x10/0x10
[ 1586.315618][    T8]  ? tty_buffer_flush+0x72/0x310
[ 1586.315635][    T8]  ? lock_acquire+0x2f/0xb0
[ 1586.315653][    T8]  ? tty_buffer_flush+0x72/0x310
[ 1586.315671][    T8]  __mutex_lock+0x19b/0xa60
[ 1586.315695][    T8]  ? tty_buffer_flush+0x72/0x310
[ 1586.315713][    T8]  ? tty_buffer_flush+0x72/0x310
[ 1586.315729][    T8]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1586.315762][    T8]  ? __pfx___mutex_lock+0x10/0x10
[ 1586.315784][    T8]  ? trace_lock_acquire+0x14e/0x1f0
[ 1586.315809][    T8]  ? lock_acquire.part.0+0x11b/0x380
[ 1586.315827][    T8]  ? tty_ldisc_flush+0x1c/0xe0
[ 1586.315853][    T8]  ? ldsem_down_read_trylock+0x11b/0x180
[ 1586.315883][    T8]  ? tty_buffer_flush+0x72/0x310
[ 1586.315898][    T8]  tty_buffer_flush+0x72/0x310
[ 1586.315916][    T8]  tty_ldisc_flush+0x64/0xe0
[ 1586.315940][    T8]  __do_SAK+0x6a1/0x800
[ 1586.315958][    T8]  ? lock_acquire+0x2f/0xb0
[ 1586.315974][    T8]  ? vc_SAK+0x13/0x310
[ 1586.315997][    T8]  vc_SAK+0x7f/0x310
[ 1586.316015][    T8]  process_one_work+0x9c5/0x1ba0
[ 1586.316028][    T8]  ? __pfx_console_callback+0x10/0x10
[ 1586.316039][    T8]  ? __pfx_process_one_work+0x10/0x10
[ 1586.316050][    T8]  ? rcu_is_watching+0x12/0xc0
[ 1586.316065][    T8]  ? assign_work+0x1a0/0x250
[ 1586.316076][    T8]  worker_thread+0x6c8/0xf00
[ 1586.316089][    T8]  ? __pfx_worker_thread+0x10/0x10
[ 1586.316100][    T8]  kthread+0x2c1/0x3a0
[ 1586.316115][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1586.316127][    T8]  ? __pfx_kthread+0x10/0x10
[ 1586.316140][    T8]  ret_from_fork+0x45/0x80
[ 1586.316151][    T8]  ? __pfx_kthread+0x10/0x10
[ 1586.316164][    T8]  ret_from_fork_asm+0x1a/0x30
[ 1586.316181][    T8]  </TASK>
[ 1586.317815][    T8] tty tty1: SAK: killed process 20162 (syz.5.3712): by fd#9
[ 1586.344260][T22889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1586.367624][T22891] binder: BINDER_SET_CONTEXT_MGR already set
[ 1586.374542][ T5865] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1586.666183][T22889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1586.667938][T22891] binder: 22890:22891 ioctl 40046207 0 returned -16
[ 1587.034545][T16128] usb 7-1: USB disconnect, device number 55
[ 1587.052811][T20277] usb 6-1: USB disconnect, device number 58
[ 1587.193651][ T5865] usb 3-1: Using ep0 maxpacket: 16
[ 1587.201347][ T5865] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1587.210391][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1587.218816][ T5865] usb 3-1: Product: syz
[ 1587.222953][ T5865] usb 3-1: Manufacturer: syz
[ 1587.227547][ T5865] usb 3-1: SerialNumber: syz
[ 1587.232734][ T5865] usb 3-1: config 0 descriptor??
[ 1587.455381][  T900] usb 3-1: USB disconnect, device number 76