last executing test programs:

3m0.349573767s ago: executing program 0 (id=490):
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000300))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdfe, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x32, 0xfffffffffffffffe]})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201000001000010ac0544020000000000010902240001000000000904000000030002"], 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r8, &(0x7f0000000080)={'syz0\x00', {0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf549, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8334, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x45c)
ioctl$UI_SET_PROPBIT(r8, 0x5501, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000240)={0x4, {{0x2, 0x4e20, @multicast1}}}, 0x88)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b8970000000f23c80f21f866350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0c66b83ac80000666fda6509", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r3, 0x80811501, &(0x7f0000000500)={0x80})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2m58.124607707s ago: executing program 0 (id=495):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000ac0)={0x4, &(0x7f0000000140)=[{0x48, 0x40, 0xfd}, {0x23, 0x1, 0xfc, 0xfff7f010}, {0x16, 0x7, 0x2, 0x8}, {0xb, 0x80, 0x4, 0xe}]}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x4000331e, 0x0, 0x0, &(0x7f0000000440))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, 0x0, 0x0, 0x4)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0xa00, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x12)
pipe(0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xc, &(0x7f0000000040)={0xe, 0x9}, 0x0)
syz_emit_ethernet(0x7f, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000000)=0x6, 0x4)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
times(&(0x7f00000001c0))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)=ANY=[], 0x14}], 0x1}, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)

2m53.031504489s ago: executing program 0 (id=506):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000004060102000000000000000001000009ba276aff3f0500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)

2m52.534104792s ago: executing program 0 (id=507):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hpfs\x00', 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1, 0x2}, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000380)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x42, 0x3}, 0x7}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20048000}, 0x44840)
socket$packet(0x11, 0x2, 0x300)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000089a12f1c9500000000000000"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

2m50.333998841s ago: executing program 0 (id=510):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000000)={0xa, 0x1f1b, 0x9, 0x9, 0x7ff})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r1)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r2=>r0, {0x2}}, './file0\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000100)={{0xe, 0x9}, {0x37, 0x5}, 0x7, 0x2, 0x1})
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x8)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x100, 0x2})
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x9)
r3 = semget(0x2, 0x0, 0xc0)
semop(r3, &(0x7f00000001c0)=[{0x2, 0xfb09, 0x1000}, {0x2, 0x8, 0x800}, {0x2, 0x3, 0x800}, {0x3, 0x8000, 0xc00}, {0x3, 0x6, 0x1000}, {0x1, 0xfff8, 0x1000}, {0x3, 0x4}, {0x4, 0x2, 0x1800}, {0x3, 0x0, 0x1800}, {0x4, 0x2, 0x400}], 0xa)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1)
ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f0000000200)={0x68, "ebee8157c612cba74441ad1b8932bcb547eff7e6d197c90f2624499ae7dd63f7abe6ace4e5978bf22ccfdee7eee655ddb500c574f154698350c256f5f65c838c91b10148cbd656bb996408f62196a9fb6a590ef3627f039f4ac4648cf9132c9c3c5db3cb4129ad7727ceee19d47c45de5f7203f36bdeef79e91daa456296821d"})
socket$kcm(0x29, 0x7, 0x0)
sendmsg$rds(r2, &(0x7f0000000700)={&(0x7f00000002c0)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000300)=""/180, 0xb4}, {&(0x7f00000003c0)=""/70, 0x46}, {&(0x7f0000000440)=""/149, 0x95}, {&(0x7f0000000500)=""/218, 0xda}, {&(0x7f0000000600)=""/108, 0x6c}], 0x5, 0x0, 0x0, 0x40}, 0x24000801)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000740)=0x2, 0x4)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000940)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x420000}, 0xc, &(0x7f0000000900)={&(0x7f00000007c0)={0x120, 0x0, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x23}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7fff}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, '\x00', 0xb}}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x120}, 0x1, 0x0, 0x0, 0x40004000}, 0x4080)
r4 = syz_io_uring_setup(0x4586, &(0x7f0000000980)={0x0, 0x8738, 0x1280, 0x3, 0xaa, 0x0, r1}, &(0x7f0000000a00), &(0x7f0000000a40))
io_uring_enter(r4, 0x2126, 0xc84b, 0x13, &(0x7f0000000a80)={[0x3]}, 0x8)
sendmsg$sock(r0, &(0x7f0000000c40)={&(0x7f0000000ac0)=@un=@file={0x1, './file0\x00'}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000b40)="b407a8ba854cf6e4f343ee59115c6545b4c732ca6a545be51a0e2be5b439ce5241cfe40e77d52efb7fd05ce48e50ffa91e196bda8efda760da9d38ec4c7b8d4c7b59d5a7bcf7adbfc6c5a8feb9d9292ffd218a1f500470f546e1a7a668357f2100336b1497", 0x65}, {&(0x7f0000000bc0)="47db0b2d6f6b9fabf4b4f92c28759b877f35bd27", 0x14}], 0x2}, 0x24000055)

2m46.089862701s ago: executing program 0 (id=517):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_clone3(&(0x7f0000000700)={0x4000000, &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000500), {0x17}, &(0x7f0000000540)=""/239, 0xef, &(0x7f0000000640)=""/90, &(0x7f00000006c0)=[0x0, 0xffffffffffffffff, 0x0], 0x3}, 0x58)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f0000000840)={r6, 0x0, 0x0}, 0x10)

2m30.951852112s ago: executing program 32 (id=517):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_clone3(&(0x7f0000000700)={0x4000000, &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000500), {0x17}, &(0x7f0000000540)=""/239, 0xef, &(0x7f0000000640)=""/90, &(0x7f00000006c0)=[0x0, 0xffffffffffffffff, 0x0], 0x3}, 0x58)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f0000000840)={r6, 0x0, 0x0}, 0x10)

2m13.478154108s ago: executing program 3 (id=551):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000000640)=""/102400, 0x19000)
stat(0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000019640), &(0x7f00000003c0)='./file0\x00', 0x400, 0x2000, 0x1})
io_uring_enter(r2, 0x47f9, 0x104000, 0x0, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0xfffffffffffffee3, 0x1, 0x0)

2m8.483860885s ago: executing program 3 (id=554):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = fsopen(&(0x7f0000000000)='reiserfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000100)='iocharset', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m6.423779033s ago: executing program 4 (id=558):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
creat(&(0x7f0000000440)='./file0\x00', 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x8008)

2m5.300530981s ago: executing program 3 (id=559):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4080)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000b60000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x18)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})

1m57.646263343s ago: executing program 3 (id=561):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x722)
mkdir(0x0, 0x6a)
setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, 0x0, 0x0)
ioperm(0x0, 0x6, 0x7)
ioperm(0xd, 0x7, 0x7)
io_destroy(0x0)
lsetxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v2={0x5, 0x2, 0x2, 0xfffffffb, 0x5e, "52091324938d66096e657c3a81d5a08bf5f8a9197792b60daa3221ae68c426674c5f356b768f8abe9d87d86191290fbf926d016da17de7fd66d1ca3f9e234641e99367408e17c84c43ff64e2079b48353ce2378d837adee8f3e2d50c521d"}, 0x67, 0x1)
r1 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
r3 = syz_open_dev$dri(0x0, 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
process_vm_readv(r4, &(0x7f0000000280)=[{&(0x7f0000000100)=""/227, 0xe3}, {&(0x7f0000000200)=""/71, 0x47}], 0x2, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/150, 0x96}], 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m56.685597776s ago: executing program 5 (id=526):
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304}, "5d4b42fac245ae74", "21cb70af1a8d3978b3ad1a2c6ede97acca25f6a9000bab0d716e9ebdee04ab7e", "b65dab43", "9a2c4361134d8abe"}, 0x38)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r3=>0x0})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x6f, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0xa00, 0x4e20, 0x4d, 0x0, @opaque="0c545a649d7e76006776d7810722ab898b4afd47619fade962922c32ee3e150e3a76924e3af561d8917c80a425b34ffb1976ef5c116725febe99985bf47f1b6202e3ee31ee"}}}}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000900000000000500200001000000050028"], 0x7c}}, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x90, 0x90, 0x4, [@func={0x6, 0x0, 0x0, 0xc, 0x5}, @union={0x0, 0x2, 0x0, 0x5, 0x1, 0x1cde0, [{0x5, 0x4, 0x6}, {0xf, 0x3, 0x1}]}, @type_tag={0x1, 0x0, 0x0, 0x12, 0x2}, @restrict={0xe, 0x0, 0x0, 0xb, 0x3}, @decl_tag={0xf, 0x0, 0x0, 0x11, 0x3, 0x2}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x8}, {0x7, 0x3}, {0xe, 0x5}, {0xc}]}, @func={0x6, 0x0, 0x0, 0xc, 0x3}]}, {0x0, [0x30, 0x30]}}, &(0x7f0000000380)=""/122, 0xac, 0x7a, 0x1, 0x5c, 0x10000, @value}, 0x28)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001000)={0x11, 0x23, &(0x7f0000000d40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@jmp={0x5, 0x1, 0xb, 0x3, 0x0, 0xffffffffffffffe0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_val={0x18, 0xb, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1569, 0x0, 0x0, 0x0, 0x4}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000e80)='syzkaller\x00', 0xffff, 0x9, &(0x7f0000000ec0)=""/9, 0x40f00, 0xd, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000f00)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000f40)={0x1, 0x4, 0xb3, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000f80)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f0000000fc0)=[{0x4, 0x4, 0x4, 0x9}], 0x10, 0x5, @void, @value}, 0x94)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001100)=@generic={&(0x7f00000010c0)='./file0\x00'}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000011c0)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000001140), &(0x7f0000001180)}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000900)=@bpf_ext={0x1c, 0x20, &(0x7f0000000480)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0xb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x800}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ldst={0x2, 0x2, 0x5, 0x1, 0xa, 0xfffffffffffffff8}, @map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @exit, @call={0x85, 0x0, 0x0, 0xb}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x3}], &(0x7f00000006c0)='syzkaller\x00', 0x8001, 0x14, &(0x7f0000000700)=""/20, 0x40f00, 0x44, '\x00', 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x3, 0x4, 0x4, 0x1ff}, 0x10, 0x190cd, r7, 0x7, &(0x7f0000000740)=[r9, r9, r9, r8, r1, r9, r1, r1, 0xffffffffffffffff, r1], &(0x7f0000000880)=[{0x1, 0x4, 0x7, 0xc}, {0x3, 0x1, 0xd, 0x3}, {0x0, 0x1, 0x6, 0xa}, {0x5, 0x2, 0xc, 0xc}, {0x1, 0x5, 0x6, 0x9}, {0x0, 0x5, 0x7, 0xb}, {0x3, 0x2, 0x9, 0x4}], 0x10, 0x5, @void, @value}, 0x94)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x13b0, &(0x7f0000000100)=ANY=[])

1m56.176696013s ago: executing program 4 (id=563):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000800))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x80000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x110a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000001800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x18, &(0x7f00000009c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x3, 0x19}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x2b}}, &(0x7f0000000280)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
futex(&(0x7f000000cffc), 0x5, 0x300, 0x0, &(0x7f0000000000), 0x0)

1m55.378184684s ago: executing program 3 (id=564):
r0 = socket$kcm(0x11, 0x3, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1c, 0x1e, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@ldst={0x3, 0x0, 0x0, 0x2, 0x7, 0x18, 0x4}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @map_fd={0x18, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x8}, @call={0x85, 0x0, 0x0, 0x55}, @ldst={0x0, 0x3, 0x3, 0x5a9085d965024fde, 0x4, 0x18, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0xfffffffc, 0xfb, &(0x7f0000000300)=""/251, 0x41000, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x4, 0x4, 0x5, 0x4}, 0x10, 0x21880, 0xffffffffffffffff, 0xa, &(0x7f0000000400)=[0xffffffffffffffff, 0x1, r0, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000440)=[{0x2, 0x4, 0x8, 0x687a7970e4f78b9a}, {0x2, 0x1, 0x7, 0xe}, {0x5, 0x5, 0x5, 0x3}, {0x3, 0x5, 0x7, 0xa}, {0x4, 0x4, 0x2, 0x8}, {0x2, 0x2, 0xf, 0x8}, {0x4, 0x3, 0x2, 0xb}, {0x1, 0x3, 0xe}, {0x3, 0x5, 0x5, 0x2}, {0x2, 0x5, 0xe, 0xc}], 0x10, 0xa06, @void, @value}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x1}, 0x8)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
listen(r3, 0x9ce2)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000180)={{0x0, 0x2}})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})

1m55.341327068s ago: executing program 4 (id=565):
r0 = syz_open_dev$video4linux(&(0x7f0000000240), 0x5, 0x40000)
ioctl$VIDIOC_ENUMOUTPUT(r0, 0xc0485630, &(0x7f0000000000)={0x8, "00886d58f6cb2b9ce81779a019900721f452ae9b8aef3ce86969318517ab1184", 0x2, 0x55, 0xb765, 0x20000, 0x2})
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0)
syz_usb_control_io(r1, &(0x7f0000002000)={0x2c, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00030e0000000e03"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x39, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x8, 0x40, 0x7, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x3, 0x6, {0x9, 0x21, 0x4, 0x7c, 0x1, {0x22, 0xa60}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x8, 0xe, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x7, 0x80, 0x6}}]}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0x5, 0x9, 0x7f, 0x10, 0x1}, 0xb4, &(0x7f0000000140)={0x5, 0xf, 0xb4, 0x5, [@ssp_cap={0x10, 0x10, 0xa, 0x3, 0x1, 0x0, 0xff00, 0xff35, [0x3f]}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x4, 0x2, 0xe5dc}, @generic={0x81, 0x10, 0xe, "109e80b468d5ae09ebeb550effea49bf611b0c5193194ce484304a1b4f27a8c93bf68b9d9f16ce99071f88d2267ce3516b25a6184b55d44defb13b85df7abf6e6e26dc3c0b38082fee6e252eff42a3c4768b8acd10ba11632f01a3f5f73f12e91e14a6fce0e580f37d17ec7b0b0051db1aca31b223036cc901c8c21ab154"}, @ss_container_id={0x14, 0x10, 0x4, 0x7a, "9ed6ec1a6f84c20b147edb5ba10f58ee"}]}, 0x3, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x449}}]})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000004540)={&(0x7f0000004440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x28)

1m52.288642018s ago: executing program 5 (id=570):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r4, 0x3b88, &(0x7f00000002c0)={0xc, r5})
ioctl$IOMMU_VFIO_SET_IOMMU(r4, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r4, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"])
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r6, &(0x7f0000000180)={0x1a, 0x324, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r6, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000002c0)=""/59, 0x3b}], 0x1}}], 0x1, 0x2, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f00000000c0), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r7, 0x0)
fcntl$lock(r7, 0x26, 0x0)

1m48.914339426s ago: executing program 4 (id=571):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000140)='^', 0x1, 0x20004811, &(0x7f00000000c0)={0xa, 0xa00, 0x0, @local, 0x13}, 0x1c)

1m48.592485697s ago: executing program 5 (id=573):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@bridge_delneigh={0x28, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x80}, [@NDA_LLADDR={0xa, 0x2, @link_local}]}, 0x28}}, 0x0)
r4 = socket(0x10, 0x80003, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000030400000000fddbdf2500000400", @ANYRES32=0x0, @ANYBLOB="0003000001000100140012800b0001006970766c616e00000400028008000500", @ANYRES32=r4], 0x44}}, 0x0)

1m47.48599651s ago: executing program 4 (id=575):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7226, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000001400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2}}, &(0x7f00000014c0)=""/218, 0x1a, 0xda, 0x1, 0x0, 0x0, @void, @value}, 0x20)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
setsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f0000000040), 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ef0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, 0x0, 0x810)
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x410000002)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
close(r9)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000003700010324bd7002f9c6e62506000000"], 0x14}, 0x1, 0x0, 0x0, 0x24004004}, 0x40)
setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000300)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@empty, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xc, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x66, 0x3, 0x0, 0x2f, 0x6, @remote, @loopback}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x1f, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1m47.38799367s ago: executing program 5 (id=576):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='hrtimer_init\x00', r0, 0x0, 0xcf}, 0x18)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000040)={0x1, 0x6})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000001c0))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x10003, 0x4, 0xdddd0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="66b8ee000f00d0f26fc483696cef9148b800100000000000000f23d80f21f835800000100f23f8440f20c0350c000000440f22c00f01c5c74424000c010000c7442402c4890000ff2c240f20e035400000000f22e0c44159dd580066440f388203", 0x61}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
r7 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x455}, 0x10)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r11 = dup3(r7, r6, 0x0)
read$watch_queue(r11, &(0x7f0000000580)=""/199, 0xc7)

1m45.686924291s ago: executing program 4 (id=579):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f0000000840)={r6, 0x0, 0x0}, 0x10)

1m45.426774673s ago: executing program 3 (id=580):
openat$vicodec0(0xffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="3f000000010000", 0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'syzkaller1\x00', 0x4}, 0x18)
munlockall()
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r6)

1m31.97373624s ago: executing program 33 (id=576):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='hrtimer_init\x00', r0, 0x0, 0xcf}, 0x18)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000040)={0x1, 0x6})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000001c0))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x10003, 0x4, 0xdddd0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="66b8ee000f00d0f26fc483696cef9148b800100000000000000f23d80f21f835800000100f23f8440f20c0350c000000440f22c00f01c5c74424000c010000c7442402c4890000ff2c240f20e035400000000f22e0c44159dd580066440f388203", 0x61}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
r7 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x455}, 0x10)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r11 = dup3(r7, r6, 0x0)
read$watch_queue(r11, &(0x7f0000000580)=""/199, 0xc7)

1m30.539976042s ago: executing program 34 (id=579):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f0000000840)={r6, 0x0, 0x0}, 0x10)

1m29.997786112s ago: executing program 35 (id=580):
openat$vicodec0(0xffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="3f000000010000", 0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'syzkaller1\x00', 0x4}, 0x18)
munlockall()
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r6)

9.520425365s ago: executing program 2 (id=678):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'geneve1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x0)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e20"], 0x0)
socket$inet6(0xa, 0x2, 0x4)
syz_usb_control_io(r3, 0x0, &(0x7f0000000680)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x6, 0x6, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000faffffff0000000000004000850000002c0000001800000004000000000000000700000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000005dc0), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000005e80)={&(0x7f0000002040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000005e40)={&(0x7f0000005e00)={0x3c, r8, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x200}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x10000}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8005}, 0x80)
r9 = dup(0xffffffffffffffff)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000240)=0x4)
write$UHID_INPUT(r9, &(0x7f0000005f80)={0x8, {"53916376507907502679738af6aca37177fcf8c1f8d7759d9a542dfafce8343285d8ce8b8fb1452cc944b16e77afefbe82ae5b7ce05f27a5f5eda5f0faf89812b9255ca286fde8ad74d4f3f1ed0b85bf1a5da0abae0c2903c3904cbe2b277a3b4fca87a3e53a219bcc21a544552177498014dbdc611a886f3f4c8105d3c4c6353e8b417243ca3b618d4c207f654eb7c1f45dda7f541d033d41e546c4f794e4e8a3265ffbb8e4e6df93a4abd2a222a53ff11b496743b0d1b469346d1490c4ad1417c54e2417f5bde8de1dc98762f5e7e8293e3a5dbe79df5e73ce4ad0024eac2c977f21fa2094f9485c78bcfce484e5afcf9d9e799a6f32677e02d0ada96359e4b6d28b4b80af2c0e7c6c47996a06a50aac12ecc0221177e83241647fff0bf7a429454812f74cbafc75a645066a6c7de60b332b848d7004f00cc9c683f32b0a13821e429baca9d28309244e42718d065c09f3f993bfdf4677f72c4b6a41fec561c39e2402e2d5102b4e7b93280f07dd2f18003fdbbe9a80518532e5f83b9db32819430fc1821bb41daec5ef26615c49116269d622bbdeff9105b29ef990a34ce57bdefe2beb13f013ccddcd2115138969ed18899122aa3dc0dfda6e71a974a291b05b0444a50e9df18350c19fa88b4a111648fa2275a40eadd3e152eef5f06cdd1079570cade7a44babf026b23efd463fe6367212b987b5fa510c57f7c62d37d2883da2dc09074d96444726fb61357d1f65457290b891a7d1671393978acc2cac089930aa54d244d1b289333feb9bbedf2774833700b3a043d2c77fae0b95c21d55f79840d49213a8973d321f7702a67bf78394900f8168b7440c9feedc1a205aee6d69490cc7306df06ab74116e5703c5ebb601dd95872ab7f7c768f10443a6307e78bce8c03c7499536a05ca72b5c36d774c0f020aac1aa0a53b6ea1ffa6e0237bf0c5c20a38c7465f8a38c04166266421b89ad371416b4a4189cf8488f4fd83475bb6fcb44460ae1841ec49220bd23a68c38655e2e7edd3d045594646ec1889d57ba3dedb0059cf9f460b83cadb2613aebf9ab29b125e630f2b51d4723e6ea6646322bf6a066499efcdef9196c6c28edd2a4e58cdbbbb6cab25bb6bf0e4995e4b3698986757985ee309bf68d71b456eb43f7ef243331b79ffd59368e98c7565e496fa3cbf9fcfdbc8ec46432f14592baf37033b006fa91aa67eadb82d1e75c4e82cf153f3c8fe4248ba50af48225cd6cda2d8b5a84af62ae54e9b64d0e899a81a6ce58699354e851c583e0fc8d2b4596336b183f91f4d3135bba9488b13ede5519106d9af32ecacf59952778255778f53053cc3b661a83a0b063e58bc9782505671d6c824840652f3740ab0026bf68d9745079094c95cc3cc77c59614649d667b64ebb81134b2ca32d2ab7f0ad8023f2737a761cec420a4e98edf15b88922d3f3916e4bf1ac4f1c3fd13ca31d08dd302efd755d6346046230d6e886ebcfe1d84f1174af32acc3e068c510342092060dddfd6df2d95234d66401e91e6f94fc5d0424fa4d6c87edda8c6b09834d5d7ae8cd15b282b81f44d0914868b916ac3cdcf5cd07a3afd9d3ed9d1624b1000f04ca2c01387a6e60df7f8b72330d6212f2e669d85815e9e5562ece293d5510bedb10e05ddce0c0ad726b0d1738e76beab813d2f743fab523a8b10457b32962e2c3562e9aa1fee02ab72d76e477242998045e55f7960936cd30bee57f279cafb06d6e16684f7c4f5f3c0e1a6c750f03a8ac64f6443dd7dd0962b02dd242485bd7d204b28a66f6543be5680591849b15fb0b7e2fed09a1aa860a703f124f207beefd549c9e64ef9d5ce69095ff65c5a81a8c148be5fa3991c3e42cb41d101a92bdfa5aabd57757872070a425c20b6720392beb7981cc38f33311c41c7f95b3e995b8ab1c9ee7956fcaeafcf5de3f7bb1abf3ef4befd52c892ca9249e80d9ff7fe92b1a074415c55f6b468f13487225a5a95d5000c4999fd206cfb2794adb0a28b771a725d8da9b48f55f55f4618216d19614bfa7da9a9c8080794b57435a580bb506575ae622446a5e4e5f3fb21fd037d8b7ab831ffe95b7ee7cffe7d793cf46866ed2012ebd3e443ce815fd70e3f885495887dafbfed8b18de45856487c3de1c8020f9bb7d826f72a3a987bd72acd5c39bd23a5b954062930e8db01681916f09d8a5e835cb0c00352b015867d7afbc80e4f53c66356897393bfea14a0bf68319e98136993868ef2ee87b0a479b3247f202465bf878d989c49eaa386d131164f3278432310e38b0d23e80b52fb854e4d1c69ac3c8adad941aed71ade32815c748eec12ecc13d38729d8eea0b7707b5cf61c17a3b7bf35862134bbf44338ca2b7abb73b4d7eb772f206dd33c462594aaf150475dc2026371336cfebb10de4df645c7ee1c56a6d42bbc5610a83bffc70f438920c245289d22e3e4bdb6554732fef4ca2d3bccb8a5d06875e08722ad4f5d2497cd8aa59349723aa5bb64f3ad604b7505a48d5b7ecbf7633e8e16f9f3fd82899ebd4f6dfb28d5a9feb4ef02f008db02f9febce47a83430e06e5fbf888c42aef4ebd0462965f78d44019594be1a1aac257c55bc05df95e8bfa1ca4689afb300de039e67977b638865aeb582e6c20f0c5134d6f0167dd1c471b1f0451b6c57114ab098302cb29e0117a4272d921c012d4a60f63a916a6836284f7d0a33f8296700a37808d6facf0c56ba33071b819a73b9bc6d4fa2c37a88e2c771715f9abcdbe38720cd09b7bab603daf9a36a2632e057b01114b3b585f1fe23c5b9f079967b683bcac1aa86e67f54f9ff9b6dbf7c5a2f4299504a27d93d64bd5f23e77a18d93c9ca3a8466b6c63d649d7435d350dbd53f092a174e48d9c83005017c151b79acc1ff22370446d3fff7f4034c9f73b9d2ef136bb29242ceba8ef1b01000f486677db22fbbced6022ade046275347d2d91dc6fd0ef367aa347559ff1678a69f6404ad4751aaee9123cd080812b2c7918b02ed9f563fce628dc2fe2a9cadb41e48c974da80442c9712ad4cb3585e226ce49b9933f4f0ecc5e0c12d2a94988dd40f7c9e3769912ade0be612541db99c39c80f240d1b8f55fdbd94075ebcba3000ca982f7be4dd3b6fb473864e42a265d9ef5436aa41b094b4deae0f2de538a8635f4a03ec9bef8d0734d908f1f83b5cfe25677b288c0ed2f973fe4ef57693237ede2ba98e0543a289ec89240192a08a31b48077ea225fc95d73310a1e499ca7d412b1c9ccb2d7bc07b46c6ec15dfca0c61419ade55c80b300229109f2f0313afb742f3b1599350b426b3784447f743fee85195b87ee8619e3f770b652610c492a1c45e67146339a8b54902b9939fc7d5dffbe4d830f3e5a64c51cbe7797429ae02b76e7d47f08cd29026901fe49ad3b644de8a5431238885d8770fd0c3bd4a0d151d06bef5d5ae86a09e266b1d8aeb33a097bc25a4d4937138dada058ddcd7cad17cb9d8b9486e2ee536c599a457ec94c61ff6f1f8262beffd17663db59bf098714afec66d7044ea5dc72d52ccff139d5bdc0404e8e0657c32f74461335f064b3fec8df83ff86cdef503e314601083d97389a98f920d8be2b7cb3fa95512d6d66254bb134e3da0a8f514e2abd786fdf883bd2d2ee80685dbdf5e82218b1d7932c2e5fd47f8fe36722651c909560bfad851ab6c88b6fb11e38b72896a83bf98d092b21ccf3de49e27dba4157f9bf9609f67e0cd897f63ac1270e64e0336a8ba4182a0fb060f343ab9a54345ce3318e7e281f2cada30da335a8c1e184130e58e5a1dc191b91000f98ab0b67b7245f83b779ff28cd6ae2c5051cdf63e18d3a8f4e173eb6c324053bda5ad095a5b31b956f07bff56af3cb52f970a15186f647f99d1205e6c9ff63bf09c1ad2e29bc298c1bee12bdd3e157b3ca2f76f9ad69b54dd549424bf7a9dfb8e463a931c863ccd22a3cc312d5eb0345848b73678cfe004118f83f68067dc66c38729f02f23d47b7074cba5be5f2e5888ee92d607c1fe620d33ed24fcf7ece1d7f92870eea1a540ec5c883a978607e62eceb20a4121728843e8bb0c444ddcf024afab1eb2a2958b63b4199930bef43a79755bec45f9196577a2cb847d98b6fa23285837d264e301b41b831d7f51cf1b643ce3b5e375d146c79e2574a4236d808f590d04635f3873e377acb27a0fa1719f3902bb1ba2820a8add3bfe59a13ae7d4069ad0b0d2b89b7ed3dd58c39c2626f909f778f1d4cf5a6859a7ea7d9e9fc887bfbe9b35fd093836ddb0aab29ec37ec1c8142aa2a6590ca6d7dbe8e9d314c402dd411ddbb86187887eec514a644e316cc7211599aa631498f41f8609e6a71f623e7e7dcf1d26cc98d7ae7ae8798e0856c19e8f2de5bfc413e2beca6c2bd07342e5b5bf28d3c112ff680ff128e5d8525d09f06dd12201ac8c2b491632d67e74c423d1951ea131f562b772649bd65a68d2db7bebc707b46b62c508d4ad7ffb95e26f8a3e971d80165efb5ff9b2669f3cd60387da595e815d33770080657750058e8a8eadbe3981cc1f194a91fd5a1e7e641acb966fe61ed0447529c882b7f440997add173bb79ce3aaf2be0887d905e7f945ece9d3e77a72dc0174d85fd3d160df9f4d3d4724ecb73de94b71c4ad78d22314ded6dc65e29792549f4163c29ebd08717e909de79f958445c968bf97ff6515d0d37f36ae605668fb6959848ab70bd71ad07c70ca63b90413f37635459cd6b76d5397ec349dc09eb9351a1adeb47ea57093812bf07e8083f50d9c0982a70d1639554f96c4289e66948dcf6bc6e06699979d0df40def244f585c7674e20bd6bd7b5a4a64fea64285e5aef2cc783d1ef0fbcbab0f9c8325e02d6bc734dcd78483744692ff967f8e494b1f5bf09f477635ff73757cfe9f6eb9bbb197076c5d7ed44095cfce31c2c4b4da258ededa4b422e10397d38047281845d0f5a8677f16eb5f5672211541d138575773ba03ed4280f527cbf4db7e82f8e5f1ef32a2eee369dc35430b2186bb456625eef95322e072b3118413514d8c60f3e07195105343df60a2d9a331ff22a72bf432309fa7fd46cafa08451ee49df2945542cf5aab0b015ce93c1504025cb13abfe7114d40e249675088995f56cd39e4e63e8b9dd5c7546b99b362884fc24585eddf7701d46a9ea57573108f84bb01d53e6d733b9f74d2dbaad37b7582187186fde665d1c026d143cf92a688bcb3f1a335f966c5a8093e08e8bf891ce6197079ef8d7f2044f1a6939346e65c1a87ff7593c4840c8f2a580266d44977dab2c9902d1e36e85e122a2a6d6b3710027247c263fc16539421d1eaafb0085ed6fd4478d32bcd9820cd3de4033ff3f926b7b0ee46f29a2407baa2c962cd51ecf141ba68fe0836b7a347cc12c70136a34e48bcda0f45b4ab4b19222f7c7882854e51d3c380789d04545ceb8d3226851cf039c1c30c7cbfc0ee178195899746bcc6126e09e1eb300c70b904f620bdae63cf862b55e1dc21e8ca73138744be5ee778dff273d8fc6aa589b65e7c54a381ec71a816a21c69d8f70835c79bed78edf684eb4ac86ac6a62ebc5cf68fe361d011a12269b0ce614acfaf3b9da68d3e55e054c69f84f4e797520d825047410b6e80f4fe48c143b015a9a116553bf89cb338e600f148428a70e212f8b3c1e33625287a2fb85f67846c6795c9e9efcf03bb11843ac0a2a190b39a3583219e9550a9d08124f02b2546699b006904824d23395bf20b5c62e4060c9e9b6b1a99f0ca9d4bd3dcdd75726e8f0c9f908bd56fc3e452df99966f32fd23695", 0x1000}}, 0x1006)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x8, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r10}, &(0x7f0000000180), &(0x7f0000000100)=r6}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r10, &(0x7f0000000300), 0x0}, 0x20)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r11, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000b40)={0x10001, 0x2, 0xdddd0000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r12 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xbcV\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/M\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn\xf2\x97\x96c\xda7\t,', 0x6)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x4010012, r12, 0x0)
ftruncate(r12, 0x2000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x27, 0x8, 0x0, &(0x7f0000000280)="ed7e17526b2d6f70", 0x0, 0x1403, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r13 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r13, &(0x7f0000000040)=[{&(0x7f0000000080)="18", 0x1}], 0x1)
recvmmsg(r7, &(0x7f0000005b80)=[{{&(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000000a80)=[{&(0x7f00000004c0)=""/197, 0xc5}, {&(0x7f00000003c0)=""/46, 0x2e}, {&(0x7f0000000740)=""/243, 0xf3}, {&(0x7f00000005c0)=""/130, 0x82}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000b80)=""/36, 0x24}, {&(0x7f0000000880)=""/192, 0xc0}, {&(0x7f0000000940)=""/106, 0x6a}, {&(0x7f00000009c0)=""/88, 0x58}, {&(0x7f0000000a40)=""/33, 0x21}], 0xa, &(0x7f0000005ec0)=""/131, 0x83}, 0xffffffaa}, {{&(0x7f0000000c00)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000c80)=""/234, 0xea}, {&(0x7f0000006fc0)=""/229, 0xe5}], 0x2}, 0x80000001}, {{&(0x7f0000000ec0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000002380)=[{&(0x7f0000000f40)=""/245, 0xf5}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000002040)}, {&(0x7f0000002080)=""/250, 0xfa}, {&(0x7f0000002180)=""/205, 0xcd}, {&(0x7f0000002280)=""/231, 0xe7}], 0x6, &(0x7f0000002400)=""/150, 0x96}, 0x7}, {{&(0x7f00000024c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000028c0), 0x0, &(0x7f0000002900)=""/99, 0x63}}, {{&(0x7f0000002980)=@pptp, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000002a00)=""/186, 0xba}, {&(0x7f0000002ac0)=""/154, 0x9a}, {&(0x7f0000002b80)=""/218, 0xda}, {&(0x7f0000002c80)=""/34, 0x22}], 0x4, &(0x7f0000002d00)=""/4096, 0x1000}, 0x238}, {{&(0x7f0000003d00)=@vsock, 0x80, &(0x7f0000004280)=[{&(0x7f0000003d80)=""/218, 0xda}, {&(0x7f0000003e80)=""/147, 0x93}, {&(0x7f0000004000)=""/209, 0xd1}, {&(0x7f0000004100)=""/206, 0xce}, {&(0x7f0000003f40)=""/72, 0x48}, {&(0x7f0000004200)=""/94, 0x5e}], 0x6, &(0x7f0000004300)=""/111, 0x6f}, 0x7}, {{0x0, 0x0, &(0x7f0000004480)=[{&(0x7f0000004380)=""/253, 0xfd}], 0x1, &(0x7f00000044c0)=""/108, 0x6c}, 0x1}, {{&(0x7f0000004540)=@nl=@unspec, 0x80, &(0x7f0000004980)=[{&(0x7f00000045c0)=""/252, 0xfc}, {&(0x7f00000046c0)=""/2, 0x2}, {&(0x7f0000004700)=""/97, 0x61}, {&(0x7f0000004780)=""/116, 0x74}, {&(0x7f0000004800)=""/105, 0x69}, {&(0x7f0000004880)=""/240, 0xf0}], 0x6}, 0xd}, {{&(0x7f0000004a00)=@caif=@dbg, 0x80, &(0x7f0000005a80)=[{&(0x7f0000004a80)=""/4096, 0x1000}], 0x1, &(0x7f0000005ac0)=""/152, 0x98}, 0xe647}], 0x9, 0x40010021, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000070c0)={0x1, 0x4, &(0x7f0000000d80)=ANY=[@ANYBLOB="b4050000fbffffff7110af0002000000c6000000f0ffffff9500000000000000e62b53fcef86ff9149e1eefda953a493bef251f14ec4134eb3f44d94d36251b580fac72f56e0ccdf969170145f7d5810f28c40ae45d0970e44ef256742297c2948782468fd9fe06a70f99dfbbf865e27e625d1997dfae9ba1e892ee3f168dacad8eab75b370857d2961fdfa0aa393be534a7436a0bab1fa043fcbdabf091c47f3e7d63fa5c5c61066f5d46ea55eaba740fba6b645dd663c8e671da972658"], &(0x7f0000003ff6)='GPL\x00', 0x10005, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)

9.209310051s ago: executing program 8 (id=587):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_clone(0x20848000, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
process_mrelease(0xffffffffffffffff, 0x700000000000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "ed7775e65eafd28c998ed46d479658881ccacd0c245ad4d444213a00202509c5accfa410081d82ce2a4905411dee1154155efeb6111658c4224f35d6d4f57692", 0x22}, 0x48, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x9)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xd0)
close_range(r1, 0xffffffffffffffff, 0x0)
mkdirat(r0, &(0x7f0000000180)='./file1/file0\x00', 0x8)
mkdirat(r0, &(0x7f0000000440)='./bus\x00', 0x41)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')

8.517586088s ago: executing program 8 (id=681):
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304}, "5d4b42fac245ae74", "21cb70af1a8d3978b3ad1a2c6ede97acca25f6a9000bab0d716e9ebdee04ab7e", "b65dab43", "9a2c4361134d8abe"}, 0x38)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x90, 0x90, 0x4, [@func={0x6, 0x0, 0x0, 0xc, 0x5}, @union={0x0, 0x2, 0x0, 0x5, 0x1, 0x1cde0, [{0x5, 0x4, 0x6}, {0xf, 0x3, 0x1}]}, @type_tag={0x1, 0x0, 0x0, 0x12, 0x2}, @restrict={0xe, 0x0, 0x0, 0xb, 0x3}, @decl_tag={0xf, 0x0, 0x0, 0x11, 0x3, 0x2}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x8}, {0x7, 0x3}, {0xe, 0x5}, {0xc}]}, @func={0x6, 0x0, 0x0, 0xc, 0x3}]}, {0x0, [0x30, 0x30]}}, &(0x7f0000000380)=""/122, 0xac, 0x7a, 0x1, 0x5c, 0x10000, @value}, 0x28)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x13b0, &(0x7f0000000100)=ANY=[])

8.025361581s ago: executing program 1 (id=684):
prlimit64(0xffffffffffffffff, 0xe, &(0x7f0000000180)={0x8fbe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x4002040)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0xc0018182, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_freezer_state(r3, &(0x7f0000000080)='FREEZING\x00', 0x9)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0xff, &(0x7f0000000100))
inotify_rm_watch(0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)

7.002191247s ago: executing program 1 (id=686):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0xff, 0x71, 0x20, 0x9c4, 0x11, 0xb01c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x7e, 0x10, 0x2, 0x26, 0xd5, 0x18, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0xfe}, @NFTA_REJECT_ICMP_CODE={0x5}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x7c}}, 0x0)

6.305301736s ago: executing program 2 (id=690):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_clone(0x20848000, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
process_mrelease(0xffffffffffffffff, 0x700000000000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "ed7775e65eafd28c998ed46d479658881ccacd0c245ad4d444213a00202509c5accfa410081d82ce2a4905411dee1154155efeb6111658c4224f35d6d4f57692", 0x22}, 0x48, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x9)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xd0)
close_range(r1, 0xffffffffffffffff, 0x0)
mkdirat(r0, &(0x7f0000000180)='./file1/file0\x00', 0x8)
mkdirat(r0, &(0x7f0000000440)='./bus\x00', 0x41)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
rmdir(&(0x7f0000000040)='./file0\x00')

5.833160534s ago: executing program 6 (id=691):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPTLCK(r0, 0x80045439, 0x0)

5.774199862s ago: executing program 7 (id=692):
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000380)={0x0, 0x0, r1})
mremap(&(0x7f0000fa3000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000008000/0x4000)=nil)
read$FUSE(0xffffffffffffffff, 0x0, 0xfd0c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket(0xa, 0x3, 0x3a)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000000)={0x7, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r4, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x10005, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r7, 0x8b2a, &(0x7f0000000040))
ioctl$int_in(r5, 0x5452, &(0x7f0000000040)=0x2)
write(r6, &(0x7f0000000340), 0x11000)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, "1c3d00ace21387ff00"})
syz_open_pts(r5, 0x84080)

5.757884315s ago: executing program 2 (id=693):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x204, &(0x7f0000000480)={0x0, 0xf67c, 0x8}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0xa})
io_uring_enter(r3, 0x47ba, 0x700, 0x0, 0x0, 0x0)

5.373093746s ago: executing program 6 (id=694):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32], 0x18, 0x840}}], 0x2, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$SG_SET_TIMEOUT(r3, 0x2201, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f0000000200)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x4e21, @empty}})

5.244088203s ago: executing program 8 (id=695):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xc0b, 0x100000, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}}}, 0x24}}, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
munlockall()
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x7, '\x00', r1, 0xffffffffffffffff, 0x4, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={0xffffffffffffffff, r2}, 0xc)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0x4, 0x109000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x5c}, [@ldst={0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000003c0)="9b378e6602000000596384012b9e9527996042ab6000"/32, 0x20)
r8 = accept4(r4, 0x0, 0x0, 0x0)
recvmmsg$unix(r8, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1}}], 0x1, 0xc4ccfea67e4a70a2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000480)={&(0x7f00000001c0)=[0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x1, 0x3, 0x6, 0x5})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000980)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x54d7c0017ced4bd4}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x5}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc4}, 0x4000000)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.054292938s ago: executing program 1 (id=696):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

4.360748093s ago: executing program 2 (id=697):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r3, r2, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000040)={0x28, 0x2, r3, r4, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000240), &(0x7f0000000280)=@v3, 0x18, 0x0)
write$cgroup_freezer_state(r6, &(0x7f0000000000)='FREEZING\x00', 0x9)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000001c0)={0x28, 0x6, r2, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4})
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{r7, 0x2000}], 0x1, &(0x7f0000000140)={0x0, 0x989680}, 0x0, 0x0)
ioctl$IOMMU_GET_HW_INFO(r6, 0x3b8a, &(0x7f0000000000)={0x28, 0x3f, r3, 0x0, 0x0})

4.347222357s ago: executing program 6 (id=698):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)=@RTM_DELMDB={0x38, 0x54, 0x93d, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r2, 0x0, 0x3, 0x0, {@ip4=@broadcast, 0x86dd}}}]}, 0x38}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x5, 0x2, 0x8})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='svc_wake_up\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', r4, 0x0, 0x40000000}, 0x18)
socket$unix(0x1, 0x1, 0x0)
r5 = syz_io_uring_setup(0x109, &(0x7f0000000400)={0x0, 0x5887, 0x0, 0x1}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

4.277287761s ago: executing program 7 (id=699):
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[<r0=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000380)={0x0, 0x0, r0})
mremap(&(0x7f0000fa3000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000008000/0x4000)=nil)
read$FUSE(0xffffffffffffffff, 0x0, 0xfd0c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket(0xa, 0x3, 0x3a)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000000)={0x7, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r3, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x10005, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r6, 0x8b2a, &(0x7f0000000040))
ioctl$int_in(r4, 0x5452, &(0x7f0000000040)=0x2)
write(r5, &(0x7f0000000340), 0x11000)
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, "1c3d00ace21387ff00"})
syz_open_pts(r4, 0x84080)

4.194138213s ago: executing program 8 (id=700):
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
ioctl$EVIOCGABS2F(r1, 0x8018456f, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000640)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000940)=[@mask_cswp={0x58, 0x114, 0x9, {{}, 0x0, 0x0}}], 0x58}, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0xeef, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x0, 0x81, [{{0x9, 0x4, 0x0, 0xfc, 0x1, 0x3, 0x1, 0x2, 0x5b, {0x9, 0x21, 0x6, 0x5, 0x1, {0x22, 0x262}}, {{{0x9, 0x5, 0x81, 0x3, 0x460, 0x3, 0x9, 0xa0}}}}}]}}]}}, 0x0)
r2 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='%*{*\x00', &(0x7f0000000040)='hfs\x00', 0x0)
r3 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x401}}, {{0xa, 0x0, 0xfffffffe, @private0}}}, 0x108)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, 0x4}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000001500)=ANY=[], 0x10)
write(r4, &(0x7f00000000c0)="8f2a0a65bd8c022b0304000e0580a7b6070d63e286a5ce", 0x17)
socket(0x80000000000000a, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000004c0), 0x400042, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000580)={<r8=>0x0})
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r7, &(0x7f0000000140))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f00000003c0)={r8})
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)

3.69372909s ago: executing program 1 (id=701):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000dc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000000c00000002000000002000000000001304000080"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
r3 = userfaultfd(0x80001)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000000a01010000000000000000050000000900010073797a30000000000c00044000000000000000040c0004400000000000000005bc000000030a01030000000000000000050000000900010073797a300000000008000540000000004c0008800c00014000000000000000010c0802400000000000f6"], 0x130}}, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00001a1000/0x3000)=nil, 0x3000}, 0x2})
bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10)
ioctl$TCFLSH(r2, 0x404c4701, 0x20000000)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000300), 0xd)
write$binfmt_elf64(r1, &(0x7f0000000540)=ANY=[], 0x78)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioprio_get$uid(0x3, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000005c0)='vxfs\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)

3.626458823s ago: executing program 6 (id=702):
r0 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x240, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0xf0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x6, 0x1, {0x22, 0xd6e}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x8, 0x3, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x94, 0x3, 0x9}}]}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "741cb976"}]}}, 0x0}, 0x0)

3.568324702s ago: executing program 7 (id=703):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000000)=0xb2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000280)=0x181, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/136, 0x88}}], 0x1, 0x2000, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x5, @mcast1, 0x1}, 0x1c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipmr_getroute={0x1c, 0x1a, 0x4, 0x70bd2d, 0x25dfdbfd, {0x80, 0x34, 0x0, 0x2, 0xfe, 0x3, 0xc8, 0x8, 0x900}, ["", "", "", ""]}, 0x1c}}, 0x8090)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/consoles\x00', 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000400)={'ip6_vti0\x00', &(0x7f0000000380)={'ip6tnl0\x00', <r6=>0x0, 0x2f, 0xd, 0x6b, 0xfffffff7, 0x8, @remote, @loopback, 0x40, 0x1, 0x7db, 0x1}})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000700), 0x4)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000800)=@o_path={&(0x7f00000007c0)='./file0\x00', 0x0, 0x4010, r0}, 0x18)
r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f0000000840)='./file0\x00', 0x0, 0x18}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x1b, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000600000000000000010000000781ff03740d000018450000f8ffffff000000000000000018230000", @ANYRES32=r2, @ANYBLOB="0800000005000000b7080000000000007b8af8ff00000000b70800000c199be1e785a1104de050c2e63fd30000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4009e05", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a50000001866000006000000000000000100000018450000faffffff0000000000000000186a00000100000000000000020000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0xcc, &(0x7f0000000600)=""/204, 0x40f00, 0x2, '\x00', r6, 0x25, r7, 0x8, &(0x7f0000000740)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000780)={0x2, 0x6, 0x7, 0x8001}, 0x10, 0x0, 0x0, 0x6, &(0x7f00000008c0)=[r8, r9], &(0x7f0000000900)=[{0x3, 0x4, 0x7, 0xc}, {0x4, 0x1, 0x0, 0x8}, {0x4, 0x1, 0x4, 0x5}, {0x3, 0x2, 0xc, 0x2}, {0x3, 0x4, 0x9, 0x1}, {0x2, 0x2, 0xd, 0x5}], 0x10, 0x2, @void, @value}, 0x94)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r11 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r11, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$l2tp6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x10, 0x1}, 0x20)

2.954312691s ago: executing program 7 (id=704):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPTLCK(r0, 0x80045439, 0x0)

2.940027821s ago: executing program 6 (id=705):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x4000000)
prlimit64(0x0, 0x9, &(0x7f0000000140)={0x8, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x2f, 0x7f, 0x8, 0xe2, 0x10, @private1, @empty, 0x10, 0x48, 0xa2, 0x5}})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f0000000280), &(0x7f0000000440), &(0x7f0000000340)="94c14146f79c29fb4016c9d17e8040b8940ebf9c2db88dbad8af3b5516979a57e80b5f5e73001f8713f6b1c051cb6d08d2d082ac6c01b7e858f2b274a79a870bfa354e6b301c26b9d484ee1c9e28c336d013be7aa5d3edc593293845a375dff3401004440c50360a68b8a16c1f3cfacd9c9b0ee79d30cde69f397089ca03919d41aa483f8891b1c5c038c530f6caf30b1f3c15d4f7c0f7964230aa7199d63b0237f18e5ca8d130516c031f4afacc6576ddacc3ec81898561154adce958145d74", 0xc0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000480)={{{@in=@broadcast, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000580)=0xe8)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, r7, &(0x7f00000000c0)={0x0, 0x20005b81, 0x0, 0x0, 0x9, 0x0, 0x20000000, 0x4000000000000004, 0xde})
r8 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
r9 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r9, 0x8008f513, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000940)={{}, 'syz1\x00', 0x40})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)

2.83101141s ago: executing program 7 (id=706):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70f)
ioctl$TUNSETLINK(r0, 0x400454cd, 0xffff0301)

2.498150485s ago: executing program 7 (id=707):
r0 = socket(0x11, 0x3, 0x9)
getsockopt$bt_BT_SECURITY(r0, 0x107, 0x13, 0x0, 0x20000002)
r1 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000640)={0x1c, &(0x7f0000000000)={0x40, 0x14, 0x1, "e5"}, 0x0, 0x0})
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$assume_authority(0x10, r3)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000400)={0x0, 0x17, 0x2, "43d3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.097403269s ago: executing program 2 (id=708):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
r3 = mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0)
r4 = dup2(r3, r3)
mq_notify(r4, 0x0)
fchmodat(r4, &(0x7f0000000400)='./file0/file0\x00', 0x118)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff)
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r5, &(0x7f0000001fc0)=""/184, 0x20002078)

1.069021158s ago: executing program 2 (id=709):
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000380)={0x0, 0x0, r1})
mremap(&(0x7f0000fa3000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000008000/0x4000)=nil)
read$FUSE(0xffffffffffffffff, 0x0, 0xfd0c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket(0xa, 0x3, 0x3a)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000000)={0x7, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r4, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x10005, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r7, 0x8b2a, &(0x7f0000000040))
ioctl$int_in(r5, 0x5452, &(0x7f0000000040)=0x2)
write(r6, &(0x7f0000000340), 0x11000)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, "1c3d00ace21387ff00"})
syz_open_pts(r5, 0x84080)

857.456766ms ago: executing program 1 (id=710):
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b80)=ANY=[], 0x24}}, 0x800)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r2, 0x545c, 0x3001f00)

334.963607ms ago: executing program 8 (id=711):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$KVM_SET_NESTED_STATE(r1, 0x4080aebf, &(0x7f0000000440)={{0x7, 0x0, 0x80, {0xf000, 0xdddd0000}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92711fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae6422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec4520800000000000000d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453282025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf8cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8eb78ac1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247ed70304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d22fafa502791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c3581179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111214a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec11350e920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b6129d268df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe2910609000000000000002bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac4577482948b5e6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"})

279.169659ms ago: executing program 1 (id=712):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r5, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000240)='{}k%@\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB="14070000", @ANYRES16=0x0, @ANYBLOB="000826bd7000fddbdf2519000000"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0xc854)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x76e2, 0x10100}, &(0x7f0000000640)=<r7=>0x0, &(0x7f0000000600)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x32)
read(r0, &(0x7f00000019c0)=""/4107, 0x100b)

1.372099ms ago: executing program 8 (id=713):
socket$inet_mptcp(0x2, 0x1, 0x106)
unshare(0x20020000)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
close(r1)
r2 = open(&(0x7f0000000000)='.\x00', 0x800, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
unlinkat(r2, &(0x7f0000000280)='./file0\x00', 0x200)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x2f, 0x6, 0xfd, 0x6, 0x8, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x10, 0x8000, 0x5, 0x4}})
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r3, 0xb, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000540), r7)
sendmsg$SEG6_CMD_DUMPHMAC(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x2c, r8, 0x301, 0x70bd2c, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0xa4}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x9, 0xffffff43, 0xb]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x4)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
dup(r10)

0s ago: executing program 6 (id=714):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
r3 = mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0)
r4 = dup2(r3, r3)
mq_notify(r4, 0x0)
fchmodat(r4, &(0x7f0000000400)='./file0/file0\x00', 0x118)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff)
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r5, &(0x7f0000001fc0)=""/184, 0x20002078)

kernel console output (not intermixed with test programs):

0000000000 R14: 00007fb390d75fa0 R15: 00007ffcd7c83728
[  201.752359][ T7678]  </TASK>
[  201.890975][ T5899] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  201.980853][   T29] audit: type=1400 audit(1737538561.580:461): avc:  denied  { ioctl } for  pid=7689 comm="syz.3.455" path="socket:[14541]" dev="sockfs" ino=14541 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  202.007467][   T29] audit: type=1400 audit(1737538561.580:462): avc:  denied  { setattr } for  pid=7689 comm="syz.3.455" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  202.051180][ T5899] usb 1-1: Using ep0 maxpacket: 16
[  202.069608][ T7688] netlink: 'syz.4.451': attribute type 1 has an invalid length.
[  202.132634][ T7688] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  202.140230][ T7688] IPv6: NLM_F_CREATE should be set when creating new route
[  202.158203][ T5899] usb 1-1: config 8 has an invalid interface number: 39 but max is 0
[  202.312997][ T5899] usb 1-1: config 8 has no interface number 0
[  202.510858][ T5899] usb 1-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  202.532725][ T5899] usb 1-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  202.562889][ T5899] usb 1-1: config 8 interface 39 has no altsetting 0
[  202.593888][ T5899] usb 1-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  202.611881][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.638322][ T5899] usb 1-1: Product: syz
[  202.656887][ T5899] usb 1-1: Manufacturer: syz
[  202.661774][ T5899] usb 1-1: SerialNumber: syz
[  203.020198][ T7685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.080896][    T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  203.089026][ T7685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.128184][ T5899] ipheth 1-1:8.39: Unable to find endpoints
[  203.201093][ T5899] usb 1-1: USB disconnect, device number 5
[  203.261557][    T8] usb 4-1: Using ep0 maxpacket: 32
[  203.269599][    T8] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  203.282976][    T8] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  203.291728][    T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  203.322150][   T29] audit: type=1400 audit(1737538562.940:463): avc:  denied  { read } for  pid=7703 comm="syz.4.460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  203.350122][    T8] usb 4-1: config 1 has no interface number 0
[  203.360241][    T8] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  203.409429][    T8] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  203.500406][    T8] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  203.526728][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.563254][    T8] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  203.638218][ T7718] fuse: Unknown parameter 'd'
[  203.881061][ T7698] netlink: 40 bytes leftover after parsing attributes in process `syz.3.458'.
[  203.905180][    T8] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  204.091674][ T7735] netlink: 12 bytes leftover after parsing attributes in process `syz.1.466'.
[  204.111424][ T7735] xt_connbytes: Forcing CT accounting to be enabled
[  204.118457][ T7735] Cannot find add_set index 0 as target
[  204.982721][ T5837] snd_usb_pod 4-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  205.054175][ T5903] usb 4-1: USB disconnect, device number 7
[  205.062321][ T5903] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  205.179306][ T7748] netlink: 28 bytes leftover after parsing attributes in process `syz.0.468'.
[  205.198928][ T7748] xt_TCPMSS: Only works on TCP SYN packets
[  205.594008][   T29] audit: type=1400 audit(1737538565.210:464): avc:  denied  { execute } for  pid=7739 comm="syz.4.470" path="/dev/audio1" dev="devtmpfs" ino=1290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  205.618065][   T29] audit: type=1400 audit(1737538565.210:465): avc:  denied  { read } for  pid=7739 comm="syz.4.470" path="socket:[14762]" dev="sockfs" ino=14762 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  205.723720][   T51] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  205.757733][   T29] audit: type=1400 audit(1737538565.370:466): avc:  denied  { mounton } for  pid=7750 comm="syz.2.471" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  205.862503][ T7754] netlink: 8 bytes leftover after parsing attributes in process `syz.2.471'.
[  206.220859][ T5837] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  206.276576][   T51] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  206.288969][   T51] usb 1-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92
[  206.298148][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.306404][   T51] usb 1-1: Product: syz
[  206.310941][   T51] usb 1-1: Manufacturer: syz
[  206.316274][   T51] usb 1-1: SerialNumber: syz
[  206.325778][   T51] kobil_sct 1-1:2.0: required endpoints missing
[  206.390997][ T5837] usb 2-1: Using ep0 maxpacket: 32
[  206.401966][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.424492][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.445751][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  206.470883][ T5837] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  206.480054][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.490097][ T5837] usb 2-1: config 0 descriptor??
[  206.819482][ T7767] ubi: mtd0 is already attached to ubi0
[  208.257993][ T5903] usb 1-1: USB disconnect, device number 6
[  208.528630][ T5837] hid (null): invalid report_size 812540268
[  208.583526][   T29] audit: type=1400 audit(1737538568.200:467): avc:  denied  { sqpoll } for  pid=7776 comm="syz.0.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  209.010468][   T29] audit: type=1400 audit(1737538568.620:468): avc:  denied  { audit_control } for  pid=7776 comm="syz.0.478" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  209.038825][ T5837] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0005/input/input11
[  209.185298][ T5837] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0005/input/input12
[  209.225184][ T5837] kye 0003:0458:5011.0005: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0
[  209.238463][ T5837] usb 2-1: USB disconnect, device number 10
[  209.332531][   T29] audit: type=1400 audit(1737538568.950:469): avc:  denied  { listen } for  pid=7782 comm="syz.1.479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  209.640281][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.4.482'.
[  210.174277][ T7796] FAULT_INJECTION: forcing a failure.
[  210.174277][ T7796] name failslab, interval 1, probability 0, space 0, times 0
[  210.236867][ T7796] CPU: 1 UID: 0 PID: 7796 Comm: syz.3.480 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  210.247170][ T7796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  210.257247][ T7796] Call Trace:
[  210.260543][ T7796]  <TASK>
[  210.263493][ T7796]  dump_stack_lvl+0x16c/0x1f0
[  210.268190][ T7796]  should_fail_ex+0x497/0x5b0
[  210.272866][ T7796]  ? fs_reclaim_acquire+0xae/0x150
[  210.277965][ T7796]  should_failslab+0xc2/0x120
[  210.282635][ T7796]  __kmalloc_node_track_caller_noprof+0xcf/0x510
[  210.288956][ T7796]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  210.294405][ T7796]  ? simple_xattr_set+0x5b/0x3e0
[  210.299336][ T7796]  kstrdup+0x53/0x100
[  210.303308][ T7796]  simple_xattr_set+0x5b/0x3e0
[  210.308072][ T7796]  shmem_xattr_handler_set+0x31b/0x3b0
[  210.313525][ T7796]  ? __pfx_shmem_xattr_handler_set+0x10/0x10
[  210.319495][ T7796]  __vfs_setxattr+0x173/0x1e0
[  210.324162][ T7796]  ? __pfx___vfs_setxattr+0x10/0x10
[  210.329368][ T7796]  ? __pfx_make_vfsgid+0x10/0x10
[  210.334303][ T7796]  __vfs_setxattr_noperm+0x127/0x660
[  210.339582][ T7796]  __vfs_setxattr_locked+0x182/0x260
[  210.344860][ T7796]  vfs_setxattr+0x146/0x360
[  210.349350][ T7796]  ? __pfx_lock_release+0x10/0x10
[  210.354365][ T7796]  ? __pfx_vfs_setxattr+0x10/0x10
[  210.359382][ T7796]  ? mnt_get_write_access+0x6a/0x300
[  210.364660][ T7796]  ? mnt_get_write_access+0x6a/0x300
[  210.369943][ T7796]  do_setxattr+0x142/0x170
[  210.374349][ T7796]  filename_setxattr+0x16d/0x1d0
[  210.379276][ T7796]  ? __pfx_filename_setxattr+0x10/0x10
[  210.384722][ T7796]  ? getname_flags.part.0+0x1c5/0x550
[  210.390094][ T7796]  path_setxattrat+0x1e0/0x290
[  210.394845][ T7796]  ? __pfx_path_setxattrat+0x10/0x10
[  210.400139][ T7796]  ? fput+0x67/0x440
[  210.404027][ T7796]  ? ksys_write+0x1ba/0x250
[  210.408518][ T7796]  ? __pfx_ksys_write+0x10/0x10
[  210.413358][ T7796]  __x64_sys_lsetxattr+0xc9/0x140
[  210.418371][ T7796]  ? do_syscall_64+0x91/0x250
[  210.423033][ T7796]  ? lockdep_hardirqs_on+0x7c/0x110
[  210.428225][ T7796]  do_syscall_64+0xcd/0x250
[  210.432717][ T7796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.438603][ T7796] RIP: 0033:0x7fb390b85d29
[  210.443017][ T7796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.462630][ T7796] RSP: 002b:00007fb391a15038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  210.471028][ T7796] RAX: ffffffffffffffda RBX: 00007fb390d76080 RCX: 00007fb390b85d29
[  210.478983][ T7796] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000020000080
[  210.486943][ T7796] RBP: 00007fb391a15090 R08: 0000000000000000 R09: 0000000000000000
[  210.494900][ T7796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.502860][ T7796] R13: 0000000000000000 R14: 00007fb390d76080 R15: 00007ffcd7c83728
[  210.510845][ T7796]  </TASK>
[  210.513866][    C1] vkms_vblank_simulate: vblank timer overrun
[  210.798612][   T29] audit: type=1400 audit(1737538570.410:470): avc:  denied  { bind } for  pid=7806 comm="syz.1.486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  211.314655][   T29] audit: type=1400 audit(1737538570.930:471): avc:  denied  { call } for  pid=7818 comm="syz.0.490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  211.334100][ T7819] binder_alloc: 7818: binder_alloc_buf size -512 failed, no address space
[  211.343722][ T7819] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[  211.361078][ T5903] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  211.571968][ T5903] usb 5-1: Using ep0 maxpacket: 8
[  211.682712][ T5903] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  211.691603][ T5869] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  211.785199][ T5903] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  211.838111][ T5903] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  211.848447][ T5903] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  211.868584][ T5903] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  211.886076][ T5903] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  211.917896][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.981311][ T5869] usb 1-1: Using ep0 maxpacket: 16
[  211.990354][ T5869] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  212.011662][ T5869] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  212.061653][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.079116][ T5869] usb 1-1: config 0 descriptor??
[  212.107102][ T5869] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input13
[  212.141187][   T51] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  212.158500][ T5903] usb 5-1: usb_control_msg returned -32
[  212.175932][ T5903] usbtmc 5-1:16.0: can't read capabilities
[  212.302105][   T51] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  212.314557][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.331103][ T5899] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  212.332832][   T51] usb 3-1: config 0 descriptor??
[  212.347992][ T7819] input: syz0 as /devices/virtual/input/input14
[  212.418991][ T5176] bcm5974 1-1:0.0: could not read from device
[  212.440338][ T5176] bcm5974 1-1:0.0: could not read from device
[  212.454463][ T5869] usb 1-1: USB disconnect, device number 7
[  212.481065][ T5899] usb 2-1: device descriptor read/64, error -71
[  212.489586][ T5176] bcm5974 1-1:0.0: could not read from device
[  212.720976][ T5899] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  212.815270][ T7839] hpfs: Bad magic ... probably not HPFS
[  213.264410][ T5899] usb 2-1: device descriptor read/64, error -71
[  213.315712][ T7836] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  213.402434][ T5899] usb usb2-port1: attempt power cycle
[  213.567210][   T29] audit: type=1400 audit(1737538573.180:472): avc:  denied  { write } for  pid=7843 comm="syz.0.495" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  213.590283][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.656908][   T29] audit: type=1400 audit(1737538573.200:473): avc:  denied  { bind } for  pid=7845 comm="syz.3.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  213.700320][   T51] usb 3-1: Cannot set autoneg
[  213.711186][   T51] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61
[  213.770919][ T5899] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  213.787480][ T7850] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  213.794549][ T7850] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  213.825196][ T7850] lo speed is unknown, defaulting to 1000
[  213.832151][ T7850] lo speed is unknown, defaulting to 1000
[  213.850416][ T7850] lo speed is unknown, defaulting to 1000
[  213.891532][ T7850] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  213.960802][ T7850] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  214.081822][ T5899] usb 2-1: device descriptor read/8, error -71
[  214.129177][ T7850] lo speed is unknown, defaulting to 1000
[  214.142739][ T7850] lo speed is unknown, defaulting to 1000
[  214.153811][ T7850] lo speed is unknown, defaulting to 1000
[  214.165980][ T7850] lo speed is unknown, defaulting to 1000
[  214.177666][ T7850] lo speed is unknown, defaulting to 1000
[  214.440887][   T29] audit: type=1400 audit(1737538573.430:474): avc:  denied  { write } for  pid=7847 comm="syz.3.497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  214.866377][ T5899] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  215.327264][ T5899] usb 2-1: device descriptor read/8, error -71
[  215.518305][ T5899] usb usb2-port1: unable to enumerate USB device
[  215.535871][ T5899] usb 5-1: USB disconnect, device number 8
[  215.655554][  T971] usb 3-1: USB disconnect, device number 12
[  216.109775][ T7865] Invalid ELF header magic: != ELF
[  216.137033][   T29] audit: type=1804 audit(1737538575.710:475): pid=7865 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.499" name="/newroot/100/bus/bus" dev="overlay" ino=593 res=1 errno=0
[  216.159645][    C1] vkms_vblank_simulate: vblank timer overrun
[  216.713146][   T29] audit: type=1400 audit(1737538575.720:476): avc:  denied  { module_load } for  pid=7854 comm="syz.3.499" path="/100/bus/bus" dev="overlay" ino=593 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  216.830021][ T5899] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  216.951009][ T5903] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  217.088843][ T7872] 9pnet_virtio: no channels available for device 127.0.0.1
[  217.092399][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  217.106083][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 26232, setting to 64
[  217.110909][ T5903] usb 5-1: device descriptor read/64, error -71
[  217.120859][ T5899] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  217.132421][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.172597][ T5899] usb 2-1: config 0 descriptor??
[  217.311092][   T29] audit: type=1400 audit(1737538576.920:477): avc:  denied  { setopt } for  pid=7869 comm="syz.2.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  217.385747][ T5899] ath6kl: Failed to submit usb control message: -71
[  217.404775][ T5899] ath6kl: unable to send the bmi data to the device: -71
[  217.473097][ T5899] ath6kl: Unable to send get target info: -71
[  217.509212][ T5899] ath6kl: Failed to init ath6kl core: -71
[  217.532728][ T5899] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  217.605837][ T5899] usb 2-1: USB disconnect, device number 15
[  218.194570][ T5903] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  218.228594][   T51] IPVS: starting estimator thread 0...
[  218.401037][ T7879] IPVS: using max 26 ests per chain, 62400 per kthread
[  218.645376][ T5903] usb 5-1: device descriptor read/64, error -71
[  218.742606][ T7883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.506'.
[  218.852737][ T5903] usb usb5-port1: attempt power cycle
[  220.006770][ T7901] hpfs: Bad magic ... probably not HPFS
[  221.553227][   T29] audit: type=1400 audit(1737538581.180:478): avc:  denied  { write } for  pid=7905 comm="syz.0.510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  222.088337][ T5903] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  222.191344][ T5903] usb 5-1: Using ep0 maxpacket: 8
[  222.279995][ T5903] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  222.303230][ T5903] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  222.304654][ T5830] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  222.324984][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: kworker/u9:4 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  222.335516][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  222.345593][ T5830] Workqueue: hci3 hci_rx_work
[  222.350293][ T5830] Call Trace:
[  222.353575][ T5830]  <TASK>
[  222.356530][ T5830]  dump_stack_lvl+0x16c/0x1f0
[  222.361234][ T5830]  sysfs_warn_dup+0x7f/0xa0
[  222.365760][ T5830]  sysfs_create_dir_ns+0x24d/0x2b0
[  222.370903][ T5830]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  222.376561][ T5830]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  222.381953][ T5830]  ? kobject_add_internal+0x12d/0x990
[  222.387345][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  222.392567][ T5830]  kobject_add_internal+0x2c8/0x990
[  222.397794][ T5830]  kobject_add+0x16f/0x240
[  222.402251][ T5830]  ? __pfx_kobject_add+0x10/0x10
[  222.407205][ T5830]  ? class_to_subsys+0x3e/0x160
[  222.412077][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  222.417294][ T5830]  ? kobject_put+0xab/0x5a0
[  222.421835][ T5830]  device_add+0x289/0x1a70
[  222.426289][ T5830]  ? __pfx_dev_set_name+0x10/0x10
[  222.431333][ T5830]  ? __pfx_device_add+0x10/0x10
[  222.436209][ T5830]  ? mgmt_send_event_skb+0x2f2/0x460
[  222.441529][ T5830]  hci_conn_add_sysfs+0x17e/0x230
[  222.446573][ T5830]  le_conn_complete_evt+0x107f/0x1da0
[  222.451982][ T5830]  ? __pfx_lock_release+0x10/0x10
[  222.457031][ T5830]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  222.462779][ T5830]  ? trace_contention_end+0xee/0x140
[  222.468083][ T5830]  ? __mutex_lock+0x1cc/0xa60
[  222.472809][ T5830]  hci_le_conn_complete_evt+0x23c/0x370
[  222.478403][ T5830]  hci_le_meta_evt+0x2e2/0x5d0
[  222.483177][ T5830]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  222.489275][ T5830]  hci_event_packet+0x666/0x1180
[  222.494235][ T5830]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  222.499537][ T5830]  ? __pfx_hci_event_packet+0x10/0x10
[  222.504949][ T5830]  ? mark_held_locks+0x9f/0xe0
[  222.509734][ T5830]  ? kcov_remote_start+0x3cf/0x6e0
[  222.514887][ T5830]  ? lockdep_hardirqs_on+0x7c/0x110
[  222.520119][ T5830]  hci_rx_work+0x2c5/0x16b0
[  222.524640][ T5830]  ? process_one_work+0x921/0x1ba0
[  222.529768][ T5830]  process_one_work+0x9c5/0x1ba0
[  222.534731][ T5830]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  222.534934][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  222.540376][ T5830]  ? __pfx_process_one_work+0x10/0x10
[  222.540405][ T5830]  ? rcu_is_watching+0x12/0xc0
[  222.540439][ T5830]  ? assign_work+0x1a0/0x250
[  222.540459][ T5830]  worker_thread+0x6c8/0xf00
[  222.540485][ T5830]  ? __kthread_parkme+0x148/0x220
[  222.540510][ T5830]  ? __pfx_worker_thread+0x10/0x10
[  222.540528][ T5830]  kthread+0x2c1/0x3a0
[  222.540548][ T5830]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.540572][ T5830]  ? __pfx_kthread+0x10/0x10
[  222.540599][ T5830]  ret_from_fork+0x45/0x80
[  222.540619][ T5830]  ? __pfx_kthread+0x10/0x10
[  222.540647][ T5830]  ret_from_fork_asm+0x1a/0x30
[  222.540689][ T5830]  </TASK>
[  222.558085][ T5830] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  222.558126][ T5830] Bluetooth: hci3: failed to register connection device
[  223.010844][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  223.051832][ T5903] usb 5-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7
[  223.087339][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.809275][ T7918] Invalid ELF header magic: != ELF
[  223.883670][   T29] audit: type=1804 audit(1737538583.390:479): pid=7918 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.512" name="/newroot/104/bus/bus" dev="overlay" ino=623 res=1 errno=0
[  224.973397][ T5903] usb 5-1: config 0 descriptor??
[  225.445453][ T5903] usb 5-1: can't set config #0, error -71
[  226.503149][ T5903] usb 5-1: USB disconnect, device number 11
[  228.709790][ T7954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.519'.
[  228.767046][ T7955] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  228.776540][ T5827] Bluetooth: hci3: unexpected event for opcode 0x2041
[  238.740759][    C1] sched: DL replenish lagged too much
[  241.963345][   T29] audit: type=1400 audit(1737538601.270:480): avc:  denied  { getopt } for  pid=7968 comm="syz.2.527" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  242.860023][   T29] audit: type=1400 audit(1737538602.470:481): avc:  denied  { search } for  pid=5485 comm="dhcpcd" name="netdev:wlan2" dev="debugfs" ino=15943 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  243.946751][ T7995] Invalid ELF header magic: != ELF
[  244.504650][   T29] audit: type=1804 audit(1737538603.560:482): pid=7995 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.523" name="/newroot/107/bus/bus" dev="overlay" ino=649 res=1 errno=0
[  244.926806][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  244.963219][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  244.975507][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  244.984195][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  244.991938][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  244.999224][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  245.394632][   T29] audit: type=1400 audit(1737538604.580:483): avc:  denied  { create } for  pid=7987 comm="syz.1.528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  245.428897][   T29] audit: type=1400 audit(1737538604.700:484): avc:  denied  { mounton } for  pid=7991 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  245.470405][ T7991] lo speed is unknown, defaulting to 1000
[  245.550947][   T29] audit: type=1400 audit(1737538604.740:485): avc:  denied  { listen } for  pid=7967 comm="syz.4.525" lport=56357 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  245.839373][   T29] audit: type=1326 audit(1737538605.450:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8011 comm="syz.4.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  246.018915][   T29] audit: type=1326 audit(1737538605.450:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8011 comm="syz.4.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  246.137282][   T29] audit: type=1326 audit(1737538605.450:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8011 comm="syz.4.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  246.303989][   T29] audit: type=1326 audit(1737538605.450:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8011 comm="syz.4.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  246.304696][ T7991] chnl_net:caif_netlink_parms(): no params data found
[  246.805259][ T8026] ALSA: seq fatal error: cannot create timer (-16)
[  246.846212][ T7991] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.894873][ T7991] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.985970][ T7991] bridge_slave_0: entered allmulticast mode
[  247.364489][ T5827] Bluetooth: hci0: command tx timeout
[  247.428372][ T7991] bridge_slave_0: entered promiscuous mode
[  247.507095][ T7991] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.556273][ T7991] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.594748][ T7991] bridge_slave_1: entered allmulticast mode
[  247.644621][ T7991] bridge_slave_1: entered promiscuous mode
[  247.686949][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  247.686966][   T29] audit: type=1400 audit(1737538607.290:520): avc:  denied  { ioctl } for  pid=8011 comm="syz.4.532" path="socket:[16194]" dev="sockfs" ino=16194 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  247.911214][   T29] audit: type=1326 audit(1737538607.520:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  248.063894][   T29] audit: type=1326 audit(1737538607.520:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  248.147273][ T7991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  248.176781][   T29] audit: type=1326 audit(1737538607.520:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  248.220985][  T971] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  248.232960][ T7991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  249.413237][ T5827] Bluetooth: hci0: command tx timeout
[  249.487058][   T29] audit: type=1326 audit(1737538607.520:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  249.672974][ T8057] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  249.705073][   T29] audit: type=1326 audit(1737538607.520:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  249.764082][ T7991] team0: Port device team_slave_0 added
[  249.852844][ T7991] team0: Port device team_slave_1 added
[  250.708456][   T29] audit: type=1326 audit(1737538607.520:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  250.789411][ T7991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  250.826691][ T7991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.934502][   T29] audit: type=1326 audit(1737538607.530:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  251.008115][ T7991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  251.118417][   T29] audit: type=1326 audit(1737538607.530:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  251.235809][ T8063] netlink: 'syz.3.540': attribute type 29 has an invalid length.
[  251.243723][ T8063] netlink: 4 bytes leftover after parsing attributes in process `syz.3.540'.
[  251.277241][ T7991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  251.294554][   T29] audit: type=1326 audit(1737538607.530:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.2.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f457c185d29 code=0x7ffc0000
[  251.340847][ T7991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.366777][    C0] vkms_vblank_simulate: vblank timer overrun
[  251.512941][ T5827] Bluetooth: hci0: command tx timeout
[  251.636030][ T7991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.129739][  T971] usb 5-1: device descriptor read/all, error -71
[  252.148171][ T7991] hsr_slave_0: entered promiscuous mode
[  252.224933][ T7991] hsr_slave_1: entered promiscuous mode
[  252.307837][ T7991] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  252.359728][ T7991] Cannot create hsr debugfs directory
[  253.434863][ T7991] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  253.520426][ T7991] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  253.547411][ T5827] Bluetooth: hci0: command tx timeout
[  253.587976][ T7991] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  253.654427][ T7991] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  254.157806][ T7991] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.255413][ T7991] 8021q: adding VLAN 0 to HW filter on device team0
[  254.311914][ T6121] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.319056][ T6121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.418317][ T6121] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.425496][ T6121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.013026][ T8124] hpfs: Bad magic ... probably not HPFS
[  255.622870][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  255.629608][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  258.160162][ T8142] FAULT_INJECTION: forcing a failure.
[  258.160162][ T8142] name failslab, interval 1, probability 0, space 0, times 0
[  258.436296][ T8142] CPU: 0 UID: 0 PID: 8142 Comm: syz.2.549 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  258.446588][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  258.456654][ T8142] Call Trace:
[  258.459936][ T8142]  <TASK>
[  258.462866][ T8142]  dump_stack_lvl+0x16c/0x1f0
[  258.467557][ T8142]  should_fail_ex+0x497/0x5b0
[  258.472245][ T8142]  ? fs_reclaim_acquire+0xae/0x150
[  258.477362][ T8142]  should_failslab+0xc2/0x120
[  258.482397][ T8142]  __kmalloc_cache_noprof+0x68/0x410
[  258.487689][ T8142]  ? tcf_chain_tp_find+0x2b5/0x470
[  258.492812][ T8142]  tc_new_tfilter+0xef5/0x2330
[  258.497599][ T8142]  ? __pfx_tc_new_tfilter+0x10/0x10
[  258.502806][ T8142]  ? __pfx___lock_acquire+0x10/0x10
[  258.508274][ T8142]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  258.514537][ T8142]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  258.519741][ T8142]  ? __pfx_lock_release+0x10/0x10
[  258.524772][ T8142]  ? trace_lock_acquire+0x14e/0x1f0
[  258.529979][ T8142]  ? __pfx_tc_new_tfilter+0x10/0x10
[  258.535185][ T8142]  rtnetlink_rcv_msg+0x95b/0xea0
[  258.540139][ T8142]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  258.545636][ T8142]  netlink_rcv_skb+0x16b/0x440
[  258.550492][ T8142]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  258.555956][ T8142]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  258.561285][ T8142]  ? netlink_deliver_tap+0x1ae/0xd30
[  258.566607][ T8142]  netlink_unicast+0x53c/0x7f0
[  258.571389][ T8142]  ? __pfx_netlink_unicast+0x10/0x10
[  258.576690][ T8142]  netlink_sendmsg+0x8b8/0xd70
[  258.581467][ T8142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  258.586767][ T8142]  ____sys_sendmsg+0xaaf/0xc90
[  258.591544][ T8142]  ? copy_msghdr_from_user+0x10b/0x160
[  258.597009][ T8142]  ? __pfx_____sys_sendmsg+0x10/0x10
[  258.602322][ T8142]  ___sys_sendmsg+0x135/0x1e0
[  258.607011][ T8142]  ? __pfx____sys_sendmsg+0x10/0x10
[  258.612229][ T8142]  ? __pfx_lock_release+0x10/0x10
[  258.617259][ T8142]  ? trace_lock_acquire+0x14e/0x1f0
[  258.622472][ T8142]  ? __fget_files+0x206/0x3a0
[  258.627161][ T8142]  __sys_sendmsg+0x16e/0x220
[  258.631757][ T8142]  ? __pfx___sys_sendmsg+0x10/0x10
[  258.636893][ T8142]  do_syscall_64+0xcd/0x250
[  258.641404][ T8142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.647355][ T8142] RIP: 0033:0x7f457c185d29
[  258.651788][ T8142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.671416][ T8142] RSP: 002b:00007f457cfa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  258.679844][ T8142] RAX: ffffffffffffffda RBX: 00007f457c375fa0 RCX: 00007f457c185d29
[  258.687825][ T8142] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000004
[  258.695803][ T8142] RBP: 00007f457cfa1090 R08: 0000000000000000 R09: 0000000000000000
[  258.703780][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  258.711772][ T8142] R13: 0000000000000000 R14: 00007f457c375fa0 R15: 00007ffe13e96a08
[  258.719774][ T8142]  </TASK>
[  260.649242][   T29] kauditd_printk_skb: 27 callbacks suppressed
[  260.649259][   T29] audit: type=1400 audit(1737538620.260:557): avc:  denied  { create } for  pid=8141 comm="syz.4.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  261.826849][   T29] audit: type=1400 audit(1737538620.260:558): avc:  denied  { read } for  pid=8141 comm="syz.4.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  262.061142][ T7991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  262.119801][   T29] audit: type=1400 audit(1737538621.120:559): avc:  denied  { write } for  pid=8141 comm="syz.4.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  262.474507][   T29] audit: type=1400 audit(1737538621.120:560): avc:  denied  { nlmsg_read } for  pid=8141 comm="syz.4.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  264.897025][ T8172] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  264.912677][ T8172] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  265.239448][ T8178] netlink: 3 bytes leftover after parsing attributes in process `syz.1.556'.
[  265.433077][ T7991] veth0_vlan: entered promiscuous mode
[  265.476690][ T7991] veth1_vlan: entered promiscuous mode
[  265.584708][ T7991] veth0_macvtap: entered promiscuous mode
[  265.644415][ T7991] veth1_macvtap: entered promiscuous mode
[  265.725714][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.782726][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.820933][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.874456][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.919748][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.972174][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.014792][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  266.056957][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.097536][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  266.149258][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.222693][ T7991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.279243][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.332436][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.366418][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.395571][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.427645][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.449491][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.465789][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.477580][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.494560][ T7991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.510117][ T7991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.528060][ T7991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  266.567077][ T7991] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.590941][ T7991] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.615201][ T7991] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.640692][ T7991] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.597033][   T29] audit: type=1400 audit(1737538628.210:561): avc:  denied  { write } for  pid=5173 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  268.642379][   T29] audit: type=1400 audit(1737538628.240:562): avc:  denied  { remove_name } for  pid=5173 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  268.687768][   T29] audit: type=1400 audit(1737538628.240:563): avc:  denied  { add_name } for  pid=5173 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  274.220919][   T29] audit: type=1400 audit(1737538633.820:564): avc:  denied  { unmount } for  pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  274.483759][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.551246][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.692191][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.710662][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.781496][   T29] audit: type=1400 audit(1737538634.390:565): avc:  denied  { mounton } for  pid=7991 comm="syz-executor" path="/root/syzkaller.CRRNqf/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  275.097191][   T29] audit: type=1400 audit(1737538634.710:566): avc:  denied  { ioctl } for  pid=8205 comm="syz.3.561" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  275.251175][ T5837] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  275.837360][ T5837] usb 6-1: Using ep0 maxpacket: 32
[  275.845404][ T5837] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  275.868632][ T5837] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  275.917326][ T5837] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  275.999944][ T5837] usb 6-1: config 1 has no interface number 0
[  276.036929][ T5837] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  276.094112][   T29] audit: type=1326 audit(1737538635.700:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8224 comm="syz.4.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  276.135274][ T5837] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  276.220845][ T5837] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  276.276166][   T29] audit: type=1326 audit(1737538635.700:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8224 comm="syz.4.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  276.311775][ T5837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.406019][ T5837] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  276.526575][   T29] audit: type=1326 audit(1737538635.740:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8224 comm="syz.4.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  276.702509][ T5837] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached
[  276.719748][ T8216] netlink: 40 bytes leftover after parsing attributes in process `syz.5.526'.
[  276.746381][   T29] audit: type=1326 audit(1737538635.740:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8224 comm="syz.4.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5ad85d29 code=0x7ffc0000
[  276.840973][  T971] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  277.071605][  T971] usb 5-1: Using ep0 maxpacket: 8
[  277.119053][  T971] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  277.132362][  T971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.140425][  T971] usb 5-1: Product: syz
[  277.167310][  T971] usb 5-1: Manufacturer: syz
[  277.214286][  T971] usb 5-1: SerialNumber: syz
[  277.249106][  T971] usb 5-1: config 0 descriptor??
[  277.495471][ T6939] usb 6-1: USB disconnect, device number 2
[  277.507496][  T971] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  277.518290][ T6939] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  277.763146][ T8244] kvm: emulating exchange as write
[  278.275027][  T971] gspca_sunplus: reg_w_riv err -110
[  278.280359][  T971] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[  279.131916][ T8247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.204819][ T8247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.618011][ T5837] usb 5-1: USB disconnect, device number 14
[  284.078755][ T8266] netlink: 8 bytes leftover after parsing attributes in process `syz.5.573'.
[  284.088652][ T8266] ip6_vti0: Master is either lo or non-ether device
[  284.401942][   T29] audit: type=1400 audit(1737538644.020:571): avc:  denied  { ioctl } for  pid=8273 comm="syz.5.576" path="socket:[17440]" dev="sockfs" ino=17440 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  284.923543][ T8269] overlayfs: failed to resolve './file1': -2
[  285.146337][   T29] audit: type=1400 audit(1737538644.620:572): avc:  denied  { read } for  pid=8273 comm="syz.5.576" path="socket:[17484]" dev="sockfs" ino=17484 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  285.681405][ T8284] netlink: 112 bytes leftover after parsing attributes in process `syz.2.577'.
[  286.001244][ T8289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.132821][ T8289] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.283226][ T5837] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  287.558293][ T8300] Bluetooth: MGMT ver 1.23
[  287.880936][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  300.008381][    T9] usb 3-1: device not accepting address 13, error -71
[  301.658455][ T8317] mmap: syz.1.584 (8317) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  301.872598][ T5138] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  301.883337][ T5138] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  301.892195][ T5138] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  301.901768][ T5138] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  301.910288][ T5138] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  301.918081][ T5138] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  302.010883][    T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  302.026582][ T5138] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  302.046763][ T5138] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  302.057426][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  302.065569][ T5138] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  302.074863][ T5138] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  302.111823][ T5138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  302.355249][ T8324] hpfs: Bad magic ... probably not HPFS
[  302.610887][    T9] usb 2-1: device descriptor read/64, error -71
[  303.041056][    T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  303.204990][   T35] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.226008][    T9] usb 2-1: device descriptor read/64, error -71
[  303.393954][ T8328] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  303.410612][ T8328] binder: 8326:8328 ioctl c0306201 0 returned -14
[  303.457460][    T9] usb usb2-port1: attempt power cycle
[  303.782740][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  303.966415][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  304.023445][ T5827] Bluetooth: hci5: command tx timeout
[  304.180929][ T5827] Bluetooth: hci0: command tx timeout
[  304.197733][    T9] usb 2-1: device descriptor read/8, error -71
[  304.250252][ T8321] lo speed is unknown, defaulting to 1000
[  304.272913][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  304.293574][ T5830] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  304.311190][ T5830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  304.320884][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  304.330336][ T5830] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  304.337673][ T5830] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  304.373272][   T35] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.441335][ T8318] lo speed is unknown, defaulting to 1000
[  304.510896][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  304.574494][ T5830] Bluetooth: hci2: link tx timeout
[  304.580148][ T5830] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  304.619895][    T9] usb 2-1: device descriptor read/8, error -71
[  304.762160][    T9] usb usb2-port1: unable to enumerate USB device
[  305.578006][   T35] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.125363][ T8339] netlink: 112 bytes leftover after parsing attributes in process `syz.2.591'.
[  306.181582][ T5827] Bluetooth: hci5: command tx timeout
[  306.211241][ T8329] lo speed is unknown, defaulting to 1000
[  306.262357][ T5827] Bluetooth: hci0: command tx timeout
[  306.433379][ T5827] Bluetooth: hci3: command tx timeout
[  306.466708][   T35] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.663929][ T5827] Bluetooth: hci2: command 0x0406 tx timeout
[  307.617475][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  307.870828][    T9] usb 3-1: Using ep0 maxpacket: 16
[  307.878750][    T9] usb 3-1: config 1 has an invalid interface descriptor of length 5, skipping
[  307.894756][    T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  307.906437][    T9] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  307.953531][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  307.973949][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  307.988452][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.998274][    T9] usb 3-1: Product: syz
[  308.015436][    T9] usb 3-1: Manufacturer: syz
[  308.032782][    T9] usb 3-1: SerialNumber: syz
[  308.274220][ T5830] Bluetooth: hci5: command tx timeout
[  308.344435][ T5830] Bluetooth: hci0: command tx timeout
[  308.745400][ T5830] Bluetooth: hci3: command tx timeout
[  308.796404][ T8345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.811227][ T8345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.340871][ T5830] Bluetooth: hci5: command tx timeout
[  310.421035][ T5830] Bluetooth: hci0: command tx timeout
[  310.443851][ T8351] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input15
[  310.821789][ T5830] Bluetooth: hci3: command tx timeout
[  311.087480][ T8356] netlink: 104 bytes leftover after parsing attributes in process `syz.1.595'.
[  311.106813][ T8356] netlink: 'syz.1.595': attribute type 8 has an invalid length.
[  311.134911][    T9] usb 3-1: 0:2 : does not exist
[  311.154729][    T9] usb 3-1: unit 4 not found!
[  311.186216][    T9] usb 3-1: USB disconnect, device number 15
[  311.352535][ T8360] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  311.525640][ T8319] udevd[8319]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  313.485988][ T5830] Bluetooth: hci3: command tx timeout
[  317.065737][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  317.142983][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  328.327004][ T8375] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  329.390607][   T29] audit: type=1400 audit(1737538688.990:573): avc:  denied  { read } for  pid=8377 comm="syz.2.600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  329.666729][   T35] bridge_slave_1: left allmulticast mode
[  330.715024][ T8390] netlink: 12 bytes leftover after parsing attributes in process `syz.1.602'.
[  330.731270][   T29] audit: type=1400 audit(1737538689.100:574): avc:  denied  { setopt } for  pid=8385 comm="syz.1.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  330.760858][   T35] bridge_slave_1: left promiscuous mode
[  330.786070][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.857569][   T35] bridge_slave_0: left allmulticast mode
[  330.921649][   T35] bridge_slave_0: left promiscuous mode
[  330.942972][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.344973][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  332.369870][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  332.394821][   T35] bond0 (unregistering): Released all slaves
[  333.397713][ T8321] chnl_net:caif_netlink_parms(): no params data found
[  334.183439][ T8318] chnl_net:caif_netlink_parms(): no params data found
[  334.907264][   T35] hsr_slave_0: left promiscuous mode
[  334.967146][   T35] hsr_slave_1: left promiscuous mode
[  335.011061][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  335.038541][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  335.077535][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  335.109720][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  335.213498][   T35] veth1_macvtap: left promiscuous mode
[  335.264596][   T35] veth0_macvtap: left promiscuous mode
[  335.286876][   T35] veth1_vlan: left promiscuous mode
[  335.319051][   T35] veth0_vlan: left promiscuous mode
[  335.836106][ T8442] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  335.848843][ T8442] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  336.647753][   T29] audit: type=1400 audit(1737538696.260:575): avc:  denied  { write } for  pid=8448 comm="syz.2.608" name="/" dev="ocfs2_dlmfs" ino=18317 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  336.730801][   T29] audit: type=1400 audit(1737538696.300:576): avc:  denied  { add_name } for  pid=8448 comm="syz.2.608" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  336.732446][ T8449] o2cb: This node has not been configured.
[  336.900296][   T29] audit: type=1400 audit(1737538696.300:577): avc:  denied  { create } for  pid=8448 comm="syz.2.608" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  336.931110][ T8449] o2cb: Cluster check failed. Fix errors before retrying.
[  336.971027][ T8449] (syz.2.608,8449,0):user_dlm_register:674 ERROR: status = -22
[  337.010608][   T29] audit: type=1400 audit(1737538696.300:578): avc:  denied  { associate } for  pid=8448 comm="syz.2.608" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  337.080893][ T8449] (syz.2.608,8449,0):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "file1"
[  340.429562][   T35] team0 (unregistering): Port device team_slave_1 removed
[  340.569895][   T35] team0 (unregistering): Port device team_slave_0 removed
[  341.844525][ T8458] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  341.874668][ T8458] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  342.041486][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  342.218575][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  342.282018][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  342.308100][    T9] usb 3-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  342.348071][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.411338][    T9] usb 3-1: config 0 descriptor??
[  342.689410][ T8467] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  342.745570][   T29] audit: type=1400 audit(1737538702.370:579): avc:  denied  { mount } for  pid=8459 comm="syz.2.611" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  342.856535][   T29] audit: type=1400 audit(1737538702.420:580): avc:  denied  { mounton } for  pid=8459 comm="syz.2.611" path="/131/file0" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[  343.438060][    T9] cypress 0003:04B4:DE61.0006: collection stack underflow
[  343.480983][    T9] cypress 0003:04B4:DE61.0006: item 0 0 0 12 parsing failed
[  343.523989][    T9] cypress 0003:04B4:DE61.0006: parse failed
[  343.536496][    T9] cypress 0003:04B4:DE61.0006: probe with driver cypress failed with error -22
[  343.596627][    T9] usb 3-1: USB disconnect, device number 16
[  344.212388][   T29] audit: type=1400 audit(1737538703.830:581): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  344.232457][    C0] vkms_vblank_simulate: vblank timer overrun
[  344.366331][ T8329] chnl_net:caif_netlink_parms(): no params data found
[  344.413559][ T8321] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.443335][ T8321] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.469361][ T8321] bridge_slave_0: entered allmulticast mode
[  344.499011][ T8321] bridge_slave_0: entered promiscuous mode
[  344.565642][ T8318] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.595898][ T8318] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.621054][ T8318] bridge_slave_0: entered allmulticast mode
[  344.648286][ T8318] bridge_slave_0: entered promiscuous mode
[  344.701304][ T8321] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.715760][ T8321] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.744006][ T8321] bridge_slave_1: entered allmulticast mode
[  344.765212][ T8321] bridge_slave_1: entered promiscuous mode
[  344.778524][ T8318] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.810477][ T8318] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.839656][ T8318] bridge_slave_1: entered allmulticast mode
[  344.878581][ T8318] bridge_slave_1: entered promiscuous mode
[  345.179687][ T8318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  345.314766][ T8318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  345.492590][ T8321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  346.127155][ T8318] team0: Port device team_slave_0 added
[  346.304454][ T8329] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.214138][ T8329] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.943207][ T8329] bridge_slave_0: entered allmulticast mode
[  348.117544][ T8329] bridge_slave_0: entered promiscuous mode
[  348.173751][ T8321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  348.232419][ T8318] team0: Port device team_slave_1 added
[  348.286975][ T8329] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.309356][ T8329] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.339229][ T8329] bridge_slave_1: entered allmulticast mode
[  348.365845][ T8329] bridge_slave_1: entered promiscuous mode
[  348.994009][ T8321] team0: Port device team_slave_0 added
[  349.052172][ T8321] team0: Port device team_slave_1 added
[  349.170563][ T8329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  349.540298][ T8318] batman_adv: batadv0: Adding interface: batadv_slave_0
[  349.572904][ T8318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.599066][ T8318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  349.611237][ T8318] batman_adv: batadv0: Adding interface: batadv_slave_1
[  349.618187][ T8318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.644124][ T8318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  349.733441][ T8329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  349.819874][ T8321] batman_adv: batadv0: Adding interface: batadv_slave_0
[  349.827092][ T8321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.853005][    C0] vkms_vblank_simulate: vblank timer overrun
[  349.872362][ T8321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  349.966153][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.146284][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.203477][ T8321] batman_adv: batadv0: Adding interface: batadv_slave_1
[  350.220803][ T8321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.288936][ T8321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  350.424648][ T8318] hsr_slave_0: entered promiscuous mode
[  350.450181][ T8318] hsr_slave_1: entered promiscuous mode
[  350.465722][ T8318] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  350.488324][ T8318] Cannot create hsr debugfs directory
[  350.578919][ T8329] team0: Port device team_slave_0 added
[  350.624923][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.734742][ T8329] team0: Port device team_slave_1 added
[  350.992791][ T8329] batman_adv: batadv0: Adding interface: batadv_slave_0
[  351.010789][ T8329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.036697][    C0] vkms_vblank_simulate: vblank timer overrun
[  351.050017][ T8329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.099878][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.141052][ T8321] hsr_slave_0: entered promiscuous mode
[  351.240231][ T8544] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  351.251666][ T8544] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  351.370004][ T8321] hsr_slave_1: entered promiscuous mode
[  351.421711][ T8321] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.507761][ T8321] Cannot create hsr debugfs directory
[  351.732407][ T8329] batman_adv: batadv0: Adding interface: batadv_slave_1
[  351.768826][ T8329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.800798][ T8329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  352.043006][ T8329] hsr_slave_0: entered promiscuous mode
[  352.085498][ T8329] hsr_slave_1: entered promiscuous mode
[  352.113696][ T8329] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  352.136465][ T8329] Cannot create hsr debugfs directory
[  352.366593][ T8555] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  352.727955][ T8559] =======================================================
[  352.727955][ T8559] WARNING: The mand mount option has been deprecated and
[  352.727955][ T8559]          and is ignored by this kernel. Remove the mand
[  352.727955][ T8559]          option from the mount to silence this warning.
[  352.727955][ T8559] =======================================================
[  352.799693][ T8557] netlink: 52 bytes leftover after parsing attributes in process `syz.2.625'.
[  352.827444][ T8559] bio_check_eod: 2 callbacks suppressed
[  352.827459][ T8559] syz.2.625: attempt to access beyond end of device
[  352.827459][ T8559] loop2: rw=0, sector=1, nr_sectors = 1 limit=0
[  352.847710][ T8559] VFS: unable to read V7 FS superblock on device loop2.
[  352.854764][ T8559] VFS: could not find a valid V7 on loop2.
[  352.909977][   T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.967744][ T8318] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  352.984614][ T8318] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  353.015995][   T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.030527][ T8318] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  353.045021][ T8318] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  353.142198][ T5903] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  353.202262][ T8318] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.229185][   T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.255328][ T8318] 8021q: adding VLAN 0 to HW filter on device team0
[  353.699734][   T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.762974][ T4288] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.770091][ T4288] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.795393][ T4288] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.802544][ T4288] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.822494][ T5903] usb 3-1: Using ep0 maxpacket: 16
[  353.835081][ T5903] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.845205][ T5903] usb 3-1: config 0 interface 0 has no altsetting 0
[  353.864273][ T8321] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  353.873928][ T5903] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  353.900868][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.942743][ T5903] usb 3-1: config 0 descriptor??
[  353.957907][ T8321] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  353.996635][ T8321] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  354.011216][ T8321] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  354.051335][ T8570] netlink: 28 bytes leftover after parsing attributes in process `syz.1.627'.
[  354.063407][ T8570] netlink: 28 bytes leftover after parsing attributes in process `syz.1.627'.
[  354.073314][ T8573] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  354.085285][ T8572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.627'.
[  354.086260][ T8318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  354.100881][ T8572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.627'.
[  354.219523][ T8329] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  354.286138][ T8329] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  354.312862][ T8329] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  354.364934][   T35] bridge_slave_1: left allmulticast mode
[  354.403139][   T35] bridge_slave_1: left promiscuous mode
[  354.422493][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.508750][   T35] bridge_slave_0: left allmulticast mode
[  354.537814][   T35] bridge_slave_0: left promiscuous mode
[  354.548012][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.604618][   T35] erspan0: left allmulticast mode
[  354.607539][ T5903] hid (null): unknown global tag 0xe
[  354.609672][   T35] erspan0: left promiscuous mode
[  354.620379][ T5903] hid (null): report_id 58501 is invalid
[  354.620505][ T5903] hid (null): unknown global tag 0x1c
[  354.640086][ T5903] hid (null): unknown global tag 0xe
[  354.647601][ T5903] hid (null): unknown global tag 0xe
[  354.652519][   T35] bridge0: port 3(erspan0) entered disabled state
[  354.659183][ T5903] hid (null): unknown global tag 0xe
[  354.670076][ T5903] hid (null): unknown global tag 0xe
[  354.707934][ T5903] hid (null): invalid report_count 1640429044
[  354.749817][ T5903] hid (null): unknown global tag 0xd
[  354.795963][ T5903] hid (null): unknown global tag 0xc
[  354.796773][   T35] bridge_slave_1: left allmulticast mode
[  354.813726][ T8557] openvswitch: netlink: Key type 12292 is out of range max 32
[  354.826878][ T5903] hid (null): unknown global tag 0xe
[  354.874050][ T5903] hid (null): report_id 2384115945 is invalid
[  354.901430][   T29] audit: type=1400 audit(1737538714.510:582): avc:  denied  { remount } for  pid=8556 comm="syz.2.625" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  354.910785][   T35] bridge_slave_1: left promiscuous mode
[  354.921012][    C0] vkms_vblank_simulate: vblank timer overrun
[  354.965558][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  354.998341][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.035120][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.054643][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.086141][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.115684][   T35] bridge_slave_0: left allmulticast mode
[  355.134753][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.146713][   T35] bridge_slave_0: left promiscuous mode
[  355.160430][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.168031][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.185267][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.206684][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.220954][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.238254][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x0
[  355.252720][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x3
[  355.267356][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x4
[  355.283404][ T5903] cougar 0003:060B:500A.0007: unknown main item tag 0x6
[  355.301054][ T5903] cougar 0003:060B:500A.0007: unexpected long global item
[  355.308856][ T5903] cougar 0003:060B:500A.0007: parse failed
[  355.321444][ T5903] cougar 0003:060B:500A.0007: probe with driver cougar failed with error -22
[  355.807088][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  355.826258][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  355.839538][   T35] bond0 (unregistering): Released all slaves
[  356.021546][ T8599] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  356.125976][ T5903] usb 3-1: USB disconnect, device number 17
[  356.284449][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.407416][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.420023][   T35] bond0 (unregistering): Released all slaves
[  356.442224][ T8329] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  356.598874][ T8321] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.954800][ T8329] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.986315][ T8321] 8021q: adding VLAN 0 to HW filter on device team0
[  357.014851][   T29] audit: type=1400 audit(1737538716.630:583): avc:  denied  { accept } for  pid=8602 comm="syz.2.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  357.049858][ T8329] 8021q: adding VLAN 0 to HW filter on device team0
[  357.092601][ T6618] bridge0: port 1(bridge_slave_0) entered blocking state
[  357.099683][ T6618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  357.159052][ T8321] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  357.230776][ T8321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  357.274530][ T8318] 8021q: adding VLAN 0 to HW filter on device batadv0
[  357.293007][ T6618] bridge0: port 1(bridge_slave_0) entered blocking state
[  357.300098][ T6618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  357.333068][ T6618] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.341623][ T6618] bridge0: port 2(bridge_slave_1) entered forwarding state
[  357.414433][ T6618] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.421563][ T6618] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.455167][ T8321] 8021q: adding VLAN 0 to HW filter on device batadv0
[  358.614151][ T8318] veth0_vlan: entered promiscuous mode
[  358.643177][   T35] hsr_slave_0: left promiscuous mode
[  358.651013][   T35] hsr_slave_1: left promiscuous mode
[  358.659507][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  358.670958][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  358.682993][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.690660][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.745227][   T35] hsr_slave_0: left promiscuous mode
[  358.770986][   T35] hsr_slave_1: left promiscuous mode
[  358.852202][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  358.870854][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  358.889405][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.898166][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.934107][   T35] veth1_macvtap: left promiscuous mode
[  358.939794][   T35] veth0_macvtap: left promiscuous mode
[  358.950323][   T35] veth1_vlan: left promiscuous mode
[  358.956304][   T35] veth0_vlan: left promiscuous mode
[  358.964364][   T35] veth1_macvtap: left promiscuous mode
[  358.971859][   T35] veth0_macvtap: left promiscuous mode
[  358.977360][   T35] veth1_vlan: left promiscuous mode
[  358.997357][   T35] veth0_vlan: left promiscuous mode
[  359.908994][   T35] team0 (unregistering): Port device team_slave_1 removed
[  359.946904][   T35] team0 (unregistering): Port device team_slave_0 removed
[  360.967017][   T35] team0 (unregistering): Port device team_slave_1 removed
[  361.013586][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  361.025455][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  361.029210][   T35] team0 (unregistering): Port device team_slave_0 removed
[  361.040380][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  361.059940][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  361.079613][ T5827] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  361.093319][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  361.408891][ T8329] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.433682][ T8648] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.363621][ T8658] chnl_net:caif_netlink_parms(): no params data found
[  363.170402][ T5827] Bluetooth: hci1: command tx timeout
[  363.450378][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  363.460992][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  363.471055][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  363.478929][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  363.486657][ T5830] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  363.491521][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  363.494050][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  363.503226][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  363.525808][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  363.539683][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  363.555487][ T5824] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  363.605443][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  364.484843][   T29] audit: type=1400 audit(1737538724.040:584): avc:  denied  { bind } for  pid=8710 comm="syz.2.642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  364.521241][ T8716] loop9: detected capacity change from 0 to 8
[  364.607391][ T8658] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.617264][ T8716]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  364.617264][ T8658] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.617444][ T8658] bridge_slave_0: entered allmulticast mode
[  364.640519][ T8658] bridge_slave_0: entered promiscuous mode
[  364.649326][ T8658] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.656797][ T8716] loop9: partition table partially beyond EOD, truncated
[  364.656838][ T8658] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.672120][ T8658] bridge_slave_1: entered allmulticast mode
[  364.675300][ T8716] loop9: p1 size 81768186 extends beyond EOD, truncated
[  364.678893][ T8658] bridge_slave_1: entered promiscuous mode
[  364.838211][ T8658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  364.849180][ T8658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  364.948089][ T8658] team0: Port device team_slave_0 added
[  365.006661][ T8658] team0: Port device team_slave_1 added
[  365.242266][ T5830] Bluetooth: hci1: command tx timeout
[  365.373639][ T8658] batman_adv: batadv0: Adding interface: batadv_slave_0
[  365.428974][ T8658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  365.625851][ T8658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  365.652384][ T8658] batman_adv: batadv0: Adding interface: batadv_slave_1
[  365.659354][ T8658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  365.692008][ T8658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  365.855668][ T5830] Bluetooth: hci5: command tx timeout
[  365.912627][ T8658] hsr_slave_0: entered promiscuous mode
[  365.947068][ T8658] hsr_slave_1: entered promiscuous mode
[  365.954542][ T8702] chnl_net:caif_netlink_parms(): no params data found
[  366.021077][ T5830] Bluetooth: hci0: command tx timeout
[  366.986104][ T8751] binder: 8750:8751 ioctl 4018620d 0 returned -22
[  367.152274][   T29] audit: type=1400 audit(1737538726.770:585): avc:  denied  { getopt } for  pid=8756 comm="syz.2.651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  367.279126][ T8702] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.295407][ T8702] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.302926][ T5830] Bluetooth: hci1: command tx timeout
[  367.309284][ T8702] bridge_slave_0: entered allmulticast mode
[  367.318158][ T8702] bridge_slave_0: entered promiscuous mode
[  367.338469][ T8702] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.347647][  T971] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  367.356244][ T8702] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.367766][ T8702] bridge_slave_1: entered allmulticast mode
[  367.376147][ T8702] bridge_slave_1: entered promiscuous mode
[  367.391773][ T8706] chnl_net:caif_netlink_parms(): no params data found
[  367.540468][   T29] audit: type=1400 audit(1737538727.130:586): avc:  denied  { watch_sb watch_reads } for  pid=8764 comm="syz.2.653" path="/149/file0" dev="tmpfs" ino=884 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  367.719989][ T8702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.784398][ T8706] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.819698][ T8706] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.831426][ T8706] bridge_slave_0: entered allmulticast mode
[  367.853344][ T8706] bridge_slave_0: entered promiscuous mode
[  367.890088][ T8702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  367.945067][ T5830] Bluetooth: hci5: command tx timeout
[  368.023095][ T8706] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.049590][ T8706] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.070608][ T8706] bridge_slave_1: entered allmulticast mode
[  368.091777][ T8706] bridge_slave_1: entered promiscuous mode
[  368.100875][ T5830] Bluetooth: hci0: command tx timeout
[  368.264703][ T8706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.304251][ T8702] team0: Port device team_slave_0 added
[  368.327813][ T8702] team0: Port device team_slave_1 added
[  368.388921][  T971] usb 2-1: Using ep0 maxpacket: 32
[  368.395626][  T971] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9
[  368.406755][  T971] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024
[  368.419527][  T971] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  368.439618][  T971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.456624][  T971] usb 2-1: Product: syz
[  368.467636][  T971] usb 2-1: Manufacturer: syz
[  368.472696][  T971] usb 2-1: SerialNumber: syz
[  368.477696][ T8706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.496500][  T971] usb 2-1: config 0 descriptor??
[  368.522003][  T971] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  368.695550][ T8706] team0: Port device team_slave_0 added
[  368.710492][ T8702] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.719004][ T8702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.752855][ T8702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.770428][ T8702] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.787790][ T8702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.822169][ T8702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.904811][ T8706] team0: Port device team_slave_1 added
[  369.027673][ T8706] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.040292][ T8706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.068702][ T8706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.144741][ T8706] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.160813][ T8706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.191512][ T8706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.244105][ T8702] hsr_slave_0: entered promiscuous mode
[  369.250593][ T8702] hsr_slave_1: entered promiscuous mode
[  369.271570][ T8702] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.279170][ T8702] Cannot create hsr debugfs directory
[  369.380953][ T5830] Bluetooth: hci1: command tx timeout
[  369.414654][ T8658] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  369.425579][ T8658] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  369.435690][ T8658] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  369.478357][ T8706] hsr_slave_0: entered promiscuous mode
[  369.498473][ T8706] hsr_slave_1: entered promiscuous mode
[  369.511538][ T8706] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.519153][ T8706] Cannot create hsr debugfs directory
[  369.549855][ T6077] usb 2-1: Failed to submit usb control message: -110
[  369.578344][ T6077] usb 2-1: unable to send the bmi data to the device: -110
[  369.593617][ T8658] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  369.599258][ T6077] usb 2-1: unable to get target info from device
[  369.610983][ T6077] usb 2-1: could not get target info (-110)
[  369.624186][ T6077] usb 2-1: could not probe fw (-110)
[  369.892467][   T35] bridge_slave_1: left allmulticast mode
[  369.898201][   T35] bridge_slave_1: left promiscuous mode
[  369.914342][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.968709][   T35] bridge_slave_0: left allmulticast mode
[  369.976962][   T35] bridge_slave_0: left promiscuous mode
[  369.998236][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.020953][ T5830] Bluetooth: hci5: command tx timeout
[  370.024186][  T971] usb 2-1: USB disconnect, device number 21
[  370.045220][   T35] bridge_slave_1: left allmulticast mode
[  370.063737][   T35] bridge_slave_1: left promiscuous mode
[  370.069446][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.103980][ T8808] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  370.115518][   T35] bridge_slave_0: left allmulticast mode
[  370.139737][   T35] bridge_slave_0: left promiscuous mode
[  370.150379][   T29] audit: type=1400 audit(1737538729.770:587): avc:  denied  { read } for  pid=8809 comm="syz.1.656" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  370.158079][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.246989][ T5830] Bluetooth: hci0: command tx timeout
[  370.268957][   T29] audit: type=1400 audit(1737538729.770:588): avc:  denied  { open } for  pid=8809 comm="syz.1.656" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  370.302396][   T35] bridge_slave_1: left allmulticast mode
[  370.319266][   T35] bridge_slave_1: left promiscuous mode
[  370.344944][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.359512][   T35] bridge_slave_0: left allmulticast mode
[  370.368193][   T35] bridge_slave_0: left promiscuous mode
[  370.375239][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.527532][   T29] audit: type=1400 audit(1737538731.150:589): avc:  denied  { connect } for  pid=8819 comm="syz.2.658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  371.547530][   T29] audit: type=1400 audit(1737538731.150:590): avc:  denied  { write } for  pid=8819 comm="syz.2.658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  371.551373][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.580463][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.591713][   T35] bond0 (unregistering): Released all slaves
[  371.706068][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.716543][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.727635][   T35] bond0 (unregistering): Released all slaves
[  371.826180][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.836299][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.846874][   T35] bond0 (unregistering): Released all slaves
[  372.055741][   T35] hsr_slave_0: left promiscuous mode
[  372.065311][   T35] hsr_slave_1: left promiscuous mode
[  372.074794][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  372.085520][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  372.095910][   T35] hsr_slave_0: left promiscuous mode
[  372.101295][ T5830] Bluetooth: hci5: command tx timeout
[  372.109974][   T35] hsr_slave_1: left promiscuous mode
[  372.115839][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  372.125020][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  372.135302][   T35] hsr_slave_0: left promiscuous mode
[  372.142022][   T35] hsr_slave_1: left promiscuous mode
[  372.147875][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  372.156110][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  372.177954][   T35] veth0_vlan: left promiscuous mode
[  372.260940][ T5830] Bluetooth: hci0: command tx timeout
[  372.391183][   T35] team0 (unregistering): Port device team_slave_1 removed
[  372.438223][   T35] team0 (unregistering): Port device team_slave_0 removed
[  372.897075][   T35] team0 (unregistering): Port device team_slave_1 removed
[  372.946340][   T35] team0 (unregistering): Port device team_slave_0 removed
[  373.242488][ T8826] FAULT_INJECTION: forcing a failure.
[  373.242488][ T8826] name failslab, interval 1, probability 0, space 0, times 0
[  373.255192][ T8826] CPU: 0 UID: 0 PID: 8826 Comm: syz.1.659 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  373.265451][ T8826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  373.275488][ T8826] Call Trace:
[  373.278748][ T8826]  <TASK>
[  373.281657][ T8826]  dump_stack_lvl+0x16c/0x1f0
[  373.286321][ T8826]  should_fail_ex+0x497/0x5b0
[  373.291079][ T8826]  should_failslab+0xc2/0x120
[  373.295734][ T8826]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  373.301083][ T8826]  ? dst_alloc+0x99/0x1a0
[  373.305404][ T8826]  dst_alloc+0x99/0x1a0
[  373.309538][ T8826]  ? fib_validate_source+0x13d/0x730
[  373.314827][ T8826]  rt_dst_alloc+0x35/0x3a0
[  373.319260][ T8826]  ip_route_input_slow+0x1661/0x3910
[  373.324723][ T8826]  ? __pfx_ip_route_input_slow+0x10/0x10
[  373.330371][ T8826]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  373.335984][ T8826]  ? ip_route_input_noref+0xb6/0x2e0
[  373.341246][ T8826]  ? lock_acquire+0x2f/0xb0
[  373.345725][ T8826]  ? ip_route_input_noref+0xb6/0x2e0
[  373.350990][ T8826]  ip_route_input_noref+0x121/0x2e0
[  373.356162][ T8826]  ? __pfx_ip_route_input_noref+0x10/0x10
[  373.361871][ T8826]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  373.367588][ T8826]  ? sock_wfree+0x11c/0x880
[  373.372082][ T8826]  ip_rcv_finish_core.constprop.0+0x46f/0x2290
[  373.378231][ T8826]  ip_rcv+0x1c0/0x5d0
[  373.382201][ T8826]  ? __pfx_ip_rcv+0x10/0x10
[  373.386690][ T8826]  __netif_receive_skb_one_core+0x199/0x1e0
[  373.392603][ T8826]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  373.399015][ T8826]  ? rcu_is_watching+0x12/0xc0
[  373.403859][ T8826]  ? ktime_get_with_offset+0x26f/0x3b0
[  373.409303][ T8826]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.414491][ T8826]  ? netif_receive_skb+0x109/0x7b0
[  373.419609][ T8826]  __netif_receive_skb+0x1d/0x160
[  373.424631][ T8826]  netif_receive_skb+0x13f/0x7b0
[  373.429649][ T8826]  ? __pfx_netif_receive_skb+0x10/0x10
[  373.435104][ T8826]  ? __pfx___lock_acquire+0x10/0x10
[  373.440382][ T8826]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  373.446528][ T8826]  tun_rx_batched.isra.0+0x3eb/0x730
[  373.451808][ T8826]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  373.457612][ T8826]  ? tun_get_user+0x13e6/0x3e50
[  373.462450][ T8826]  ? lock_acquire+0x2f/0xb0
[  373.466941][ T8826]  ? tun_get_user+0x13e6/0x3e50
[  373.471787][ T8826]  tun_get_user+0x2a22/0x3e50
[  373.476480][ T8826]  ? find_held_lock+0x2d/0x110
[  373.481254][ T8826]  ? __pfx_tun_get_user+0x10/0x10
[  373.486288][ T8826]  ? find_held_lock+0x2d/0x110
[  373.491073][ T8826]  ? __pfx_lock_release+0x10/0x10
[  373.496114][ T8826]  tun_chr_write_iter+0xdc/0x210
[  373.501041][ T8826]  vfs_write+0x5ae/0x1150
[  373.505359][ T8826]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  373.510893][ T8826]  ? __pfx_vfs_write+0x10/0x10
[  373.515653][ T8826]  ? __fget_files+0x40/0x3a0
[  373.520248][ T8826]  ksys_write+0x12b/0x250
[  373.524670][ T8826]  ? __pfx_ksys_write+0x10/0x10
[  373.529521][ T8826]  do_syscall_64+0xcd/0x250
[  373.534015][ T8826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.539904][ T8826] RIP: 0033:0x7f9b137847df
[  373.544318][ T8826] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  373.563914][ T8826] RSP: 002b:00007f9b14633000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  373.572314][ T8826] RAX: ffffffffffffffda RBX: 00007f9b13975fa0 RCX: 00007f9b137847df
[  373.580271][ T8826] RDX: 000000000000002a RSI: 0000000020000040 RDI: 00000000000000c8
[  373.588232][ T8826] RBP: 00007f9b14633090 R08: 0000000000000000 R09: 0000000000000000
[  373.596187][ T8826] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001
[  373.604141][ T8826] R13: 0000000000000000 R14: 00007f9b13975fa0 R15: 00007ffdfef419a8
[  373.612107][ T8826]  </TASK>
[  373.710184][ T8828] FAULT_INJECTION: forcing a failure.
[  373.710184][ T8828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.730175][ T8828] CPU: 0 UID: 0 PID: 8828 Comm: syz.1.660 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  373.740464][ T8828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  373.750519][ T8828] Call Trace:
[  373.753779][ T8828]  <TASK>
[  373.756689][ T8828]  dump_stack_lvl+0x16c/0x1f0
[  373.761350][ T8828]  should_fail_ex+0x497/0x5b0
[  373.766011][ T8828]  _copy_from_iter+0x2a1/0x1560
[  373.770839][ T8828]  ? trace_lock_acquire+0x14e/0x1f0
[  373.776013][ T8828]  ? __alloc_skb+0x1fe/0x380
[  373.780593][ T8828]  ? __pfx__copy_from_iter+0x10/0x10
[  373.785865][ T8828]  ? __virt_addr_valid+0x1a4/0x590
[  373.790964][ T8828]  ? __virt_addr_valid+0x5e/0x590
[  373.795964][ T8828]  ? __phys_addr_symbol+0x30/0x80
[  373.800975][ T8828]  ? __check_object_size+0x488/0x710
[  373.806251][ T8828]  netlink_sendmsg+0x813/0xd70
[  373.810992][ T8828]  ? __pfx_netlink_sendmsg+0x10/0x10
[  373.816263][ T8828]  ____sys_sendmsg+0xaaf/0xc90
[  373.821015][ T8828]  ? copy_msghdr_from_user+0x10b/0x160
[  373.826452][ T8828]  ? __pfx_____sys_sendmsg+0x10/0x10
[  373.831740][ T8828]  ___sys_sendmsg+0x135/0x1e0
[  373.836421][ T8828]  ? __pfx____sys_sendmsg+0x10/0x10
[  373.841607][ T8828]  ? __pfx_lock_release+0x10/0x10
[  373.846632][ T8828]  ? trace_lock_acquire+0x14e/0x1f0
[  373.851825][ T8828]  ? __fget_files+0x206/0x3a0
[  373.856518][ T8828]  __sys_sendmsg+0x16e/0x220
[  373.861110][ T8828]  ? __pfx___sys_sendmsg+0x10/0x10
[  373.866207][ T8828]  do_syscall_64+0xcd/0x250
[  373.870690][ T8828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.876595][ T8828] RIP: 0033:0x7f9b13785d29
[  373.881009][ T8828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.900639][ T8828] RSP: 002b:00007f9b14633038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  373.909038][ T8828] RAX: ffffffffffffffda RBX: 00007f9b13975fa0 RCX: 00007f9b13785d29
[  373.916984][ T8828] RDX: 0000000000044080 RSI: 0000000020000040 RDI: 0000000000000005
[  373.924938][ T8828] RBP: 00007f9b14633090 R08: 0000000000000000 R09: 0000000000000000
[  373.932975][ T8828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.940923][ T8828] R13: 0000000000000000 R14: 00007f9b13975fa0 R15: 00007ffdfef419a8
[  373.948894][ T8828]  </TASK>
[  374.340434][   T35] team0 (unregistering): Port device team_slave_1 removed
[  374.385801][   T35] team0 (unregistering): Port device team_slave_0 removed
[  375.046859][ T8840] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  375.310131][ T8658] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.426506][ T8658] 8021q: adding VLAN 0 to HW filter on device team0
[  375.471689][ T6077] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.478804][ T6077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  375.512310][ T8844] sp0: Synchronizing with TNC
[  375.623604][ T8658] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  375.667172][ T8658] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  375.701759][ T6077] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.709042][ T6077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  375.961110][ T8702] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  376.095737][ T8702] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  376.203240][ T8702] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  376.470949][ T8702] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  376.829967][ T8702] 8021q: adding VLAN 0 to HW filter on device bond0
[  376.869539][ T8658] 8021q: adding VLAN 0 to HW filter on device batadv0
[  377.632378][ T8702] 8021q: adding VLAN 0 to HW filter on device team0
[  377.687429][   T75] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.694544][   T75] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.792425][   T75] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.799604][   T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[  377.890326][ T8702] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  377.918459][ T8702] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  378.025845][ T5830] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  378.094234][ T8706] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  378.160531][ T8706] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  378.182604][ T8706] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  378.204194][ T8908] FAULT_INJECTION: forcing a failure.
[  378.204194][ T8908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.247106][ T8908] CPU: 1 UID: 0 PID: 8908 Comm: syz.2.671 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  378.257403][ T8908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  378.267448][ T8908] Call Trace:
[  378.270715][ T8908]  <TASK>
[  378.273643][ T8908]  dump_stack_lvl+0x16c/0x1f0
[  378.278343][ T8908]  should_fail_ex+0x497/0x5b0
[  378.283048][ T8908]  _copy_from_iter+0x2a1/0x1560
[  378.287914][ T8908]  ? trace_lock_acquire+0x14e/0x1f0
[  378.293125][ T8908]  ? __alloc_skb+0x1fe/0x380
[  378.297727][ T8908]  ? __pfx__copy_from_iter+0x10/0x10
[  378.303023][ T8908]  ? __virt_addr_valid+0x1a4/0x590
[  378.308155][ T8908]  ? __virt_addr_valid+0x5e/0x590
[  378.313193][ T8908]  ? __phys_addr_symbol+0x30/0x80
[  378.318231][ T8908]  ? __check_object_size+0x488/0x710
[  378.323539][ T8908]  netlink_sendmsg+0x813/0xd70
[  378.328320][ T8908]  ? __pfx_netlink_sendmsg+0x10/0x10
[  378.333623][ T8908]  ____sys_sendmsg+0xaaf/0xc90
[  378.338407][ T8908]  ? copy_msghdr_from_user+0x10b/0x160
[  378.343877][ T8908]  ? __pfx_____sys_sendmsg+0x10/0x10
[  378.349174][ T8908]  ? __lock_acquire+0xcc5/0x3c40
[  378.354131][ T8908]  ___sys_sendmsg+0x135/0x1e0
[  378.358803][ T8908]  ? __pfx____sys_sendmsg+0x10/0x10
[  378.364000][ T8908]  ? trace_lock_acquire+0x14e/0x1f0
[  378.369197][ T8908]  __sys_sendmmsg+0x201/0x420
[  378.373865][ T8908]  ? __pfx___sys_sendmmsg+0x10/0x10
[  378.379056][ T8908]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  378.385037][ T8908]  ? fput+0x67/0x440
[  378.388924][ T8908]  ? ksys_write+0x1ba/0x250
[  378.393412][ T8908]  ? __pfx_ksys_write+0x10/0x10
[  378.398253][ T8908]  __x64_sys_sendmmsg+0x9c/0x100
[  378.403182][ T8908]  ? lockdep_hardirqs_on+0x7c/0x110
[  378.408385][ T8908]  do_syscall_64+0xcd/0x250
[  378.412881][ T8908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.418774][ T8908] RIP: 0033:0x7f457c185d29
[  378.423175][ T8908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.443204][ T8908] RSP: 002b:00007f457cfa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  378.451606][ T8908] RAX: ffffffffffffffda RBX: 00007f457c375fa0 RCX: 00007f457c185d29
[  378.459577][ T8908] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  378.467536][ T8908] RBP: 00007f457cfa1090 R08: 0000000000000000 R09: 0000000000000000
[  378.475580][ T8908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.483537][ T8908] R13: 0000000000000000 R14: 00007f457c375fa0 R15: 00007ffe13e96a08
[  378.491517][ T8908]  </TASK>
[  378.494612][    C1] vkms_vblank_simulate: vblank timer overrun
[  378.504679][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  378.514699][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  378.540628][ T8706] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  378.748933][ T8702] 8021q: adding VLAN 0 to HW filter on device batadv0
[  378.809415][ T8658] veth0_vlan: entered promiscuous mode
[  378.861034][ T8658] veth1_vlan: entered promiscuous mode
[  378.871039][ T8917] netlink: 196 bytes leftover after parsing attributes in process `syz.2.672'.
[  378.907718][ T8706] 8021q: adding VLAN 0 to HW filter on device bond0
[  378.959925][ T8706] 8021q: adding VLAN 0 to HW filter on device team0
[  379.009400][ T8658] veth0_macvtap: entered promiscuous mode
[  379.053435][   T75] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.060594][   T75] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.202288][ T8658] veth1_macvtap: entered promiscuous mode
[  379.253684][   T75] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.260828][   T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.272850][ T8923] ieee802154 phy0 wpan0: encryption failed: -22
[  379.300487][   T29] audit: type=1400 audit(1737538738.890:591): avc:  denied  { write } for  pid=8922 comm="syz.2.673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  379.407270][ T8658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.459245][ T8658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.510885][ T8658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.539709][ T8658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.562644][ T8658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.570931][   T29] audit: type=1400 audit(1737538739.170:592): avc:  denied  { create } for  pid=8935 comm="syz.2.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  379.588154][ T8658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.632202][ T8658] batman_adv: batadv0: Interface activated: batadv_slave_0
[  379.692610][ T8658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.750928][ T8658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.790885][ T8658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.825784][ T8658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.845248][ T8658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.858495][ T8658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.878552][ T8658] batman_adv: batadv0: Interface activated: batadv_slave_1
[  379.935939][ T8702] veth0_vlan: entered promiscuous mode
[  379.952674][ T8658] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  379.970492][ T8658] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  379.979652][ T8658] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  379.988895][ T8658] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.026703][ T8702] veth1_vlan: entered promiscuous mode
[  380.040635][ T8706] 8021q: adding VLAN 0 to HW filter on device batadv0
[  380.061043][   T51] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  380.137139][ T8954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.677'.
[  380.180634][ T8954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.677'.
[  380.205191][ T8702] veth0_macvtap: entered promiscuous mode
[  380.218066][ T8954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.677'.
[  380.234998][ T8702] veth1_macvtap: entered promiscuous mode
[  380.261380][   T51] usb 3-1: Using ep0 maxpacket: 8
[  380.271330][ T6077] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.273278][   T51] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  380.291029][ T6077] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.310217][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  380.312744][   T51] usb 3-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  380.331285][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.339383][   T51] usb 3-1: Product: syz
[  380.345023][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.359947][   T51] usb 3-1: Manufacturer: syz
[  380.371074][   T51] usb 3-1: SerialNumber: syz
[  380.377074][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  380.395640][   T51] usb 3-1: config 0 descriptor??
[  380.410812][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.432008][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  380.471005][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.489925][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  380.506126][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.527623][   T51] msi2500 3-1:0.0: Registered as swradio24
[  380.534768][ T8702] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.550385][   T51] msi2500 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  380.564769][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.581002][ T5903] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  380.586266][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.619128][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.632622][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.643108][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.663194][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.680874][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.700820][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.719161][ T8702] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.759447][ T8702] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.761150][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  380.780876][ T8950] netlink: 36 bytes leftover after parsing attributes in process `syz.1.677'.
[  380.796938][ T8702] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.800886][ T5903] usb 2-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  380.806691][ T8702] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.819130][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.824964][ T8702] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.854920][ T5903] usb 2-1: config 0 descriptor??
[  380.889646][ T5903] smsusb:smsusb_probe: board id=8, interface number 0
[  380.906870][ T5921] usb 3-1: USB disconnect, device number 18
[  380.919011][ T5903] smsusb:smsusb_probe: Device initialized with return code -19
[  380.945250][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.963583][ T8706] veth0_vlan: entered promiscuous mode
[  380.977302][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.014988][ T8706] veth1_vlan: entered promiscuous mode
[  381.078224][   T29] audit: type=1400 audit(1737538740.690:593): avc:  denied  { mounton } for  pid=8658 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  381.115632][ T5899] usb 2-1: USB disconnect, device number 22
[  381.189139][  T735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.217331][  T735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.226550][ T8706] veth0_macvtap: entered promiscuous mode
[  381.263954][ T8706] veth1_macvtap: entered promiscuous mode
[  381.285778][ T6086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.296994][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.301273][ T6086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.322062][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.358249][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.380853][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.437299][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.448356][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.460187][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.471287][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.481900][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.492554][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.503615][ T8706] batman_adv: batadv0: Interface activated: batadv_slave_0
[  382.097930][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.133453][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.153315][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.164327][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.175030][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.186223][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.197461][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.211788][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.226806][ T8706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.247263][ T8706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.283389][ T8706] batman_adv: batadv0: Interface activated: batadv_slave_1
[  382.367493][ T8706] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  382.400836][ T8706] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  382.421148][ T8706] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  382.430361][ T8706] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  382.511415][ T5872] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  382.603460][ T4288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.636538][ T4288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.711395][ T5872] usb 3-1: Using ep0 maxpacket: 8
[  382.755688][ T9013] netlink: 44 bytes leftover after parsing attributes in process `syz.6.680'.
[  382.788746][ T5872] usb 3-1: config index 0 descriptor too short (expected 74, got 45)
[  382.920595][ T5872] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  383.024368][ T5872] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  383.062120][ T6086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  383.071492][ T5872] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  383.087230][ T6086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  383.098870][ T5872] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  383.144535][ T5872] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  383.169052][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.362663][   T29] audit: type=1400 audit(1737538742.980:594): avc:  denied  { getopt } for  pid=9026 comm="syz.7.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  383.453086][ T8838] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  383.613213][ T8838] usb 9-1: Using ep0 maxpacket: 32
[  383.624139][ T8838] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  383.628602][ T5872] usb 3-1: GET_CAPABILITIES returned 0
[  383.669782][ T8838] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  383.719243][ T8838] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  383.776060][ T5872] usbtmc 3-1:16.0: can't read capabilities
[  383.826279][ T8838] usb 9-1: config 1 has no interface number 0
[  384.240052][ T9044] overlayfs: failed to resolve './file1': -2
[  384.422365][ T8838] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  384.573133][ T8838] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  384.628937][ T5872] usb 3-1: USB disconnect, device number 19
[  384.651084][ T8838] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  384.663747][ T8838] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.714885][ T8838] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  384.719793][ T9054] netlink: 12 bytes leftover after parsing attributes in process `syz.6.685'.
[  384.913751][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.7.688'.
[  384.929176][ T8838] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now attached
[  384.940897][   T51] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  384.947038][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.7.688'.
[  384.957603][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.7.688'.
[  385.006187][ T9059] netlink: 36 bytes leftover after parsing attributes in process `syz.7.688'.
[  385.131644][   T51] usb 2-1: Using ep0 maxpacket: 32
[  385.144967][   T51] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  385.154215][   T51] usb 2-1: config 0 has no interface number 0
[  385.172810][   T51] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  385.173285][ T8994] syz.2.678 (8994) used greatest stack depth: 20000 bytes left
[  385.203153][   T51] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  385.226281][   T51] usb 2-1: config 0 interface 126 has no altsetting 0
[  385.241321][   T51] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  385.246470][ T9069] FAULT_INJECTION: forcing a failure.
[  385.246470][ T9069] name failslab, interval 1, probability 0, space 0, times 0
[  385.250614][   T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.277069][   T51] usb 2-1: Product: syz
[  385.344894][ T9069] CPU: 0 UID: 0 PID: 9069 Comm: syz.7.689 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  385.353794][   T51] usb 2-1: Manufacturer: syz
[  385.355163][ T9069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  385.360446][   T51] usb 2-1: SerialNumber: syz
[  385.369787][ T9069] Call Trace:
[  385.369804][ T9069]  <TASK>
[  385.369813][ T9069]  dump_stack_lvl+0x16c/0x1f0
[  385.369845][ T9069]  should_fail_ex+0x497/0x5b0
[  385.369870][ T9069]  ? fs_reclaim_acquire+0xae/0x150
[  385.369889][ T9069]  should_failslab+0xc2/0x120
[  385.369911][ T9069]  __kmalloc_noprof+0xcb/0x510
[  385.369932][ T9069]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  385.369958][ T9069]  tomoyo_realpath_from_path+0xb9/0x720
[  385.369983][ T9069]  ? tomoyo_path_number_perm+0x235/0x590
[  385.370005][ T9069]  ? tomoyo_path_number_perm+0x235/0x590
[  385.370026][ T9069]  tomoyo_path_number_perm+0x248/0x590
[  385.370046][ T9069]  ? tomoyo_path_number_perm+0x235/0x590
[  385.370069][ T9069]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  385.381255][   T51] usb 2-1: config 0 descriptor??
[  385.385513][ T9069]  ? __pfx_lock_release+0x10/0x10
[  385.385540][ T9069]  ? trace_lock_acquire+0x14e/0x1f0
[  385.385560][ T9069]  ? lock_acquire+0x2f/0xb0
[  385.396475][ T9051] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  385.399988][ T9069]  ? __fget_files+0x40/0x3a0
[  385.406051][ T9051] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  385.410372][ T9069]  ? __fget_files+0x206/0x3a0
[  385.487121][ T9069]  security_file_ioctl+0x9b/0x240
[  385.492168][ T9069]  __x64_sys_ioctl+0xb7/0x200
[  385.496862][ T9069]  do_syscall_64+0xcd/0x250
[  385.501362][ T9069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.507252][ T9069] RIP: 0033:0x7f480d785d29
[  385.511664][ T9069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.531282][ T9069] RSP: 002b:00007f480e64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  385.539700][ T9069] RAX: ffffffffffffffda RBX: 00007f480d975fa0 RCX: 00007f480d785d29
[  385.547690][ T9069] RDX: 0000000020000200 RSI: 00000000c058565d RDI: 0000000000000003
[  385.555674][ T9069] RBP: 00007f480e64f090 R08: 0000000000000000 R09: 0000000000000000
[  385.563650][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.571616][ T9069] R13: 0000000000000000 R14: 00007f480d975fa0 R15: 00007fffccd61ca8
[  385.579600][ T9069]  </TASK>
[  385.598179][ T5872] usb 9-1: USB disconnect, device number 2
[  385.606442][ T9069] ERROR: Out of memory at tomoyo_realpath_from_path.
[  385.615176][ T5872] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  385.741144][   T51] ir_usb 2-1:0.126: IR Dongle converter detected
[  385.783773][   T51] usb 2-1: IRDA class descriptor not found, device not bound
[  385.838759][   T51] usb 2-1: USB disconnect, device number 23
[  385.956791][ T9088] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  387.149945][ T9099] netlink: 'syz.8.695': attribute type 8 has an invalid length.
[  387.367180][ T9106] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  387.533947][ T9112] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  387.650963][   T51] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  387.934019][   T51] usb 3-1: Using ep0 maxpacket: 8
[  387.963526][   T51] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  387.991586][   T51] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  388.057116][   T51] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  388.090596][   T51] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  388.140839][ T5899] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  388.179071][   T51] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  388.370820][   T51] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  388.500839][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.680841][ T5899] usb 9-1: Using ep0 maxpacket: 8
[  388.703335][ T5899] usb 9-1: config 1 interface 0 altsetting 252 endpoint 0x81 has invalid maxpacket 1120, setting to 1024
[  388.751266][ T5899] usb 9-1: config 1 interface 0 has no altsetting 0
[  388.792515][ T5899] usb 9-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40
[  388.810957][ T5899] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.819172][ T5899] usb 9-1: Product: syz
[  388.829367][ T5899] usb 9-1: Manufacturer: syz
[  388.835072][ T5899] usb 9-1: SerialNumber: syz
[  388.856579][ T9116] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  388.877911][ T9141] syzkaller0: tun_chr_ioctl cmd 1074025677
[  388.893415][ T9141] syzkaller0: linktype set to 769
[  388.943575][   T29] audit: type=1400 audit(1737538748.560:595): avc:  denied  { setattr } for  pid=9105 comm="syz.2.697" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  388.961912][   T51] usb 3-1: USB disconnect, device number 20
[  389.295330][   T29] audit: type=1400 audit(1737538748.910:596): avc:  denied  { getopt } for  pid=9146 comm="syz.7.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  389.375434][   T29] audit: type=1400 audit(1737538748.950:597): avc:  denied  { mount } for  pid=9113 comm="syz.8.700" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  389.493890][   T29] audit: type=1326 audit(1737538749.020:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9113 comm="syz.8.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3c985d29 code=0x7fc00000
[  389.582021][ T5903] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[  389.805696][ T9162] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  389.817254][ T9162] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  389.857444][ T5903] usb 8-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  390.520157][ T5903] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.577353][ T5903] usb 8-1: config 0 descriptor??
[  390.605915][ T5903] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  390.764960][   T29] audit: type=1326 audit(1737538750.370:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9113 comm="syz.8.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feb3c985d29 code=0x7fc00000
[  390.905095][ T9169] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  391.024538][ T5903] gp8psk: usb in 128 operation failed.
[  391.056722][ T5899] usbhid 9-1:1.0: can't add hid device: -71
[  391.196769][ T5899] usbhid 9-1:1.0: probe with driver usbhid failed with error -71
[  391.230021][ T5899] usb 9-1: USB disconnect, device number 3
[  391.378896][ T5903] gp8psk: usb in 146 operation failed.
[  391.408209][ T5903] gp8psk: failed to get FW version
[  391.523480][ T5903] gp8psk: usb in 149 operation failed.
[  391.529041][ T5903] gp8psk: failed to get FPGA version
[  391.685664][ T9185] ==================================================================
[  391.693810][ T9185] BUG: KASAN: slab-out-of-bounds in string+0x4a6/0x4f0
[  391.700750][ T9185] Read of size 1 at addr ffff888035075a20 by task syz.1.712/9185
[  391.708492][ T9185] 
[  391.710833][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.1.712 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  391.721070][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  391.731126][ T9185] Call Trace:
[  391.734408][ T9185]  <TASK>
[  391.737342][ T9185]  dump_stack_lvl+0x116/0x1f0
[  391.742044][ T9185]  print_report+0xc3/0x620
[  391.746506][ T9185]  ? __virt_addr_valid+0x5e/0x590
[  391.751563][ T9185]  ? __phys_addr+0xc6/0x150
[  391.756084][ T9185]  kasan_report+0xd9/0x110
[  391.760510][ T9185]  ? string+0x4a6/0x4f0
[  391.764676][ T9185]  ? string+0x4a6/0x4f0
[  391.768838][ T9185]  string+0x4a6/0x4f0
[  391.772830][ T9185]  ? __pfx_string+0x10/0x10
[  391.777347][ T9185]  vsnprintf+0x4c8/0x1180
[  391.781692][ T9185]  ? __pfx_vsnprintf+0x10/0x10
[  391.786462][ T9185]  ? mark_held_locks+0x9f/0xe0
[  391.791239][ T9185]  seq_printf+0x1a6/0x250
[  391.795566][ T9185]  ? __pfx_seq_printf+0x10/0x10
[  391.800419][ T9185]  ? __asan_memcpy+0x3c/0x60
[  391.805008][ T9185]  ? kobject_get_path+0x94/0x2b0
[  391.809945][ T9185]  input_devices_seq_show+0x20e/0x1130
[  391.815407][ T9185]  ? __pfx_input_devices_seq_show+0x10/0x10
[  391.821305][ T9185]  ? input_devices_seq_show+0x1e/0x1130
[  391.826861][ T9185]  traverse.part.0.constprop.0+0x104/0x640
[  391.832678][ T9185]  seq_read_iter+0x934/0x12b0
[  391.837386][ T9185]  ? lockdep_hardirqs_on+0x7c/0x110
[  391.842638][ T9185]  seq_read+0x39f/0x4e0
[  391.846805][ T9185]  ? __pfx_seq_read+0x10/0x10
[  391.851510][ T9185]  ? lockdep_hardirqs_on+0x7c/0x110
[  391.856750][ T9185]  ? __pfx_seq_read+0x10/0x10
[  391.861436][ T9185]  proc_reg_read+0x23d/0x330
[  391.866039][ T9185]  ? __pfx_proc_reg_read+0x10/0x10
[  391.871156][ T9185]  vfs_readv+0x6bf/0x890
[  391.875402][ T9185]  ? __pfx_vfs_readv+0x10/0x10
[  391.880163][ T9185]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  391.886008][ T9185]  ? rcu_preempt_deferred_qs_irqrestore+0x505/0xb80
[  391.892624][ T9185]  ? __fget_files+0x206/0x3a0
[  391.897332][ T9185]  ? do_preadv+0x1b1/0x270
[  391.901768][ T9185]  do_preadv+0x1b1/0x270
[  391.906025][ T9185]  ? __pfx_do_preadv+0x10/0x10
[  391.910805][ T9185]  do_syscall_64+0xcd/0x250
[  391.915317][ T9185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.921235][ T9185] RIP: 0033:0x7f9b13785d29
[  391.925660][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.945358][ T9185] RSP: 002b:00007f9b145f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  391.953783][ T9185] RAX: ffffffffffffffda RBX: 00007f9b13976160 RCX: 00007f9b13785d29
[  391.961753][ T9185] RDX: 0000000000000001 RSI: 0000000020003780 RDI: 0000000000000008
[  391.969758][ T9185] RBP: 00007f9b13801b08 R08: 0000000000000000 R09: 0000000000000000
[  391.977742][ T9185] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000000000
[  391.985703][ T9185] R13: 0000000000000000 R14: 00007f9b13976160 R15: 00007ffdfef419a8
[  391.993663][ T9185]  </TASK>
[  391.996667][ T9185] 
[  391.998976][ T9185] Allocated by task 8706:
[  392.003287][ T9185]  kasan_save_stack+0x33/0x60
[  392.007958][ T9185]  kasan_save_track+0x14/0x30
[  392.012641][ T9185]  __kasan_kmalloc+0xaa/0xb0
[  392.017233][ T9185]  __kmalloc_noprof+0x21c/0x510
[  392.022091][ T9185]  tomoyo_realpath_from_path+0xb9/0x720
[  392.027631][ T9185]  tomoyo_path_perm+0x276/0x460
[  392.032490][ T9185]  security_inode_getattr+0x116/0x290
[  392.037874][ T9185]  vfs_statx_path+0x2b/0x310
[  392.042462][ T9185]  vfs_statx+0x11f/0x1c0
[  392.046765][ T9185]  vfs_fstatat+0x7b/0xf0
[  392.051017][ T9185]  __do_sys_newfstatat+0x98/0x120
[  392.056034][ T9185]  do_syscall_64+0xcd/0x250
[  392.060520][ T9185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.066407][ T9185] 
[  392.068711][ T9185] Freed by task 8706:
[  392.072670][ T9185]  kasan_save_stack+0x33/0x60
[  392.077332][ T9185]  kasan_save_track+0x14/0x30
[  392.081993][ T9185]  kasan_save_free_info+0x3b/0x60
[  392.087020][ T9185]  __kasan_slab_free+0x51/0x70
[  392.091778][ T9185]  kfree+0x14f/0x4b0
[  392.095665][ T9185]  tomoyo_realpath_from_path+0x1ad/0x720
[  392.101289][ T9185]  tomoyo_path_perm+0x276/0x460
[  392.106209][ T9185]  security_inode_getattr+0x116/0x290
[  392.111568][ T9185]  vfs_statx_path+0x2b/0x310
[  392.116144][ T9185]  vfs_statx+0x11f/0x1c0
[  392.120373][ T9185]  vfs_fstatat+0x7b/0xf0
[  392.124604][ T9185]  __do_sys_newfstatat+0x98/0x120
[  392.129614][ T9185]  do_syscall_64+0xcd/0x250
[  392.134099][ T9185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.139981][ T9185] 
[  392.142288][ T9185] The buggy address belongs to the object at ffff888035074000
[  392.142288][ T9185]  which belongs to the cache kmalloc-4k of size 4096
[  392.156321][ T9185] The buggy address is located 2592 bytes to the right of
[  392.156321][ T9185]  allocated 4096-byte region [ffff888035074000, ffff888035075000)
[  392.171138][ T9185] 
[  392.173445][ T9185] The buggy address belongs to the physical page:
[  392.179833][ T9185] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35070
[  392.188573][ T9185] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  392.197050][ T9185] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  392.204575][ T9185] page_type: f5(slab)
[  392.208541][ T9185] raw: 00fff00000000040 ffff88801b042140 dead000000000122 0000000000000000
[  392.217114][ T9185] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[  392.225682][ T9185] head: 00fff00000000040 ffff88801b042140 dead000000000122 0000000000000000
[  392.234335][ T9185] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[  392.242986][ T9185] head: 00fff00000000003 ffffea0000d41c01 ffffffffffffffff 0000000000000000
[  392.251640][ T9185] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  392.260289][ T9185] page dumped because: kasan: bad access detected
[  392.266679][ T9185] page_owner tracks the page as allocated
[  392.272373][ T9185] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8706, tgid 8706 (syz-executor), ts 385768035678, free_ts 385705829653
[  392.293108][ T9185]  post_alloc_hook+0x2d1/0x350
[  392.297865][ T9185]  get_page_from_freelist+0xfce/0x2f80
[  392.303310][ T9185]  __alloc_pages_noprof+0x221/0x2470
[  392.308581][ T9185]  alloc_pages_mpol_noprof+0x2c8/0x620
[  392.314030][ T9185]  new_slab+0x2c9/0x410
[  392.318166][ T9185]  ___slab_alloc+0xd75/0x17a0
[  392.322825][ T9185]  __slab_alloc.constprop.0+0x56/0xb0
[  392.328182][ T9185]  __kmalloc_noprof+0x2ec/0x510
[  392.333021][ T9185]  tomoyo_realpath_from_path+0xb9/0x720
[  392.338578][ T9185]  tomoyo_path_perm+0x276/0x460
[  392.343447][ T9185]  security_inode_getattr+0x116/0x290
[  392.348831][ T9185]  vfs_statx_path+0x2b/0x310
[  392.353421][ T9185]  vfs_statx+0x11f/0x1c0
[  392.357652][ T9185]  vfs_fstatat+0x7b/0xf0
[  392.361880][ T9185]  __do_sys_newfstatat+0x98/0x120
[  392.366892][ T9185]  do_syscall_64+0xcd/0x250
[  392.371380][ T9185] page last free pid 9077 tgid 9077 stack trace:
[  392.377684][ T9185]  free_unref_page+0x661/0x1080
[  392.382522][ T9185]  __put_partials+0x14c/0x170
[  392.387184][ T9185]  qlist_free_all+0x4e/0x120
[  392.391760][ T9185]  kasan_quarantine_reduce+0x195/0x1e0
[  392.397204][ T9185]  __kasan_slab_alloc+0x69/0x90
[  392.402045][ T9185]  __kmalloc_noprof+0x1cd/0x510
[  392.406880][ T9185]  tomoyo_realpath_from_path+0xb9/0x720
[  392.412415][ T9185]  tomoyo_path_perm+0x276/0x460
[  392.417255][ T9185]  security_inode_getattr+0x116/0x290
[  392.422613][ T9185]  vfs_fstat+0x4b/0xd0
[  392.426667][ T9185]  vfs_fstatat+0xbc/0xf0
[  392.430897][ T9185]  __do_sys_newfstatat+0x98/0x120
[  392.435910][ T9185]  do_syscall_64+0xcd/0x250
[  392.440395][ T9185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.446280][ T9185] 
[  392.448587][ T9185] Memory state around the buggy address:
[  392.454198][ T9185]  ffff888035075900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.462246][ T9185]  ffff888035075980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.470288][ T9185] >ffff888035075a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.478330][ T9185]                                ^
[  392.483421][ T9185]  ffff888035075a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.491464][ T9185]  ffff888035075b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.499506][ T9185] ==================================================================
[  392.509150][ T9185] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  392.516365][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.1.712 Not tainted 6.13.0-syzkaller-01005-gb9d8a295ed6b #0
[  392.526578][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  392.536608][ T9185] Call Trace:
[  392.539862][ T9185]  <TASK>
[  392.542771][ T9185]  dump_stack_lvl+0x3d/0x1f0
[  392.547344][ T9185]  panic+0x71d/0x800
[  392.551213][ T9185]  ? __pfx_panic+0x10/0x10
[  392.555607][ T9185]  ? preempt_schedule_thunk+0x1a/0x30
[  392.560969][ T9185]  ? preempt_schedule_common+0x44/0xc0
[  392.566455][ T9185]  check_panic_on_warn+0xab/0xb0
[  392.571374][ T9185]  end_report+0x117/0x180
[  392.575683][ T9185]  kasan_report+0xe9/0x110
[  392.580075][ T9185]  ? string+0x4a6/0x4f0
[  392.584214][ T9185]  ? string+0x4a6/0x4f0
[  392.588361][ T9185]  string+0x4a6/0x4f0
[  392.592330][ T9185]  ? __pfx_string+0x10/0x10
[  392.596809][ T9185]  vsnprintf+0x4c8/0x1180
[  392.601129][ T9185]  ? __pfx_vsnprintf+0x10/0x10
[  392.605868][ T9185]  ? mark_held_locks+0x9f/0xe0
[  392.610605][ T9185]  seq_printf+0x1a6/0x250
[  392.614923][ T9185]  ? __pfx_seq_printf+0x10/0x10
[  392.619777][ T9185]  ? __asan_memcpy+0x3c/0x60
[  392.624349][ T9185]  ? kobject_get_path+0x94/0x2b0
[  392.629265][ T9185]  input_devices_seq_show+0x20e/0x1130
[  392.634702][ T9185]  ? __pfx_input_devices_seq_show+0x10/0x10
[  392.640572][ T9185]  ? input_devices_seq_show+0x1e/0x1130
[  392.646094][ T9185]  traverse.part.0.constprop.0+0x104/0x640
[  392.651877][ T9185]  seq_read_iter+0x934/0x12b0
[  392.656529][ T9185]  ? lockdep_hardirqs_on+0x7c/0x110
[  392.661709][ T9185]  seq_read+0x39f/0x4e0
[  392.665839][ T9185]  ? __pfx_seq_read+0x10/0x10
[  392.670501][ T9185]  ? lockdep_hardirqs_on+0x7c/0x110
[  392.675680][ T9185]  ? __pfx_seq_read+0x10/0x10
[  392.680333][ T9185]  proc_reg_read+0x23d/0x330
[  392.684903][ T9185]  ? __pfx_proc_reg_read+0x10/0x10
[  392.690003][ T9185]  vfs_readv+0x6bf/0x890
[  392.694244][ T9185]  ? __pfx_vfs_readv+0x10/0x10
[  392.698993][ T9185]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  392.704791][ T9185]  ? rcu_preempt_deferred_qs_irqrestore+0x505/0xb80
[  392.711357][ T9185]  ? __fget_files+0x206/0x3a0
[  392.716023][ T9185]  ? do_preadv+0x1b1/0x270
[  392.720412][ T9185]  do_preadv+0x1b1/0x270
[  392.724646][ T9185]  ? __pfx_do_preadv+0x10/0x10
[  392.729423][ T9185]  do_syscall_64+0xcd/0x250
[  392.733912][ T9185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.739791][ T9185] RIP: 0033:0x7f9b13785d29
[  392.744183][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.763779][ T9185] RSP: 002b:00007f9b145f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  392.772171][ T9185] RAX: ffffffffffffffda RBX: 00007f9b13976160 RCX: 00007f9b13785d29
[  392.780122][ T9185] RDX: 0000000000000001 RSI: 0000000020003780 RDI: 0000000000000008
[  392.788097][ T9185] RBP: 00007f9b13801b08 R08: 0000000000000000 R09: 0000000000000000
[  392.796042][ T9185] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000000000
[  392.803998][ T9185] R13: 0000000000000000 R14: 00007f9b13976160 R15: 00007ffdfef419a8
[  392.811963][ T9185]  </TASK>
[  392.815196][ T9185] Kernel Offset: disabled
[  392.819499][ T9185] Rebooting in 86400 seconds..