last executing test programs:

6m9.791223484s ago: executing program 3 (id=1346):
newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', &(0x7f0000000380), 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', &(0x7f0000000380), 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000002f00)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000c3c0)={0x2020}, 0x2020) (async)
read$FUSE(r1, &(0x7f000000c3c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x7ab78c4493c52f9b, 0x0, 0x0, 0x3, 0xffffffff}}, 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, 0x0, 0x0)
listen(r3, 0x1)
setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000380)=0x5, 0x4)
creat(&(0x7f0000000000)='./file0\x00', 0x40)
creat(&(0x7f0000000180)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$TIOCPKT(r4, 0x5420, 0x0) (async)
ioctl$TIOCPKT(r4, 0x5420, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000380)={'sit0\x00', 0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f00000004c0)=[0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0], <r6=>0x0, 0xe8, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0x7f, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
preadv(r7, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) (async)
preadv(r7, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000030000850000002a000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340))
chroot(&(0x7f0000000000)='./file0\x00') (async)
chroot(&(0x7f0000000000)='./file0\x00')

6m8.699730447s ago: executing program 3 (id=1348):
chdir(0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x101301)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000280)={0x0, 0x0, "77d4e1d5b593933b9b3f272fbf9f5e03"})
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r5 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_persistent(0x16, 0x0, r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r7, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x8, 0x5], [{0x0, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x3fffffe}], 0x20})
setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
mount(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='ecryptfs\x00', 0x0, &(0x7f0000000040)='&@,,')
r8 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
sendmmsg$inet(r8, &(0x7f0000000c80)=[{{&(0x7f00000001c0)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="4d4c48d186387682288b8968a10b8c4ffdea5427", 0x14}], 0x1}}], 0x1, 0x4016390)

6m7.466529579s ago: executing program 3 (id=1351):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x6, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x9f8f80bec9f9f1af, 0x34, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c"], 0x38}}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x75}, 0x38)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYRES8=r3, @ANYRES64=r0, @ANYRES32=r3, @ANYRESDEC, @ANYRESDEC=0x0], 0xd8}}, 0x810)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f00000003c0)={&(0x7f0000001dc0)=ANY=[@ANYRESOCT=0x0, @ANYRES16=0x0, @ANYBLOB="0c009900010000007000000098007a8024000100309e7d550d69909b2ad9a74bc57e0add47c64914a9e790234a92235b6a5d10fe1c00020094c0226821053bd7c3e952464d720de4296034c2aef52fac0c000300c181d5ba489bc6c924000100ce53ae707457115c3a1dfbe5ad01b2f19cf926ce100a223b1f7ffd115c2d47ec080004000600000008000400ff070000140001006b1f555b7f2869ae88b69e56a46eeff13c007a80080004000000008008000400080000001c000200f9cf882f569778eaeab82671370cd9103d31ce4e90b172ea0c000300c532b00140822c1e38007a8008000400040000000c0003009dcdf97d682d29b90c000300bbaa56f053ba107408000400270000000c0003008e9bec2a28629f8834007a801c0002005a1ba20d2caac071f27ebf3df50316fd16fb93dc3623f1e408000400bf3655040c0003000554a0ab19cb076f8c007a801c00020088bdc2b0a1476fda8e4ef28deec3f2bc2f195a061c3e2e48140001006617e01907ff2857ace0a65e7af7bd780c00030050ee525a64c576a3080004000400000014000100e227e1f85262c7c61d19c877533856cd1c000200d1bb7411cf9b0527ae07d71deaa15bb76713333266a93055140001005a61933250cab77fbe2915241e9fbf2e5c007a800c0003004f666eccf7ab0e5414000100d595c8660dcfebb4e7583b1256b03cce0800040003000000140002003207fb67ea54de65ad093622001f378808000400efef00000c000300d7eed97ca7b1ece4080004000000000018007a8014000200e3b5dd1e32c3e19440fffca71c1c5bdc9d7b6044a99e948620f3cb475d34fc843b6d1afd48c562e4abeb185fb96613939f3c4f3255271ee7b83cdaca6c4fc36ed637be76738e104aa80153389e", @ANYRESDEC=0x0, @ANYRESHEX=r1], 0x268}, 0x1, 0x0, 0x0, 0x20000040}, 0x2000c0c0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c20000000806000108000604"], 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xfffffeac, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90524fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
r7 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r8)
ioprio_set$pid(0x2, 0x0, 0x0)
sendto$packet(r7, &(0x7f00000002c0)="f257a8eaf0a30d267bc273dfaeab96850806", 0x12, 0x0, &(0x7f0000000200)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r9, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(0x0, 0x3, &(0x7f0000000080)=0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
chdir(0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
ioctl$TIOCSCTTY(r10, 0x540e, 0x0)

6m7.27515034s ago: executing program 3 (id=1352):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0) (fail_nth: 2)

6m6.863102864s ago: executing program 3 (id=1355):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0) (fail_nth: 2)

6m5.563767266s ago: executing program 3 (id=1358):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0x1000) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async, rerun: 32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 32)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) (async, rerun: 64)
setresuid(0x0, 0x0, 0x0) (rerun: 64)
syz_open_procfs(0x0, &(0x7f0000003200)='net/llc/socket\x00')
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) (async)
chdir(&(0x7f00000003c0)='./bus\x00') (async)
linkat(r2, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./file0\x00', 0x0) (async)
unlink(&(0x7f0000000280)='./file1\x00')
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') (async)
readlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=""/62, 0x3e)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r3) (async)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000480)="cd7ba83b9a2864a65a5922afbd29467eec366b540e193210c38118a68a0c", 0x1e, 0xfffffffffffffffe) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="65c9000000000000611164001d000000180000000000dfffffff0000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async, rerun: 64)
ioctl$BTRFS_IOC_BALANCE_V2(r4, 0xc4009420, &(0x7f0000000000)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct, 0x0, 0x2000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage=0x68c}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage, 0x0, 0x4}, {0xfffffffffffffffe}}) (async, rerun: 64)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xffffffff}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x40) (async, rerun: 64)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
dup2(r6, r4)

6m5.441860313s ago: executing program 32 (id=1358):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0x1000) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async, rerun: 32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 32)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) (async, rerun: 64)
setresuid(0x0, 0x0, 0x0) (rerun: 64)
syz_open_procfs(0x0, &(0x7f0000003200)='net/llc/socket\x00')
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) (async)
chdir(&(0x7f00000003c0)='./bus\x00') (async)
linkat(r2, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./file0\x00', 0x0) (async)
unlink(&(0x7f0000000280)='./file1\x00')
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') (async)
readlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=""/62, 0x3e)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r3) (async)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000480)="cd7ba83b9a2864a65a5922afbd29467eec366b540e193210c38118a68a0c", 0x1e, 0xfffffffffffffffe) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="65c9000000000000611164001d000000180000000000dfffffff0000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async, rerun: 64)
ioctl$BTRFS_IOC_BALANCE_V2(r4, 0xc4009420, &(0x7f0000000000)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct, 0x0, 0x2000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage=0x68c}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage, 0x0, 0x4}, {0xfffffffffffffffe}}) (async, rerun: 64)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xffffffff}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x40) (async, rerun: 64)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
dup2(r6, r4)

2m34.877733299s ago: executing program 4 (id=974):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_PAGE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000090601020003847d160d45bc000000000000000200ffff0400000007000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2600c000)

2m1.881584372s ago: executing program 4 (id=974):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_PAGE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000090601020003847d160d45bc000000000000000200ffff0400000007000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2600c000)

1m39.570893697s ago: executing program 4 (id=974):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_PAGE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000090601020003847d160d45bc000000000000000200ffff0400000007000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2600c000)

1m17.616716986s ago: executing program 4 (id=974):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_PAGE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000090601020003847d160d45bc000000000000000200ffff0400000007000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2600c000)

48.435339372s ago: executing program 4 (id=974):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_PAGE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000090601020003847d160d45bc000000000000000200ffff0400000007000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2600c000)

18.766738171s ago: executing program 4 (id=974):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2000000)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$pokeuser(0x6, r3, 0x358, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x9}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x6}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_PAGE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000000090601020003847d160d45bc000000000000000200ffff0400000007000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2600c000)

16.29354005s ago: executing program 0 (id=2168):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x30, 0xffffffffffffffff, 0x6ae83000)
connect$unix(0xffffffffffffffff, &(0x7f0000000700)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semop(0x0, 0x0, 0x0)
semop(0x0, &(0x7f0000000500)=[{}, {}], 0x2)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000180)={0x77359400}, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f00000006c0)={{}, 0x0, 0x0, @unused=[0x3], @name="732da777ba95b842d0adfd2d5b13e0c41c7d549736ad785d159f7cc753226ecceae0d4414d03163accb1bcdcd669ffedaf8cf8a0a1452e2e2d59fee99600dc396682c4435d682ea76c22aade7cd11ce0f179c22c45e01e9016c08e30d3021d7fb77f62a725a31c609e646cb661ef4776c00c436854702fefd6f9da0367e5dcbbd24b0c4886830a1fd866cc36e451adb70b8f7c054e942605f6a7b6e4438d8c22e87a51ad9d22b6a7c4c3cb58950b76d8d0a4281b67f69b4ac1c41abd01beff2f71b51ab1401df0a75bafdecee2f8a723242c6de0f0f7a60fd6f9a710969a5c14db7c2f612a80f248eeb170377c90c3b8cb54850c75d3286befee24e4cabac911e1bdc375b106bbec9fb280ff69405ddd1edd2cdc38ceca1d9daa38832e3b21431ffa93d3544b3ab3606a1e333e8ee019c62fc7d39404758f039c1f2ce55fa4912c6a86bd66606d8429e53346abb7fdfb621334f82c950077c275d3be2a1995dc24efa46b6b336de47482c45bec27e636b22582cbf9075c33964f39bd320be34c8bf437650e0cdf938e14196c069f167fa655fbee7bc6ea4eb4e1741a57018a407486d9b12a2ade7835961f18e2c3d911d129390a493bafa9591329cd742355740e94a307d090ceed297d403297a99e0a4d5260fd0923c70324c98948cf6a512f077c3162e69daf428b931f61c8a08f6a617dc96b3113a44574b3455c7fc71b86eac26697707e710cb0467f1d99acb36ea73123330bda96aedf62b511ae5d49ddec287fcf2609e180550fdd2430509c5dc8eee7067fb560b3c128e812c674284e9b5e2145c9b7f7b0870ddb432401e4c589b3b67eb3ecc66de2b633750c86fc71280a8aef8ee5d7d125c0a32ed20bdeb1597987da19e3918384f149187e5af4d0168766cfcf104128e4532b0f2632f992d88495d8aa3c3b0dec8cfdaf6ce2d87c016a985957aa6d57705fc0f1ec73e27bba36b31f9148baf539c4c7f31bff43909033d05fae659b4e0dc5c98abdbb9a168052fcf778ff7fa5e70381a81774647156599ae78013429f6af1006e9a7c225cbe848180f70ca2a6e9427863ee55c377e4b22b678ee8bb68093f0bda68f69feb2b13decd8e0bc833d0ca0481dc99db2424c1e26450fc82f15ebe31980956806d0a59096fc7cc19b77afd1f74be8d6478d9f750118771fe4e65326064a38a2cf3a2206a9619f122e79fabf1a6feee12c5824c2867856fd8652063b59cb569631b4e55e6c3bd5803747b5e43d16af34efdaced4cdb255396f1eea22488a65e74baffdd5afad4449f45c50480106fcbc326fc5e41fc3917c164f320d3a9676add3a8f3663c4ee57222fcc431eeb0a8250066b5ea21f53ff2d2f77fd20b41b0135f5b513fec9670a99319d4683fc96a108250bb8b80b0458930eb9016f88472df30bc6514816ad6b61f780de0b577024bd96e39735acaad585d73c095a5a27c86795a01ebd74a23e91147b320d80febe6bae7fcf1bae5d5df9f2b110fd9b2a7ba3297784beec8817ffa6bbe80601025b8688ea3cbcef0c760ea44b9a5fe8144ef7c6f5a36381252bb77202aa8ee02cbe1116b609b8db158bfdd32d1ec98b52b15db9f7a67f34411b1eb8c8d57464fafe475044ce250ccc9fd9598459827422075017ec93f3cc9085065819d6b5ebfccead1018212324b2ccf52752a048a51253904dd9b3ddf5e8ff85a41a2695df2f63db06441a25f1a9c62947ef7072f0f6e933aa80f238bb02e483b120c1169e0e0fd14c7c1ce2ced9a8337d85c956aa2e9034e1aaa09163483f66809bb7b1dc6b1faaf4765eab9fc11ac2d25741d0f8cb52a077cd96b6c6f565cabe9c04fc75596a58f7c8707d6bda3e8c9fda45bdcb3c98d4ec017cc693addd02e0f632b8140f8fecf982126c3fffcbb66997bb56a07d24b7440c6cbcb3fcaf1df8e6c3fd4d3dd8c6dc79200af16ae193c1b20e84f7d7cbaa3d2994d746e7debece9e31a0a6252ed6817bda0ad030c30c7c77f96d7eba7b6c52aa4e3decd9e5575456a3cd4101877f2a0f3ca57a3d8ed46c8a7a3a587528c2503183b83c15d5b394d3444646932419139a021b6264c165a507cfc34b49937f2a5c2bdde34aad3ba5a53341dde345e6e097cccd5d0e99d571544549bcfc83c9d12ad617b71279eef88205dac675f2b6303feb9cca7a09a35aa06e601846495a3a2bda229af7e3498f16752cdb7a1c590bd56fb50ac6239442bcbcb817768f5f0e0ac73ae47573702ae55d42546c44bedfa4b987caec41ebbce166bb0042039bb24bcb2819aa61c23748a313c7c43bbb9bdc4118678882865a01411d2416a56d67fa3695ad30fbf60ff3c08e83b5427a2a0c444335a3e0d06fdf9bcdca21c9574d0639c692e72f6ac8657dfa70d94103568e663e4a63e78aa2eeb58ce290f94d75cd72becba5f501d616195b6617863e7959e95ecdc813a8e1b39dcf99f8f0de11b919365d7e827a2e7a7c34bd4a91e3c3f88138a9822406bffe28a763e4335cd2738b985ee315f2ef470930458baa93e2f34dfac98308a04099caaaec1a05408fe41de085caffadbe80364d907c224f9f5450cccc60202b39ff886522c4aec7d9fe0d2ab8ee49d4b504d25ac72748dbdc2aed95148da8f1f5f43c0870e4a0256880351ccf0a53c1877392422620edf81210f76aea336d331978189bdf1965b2893193080ecc5340235efeb6778f6e9c36d878a16fecbc9ad055b18bcb1b892e7ba6d3d8f112a6c1c6a297b0dd5a0ec2da5f7279c65d9d990183bc1d789591850fc24b193af980df7165ec03cabb56d5c696d86428ac39b6b4e59b103232c1c4680d303046ac86e247125343f4c8ce7159ebc4ea66218bfff128e8faef39b7e38d11366e118fd9785d63cb69a9eb645e6b0f1905d6edb7817c698162a66e4dfac565ac8a109e379d7384e0103d113418da91ff80454730a5b58e44819723fb4cacca323316799cc5d06d40654968aa8e5fa6cb6b3952c3ba29fb4d8f574af01a05b342a5a88d7ba173fbce037d639ad165541d0097d9adad62f5d4ab886f7a2723ec339161cd7dfc498fa4f416fb737088f9e79dce316196fddf16162d06ef7da7fd125c17e25ce7802e9705f70fd969d3342e9ec532fe62a32c5e98f2e0f6c00ea5888b242720d4e2a49683e2b4512c6250dbb3a2bc80dae1b28210196f29bdd0fd2b869424a248aa74741ec574acecd0ad5065d4267cf6c1e2e01e65bd201b7893b257d1968b53646f2359d4303c0d72f35081d1f81a7b6612efaef9a338d92cdecde4aaccef8e9895c4e8792dacc653aec47a5224471850105479092eef45d2f4c85cfec7c15e2031c201cc2806bf452e02dbb63a805cc3f914a44a7dc47d02ea3f2a4e4e44b302322b931a01ded30e53ad0b28b02ebc3a3da5bb1e83a32ab58235a2ca97876b2e98436427abbf197c74b8fff281f9b7fbd2f5c7b8c4c34d6f95239f8b1806179ad03add3d76e1cba8949326eac0d352dbbd3608ea983542e90850fda819f485d5366e84b8dfd808d1050f72bf915b3a4dfb40759d4866da5ef559e980f6fda338df69faa0880b5f95489e9b7351bf739e5bff3f3a4fa32792a38541787be842995992bd797380fb7bea0d78b56e308cd7208d9bee65b64cd0be0d8a7a51d88be15216ba695079ff700542f591e382a37333a6f71b3bf114d484df0a26d8068e2ba4544842d7a0493196de2e7e8ac6b386082bb13b830b94d17b9c136b8fb3ddc08f62be8faedb308c1bef151706d0c11c8395d20168fca339baddbeaa604ea2401a4ee3cd529c7dbcb5037ae9fb3c3cf9721ada8722f76ce3aea8cf798f46ca243c383e2f625222f33a015df24fd22f12e85f92282e91e77eea393bb46561464daac0b46b85699a960609e8d655c6567aa9e1f7f43207fcf5049771403c8da5c9f2ef567111b8eed34593271be18cfb834ff697008f06b35da8a5b57dd0383fa13561f74e13b8775bc0414b7476dd8c6ff7f1859e6f338fa10375319fd54312306da46f503f92189dac71b047fb2cba3e64633029920e49fd9c8bd71a342c2c17e8526b6bc727c1c225eab431a2cfc7710bc2b90662f318dce3eeafc509de2b22a96200e277917e8721fd6d0c850b19f0b03e5c61c888070f5aff9ae206956856e16c0f00ae2f5052fd342fe2f2789eb394945711bc986e7284120241ab595c6dbc74e7028ee23d9ae68a5e0afaeb0ac339e082bcf4e0550d326550ab3602d4623e7c7a9407019f3a2cf662ece2219b84f365de370faf1f1dcba9d47f5ec1f4efbe0e09a2b34c8470ad0489f239f38978bfbaa71a345e2884f7e51f3f21f926cbbe2d330de25aaf47f0cf8f75512313fdd83d4b8f8355a27facbee96468fbb3c2de7ca96576770595b17535c3fb10910d71e342b8b61af00ef695f1a6459f649aa75e03b834f2a4929b37ff28d9a7ca8817278cba0fefba654867632f1ae5682004c93c2c875e6e02e95ca31ef596b54baf45506598c3613c95ab78bfe511ed6b066aa7addbc8f80c5150917e64aa099cfdd8874bf1c304d432085a08e981a34307ddd62eb206c90550b3908c085fe065996daf6a0e22b3b937faf6eebdd7ab9a26f7703197256d70fc487d567cf71f58f7107de290aa3a5a17eaa1c23a8462b6d2d63231d48d6bd5214593cfbb9abb670a98952c9a1f3032187d7e19390317c5b0fee90a6d5751628654d76f12500b0e2a5055629fc9d999812c83f5d79870bebd8da9d0f81eeca98994953f2bbf765da4d570dc6d736d092c22b67151a0da83fdc7545371a5ed35a21db0d3324023b4903e5e93bfe74f4c3851b5cf60184900e90e75a073864a7ba693dbd90da65460118a67ab6016ff71781bfb796208c722f01f9590f7b1600dad45f373eb9f4f51cf37933abb24c59498286ac5aa91c2f1ee68444f72b38529bfe63afdd7b0f2af06c0e43921cae2adf4ff799a6b33828ac79a5027fc8daad4b6a4077cf9d6c85cd8835938b99f34c770972a84ebe44e01c506112c12e0fd388f47cd933bd937f74a29e8efc942fff0e723873e28170877dbf19b240ed7ba16bd7687780443c751a633badeebc26484c8d6000d71e7b24a8aa5e55d643f040590e4186517721c64239cc4b97f183cb7525d13f30120af346bad782428f1e31a0eb614f065da18993da5e189b1992ae41ac15dd2cc580ce1e1c44c41ee6e2f401cc8c706f27416213e359df9f61506f73990f844d5c16932dcbbefde2365abb0e7addef789f316380632d74caae8c057a39feb3913503af6afd2f0c82c60b761cb9750436c751ad9187b23543e2d18cd91231654e240d0f77842ed6b9790cdcc09971e6e30207f31d018ffe8ea5dc93f802e64ec8de742cfc67f303401b1ab861701158f2ef4814bda4c5102ef16b52f41e94fb614df1c3ed421589af593484fa378b08f9e097da2e58b5ca946c191f110b3654550b0dded4816645104583361cc452c7c05913faa5b088775079e991cf031a752ea7a29ef3a56ce9846ebed5dfde52ccf8dbc87bacc01da13435824fc988dcf4ef47da0c99727af4fe002fcb039f1307022d86637323726eb0bc708b16ca0be9e9f6332d4aee7059618e2be8f8cced023044b1e0d084c975c51906fd8d29d1f3098647613ff5a8548f2971d627554721d7a3604ca350e66afb07cadefb28167b15cb57504e88e1b96db89a8bf616cfc24fb37a0e2"})
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xfffffffffffffddf, &(0x7f0000000200)=ANY=[])
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="850000002200000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs$namespace(0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4000)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)

13.228082287s ago: executing program 0 (id=2176):
syz_usb_connect(0x0, 0x4a, &(0x7f0000000180)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {&(0x7f00000002c0), r1, 0x1}}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x8c540)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000640)={0x10, 0x3, 0x1, 'queue1\x00', 0x4})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x74, 0x0, 0x7, 0x401, 0x0, 0x0, {}, [@NFACCT_FILTER={0x1c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x10000}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}]}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x7}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x4}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x9}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0xffffffff}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x101, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000500)={&(0x7f0000000100), 0xc, &(0x7f00000004c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="400000000007010100000000000000000000000708000540000000000c00034000000000000000040c0002400000000000008eaf0c0007400000000000000004038fd5eeb0ea29ad84e81925888c0674c41680ceea1ce488da0bcd1d0fdc124db7830551e2e582c2ac01f3fc4990b653f01c9be3c21d13978f9a29292074c38fb1ef86e3d15db21bc8a7966ac4dea01f5b3c3c"], 0x40}}, 0x24000000)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f0000000440)={&(0x7f0000000140), 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x58, 0x3, 0x8, 0x507, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_CLOSE={0x8}, @CTA_TIMEOUT_TCP_RETRANS={0x8}, @CTA_TIMEOUT_TCP_CLOSE_WAIT={0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = dup(r4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="680000000206010300000000fffff000000000000500010006000000050005000a0000000900020073797a32000000000500040000000000140007800800064000000000080013400000004011000300686173683a6970"], 0x68}}, 0x0)
getresgid(0x0, &(0x7f0000000040), &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000300000000000000de42ed005e5c031aafe4258def1e5c4e13d5daf8aeca46e2a17b4e95deb4"], 0x50)
r6 = dup(0xffffffffffffffff)
ioctl$KVM_GET_MSR_INDEX_LIST(r6, 0xc004ae0a, &(0x7f00000000c0)=ANY=[])
pipe(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000063014000000000009500010000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
io_setup(0x7, &(0x7f0000000280))
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/block/loop0', 0x42, 0x0)

12.740606494s ago: executing program 5 (id=2179):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x14, r4, 0x333, 0x0, 0x0, {0x1c}}, 0x14}, 0x1, 0xa60d000000000000, 0x0, 0x40}, 0x0)

11.463317923s ago: executing program 5 (id=2181):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_pidfd_open(0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
read$FUSE(r4, &(0x7f0000003680)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, <r5=>0x0}, 0x2020)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r6, &(0x7f0000013c00)={0x0, 0x0, &(0x7f0000013bc0)={&(0x7f0000013b80)=ANY=[@ANYBLOB="280000001b1401"], 0x28}}, 0x0)
write$FUSE_WRITE(r4, &(0x7f0000000040)={0x18, 0x0, r5, {0x80000000}}, 0x18)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)

11.211300888s ago: executing program 2 (id=2182):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x0, 0x0)
bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'xfrm0\x00'})
connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = dup3(r2, r1, 0x0)
getsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, &(0x7f0000000880), &(0x7f0000000800)=0x4)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f0000000040)=0x1002, 0x4)
pipe2$watch_queue(&(0x7f0000000100), 0x80)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0)
fadvise64(r4, 0x0, 0x0, 0x5)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f0000000300)={'filter\x00', 0x0, 0x4, 0x88, [0x1, 0x7, 0x8000000000000000, 0x6, 0x100, 0x1ff], 0x0, &(0x7f0000000140), &(0x7f0000000180)=""/136}, &(0x7f0000000240)=0x78)
r5 = accept$inet(r3, 0x0, 0x0)
r6 = mq_open(&(0x7f0000000080)='$((^\x00', 0x40, 0x6, &(0x7f00000000c0)={0x1f, 0xffff, 0x7, 0x2})
dup2(r6, r5)
readv(r5, 0x0, 0x0)
signalfd4(r5, &(0x7f00000003c0)={[0x1ff]}, 0x8, 0x0)
ioctl$BTRFS_IOC_FS_INFO(r4, 0x8400941f, &(0x7f0000000400))
flistxattr(r5, &(0x7f0000000000)=""/52, 0x34)
lseek(0xffffffffffffffff, 0xfffffffffffffffc, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r0}, 0x10)
r7 = semget$private(0x0, 0x4000000009, 0x0)
semop(r7, &(0x7f00000002c0)=[{0x0, 0xff}, {0x0, 0x1f}, {}], 0x3)
semop(r7, &(0x7f0000000280)=[{0x2, 0x7, 0x1800}], 0x1)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r8, 0x89fb, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={@local, @broadcast, 0x1b, 0x13}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000700000000000000000000000000611259f80fe0bd06958ee18a079cd369f2e1200000000000000000000000000027f068cebae487bc2a62c9d49d19d211b31b09e0b919acd1c398ae16b4d5eb40cd6efb1643f9c277678f1771748b141e5f97856c2e000000490b3a3b898abcd7d3d1c2414603e6fa40eaa63535de1f3a7e5c88d08f16b1e0a19aa47223c931e9795457a48bd8477140c6073c8523a7e982cd1df5e4b40ad33f6d85148fc8bd8fa9059f5569786eec27693a84227ee2ad4142e6a07ffd7dd977d9813ab6025b6bb340f35d9c22f00acb2d55ffec329d69271e31206a0800000073ac4b7feffc0795a828473a47b57573201ad1e6cc689aa952b3d949264d5ff7a9c9971ea922d956ffb3a24848a392aac35ee4a08fee8347eb23c2808a6b7a1cbab944458235f5066fff190b1098fdef249c73a3f490aeab559bd1ec5e087ea3d35e8b41ddb0334812fa2d1e5496e4b2e8289576a671749373545fd778d00cc4352aca042a64aa6b638ed63c4ce83aaf5df61fa188f144cf574508d0ff48e5c0e5276a3a86ccae1a241ab8889e3ff3ad422a3f6d28898854bc91b3b7f18b7fbdbc4d59376e03bc59464f799bf78e1d38614b5f5f0b399c145fe1e2a739f1d66095f0f43011225addfd26600da1d65a3d76b8881fc8c2aad7b94054c996d9de2debc38db516d5b4"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

10.158611606s ago: executing program 0 (id=2184):
r0 = syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/4, 0x4)
write$char_usb(0xffffffffffffffff, &(0x7f0000000400)="276de7a7fd7244db289ca15834260dd07d5f9fd8237ba91583caafe3d16c4c6e3e95edf5ad154da858e53021d5c4e07907967035f9d084f229dcbff804173155ea3dee2f2cc17f1f76dd2774efba40bd915f7aefdadc789f4f553b5d3c75297c72d3f4ea2c87fd42f38596df2326778bef794759771f1467606b99e8d9124da6154e5eae664b883a5bcbd3666a99edd2d63a8f2783bf4d78f7ed3c2412f5555dfa79e21f131c946fb1cd80a2e82bf2018fdb2488e74a56f35f1fd0ad32c759a78a8df2d55a700bc513658dcbb2d70000000000000000007772c89060bfc030dcb2d9ac43c0ad4070f9447fd78d35a69266104cfbfa1efc1c10e5693e5a8717d256577a00f75a3714d74b2c42ffa42695800f6f43d6116615555da95699d6d2ca1a37fd8deafc2d0b4c8fcdcc8033fb46340a8d38db492446918edba308b7ccf97f64984a000000", 0x147)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(0xffffffffffffffff, 0x40046104, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$inet(0x2, 0x6, 0x0)
getsockopt$inet_pktinfo(r1, 0x10d, 0x9c, 0xfffffffffffffffe, &(0x7f0000000000)=0x300)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r5, 0x800448d4, &(0x7f0000000480)={0x0, 0x1, "00fa00"})
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r6, 0x5100)

10.133390842s ago: executing program 2 (id=2185):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$dri(0x0, 0x1f, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setrlimit(0xc, &(0x7f00000000c0)={0xff, 0xffffffffffffffff})
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
getpgid(r2)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0)

8.929076162s ago: executing program 2 (id=2187):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffeb1, &(0x7f00000001c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
setitimer(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r5, &(0x7f0000000280)=@file={0x1}, 0x6e)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000280)=@file={0x1}, 0x6e)

7.959031056s ago: executing program 2 (id=2189):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_emit_ethernet(0x52, &(0x7f0000000440)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}, {[@lsrr={0x83, 0x7, 0xd7, [@multicast2]}, @timestamp={0x44, 0xc, 0x5, 0x3, 0x0, [0x0, 0x0]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f0000000a40), 0x4)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x8, 0x1, &(0x7f0000000180)="e2", 0xb, 0x1, 0xc45, 0x1010, 0x3, 0x0, 0x8, 'syz0\x00'})
syz_io_uring_setup(0x4016, &(0x7f0000000000)={0x0, 0xcc32, 0x4, 0x3, 0x261}, &(0x7f00000000c0), &(0x7f0000000140))
syz_usb_control_io(r0, 0x0, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r4, 0x8982, &(0x7f0000000080)={0x9, 'vlan1\x00'})
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x0, 0x4, 0x8, {0x8, 0x7, "a7ea3163fd3b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

7.181711515s ago: executing program 1 (id=2190):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @bitwise={{0xc}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x4004810)
sched_setscheduler(0x0, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
getpeername$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
r3 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

7.058086369s ago: executing program 0 (id=2191):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x30, 0xffffffffffffffff, 0x6ae83000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semop(0x0, 0x0, 0x0)
semop(0x0, &(0x7f0000000500)=[{}, {}], 0x2)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000180)={0x77359400}, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f00000006c0)={{}, 0x0, 0x0, @unused=[0x3], @name="732da777ba95b842d0adfd2d5b13e0c41c7d549736ad785d159f7cc753226ecceae0d4414d03163accb1bcdcd669ffedaf8cf8a0a1452e2e2d59fee99600dc396682c4435d682ea76c22aade7cd11ce0f179c22c45e01e9016c08e30d3021d7fb77f62a725a31c609e646cb661ef4776c00c436854702fefd6f9da0367e5dcbbd24b0c4886830a1fd866cc36e451adb70b8f7c054e942605f6a7b6e4438d8c22e87a51ad9d22b6a7c4c3cb58950b76d8d0a4281b67f69b4ac1c41abd01beff2f71b51ab1401df0a75bafdecee2f8a723242c6de0f0f7a60fd6f9a710969a5c14db7c2f612a80f248eeb170377c90c3b8cb54850c75d3286befee24e4cabac911e1bdc375b106bbec9fb280ff69405ddd1edd2cdc38ceca1d9daa38832e3b21431ffa93d3544b3ab3606a1e333e8ee019c62fc7d39404758f039c1f2ce55fa4912c6a86bd66606d8429e53346abb7fdfb621334f82c950077c275d3be2a1995dc24efa46b6b336de47482c45bec27e636b22582cbf9075c33964f39bd320be34c8bf437650e0cdf938e14196c069f167fa655fbee7bc6ea4eb4e1741a57018a407486d9b12a2ade7835961f18e2c3d911d129390a493bafa9591329cd742355740e94a307d090ceed297d403297a99e0a4d5260fd0923c70324c98948cf6a512f077c3162e69daf428b931f61c8a08f6a617dc96b3113a44574b3455c7fc71b86eac26697707e710cb0467f1d99acb36ea73123330bda96aedf62b511ae5d49ddec287fcf2609e180550fdd2430509c5dc8eee7067fb560b3c128e812c674284e9b5e2145c9b7f7b0870ddb432401e4c589b3b67eb3ecc66de2b633750c86fc71280a8aef8ee5d7d125c0a32ed20bdeb1597987da19e3918384f149187e5af4d0168766cfcf104128e4532b0f2632f992d88495d8aa3c3b0dec8cfdaf6ce2d87c016a985957aa6d57705fc0f1ec73e27bba36b31f9148baf539c4c7f31bff43909033d05fae659b4e0dc5c98abdbb9a168052fcf778ff7fa5e70381a81774647156599ae78013429f6af1006e9a7c225cbe848180f70ca2a6e9427863ee55c377e4b22b678ee8bb68093f0bda68f69feb2b13decd8e0bc833d0ca0481dc99db2424c1e26450fc82f15ebe31980956806d0a59096fc7cc19b77afd1f74be8d6478d9f750118771fe4e65326064a38a2cf3a2206a9619f122e79fabf1a6feee12c5824c2867856fd8652063b59cb569631b4e55e6c3bd5803747b5e43d16af34efdaced4cdb255396f1eea22488a65e74baffdd5afad4449f45c50480106fcbc326fc5e41fc3917c164f320d3a9676add3a8f3663c4ee57222fcc431eeb0a8250066b5ea21f53ff2d2f77fd20b41b0135f5b513fec9670a99319d4683fc96a108250bb8b80b0458930eb9016f88472df30bc6514816ad6b61f780de0b577024bd96e39735acaad585d73c095a5a27c86795a01ebd74a23e91147b320d80febe6bae7fcf1bae5d5df9f2b110fd9b2a7ba3297784beec8817ffa6bbe80601025b8688ea3cbcef0c760ea44b9a5fe8144ef7c6f5a36381252bb77202aa8ee02cbe1116b609b8db158bfdd32d1ec98b52b15db9f7a67f34411b1eb8c8d57464fafe475044ce250ccc9fd9598459827422075017ec93f3cc9085065819d6b5ebfccead1018212324b2ccf52752a048a51253904dd9b3ddf5e8ff85a41a2695df2f63db06441a25f1a9c62947ef7072f0f6e933aa80f238bb02e483b120c1169e0e0fd14c7c1ce2ced9a8337d85c956aa2e9034e1aaa09163483f66809bb7b1dc6b1faaf4765eab9fc11ac2d25741d0f8cb52a077cd96b6c6f565cabe9c04fc75596a58f7c8707d6bda3e8c9fda45bdcb3c98d4ec017cc693addd02e0f632b8140f8fecf982126c3fffcbb66997bb56a07d24b7440c6cbcb3fcaf1df8e6c3fd4d3dd8c6dc79200af16ae193c1b20e84f7d7cbaa3d2994d746e7debece9e31a0a6252ed6817bda0ad030c30c7c77f96d7eba7b6c52aa4e3decd9e5575456a3cd4101877f2a0f3ca57a3d8ed46c8a7a3a587528c2503183b83c15d5b394d3444646932419139a021b6264c165a507cfc34b49937f2a5c2bdde34aad3ba5a53341dde345e6e097cccd5d0e99d571544549bcfc83c9d12ad617b71279eef88205dac675f2b6303feb9cca7a09a35aa06e601846495a3a2bda229af7e3498f16752cdb7a1c590bd56fb50ac6239442bcbcb817768f5f0e0ac73ae47573702ae55d42546c44bedfa4b987caec41ebbce166bb0042039bb24bcb2819aa61c23748a313c7c43bbb9bdc4118678882865a01411d2416a56d67fa3695ad30fbf60ff3c08e83b5427a2a0c444335a3e0d06fdf9bcdca21c9574d0639c692e72f6ac8657dfa70d94103568e663e4a63e78aa2eeb58ce290f94d75cd72becba5f501d616195b6617863e7959e95ecdc813a8e1b39dcf99f8f0de11b919365d7e827a2e7a7c34bd4a91e3c3f88138a9822406bffe28a763e4335cd2738b985ee315f2ef470930458baa93e2f34dfac98308a04099caaaec1a05408fe41de085caffadbe80364d907c224f9f5450cccc60202b39ff886522c4aec7d9fe0d2ab8ee49d4b504d25ac72748dbdc2aed95148da8f1f5f43c0870e4a0256880351ccf0a53c1877392422620edf81210f76aea336d331978189bdf1965b2893193080ecc5340235efeb6778f6e9c36d878a16fecbc9ad055b18bcb1b892e7ba6d3d8f112a6c1c6a297b0dd5a0ec2da5f7279c65d9d990183bc1d789591850fc24b193af980df7165ec03cabb56d5c696d86428ac39b6b4e59b103232c1c4680d303046ac86e247125343f4c8ce7159ebc4ea66218bfff128e8faef39b7e38d11366e118fd9785d63cb69a9eb645e6b0f1905d6edb7817c698162a66e4dfac565ac8a109e379d7384e0103d113418da91ff80454730a5b58e44819723fb4cacca323316799cc5d06d40654968aa8e5fa6cb6b3952c3ba29fb4d8f574af01a05b342a5a88d7ba173fbce037d639ad165541d0097d9adad62f5d4ab886f7a2723ec339161cd7dfc498fa4f416fb737088f9e79dce316196fddf16162d06ef7da7fd125c17e25ce7802e9705f70fd969d3342e9ec532fe62a32c5e98f2e0f6c00ea5888b242720d4e2a49683e2b4512c6250dbb3a2bc80dae1b28210196f29bdd0fd2b869424a248aa74741ec574acecd0ad5065d4267cf6c1e2e01e65bd201b7893b257d1968b53646f2359d4303c0d72f35081d1f81a7b6612efaef9a338d92cdecde4aaccef8e9895c4e8792dacc653aec47a5224471850105479092eef45d2f4c85cfec7c15e2031c201cc2806bf452e02dbb63a805cc3f914a44a7dc47d02ea3f2a4e4e44b302322b931a01ded30e53ad0b28b02ebc3a3da5bb1e83a32ab58235a2ca97876b2e98436427abbf197c74b8fff281f9b7fbd2f5c7b8c4c34d6f95239f8b1806179ad03add3d76e1cba8949326eac0d352dbbd3608ea983542e90850fda819f485d5366e84b8dfd808d1050f72bf915b3a4dfb40759d4866da5ef559e980f6fda338df69faa0880b5f95489e9b7351bf739e5bff3f3a4fa32792a38541787be842995992bd797380fb7bea0d78b56e308cd7208d9bee65b64cd0be0d8a7a51d88be15216ba695079ff700542f591e382a37333a6f71b3bf114d484df0a26d8068e2ba4544842d7a0493196de2e7e8ac6b386082bb13b830b94d17b9c136b8fb3ddc08f62be8faedb308c1bef151706d0c11c8395d20168fca339baddbeaa604ea2401a4ee3cd529c7dbcb5037ae9fb3c3cf9721ada8722f76ce3aea8cf798f46ca243c383e2f625222f33a015df24fd22f12e85f92282e91e77eea393bb46561464daac0b46b85699a960609e8d655c6567aa9e1f7f43207fcf5049771403c8da5c9f2ef567111b8eed34593271be18cfb834ff697008f06b35da8a5b57dd0383fa13561f74e13b8775bc0414b7476dd8c6ff7f1859e6f338fa10375319fd54312306da46f503f92189dac71b047fb2cba3e64633029920e49fd9c8bd71a342c2c17e8526b6bc727c1c225eab431a2cfc7710bc2b90662f318dce3eeafc509de2b22a96200e277917e8721fd6d0c850b19f0b03e5c61c888070f5aff9ae206956856e16c0f00ae2f5052fd342fe2f2789eb394945711bc986e7284120241ab595c6dbc74e7028ee23d9ae68a5e0afaeb0ac339e082bcf4e0550d326550ab3602d4623e7c7a9407019f3a2cf662ece2219b84f365de370faf1f1dcba9d47f5ec1f4efbe0e09a2b34c8470ad0489f239f38978bfbaa71a345e2884f7e51f3f21f926cbbe2d330de25aaf47f0cf8f75512313fdd83d4b8f8355a27facbee96468fbb3c2de7ca96576770595b17535c3fb10910d71e342b8b61af00ef695f1a6459f649aa75e03b834f2a4929b37ff28d9a7ca8817278cba0fefba654867632f1ae5682004c93c2c875e6e02e95ca31ef596b54baf45506598c3613c95ab78bfe511ed6b066aa7addbc8f80c5150917e64aa099cfdd8874bf1c304d432085a08e981a34307ddd62eb206c90550b3908c085fe065996daf6a0e22b3b937faf6eebdd7ab9a26f7703197256d70fc487d567cf71f58f7107de290aa3a5a17eaa1c23a8462b6d2d63231d48d6bd5214593cfbb9abb670a98952c9a1f3032187d7e19390317c5b0fee90a6d5751628654d76f12500b0e2a5055629fc9d999812c83f5d79870bebd8da9d0f81eeca98994953f2bbf765da4d570dc6d736d092c22b67151a0da83fdc7545371a5ed35a21db0d3324023b4903e5e93bfe74f4c3851b5cf60184900e90e75a073864a7ba693dbd90da65460118a67ab6016ff71781bfb796208c722f01f9590f7b1600dad45f373eb9f4f51cf37933abb24c59498286ac5aa91c2f1ee68444f72b38529bfe63afdd7b0f2af06c0e43921cae2adf4ff799a6b33828ac79a5027fc8daad4b6a4077cf9d6c85cd8835938b99f34c770972a84ebe44e01c506112c12e0fd388f47cd933bd937f74a29e8efc942fff0e723873e28170877dbf19b240ed7ba16bd7687780443c751a633badeebc26484c8d6000d71e7b24a8aa5e55d643f040590e4186517721c64239cc4b97f183cb7525d13f30120af346bad782428f1e31a0eb614f065da18993da5e189b1992ae41ac15dd2cc580ce1e1c44c41ee6e2f401cc8c706f27416213e359df9f61506f73990f844d5c16932dcbbefde2365abb0e7addef789f316380632d74caae8c057a39feb3913503af6afd2f0c82c60b761cb9750436c751ad9187b23543e2d18cd91231654e240d0f77842ed6b9790cdcc09971e6e30207f31d018ffe8ea5dc93f802e64ec8de742cfc67f303401b1ab861701158f2ef4814bda4c5102ef16b52f41e94fb614df1c3ed421589af593484fa378b08f9e097da2e58b5ca946c191f110b3654550b0dded4816645104583361cc452c7c05913faa5b088775079e991cf031a752ea7a29ef3a56ce9846ebed5dfde52ccf8dbc87bacc01da13435824fc988dcf4ef47da0c99727af4fe002fcb039f1307022d86637323726eb0bc708b16ca0be9e9f6332d4aee7059618e2be8f8cced023044b1e0d084c975c51906fd8d29d1f3098647613ff5a8548f2971d627554721d7a3604ca350e66afb07cadefb28167b15cb57504e88e1b96db89a8bf616cfc24fb37a0e2"})
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0xfffffffffffffddf, &(0x7f0000000200)=ANY=[])
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="850000002200000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs$namespace(0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r5, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

6.204704783s ago: executing program 1 (id=2192):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f00000000c0)=0x100000, 0x4)
getsockopt$XDP_STATISTICS(r5, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x2f)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6, <r7=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r7, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x123800)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r8, 0xc0045520, &(0x7f0000000040)=0x400)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x4b0}}, 0x0)

5.721821344s ago: executing program 1 (id=2193):
syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x2000000}, &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r7, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000100)=0xfffffffb, 0x4)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c)
add_key$user(&(0x7f0000000440), 0x0, 0x0, 0x0, 0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x73, 0x0, @fd_index=0xd, 0x2, 0x3, 0x8, 0x19, 0x1, {0x1}})

4.708341222s ago: executing program 2 (id=2194):
syz_usb_connect(0x0, 0x4a, &(0x7f0000000180)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {&(0x7f00000002c0), r1, 0x1}}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x8c540)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000640)={0x10, 0x3, 0x1, 'queue1\x00', 0x4})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x74, 0x0, 0x7, 0x401, 0x0, 0x0, {}, [@NFACCT_FILTER={0x1c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x10000}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}]}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x7}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x4}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x9}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0xffffffff}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x101, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000500)={&(0x7f0000000100), 0xc, &(0x7f00000004c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="400000000007010100000000000000000000000708000540000000000c00034000000000000000040c0002400000000000008eaf0c0007400000000000000004038fd5eeb0ea29ad84e81925888c0674c41680ceea1ce488da0bcd1d0fdc124db7830551e2e582c2ac01f3fc4990b653f01c9be3c21d13978f9a29292074c38fb1ef86e3d15db21bc8a7966ac4dea01f5b3c3c"], 0x40}}, 0x24000000)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f0000000440)={&(0x7f0000000140), 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x58, 0x3, 0x8, 0x507, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_CLOSE={0x8}, @CTA_TIMEOUT_TCP_RETRANS={0x8}, @CTA_TIMEOUT_TCP_CLOSE_WAIT={0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = dup(r4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="680000000206010300000000fffff000000000000500010006000000050005000a0000000900020073797a32000000000500040000000000140007800800064000000000080013400000004011000300686173683a6970"], 0x68}}, 0x0)
getresgid(0x0, &(0x7f0000000040), &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000300000000000000de42ed005e5c031aafe4258def1e5c4e13d5daf8aeca46e2a17b4e95deb4"], 0x50)
r6 = dup(0xffffffffffffffff)
ioctl$KVM_GET_MSR_INDEX_LIST(r6, 0xc004ae0a, &(0x7f00000000c0)=ANY=[])
pipe(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000063014000000000009500010000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
io_setup(0x7, &(0x7f0000000280))
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/block/loop0', 0x42, 0x0)

4.70265411s ago: executing program 1 (id=2195):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x80001)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x3070c3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x83000000)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0x7)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x380, 0xffffffff, 0x98, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'rose0\x00', 'wg2\x00'}, 0xa00, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'snmp_trap\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'snmp\x00'}}]}, @REJECT={0x28}}, {{@ip={@remote, @dev, 0x0, 0x0, 'batadv_slave_0\x00', 'rose0\x00'}, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@inet=@socket1={{0x28}}, @common=@addrtype={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@broadcast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="34000000000801010000000000000000000000000900010073797a31c2a748c6ac1003e0c9000000000600024000000000040004800500030011000000"], 0x34}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x2, 0x8, 0x801}, 0x14}}, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r5, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0xd7, 0x0)
mmap$usbfs(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x0, 0x13, r6, 0x0)
munmap(&(0x7f0000ff6000/0x3000)=nil, 0x3000)
r7 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000340)=@phonet={0x23, 0x0, 0x0, 0x41}, 0x80, &(0x7f0000001700)=[{&(0x7f00000001c0)="27050200590200000600002fb96dbcf706e105000700810000008100ee162fd432bf892faccb", 0x26}, {&(0x7f00000003c0)="59d15ea985e58c8ae86a0e6c29efa9703fad4474676d499fbb6e558c082c53b9ee93e997e5cba0c4d038eb6785b01696bcc67c0e9bf0cfc16367d0f7cf02ab77def0492dfb4dac7987ceb54445941e203cc1a89ec1293865c17359f056b84ebb62ad7d2e54a56cb4a39ec2830670203dbcda5c9e425065f3d8c28cb30d00a670713f92a0071e798a4cd8af5db571117445f3025776b86fd9d492d7066834469fdf3f821141a3a0e88dfd270be71ca5d917580ff7deb7ef59fc04a9d12cae274b22cc0715b7e7805864b639d4eff5a0fdeeb4f8b09ec3cfc430126946614975a036e50132bf832967d113fa", 0xeb}, {&(0x7f0000000280)="828b53a2c015fa44130d4b92a4d60eea352929ae0466e0dee0071ae89b31ef1db0ac6fc64bcd873dee8d4c2cfa7a290af605d89f294c10eb959a46844ef70aab4683c5d671213f5edcca6494b9df8cd3f0adbdee302b9007ec2488ce0bd14beb80aba592f71ab6f26516cf8aff2a2ce3402681fa526f4cff3692f70f55820d9492c7d9fc55c5703508d9640d72ce31e07cc6997dc79cccb2e5f0f447e7066eb9aa04faaac2b2", 0xa6}, {&(0x7f00000004c0)="0973cd68cf87f4fe56dbdd920a30a5b6eb84f445d199cb2c389badb43c5f104defb2f06e836968652f9d8bc6c6dc4eb606a81130714dc70a23c3e409ed77ce2ce6f076f43f5aa91e4208e27574feb053c540e35e3f5530194666d27222680219de1f35ab7f37664c17496c417634e7fe7516ad58fb77f2df22f53a63bba7d30db11cd0791ea000933cacd005b8a3422c27759e648aea7fc65fe1945d1592a25bd6b9ac46fc0110a8b984c0af801780778a73d5f80c9af53001d713e0b54ea197e7e30c2fb2d56fd6da7d043b7c00427d4e81ddf7291ad6537fd3c56eb9dd969ff1014c9c5dae614d815bc3943a9011f9d8124f74f87e4777398d168b628d9c734858c53fb709193189f443d7be0000e6c9d72811ae64a5153b18847c5334680b785fdee49c8ae7878ee619dc09e1cbc5f18d747475f389a5220afa29091641418fc935c53d71f3387c625684110cf05878bf9fd4aab16b1d63360b39eb2c6e89285718eac6739ccff886e9e4b3c609eaa7db4740929cdd40646f58631f2e2341fb79c07e84aa9e3e02eefc4f1ba3282b716756a5681340fe81f0a481a47b73075d3adfe4c6d46020fd44e2c71c99bc092de9b30a92a3839bfb5c44d6aac42a8dc31c18ab07f6cf1e59afdb7ac1942ea8b2d07e3e1fd0851c46a1c8d2c2baeed0c97a7b58203310db2b1efd127fa57230e5754f44a609f5e41257cde4d4986cdb5e6dcc2e00cb6ff43528be411c697ac1fb1763978ba289c5d71bec5e8eb06616b553d7533e91a4cb96356af3c8536afa0287b460f1301caf618b3bde4c3ee9a529fe0042a55670503f9fd196f6bbfc3236d7b13b33f71cf832262508d87e4ef9cb45286e5b9eafc1f841c8156991e3590d1c9de98392a0d46ba63b2543c313f89c9749caa9fa010cddef361f406ee52ae90daa32cb4cb4c201e6f8eac7e9cf0e1be85c96ff113283066365197f54ce384741981e3af6eea786cfb605301fb39a2962943342f9ef9be5679dbb0b91c39fa470741322fad5f1149313972194a2dfc483499dde1f63c1c917a6807605e6164668de0643a0fa6fbdc07c13a4210048ea92bc4c45b6b1ae68d3074dfb5410f64f3466d8c9f6fb70cc49097490bd0162a40847166cfb796442dc57695ed02db498934a016d15e5239f5ca423d15ff25cfc4f24120f527d9d0b241f766e5e38c2b87973f8c1eccdaadd562b3324922f458afb1768444c29a5ed76fee308d96517d1f457d6d200b3ead97cbd1c49d19c5bb9ec0039736a1a2ebb848245060f880586110bbfbe33a02416d719403682af75f31ed2e7a3bf843125576a09f6b84248cebabc06476a2f96b9129d5145eeddf6905f2b5f92d6c6e62d70b369cb39095a7670a226cf1f39530a3ecbbdea2fd3be1965eff9bec138d7e010e32f3b49bf13471b28b2b01f1ee5b26e984bfbea0c4450254da4daa3c0f7b49f8799ad612a2d329d9c4fefc852ac0badaab11226e2d31367df6ecf98155420a8c3ca08be65b432234666e6f217bf050aae1a234da1f72e13eb6b357ef111429c6e23c8448fd8d24c94ca1b043790f4d809f40fdb39972f84a874c430e102d29c98479d9f542a5ded92a20bce1200c0d9d48c946ff01b6ba947956877cc4a204370866fb4cc9fe36e4cf269901a7bbaf763cf84f0b5b2038753b1152e84e0c3e76e0ffc32b4e64ca55a05dfbfb8b6574a60438744b20e8df62917a5f72c27d7822706e22848eb132d49aff232ab328c6995f72ddf32a6f2c03b4c21d12b1643415d0b2bcf59bdccc397bb4573833abdd8faaa190b58dbfca3b127c4e3a225491887189fca225485e944879bc84b46c76aa5b7b860fc548fc6d1de48df633714a968b543d5c68644877b0268a58a29e8343fe45faa9d2a377bc0248649b3e0d6ac8b241f0a63e75f0d192e0b2feeaed1beaf1345c88d7a6a8e98d981cdb3a063fc2605481fd288cb965d716ac0a1ad4bdb1028049e01f833a403ff9d853254dc1842335dc22388aeb6abb5ab4d9a6ba6c46741e56110c8ee07805c45e62d259fda6dd22dbdb26d2b7780159de2d86136ee1a92a22b773ee2630d9e520865a52c552d691dec5c8402e4cdfc1859e205a3959e71d77f8301d71366bd1a0c6167b70fae9c07b6e5b9b7fe7ff980c2f541ee5c82938ddb444ddc9eab3b7ac9a4a89228e1f1635b532696b8aaf991f3795b37e669cd067dc1b3b4b148d75e62af78b77ad471f1c1bb72c432eda1fe81336e76e06652e41693dfec33813ac4a17c6b39cb637b2e1fbee4465f2e7144a42e664f6ff7870e2c4eb40dadb2f3d2cb27a24e59575d746ff6bf1707dd87a2d47abe4d0ead382b2bf3e5f0ab042d097f15c2550ea619e66a53331b790beaf1b545385f8b326680feb9529b9922e0349c5fdd0714e830857539e31483d19c617d7722fda8ce7dad6654e2f2d3eb44467ee5abfece36b832f756d42c7506196c6408257f01e1c1d80d07c82e4a7a3573e4a30249131b0d25a41e676f2406cf4d34871b5e1ade338cbc69e9400baf942704a2b9295c6c7ec642c191f236a48afb337ffcf3f36c6936156ae01dc0d04ff0be1a51dd5fec4bf54e69d4e0fe603b0a0a943ce24c7202512368ad33ff7f0e732a9776b0d3ec92223ed35fa383eec6ad48dc3a4334767d8687fabb88f886f254e6c9787ed68797513180d39d51344ebc1d12ee0df31110bd71c48685e9e62667050b8e68b5c3f00df1b1376d6cad6cd294a8fdf695f305c384958aafdc9e9133a5951ce4eaaf5270e4e6195fb4c82d10224b309bb7272df813efa472ad5c536a141dda1e24ad179c7fef1f7850445504e72b31860ef63b5733f089793074a39e9fb9e53ec2343f83fb95b67fd9ff25830e4f4ac7b155016f366d0d6ef0814cb67b5927f5ccec0bf03e299460c0204d770066d9a844ef0fa93e80a4f500d4f79260d9ac52205c8956939a6dc5eabce9a9d2c3bee67cd0c4ca794f41e847bb7a476b714b4b91e879b936dc20acb2f800d1686b86d332677a6d678baffe4fbe698f52f06f632526dad9d9ad917332f118e6cd41015ee7a38d1513e53585e62893b06b96c969e26402d279e488b9728ae4a79a74816fce08a807a1d19e6beea6710e4fffe2c95a1022248268dbeade4de236620be48bdc72be7ebf98f3c612a89af937c5998af3149c9defd207ab5035fe27e4d36ae9cb5cd9429065e0ca7c7d4ed51aa981402c27dda5aa670b03841a6558e4d718707029b43d3d4e3150a1b934c2e2eb575eb0e1db77a91a8290408de2c92d9d57cfc3499a7245201c684b0466cb5dab64a7defc21060013ad19fb19415c9b8658ad33e135965d5bc8b73f1f30cd4cd50dd2028af668e9e0bf66ef1709afcf87cf6629c47435221f1d2b5b472004732295e240b12ebc2ff87ee5a3d9ba9c0f4fe462cf8f5cf043baca514482e2d7011e1f604b3399db7ee7c633e521339d44a87816dbe5b5263a2717883881fd0e3f1124555b612ae6da01752159b454b9eb8a431740d797a91f3df1d371d1a1c800da89bb1273c3f0ff933545fb6065b70c25d38c9b04d20d617558f191769c0433723b1facbc6acaf4c7d24c78e950e27e17a0163432eb613a3516e7a2164e0bee00bc0320c399982356ade618cfca570d13870f86dddaee674d8c2fec93f7f7e608bb7b7ddbe61a6264996cada1094ef78e31739e195354f6898cdd8d9eb8e01581c41be17365302c14dba1b765a33f1d969dbe2703f92dd6f64fafe73bcd8408f67d9c5335b5b35fb77fdd4ca8be206b4dcad9d2505a6c3dd3ee7eba9a6c1a75bba104be58e5ef8ab17fb50d2d2bb59abf059c300ffe132bc0d00def60699e0e90f30afe559eec035ad3c9813852667ac5e557bdd5ce917289ffc4e0c344a7aa5aed693d1ab17057b0b123c58ab76f0a0139715ea089d7d535181c6e8f10d14ed68eb6f19dd64bf1ea2fcb7b761d3778b5e10a2754c30b9c9232c1f2eaf8a0e260e1fb2756576eca161ff435844db116d38b9875df425930161dbf8fb3c8011ca69d7b24227bc9c16ff9dc64ebbbdbcb50f187d8561d7680422f15eafb7623f879cf5e9a7bbffdbb028d11f7f3f79db72ef2354495b0a27e5e647c5bec27852a75f54da0037ba34758878f3cc904fa2160c641e5eda8fad47b1fcbe2b2741ccbcff5a8d5f3575b7feaece998fbf607a1ce69d5e6f3ee434b5269bfd53efb778aa89107262778e7f4ea26bf24f80f3826def71dce738bc00c20862f10a23dc6880fa82508eb91fe8af06fa29d9b5f53f68fbcbcf8990af42a2202f6a6a761b88d2a6184a4f87c08be9b68fd3da12c5579c6ec6a9ba7c411730973674c79855c489d0b3d6b513b9e0c11b48c7646a4e32a267821d2be0077abbbe990c5d64d4d8ca08e9d0c39d042ec665c1920f46bd527f033387ff730dc3f19608b5201efef4e06709e444221113e538ea8ff3bdef53b9890039186dcfa32d2ea2f2846fee59d743113f8de2ed4f92c447c4b25433598b1857b2a7af1e2f1d387742334c1eb03dddb441ccb080a5f6de8cc6cec006cabfd4393c228484ee40cc77a8751db0b8965ea4a484c241b5726f42024787d190e2767b90b1f544ede439a0efaf27c182fa37a4a538426ea788cfdd2d8cfc2a81353e97a766357ced2786e2a3d0ab5d50f97937b14de8994a6aad71023d15cfc7893c69293a20ba7c88fa9575da6403be66dd0ebbf3993c76b46d2f4a09fe0ff222ef4c8123ae3ad280cd5944fbaed4f3d178fb53b832f58275ddfae1a7d45584fc511ed3e9510a5770582caa830c6b9abb5a624d6554321c76ee4dc01703867a5301197f2074dbda370148092f7dbc0561c93b75ae8f4a71051c71fb475f715b8280ca7f23a375eeb17ecd430142760db352da99ea544b352eaafec5fdf0f8c3bf464b49a3942884c8e83d2c8e310f8e57a5cdd0f81260451721ebf6e7fee933a7b9b2ee0f9eea379bba2500c4cfda88f047407bd86c39ba665d2d6d7ffec9d78f6e46038fb7efa669757e0844cec8e7808fcbe6dcdbed7b8bf610725331156a4786c7a6e0322d4e70f69ac4e1f", 0xe03}], 0x4}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})

4.653889581s ago: executing program 5 (id=2196):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x16, 0xb, &(0x7f0000000580)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20008000}, {0x85, 0x0, 0x0, 0x72}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

4.35211176s ago: executing program 5 (id=2197):
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2150, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f0000000040), 0x1d4, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(0x0, &(0x7f00000001c0)={'fscrypt:', @desc1}, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4008080)
syz_open_dev$video(&(0x7f0000000400), 0x9, 0x0)
pipe2$watch_queue(&(0x7f0000000540), 0x80)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x4}]})
close_range(r1, 0xffffffffffffffff, 0x0)
gettid()
socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x26020480)

3.947110853s ago: executing program 0 (id=2198):
r0 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000001b40), 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
listen(r1, 0x81)
r2 = accept4(r1, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000340)={0x0, @in6={{0x2, 0x0, 0x0, @mcast1}}, 0x4, 0x1}, &(0x7f0000000300)=0x90)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000080)={0x80, 0x8, 0x7, 0x7ff, 0xc, "ec28a144f13d7607"})
writev(r0, &(0x7f0000004340)=[{&(0x7f0000002080)="4f7f61", 0x3}], 0x1)

3.715073022s ago: executing program 1 (id=2199):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffeb1, &(0x7f00000001c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
setitimer(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getpid()
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r5, &(0x7f0000000280)=@file={0x1}, 0x6e)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000280)=@file={0x1}, 0x6e)

3.174552474s ago: executing program 5 (id=2200):
socket$inet_mptcp(0x2, 0x1, 0x106)
memfd_create(&(0x7f0000000700)='\xdd#\x00\xe6Z\x00\xafq%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\xf9\xff\xff\xff\x00\x17?$^\xe1Ob\xe1Y\x03\x00\x00\x00\x00\x00\x00\x00\xce\xe5\x19THP\xf4O\xe2\x9f\xd9\xae\xcf>/\xdc\xaa<\x96\xedE>{\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\xdc\n\xcbC\x15\xfcp\x11\xdai\f{\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9\x87\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T[\xb7\xa4\xb0\bk&\xede\x8b\xc2\xb2\xcd\xef\xcf\x0fE\xc5\x86]\xc0]}\xdd^\xf6&\x16>c\x9d\x9c\xc9\x01\x04\x00\x00\xe9h\xbd\x10p\x8f\x14\x1f2\"\x1b;\xfda\x19\x8bo^\x96\x9a~Q\xce\x95\x02\xb8e\xbbG\xb0V[\xfe\x80\x94$y\x8a\\@\xa9^\x95!IJ\xcf\xf7\xafoX/qG\x97ITp\x01\xae\f\"n;%\xecT\xf6\xb6\xbf;\xde\xec\xb4z\xaa\xd9%\xa5;wy~\xcb\x9a\xd7\r\xe2\xcd\xf0C\x16\xbf0\x89\xb4\xf5\x86\xf3\x99\x9bq\xd3\x15\xe1:\x86\xe4\x14\x805K\xcf\xf6\xda\xd1A>\xf4r>\xfdyAH\x0f\x00'/426, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[])
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

1.875071286s ago: executing program 0 (id=2201):
r0 = syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/4, 0x4)
write$char_usb(0xffffffffffffffff, &(0x7f0000000400)="276de7a7fd7244db289ca15834260dd07d5f9fd8237ba91583caafe3d16c4c6e3e95edf5ad154da858e53021d5c4e07907967035f9d084f229dcbff804173155ea3dee2f2cc17f1f76dd2774efba40bd915f7aefdadc789f4f553b5d3c75297c72d3f4ea2c87fd42f38596df2326778bef794759771f1467606b99e8d9124da6154e5eae664b883a5bcbd3666a99edd2d63a8f2783bf4d78f7ed3c2412f5555dfa79e21f131c946fb1cd80a2e82bf2018fdb2488e74a56f35f1fd0ad32c759a78a8df2d55a700bc513658dcbb2d70000000000000000007772c89060bfc030dcb2d9ac43c0ad4070f9447fd78d35a69266104cfbfa1efc1c10e5693e5a8717d256577a00f75a3714d74b2c42ffa42695800f6f43d6116615555da95699d6d2ca1a37fd8deafc2d0b4c8fcdcc8033fb46340a8d38db492446918edba308b7ccf97f64984a000000", 0x147)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(0xffffffffffffffff, 0x40046104, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$inet(0x2, 0x6, 0x0)
getsockopt$inet_pktinfo(r1, 0x10d, 0x9c, 0xfffffffffffffffe, &(0x7f0000000000)=0x300)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r5, 0x800448d4, &(0x7f0000000480)={0x0, 0x1, "00fa00"})
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r6, 0x5100)

1.865275595s ago: executing program 1 (id=2202):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000180)={@rand_addr=0x64010101, @multicast1, 0x1, "a567279604d122007d72670a8ee735e93e164de7d3a7006ddd261acbaa959918", 0xfff, 0x0, 0x7, 0xae5a}, 0x3c)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x11, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x58}, [@call={0x85, 0x0, 0x0, 0x200000b3}, @snprintf]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
r4 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r4, 0x114, 0x271c, 0x0, &(0x7f00000000c0))
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000000)="240000001e00ff3bd90ea7eff078000000000000000000000000000008000f0016040000", 0x24)
io_uring_setup(0x5ce2, &(0x7f0000000480)={0x0, 0x0, 0x40, 0x0, 0x4})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5697b3ea61a5baed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0x3)
syz_usb_connect(0x0, 0x30, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0xe4, 0x11, 0xf4, 0x40, 0x951f, 0xa083, 0x31b8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1e, 0x1, 0x0, 0x3, 0x0, 0x0, [{{0x9, 0x4, 0x3e, 0x0, 0x1, 0x8, 0x6, 0x62, 0x2, [], [{{0x9, 0x5, 0x8e, 0x4, 0x0, 0x3, 0x9, 0x9, [@generic={0x3, 0x24, "85"}]}}]}}]}}]}}, 0x0)

117.34856ms ago: executing program 2 (id=2203):
r0 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
close_range(0xffffffffffffffff, r2, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x0)
getpid()
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000036000000", 0xfe60)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000300))
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="9500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12)
syz_open_dev$swradio(&(0x7f00000000c0), 0x1, 0x2)
ioctl$KDSETKEYCODE(r1, 0x4b4b, &(0x7f0000000000)={0x804})
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r0, 0x0, 0x0)
openat(r6, &(0x7f0000000040)='./file2\x00', 0x75b042, 0x0)

0s ago: executing program 5 (id=2204):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000180)={@rand_addr=0x64010101, @multicast1, 0x1, "a567279604d122007d72670a8ee735e93e164de7d3a7006ddd261acbaa959918", 0xfff, 0x0, 0x7, 0xae5a}, 0x3c)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x11, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x58}, [@call={0x85, 0x0, 0x0, 0x200000b3}, @snprintf]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
r4 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r4, 0x114, 0x271c, 0x0, &(0x7f00000000c0))
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000000)="240000001e00ff3bd90ea7eff078000000000000000000000000000008000f0016040000", 0x24)
io_uring_setup(0x5ce2, &(0x7f0000000480)={0x0, 0x0, 0x40, 0x0, 0x4})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5697b3ea61a5baed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0x3)
syz_usb_connect(0x0, 0x30, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0xe4, 0x11, 0xf4, 0x40, 0x951f, 0xa083, 0x31b8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1e, 0x1, 0x0, 0x3, 0x0, 0x0, [{{0x9, 0x4, 0x3e, 0x0, 0x1, 0x8, 0x6, 0x62, 0x2, [], [{{0x9, 0x5, 0x8e, 0x4, 0x0, 0x3, 0x9, 0x9, [@generic={0x3, 0x24, "85"}]}}]}}]}}]}}, 0x0)

kernel console output (not intermixed with test programs):

g 4 has no interface number 0
[ 1169.713364][ T9624] usb 3-1: config 4 interface 111 has no altsetting 0
[ 1169.852337][T15692] bridge_slave_0: entered promiscuous mode
[ 1169.860227][T15692] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1169.867403][T15692] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1169.874710][T15692] bridge_slave_1: entered allmulticast mode
[ 1169.881484][T15692] bridge_slave_1: entered promiscuous mode
[ 1169.902680][ T9624] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[ 1170.224651][T15692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1170.425324][T15692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1170.464457][ T9624] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1170.645801][ T9624] usb 3-1: Product: syz
[ 1170.650467][ T9624] usb 3-1: Manufacturer: syz
[ 1170.655147][ T9624] usb 3-1: SerialNumber: syz
[ 1170.714290][T15692] team0: Port device team_slave_0 added
[ 1170.725037][T15692] team0: Port device team_slave_1 added
[ 1170.750554][T15692] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1170.760357][T15692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1171.305319][ T5863] Bluetooth: hci2: command tx timeout
[ 1171.407735][T15692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1171.533504][ T9624] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1171.540742][ T9624] pvrusb2: **********
[ 1171.544986][ T9624] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1171.557032][T15692] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1171.569031][T15692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1172.373349][T15692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1172.472170][ T5900] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1172.505989][ T9624] pvrusb2: Important functionality might not be entirely working.
[ 1172.514124][ T9624] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1172.525669][ T9624] pvrusb2: **********
[ 1172.533509][ T9624] usb 3-1: selecting invalid altsetting 0
[ 1172.631972][ T2325] pvrusb2: control-write URB failure, status=-71
[ 1172.693985][ T9624] usb 3-1: USB disconnect, device number 38
[ 1172.702134][ T2325] pvrusb2: Device being rendered inoperable
[ 1172.776308][ T5900] usb 2-1: config 0 has an invalid interface number: 62 but max is 0
[ 1172.790379][ T5900] usb 2-1: config 0 has no interface number 0
[ 1172.805798][ T2325] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1172.808247][ T5900] usb 2-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1173.576651][ T5863] Bluetooth: hci2: command tx timeout
[ 1173.584124][ T5900] usb 2-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1173.593237][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1173.630403][ T5900] usb 2-1: Product: syz
[ 1173.635324][ T5900] usb 2-1: Manufacturer: syz
[ 1173.646131][ T5900] usb 2-1: SerialNumber: syz
[ 1173.682674][ T2325] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1173.804016][ T5900] usb 2-1: config 0 descriptor??
[ 1173.875430][T15692] hsr_slave_0: entered promiscuous mode
[ 1174.043422][ T5900] usb 2-1: USB disconnect, device number 50
[ 1174.111743][T15692] hsr_slave_1: entered promiscuous mode
[ 1174.289581][T15692] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1174.750110][T15692] Cannot create hsr debugfs directory
[ 1174.807379][   T29] audit: type=1400 audit(1174.781:1427): avc:  denied  { block_suspend } for  pid=15787 comm="syz.2.1895" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1176.019865][   T29] audit: type=1400 audit(1175.991:1428): avc:  denied  { connect } for  pid=15801 comm="syz.1.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1176.168640][T15806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1898'.
[ 1176.239928][   T29] audit: type=1400 audit(1176.211:1429): avc:  denied  { ioctl } for  pid=15801 comm="syz.1.1898" path="socket:[51292]" dev="sockfs" ino=51292 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1177.311114][T15820] FAULT_INJECTION: forcing a failure.
[ 1177.311114][T15820] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1177.336717][T15820] CPU: 1 UID: 0 PID: 15820 Comm: syz.2.1900 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1177.347530][T15820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1177.357600][T15820] Call Trace:
[ 1177.360885][T15820]  <TASK>
[ 1177.363829][T15820]  dump_stack_lvl+0x16c/0x1f0
[ 1177.368525][T15820]  should_fail_ex+0x497/0x5b0
[ 1177.373225][T15820]  _copy_from_user+0x2e/0xd0
[ 1177.377840][T15820]  kstrtouint_from_user+0xd7/0x1c0
[ 1177.382981][T15820]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1177.388722][T15820]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1177.394362][T15820]  proc_fail_nth_write+0x84/0x250
[ 1177.399409][T15820]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1177.405030][T15820]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1177.410650][T15820]  vfs_write+0x24c/0x1150
[ 1177.414965][T15820]  ? __fget_files+0x23a/0x3f0
[ 1177.419624][T15820]  ? fdget_pos+0x24c/0x360
[ 1177.424017][T15820]  ? __pfx_lock_release+0x10/0x10
[ 1177.429019][T15820]  ? trace_lock_acquire+0x14a/0x1d0
[ 1177.434202][T15820]  ? __pfx_vfs_write+0x10/0x10
[ 1177.438945][T15820]  ? __pfx___mutex_lock+0x10/0x10
[ 1177.443952][T15820]  ? __fget_files+0x244/0x3f0
[ 1177.448614][T15820]  ksys_write+0x12f/0x260
[ 1177.452944][T15820]  ? __pfx_ksys_write+0x10/0x10
[ 1177.457778][T15820]  do_syscall_64+0xcd/0x250
[ 1177.462268][T15820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.468145][T15820] RIP: 0033:0x7fb60ad7d1ff
[ 1177.472553][T15820] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[ 1177.492156][T15820] RSP: 002b:00007fb60bb45030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1177.500552][T15820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb60ad7d1ff
[ 1177.508517][T15820] RDX: 0000000000000001 RSI: 00007fb60bb450a0 RDI: 0000000000000004
[ 1177.516467][T15820] RBP: 00007fb60bb45090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.524426][T15820] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1177.532374][T15820] R13: 0000000000000000 R14: 00007fb60af36058 R15: 00007ffc140c90c8
[ 1177.540332][T15820]  </TASK>
[ 1177.647383][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1178.372035][ T5897] usb 2-1: new full-speed USB device number 51 using dummy_hcd
[ 1178.887058][   T29] audit: type=1400 audit(1178.841:1430): avc:  denied  { append } for  pid=15836 comm="syz.2.1906" name="sg0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1179.034736][ T5897] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1179.048480][ T5897] usb 2-1: not running at top speed; connect to a high speed hub
[ 1179.066840][ T5897] usb 2-1: config 4 has an invalid interface number: 111 but max is 0
[ 1180.031189][ T5897] usb 2-1: config 4 has no interface number 0
[ 1180.037563][ T5897] usb 2-1: config 4 interface 111 has no altsetting 0
[ 1180.054727][ T5897] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[ 1180.063848][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.071850][ T5897] usb 2-1: Product: syz
[ 1180.826323][   T29] audit: type=1326 audit(1179.931:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1180.849857][   T29] audit: type=1326 audit(1179.931:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1180.873119][ T5897] usb 2-1: Manufacturer: syz
[ 1180.877960][ T5897] usb 2-1: SerialNumber: syz
[ 1180.888935][   T29] audit: type=1326 audit(1180.091:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1180.915652][   T29] audit: type=1326 audit(1180.091:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1180.951001][ T5897] usb 2-1: can't set config #4, error -71
[ 1180.958340][   T29] audit: type=1326 audit(1180.091:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1180.996247][   T29] audit: type=1326 audit(1180.291:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1181.048231][ T5897] usb 2-1: USB disconnect, device number 51
[ 1181.182357][T15692] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1181.203874][T15848] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1907'.
[ 1181.229813][T15692] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1181.275069][T15692] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1181.339132][   T29] audit: type=1326 audit(1180.291:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1181.353652][T15692] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1181.599398][T15852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1908'.
[ 1181.605969][   T29] audit: type=1326 audit(1180.291:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1182.262703][   T29] audit: type=1326 audit(1180.391:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1182.333420][   T29] audit: type=1326 audit(1180.391:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1183.033907][T15692] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1183.050522][T15692] 8021q: adding VLAN 0 to HW filter on device team0
[ 1183.083217][T15692] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1183.093747][T15692] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1183.305881][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1183.313040][ T5903] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1183.321690][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1183.328818][ T5903] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1186.087950][T15692] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1187.063682][T15922] openvswitch: netlink: Missing valid actions attribute.
[ 1187.071517][T15922] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1187.122797][ T9624] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1187.742813][ T9624] usb 6-1: Using ep0 maxpacket: 16
[ 1187.758287][ T9624] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1187.807120][ T9624] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1187.921279][ T9624] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1187.931135][ T9624] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1187.946840][ T9624] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1187.982667][ T9624] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1188.031778][ T9624] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1188.069240][ T9624] usb 6-1: Manufacturer: syz
[ 1188.104188][ T9624] usb 6-1: config 0 descriptor??
[ 1188.288916][T15945] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 1188.295488][T15945] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1188.309945][T15692] veth0_vlan: entered promiscuous mode
[ 1188.336999][   T29] kauditd_printk_skb: 15 callbacks suppressed
[ 1188.337017][   T29] audit: type=1326 audit(1188.311:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x7ffc0000
[ 1188.346424][T15904] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1921'.
[ 1188.376769][T15692] veth1_vlan: entered promiscuous mode
[ 1188.387340][T15945] vhci_hcd vhci_hcd.0: Device attached
[ 1188.401592][T15951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1926'.
[ 1188.434564][   T29] audit: type=1326 audit(1188.311:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x7ffc0000
[ 1188.499773][T15951] ipvlan1: entered allmulticast mode
[ 1188.506261][ T9624] rc_core: IR keymap rc-hauppauge not found
[ 1188.512181][ T9624] Registered IR keymap rc-empty
[ 1188.523193][   T29] audit: type=1326 audit(1188.311:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff6d597d0b0 code=0x7ffc0000
[ 1188.523539][T15951] veth0_vlan: entered allmulticast mode
[ 1188.552223][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.559474][ T8273] vhci_hcd: vhci_device speed not set
[ 1188.589753][   T29] audit: type=1326 audit(1188.311:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7ff6d597ff47 code=0x7ffc0000
[ 1188.590810][T15692] veth0_macvtap: entered promiscuous mode
[ 1188.620984][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.628739][ T8273] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[ 1188.640617][T15946] vhci_hcd: connection reset by peer
[ 1188.653649][ T9624] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1188.662944][   T29] audit: type=1326 audit(1188.311:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff6d597e719 code=0x7ffc0000
[ 1188.667634][  T735] vhci_hcd: stop threads
[ 1188.694574][ T9624] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input95
[ 1188.714964][T15692] veth1_macvtap: entered promiscuous mode
[ 1188.725070][   T29] audit: type=1326 audit(1188.311:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7ff6d597ff47 code=0x7ffc0000
[ 1188.751734][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.762154][  T735] vhci_hcd: release socket
[ 1188.769207][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.772987][  T735] vhci_hcd: disconnect device
[ 1188.799367][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.802917][   T29] audit: type=1326 audit(1188.311:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ff6d597d3aa code=0x7ffc0000
[ 1188.809540][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.854876][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.875607][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.876279][   T29] audit: type=1326 audit(1188.311:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x7ffc0000
[ 1188.894029][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.919416][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.942749][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.953344][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.957597][   T29] audit: type=1326 audit(1188.311:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff6d597e719 code=0x7ffc0000
[ 1188.982671][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1188.994500][T15692] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1189.008886][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1189.027679][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1189.058895][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1189.066932][   T29] audit: type=1326 audit(1188.311:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15903 comm="syz.5.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x7ffc0000
[ 1189.098320][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1189.103301][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1189.136571][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1189.152908][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1189.192774][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1189.202686][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1189.234120][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1189.236218][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1189.266306][ T9624] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[ 1189.277302][T15692] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1189.286895][ T9624] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1189.331597][T15692] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1189.341923][T15692] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1189.350805][T15692] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1189.359635][T15692] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1189.375818][ T9624] usb 6-1: USB disconnect, device number 26
[ 1189.523932][ T6085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1189.552392][ T6085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1190.222830][ T5903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1190.238172][ T5903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1190.466381][ T9624] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1191.152772][ T9624] usb 6-1: Using ep0 maxpacket: 16
[ 1191.161195][ T9624] usb 6-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1191.170750][ T9624] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.214115][ T9624] usb 6-1: Product: syz
[ 1191.221190][ T9624] usb 6-1: Manufacturer: syz
[ 1191.229766][ T9624] usb 6-1: SerialNumber: syz
[ 1191.259070][ T9624] usb 6-1: config 0 descriptor??
[ 1191.279879][ T9624] visor 6-1:0.0: Sony Clie 3.5 converter detected
[ 1191.463504][T16015] overlayfs: failed to resolve './bus': -2
[ 1191.524909][T15988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1191.534572][T15988] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1191.605965][ T9624] usb 6-1: clie_3_5_startup: get config number failed: -71
[ 1191.614066][ T9624] visor 6-1:0.0: probe with driver visor failed with error -71
[ 1191.627010][ T9624] usb 6-1: USB disconnect, device number 27
[ 1192.195036][ T5903] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.338553][ T5903] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.422144][ T5903] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.481996][ T5903] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.639932][ T5903] bridge_slave_1: left allmulticast mode
[ 1192.647774][ T5903] bridge_slave_1: left promiscuous mode
[ 1192.662800][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1192.674479][ T5903] bridge_slave_0: left allmulticast mode
[ 1192.680174][ T5903] bridge_slave_0: left promiscuous mode
[ 1192.702833][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1193.243394][ T5903] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1193.254785][ T5903] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1193.266143][ T5903] bond0 (unregistering): Released all slaves
[ 1193.693254][ T5903] hsr_slave_0: left promiscuous mode
[ 1193.714003][ T5903] hsr_slave_1: left promiscuous mode
[ 1193.726467][ T5903] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1193.739228][ T5903] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1193.756881][ T5903] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1193.766459][ T5903] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1193.782855][ T8273] vhci_hcd: vhci_device speed not set
[ 1193.789725][ T5903] veth1_macvtap: left promiscuous mode
[ 1193.796343][ T5903] veth0_macvtap: left promiscuous mode
[ 1193.801953][ T5903] veth1_vlan: left promiscuous mode
[ 1193.807675][ T5903] veth0_vlan: left promiscuous mode
[ 1194.572806][ T9624] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1194.919377][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1194.930365][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1194.938543][ T9624] usb 2-1: config 0 has an invalid interface number: 62 but max is 0
[ 1194.942901][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1194.949897][ T9624] usb 2-1: config 0 has no interface number 0
[ 1194.956909][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1194.968099][ T5855] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1194.970230][ T9624] usb 2-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1194.975482][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1195.178289][ T9624] usb 2-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1195.187866][ T9624] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1195.257290][ T9624] usb 2-1: Product: syz
[ 1195.498381][ T9624] usb 2-1: Manufacturer: syz
[ 1195.529723][ T9624] usb 2-1: SerialNumber: syz
[ 1195.536498][ T9624] usb 2-1: config 0 descriptor??
[ 1195.853378][T16084] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1942'.
[ 1195.930369][ T9624] usb 2-1: USB disconnect, device number 52
[ 1196.519532][T16087] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1943'.
[ 1197.136683][T16096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1945'.
[ 1197.194039][ T5903] team0 (unregistering): Port device team_slave_1 removed
[ 1197.863241][ T5863] Bluetooth: hci2: command tx timeout
[ 1197.931945][ T5903] team0 (unregistering): Port device team_slave_0 removed
[ 1197.998964][ T9624] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1198.064509][T16101] overlayfs: failed to resolve './bus': -2
[ 1198.173436][ T9624] usb 3-1: config 0 has no interfaces?
[ 1198.207159][ T9624] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1198.230500][ T9624] usb 3-1: New USB device strings: Mfr=230, Product=1, SerialNumber=3
[ 1198.239473][ T9624] usb 3-1: Product: syz
[ 1198.243988][ T9624] usb 3-1: Manufacturer: syz
[ 1198.248619][ T9624] usb 3-1: SerialNumber: syz
[ 1198.256382][ T9624] usb 3-1: config 0 descriptor??
[ 1198.669026][T16092] lo speed is unknown, defaulting to 1000
[ 1199.921385][ T5863] Bluetooth: hci2: command tx timeout
[ 1199.927297][   T29] kauditd_printk_skb: 26 callbacks suppressed
[ 1199.927313][   T29] audit: type=1400 audit(1199.141:1492): avc:  denied  { connect } for  pid=16109 comm="syz.0.1951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1199.958290][T16078] lo speed is unknown, defaulting to 1000
[ 1201.892012][T16078] chnl_net:caif_netlink_parms(): no params data found
[ 1202.042972][ T5863] Bluetooth: hci2: command tx timeout
[ 1202.371579][T16160] lo speed is unknown, defaulting to 1000
[ 1202.393353][T16078] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1202.458931][T16078] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1202.486610][T16078] bridge_slave_0: entered allmulticast mode
[ 1202.527150][T16078] bridge_slave_0: entered promiscuous mode
[ 1202.560489][T16078] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1202.587896][    T8] usb 3-1: USB disconnect, device number 39
[ 1202.603055][T16078] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1202.610313][T16078] bridge_slave_1: entered allmulticast mode
[ 1202.869102][T16078] bridge_slave_1: entered promiscuous mode
[ 1202.965790][T16078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1202.978016][T16078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1203.034454][T16078] team0: Port device team_slave_0 added
[ 1203.044932][T16078] team0: Port device team_slave_1 added
[ 1203.099400][T16078] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1203.108466][T16078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1203.135455][T16078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1203.150977][T16078] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1203.159999][T16078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1203.379616][T16078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1204.224470][ T5855] Bluetooth: hci2: command tx timeout
[ 1204.289306][T16078] hsr_slave_0: entered promiscuous mode
[ 1204.306138][T16078] hsr_slave_1: entered promiscuous mode
[ 1204.368250][T16078] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1204.436070][T16078] Cannot create hsr debugfs directory
[ 1205.642234][ T9444] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1205.962724][ T9444] usb 3-1: Using ep0 maxpacket: 16
[ 1206.011571][ T9444] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1206.030818][ T9444] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1206.048648][ T9444] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.100324][ T9444] usb 3-1: Product: syz
[ 1206.112115][T16218] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1968'.
[ 1206.127089][ T9444] usb 3-1: Manufacturer: syz
[ 1206.137070][ T9444] usb 3-1: SerialNumber: syz
[ 1206.163747][ T9444] usb 3-1: config 0 descriptor??
[ 1206.184437][ T9444] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1206.207767][ T9444] em28xx 3-1:0.0: DVB interface 0 found: bulk
[ 1206.330616][T16223] FAULT_INJECTION: forcing a failure.
[ 1206.330616][T16223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1206.423700][T16223] CPU: 0 UID: 0 PID: 16223 Comm: syz.0.1969 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1206.434519][T16223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1206.444593][T16223] Call Trace:
[ 1206.447859][T16223]  <TASK>
[ 1206.450773][T16223]  dump_stack_lvl+0x16c/0x1f0
[ 1206.455469][T16223]  should_fail_ex+0x497/0x5b0
[ 1206.460176][T16223]  _copy_from_user+0x2e/0xd0
[ 1206.464798][T16223]  do_arpt_set_ctl+0xe55/0x1040
[ 1206.469675][T16223]  ? find_held_lock+0x2d/0x110
[ 1206.474470][T16223]  ? __pfx_do_arpt_set_ctl+0x10/0x10
[ 1206.479784][T16223]  ? nf_sockopt_find.constprop.0+0x221/0x290
[ 1206.485802][T16223]  ? __pfx_lock_release+0x10/0x10
[ 1206.490859][T16223]  ? trace_contention_end+0xea/0x140
[ 1206.496175][T16223]  ? __mutex_lock+0x1a6/0x9c0
[ 1206.500873][T16223]  ? __mutex_unlock_slowpath+0x164/0x650
[ 1206.506542][T16223]  ? __pfx___mutex_lock+0x10/0x10
[ 1206.511592][T16223]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1206.515619][T16078] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1206.517581][T16223]  ? __pfx_do_ip_setsockopt+0x10/0x10
[ 1206.529596][T16223]  ? nf_sockopt_find.constprop.0+0x221/0x290
[ 1206.535588][T16223]  nf_setsockopt+0x8a/0xf0
[ 1206.540024][T16223]  ip_setsockopt+0xcb/0xf0
[ 1206.544451][T16223]  udp_setsockopt+0x7d/0xd0
[ 1206.549005][T16223]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1206.554911][T16223]  do_sock_setsockopt+0x222/0x480
[ 1206.559940][T16223]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1206.565480][T16223]  ? fdget+0x176/0x210
[ 1206.569539][T16223]  __sys_setsockopt+0x1a4/0x270
[ 1206.574384][T16223]  ? __pfx___sys_setsockopt+0x10/0x10
[ 1206.579757][T16223]  ? fput+0x30/0x390
[ 1206.583652][T16223]  ? ksys_write+0x1ad/0x260
[ 1206.588186][T16223]  ? __pfx_ksys_write+0x10/0x10
[ 1206.593070][T16223]  __x64_sys_setsockopt+0xbd/0x160
[ 1206.598205][T16223]  ? do_syscall_64+0x91/0x250
[ 1206.602901][T16223]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1206.608091][T16223]  do_syscall_64+0xcd/0x250
[ 1206.612587][T16223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1206.618493][T16223] RIP: 0033:0x7f6491f7e719
[ 1206.622898][T16223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1206.642499][T16223] RSP: 002b:00007f6492d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1206.650916][T16223] RAX: ffffffffffffffda RBX: 00007f6492135f80 RCX: 00007f6491f7e719
[ 1206.658905][T16223] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000003
[ 1206.666886][T16223] RBP: 00007f6492d9e090 R08: 0000000000000068 R09: 0000000000000000
[ 1206.674874][T16223] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[ 1206.682840][T16223] R13: 0000000000000000 R14: 00007f6492135f80 R15: 00007ffd75435f78
[ 1206.690821][T16223]  </TASK>
[ 1206.693957][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1206.753768][T16078] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1206.779647][T16078] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1206.836626][T16078] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1207.036237][T16078] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1207.049125][ T9444] em28xx 3-1:0.0: chip ID is em2800
[ 1207.103647][T16078] 8021q: adding VLAN 0 to HW filter on device team0
[ 1207.120861][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1207.128056][ T5903] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1207.150225][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1207.157453][ T5903] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1207.413218][    T8] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1207.727124][T16251] 9pnet_fd: Insufficient options for proto=fd
[ 1208.391210][T16078] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1208.439298][    T8] usb 6-1: Using ep0 maxpacket: 32
[ 1208.448691][    T8] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1208.462759][    T8] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1208.498820][ T9444] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1208.522685][    T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1208.578273][ T9444] em28xx 3-1:0.0: board has no eeprom
[ 1208.585761][    T8] usb 6-1: config 1 has no interface number 0
[ 1208.591920][    T8] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1208.643707][    T8] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1208.693045][ T9444] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1208.744690][ T9444] em28xx 3-1:0.0: dvb set to bulk mode.
[ 1208.761705][ T5897] em28xx 3-1:0.0: Binding DVB extension
[ 1208.772842][    T8] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1209.355621][ T9444] usb 3-1: USB disconnect, device number 40
[ 1209.369058][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1209.377803][ T9444] em28xx 3-1:0.0: Disconnecting em28xx
[ 1209.457634][ T5897] em28xx 3-1:0.0: Registering input extension
[ 1209.484596][    T8] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[ 1209.522179][ T9444] em28xx 3-1:0.0: Closing input extension
[ 1209.795675][T16284] lo speed is unknown, defaulting to 1000
[ 1209.811820][ T9444] em28xx 3-1:0.0: Freeing device
[ 1210.448666][T16078] veth0_vlan: entered promiscuous mode
[ 1210.500006][T16078] veth1_vlan: entered promiscuous mode
[ 1211.425795][T16078] veth0_macvtap: entered promiscuous mode
[ 1211.450407][T16078] veth1_macvtap: entered promiscuous mode
[ 1211.469182][T16078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1211.480360][T16078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1211.490547][T16078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1211.501248][T16078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1211.542022][T16078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1211.570009][    T8] snd_usb_pod 6-1:1.1: set_interface failed
[ 1211.608903][T16078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1211.620030][    T8] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[ 1211.758463][    T8] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1211.775429][T16078] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1211.844162][T16313] 9pnet_fd: Insufficient options for proto=fd
[ 1212.050133][T16078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1212.370270][T16078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1212.424954][    T8] usb 6-1: USB disconnect, device number 28
[ 1212.442661][T16317] netlink: zone id is out of range
[ 1212.449953][T16078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1212.495131][T16078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1212.522117][T16078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1212.524859][T16317] netlink: set zone limit has 4 unknown bytes
[ 1212.556880][T16078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1212.592369][T16078] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1212.835253][T16330] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1985'.
[ 1213.131782][T16078] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.192710][T16078] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.222424][T16078] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.234723][T16078] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.547350][T16341] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1987'.
[ 1213.909424][ T5903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1213.936234][ T5903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.977954][   T29] audit: type=1400 audit(5308.951:1493): avc:  denied  { bind } for  pid=16347 comm="syz.5.1990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1213.999641][ T3107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1214.008002][ T3107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1214.335029][   T29] audit: type=1326 audit(5309.311:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16350 comm="syz.5.1991" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x0
[ 1214.426985][ T3107] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1214.582159][ T3107] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1214.740975][ T3107] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1214.850657][ T3107] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1215.088657][ T3107] bridge_slave_1: left allmulticast mode
[ 1215.094879][ T3107] bridge_slave_1: left promiscuous mode
[ 1215.101425][ T3107] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1215.119714][ T3107] bridge_slave_0: left allmulticast mode
[ 1215.126115][ T3107] bridge_slave_0: left promiscuous mode
[ 1215.133159][ T3107] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1215.775674][ T3107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1215.792881][ T3107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1215.815910][ T3107] bond0 (unregistering): Released all slaves
[ 1216.407440][ T3107] hsr_slave_0: left promiscuous mode
[ 1216.498409][ T3107] hsr_slave_1: left promiscuous mode
[ 1216.528064][ T3107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1216.544612][ T3107] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1216.628427][ T3107] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1216.666012][ T3107] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1217.294519][ T3107] veth1_macvtap: left promiscuous mode
[ 1217.300086][ T3107] veth0_macvtap: left promiscuous mode
[ 1217.305758][ T3107] veth1_vlan: left promiscuous mode
[ 1217.311061][ T3107] veth0_vlan: left promiscuous mode
[ 1217.618067][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1217.630583][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1218.367344][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1218.385667][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1218.395414][ T5855] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1218.403097][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1218.548441][ T5897] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1218.863460][ T5897] usb 6-1: config 0 has an invalid interface number: 62 but max is 0
[ 1218.958747][ T5897] usb 6-1: config 0 has no interface number 0
[ 1218.969826][ T5897] usb 6-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1219.074921][ T5897] usb 6-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1219.086861][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1219.103864][ T5897] usb 6-1: Product: syz
[ 1219.123255][ T5897] usb 6-1: Manufacturer: syz
[ 1219.130376][ T5897] usb 6-1: SerialNumber: syz
[ 1219.159700][ T5897] usb 6-1: config 0 descriptor??
[ 1219.424461][ T5897] usb 6-1: USB disconnect, device number 29
[ 1220.001147][ T3107] team0 (unregistering): Port device team_slave_1 removed
[ 1220.062726][ T5898] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[ 1220.079194][ T3107] team0 (unregistering): Port device team_slave_0 removed
[ 1220.136403][T16460] overlayfs: failed to resolve './bus': -2
[ 1220.234512][ T5898] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1220.247919][ T5898] usb 2-1: not running at top speed; connect to a high speed hub
[ 1220.257100][ T5898] usb 2-1: config 4 has an invalid interface number: 111 but max is 0
[ 1220.269489][ T5898] usb 2-1: config 4 has no interface number 0
[ 1220.275803][ T5898] usb 2-1: config 4 interface 111 has no altsetting 0
[ 1220.284946][ T5898] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[ 1220.294394][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1220.302534][ T5898] usb 2-1: Product: syz
[ 1220.309666][ T5898] usb 2-1: Manufacturer: syz
[ 1220.314522][ T5898] usb 2-1: SerialNumber: syz
[ 1220.537922][ T5898] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1220.546120][ T5898] pvrusb2: **********
[ 1220.550241][ T5898] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1220.560823][ T5898] pvrusb2: Important functionality might not be entirely working.
[ 1220.568883][ T5898] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1220.580680][ T5898] pvrusb2: **********
[ 1220.587067][ T5898] usb 2-1: selecting invalid altsetting 0
[ 1220.600530][ T2325] pvrusb2: Invalid write control endpoint
[ 1220.605213][ T5898] usb 2-1: USB disconnect, device number 53
[ 1220.607283][ T5863] Bluetooth: hci2: command tx timeout
[ 1220.759208][ T2325] pvrusb2: Invalid write control endpoint
[ 1220.765984][ T2325] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1220.798244][ T2325] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1220.810616][ T2325] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1220.821124][ T2325] pvrusb2: Device being rendered inoperable
[ 1220.830734][ T2325] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1220.851914][ T2325] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1220.881114][ T2325] pvrusb2: Attached sub-driver cx25840
[ 1220.887890][ T2325] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1220.900391][ T2325] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1220.937192][   T29] audit: type=1400 audit(5315.911:1495): avc:  denied  { getopt } for  pid=16462 comm="syz.5.2005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1221.289864][T16452] lo speed is unknown, defaulting to 1000
[ 1221.657579][T16425] lo speed is unknown, defaulting to 1000
[ 1222.724776][ T5863] Bluetooth: hci2: command tx timeout
[ 1223.409560][T16492] netlink: 'syz.1.2010': attribute type 4 has an invalid length.
[ 1223.641238][T16425] chnl_net:caif_netlink_parms(): no params data found
[ 1224.362901][ T9624] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1224.408509][T16425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1224.489619][T16425] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1224.502848][T16425] bridge_slave_0: entered allmulticast mode
[ 1224.536324][T16425] bridge_slave_0: entered promiscuous mode
[ 1224.553717][T16425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1224.571105][T16425] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1224.591641][T16425] bridge_slave_1: entered allmulticast mode
[ 1224.601392][T16425] bridge_slave_1: entered promiscuous mode
[ 1224.609325][ T9624] usb 6-1: config 0 has an invalid interface number: 62 but max is 0
[ 1224.617597][ T9624] usb 6-1: config 0 has no interface number 0
[ 1224.632714][ T9624] usb 6-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1224.686898][ T9624] usb 6-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1224.706764][ T9624] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.716476][ T9624] usb 6-1: Product: syz
[ 1224.721222][ T9624] usb 6-1: Manufacturer: syz
[ 1224.728080][ T9624] usb 6-1: SerialNumber: syz
[ 1224.731094][T16425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1224.753422][ T5863] Bluetooth: hci2: command tx timeout
[ 1225.043173][ T9624] usb 6-1: config 0 descriptor??
[ 1225.183586][T16425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1225.199202][   T29] audit: type=1326 audit(5320.161:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16519 comm="syz.0.2014" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6491f7e719 code=0x0
[ 1225.399583][ T9624] usb 6-1: USB disconnect, device number 30
[ 1225.650733][T16425] team0: Port device team_slave_0 added
[ 1225.661270][T16425] team0: Port device team_slave_1 added
[ 1225.686829][T16425] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1225.694185][T16425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1225.729815][T16425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1225.765189][T16425] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1225.772330][T16425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1225.807013][T16425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1225.898176][ T5898] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1226.142162][T16425] hsr_slave_0: entered promiscuous mode
[ 1226.184619][T16425] hsr_slave_1: entered promiscuous mode
[ 1226.222858][T16425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1226.231342][T16425] Cannot create hsr debugfs directory
[ 1226.294639][T16535] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1226.469961][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1226.484975][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1226.647941][ T5898] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1226.825341][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1227.002967][ T5863] Bluetooth: hci2: command tx timeout
[ 1227.011539][ T5898] usb 3-1: config 0 descriptor??
[ 1227.201340][T16559] netlink: 'syz.5.2021': attribute type 4 has an invalid length.
[ 1227.430069][ T5898] hid (null): bogus close delimiter
[ 1228.078212][ T5898] usb 3-1: language id specifier not provided by device, defaulting to English
[ 1228.363366][T16581] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2023'.
[ 1228.376360][T16425] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1228.395968][T16425] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1228.407390][T16425] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1228.425892][T16425] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1228.497637][ T5898] uclogic 0003:256C:006D.000A: v1 frame probing failed: -71
[ 1228.519802][ T5898] uclogic 0003:256C:006D.000A: failed probing parameters: -71
[ 1228.519926][T16425] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1228.555673][ T5898] uclogic 0003:256C:006D.000A: probe with driver uclogic failed with error -71
[ 1228.563153][T16425] 8021q: adding VLAN 0 to HW filter on device team0
[ 1228.610681][ T5898] usb 3-1: USB disconnect, device number 41
[ 1228.613769][ T3107] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1228.623828][ T3107] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1228.655408][ T3107] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1228.662644][ T3107] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1229.021906][T16425] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1229.125755][   T29] audit: type=1400 audit(5324.101:1497): avc:  denied  { mount } for  pid=16599 comm="syz.1.2024" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1229.219918][   T29] audit: type=1400 audit(5324.111:1498): avc:  denied  { remount } for  pid=16599 comm="syz.1.2024" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1229.905207][   T29] audit: type=1400 audit(5324.171:1499): avc:  denied  { unmount } for  pid=5849 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1230.075475][T16606] lo speed is unknown, defaulting to 1000
[ 1230.905104][T16425] veth0_vlan: entered promiscuous mode
[ 1231.044553][T16425] veth1_vlan: entered promiscuous mode
[ 1231.098513][T16425] veth0_macvtap: entered promiscuous mode
[ 1231.113040][T16425] veth1_macvtap: entered promiscuous mode
[ 1231.128774][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1231.139296][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1231.149313][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1231.160604][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1231.170525][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1231.181020][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1231.192141][T16425] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1231.201711][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1231.212223][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1231.222218][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1231.232892][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1231.242785][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1231.253279][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1231.264217][T16425] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1231.280534][T16425] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1231.289647][T16425] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1231.298467][T16425] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1231.307620][T16425] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.541395][ T6080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1233.630817][ T6080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1233.858620][ T5903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1233.866767][ T5903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1234.129811][T16680] overlayfs: workdir and upperdir must reside under the same mount
[ 1234.201919][T16681] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2037'.
[ 1234.320714][   T29] audit: type=1400 audit(5329.291:1500): avc:  denied  { accept } for  pid=16671 comm="syz.2.2036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1234.377361][   T29] audit: type=1400 audit(5329.341:1501): avc:  denied  { setopt } for  pid=16671 comm="syz.2.2036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1234.573577][   T29] audit: type=1400 audit(5329.541:1502): avc:  denied  { name_bind } for  pid=16688 comm="syz.2.2039" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[ 1236.393965][T16704] netlink: 'syz.5.2042': attribute type 4 has an invalid length.
[ 1236.776559][ T5903] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1236.885054][ T5903] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1236.982021][ T5903] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1237.069168][ T5903] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1237.261248][ T5903] bridge_slave_1: left allmulticast mode
[ 1237.272813][ T5903] bridge_slave_1: left promiscuous mode
[ 1237.278511][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1237.315772][ T5903] bridge_slave_0: left allmulticast mode
[ 1237.322038][ T5903] bridge_slave_0: left promiscuous mode
[ 1237.328854][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1237.905380][ T5903] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1237.916321][ T5903] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1237.926674][ T5903] bond0 (unregistering): Released all slaves
[ 1238.216125][T16734] netlink: 696 bytes leftover after parsing attributes in process `syz.2.2046'.
[ 1238.319421][T16738] FAULT_INJECTION: forcing a failure.
[ 1238.319421][T16738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1238.955726][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.035415][T16738] CPU: 0 UID: 0 PID: 16738 Comm: syz.1.2045 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1239.046230][T16738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1239.056278][T16738] Call Trace:
[ 1239.059542][T16738]  <TASK>
[ 1239.062455][T16738]  dump_stack_lvl+0x16c/0x1f0
[ 1239.067126][T16738]  should_fail_ex+0x497/0x5b0
[ 1239.071787][T16738]  _copy_from_user+0x2e/0xd0
[ 1239.076359][T16738]  vhost_vring_ioctl+0xbd9/0x1390
[ 1239.081366][T16738]  ? do_vfs_ioctl+0x513/0x1990
[ 1239.086129][T16738]  ? __pfx_vhost_vring_ioctl+0x10/0x10
[ 1239.091607][T16738]  ? vhost_dev_ioctl+0x131/0xdb0
[ 1239.096570][T16738]  ? __pfx___mutex_lock+0x10/0x10
[ 1239.101612][T16738]  ? __pfx_vhost_dev_ioctl+0x10/0x10
[ 1239.106909][T16738]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1239.113763][T16738]  vhost_vsock_dev_ioctl+0x8be/0xb50
[ 1239.119043][T16738]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[ 1239.124843][T16738]  ? selinux_file_ioctl+0xb4/0x270
[ 1239.129950][T16738]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[ 1239.135748][T16738]  __x64_sys_ioctl+0x18f/0x220
[ 1239.140511][T16738]  do_syscall_64+0xcd/0x250
[ 1239.145031][T16738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1239.150940][T16738] RIP: 0033:0x7f258697e719
[ 1239.155353][T16738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1239.174960][T16738] RSP: 002b:00007f2587822038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1239.183453][T16738] RAX: ffffffffffffffda RBX: 00007f2586b35f80 RCX: 00007f258697e719
[ 1239.191421][T16738] RDX: 0000000020001480 RSI: 000000004008af22 RDI: 0000000000000003
[ 1239.199391][T16738] RBP: 00007f2587822090 R08: 0000000000000000 R09: 0000000000000000
[ 1239.207408][T16738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1239.215370][T16738] R13: 0000000000000000 R14: 00007f2586b35f80 R15: 00007fffd39547d8
[ 1239.223341][T16738]  </TASK>
[ 1239.232809][    C1] sd 0:0:1:0: [sda] tag#1813 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1239.243191][    C1] sd 0:0:1:0: [sda] tag#1813 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[ 1240.316636][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1241.607151][T16763] netlink: 'syz.2.2052': attribute type 4 has an invalid length.
[ 1241.656849][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1241.680676][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1241.685868][T16771] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2051'.
[ 1241.834478][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1241.864378][ T5855] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1241.880034][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1242.166758][T16761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2050'.
[ 1242.406859][ T5903] hsr_slave_0: left promiscuous mode
[ 1242.483323][T16782] 9pnet_fd: Insufficient options for proto=fd
[ 1243.160030][ T5903] hsr_slave_1: left promiscuous mode
[ 1243.202120][ T5903] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1243.219826][ T5903] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1243.589369][ T5903] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1243.597517][ T5903] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1243.713519][ T5903] veth1_macvtap: left promiscuous mode
[ 1243.777144][ T5903] veth0_macvtap: left promiscuous mode
[ 1243.799298][ T5903] veth1_vlan: left promiscuous mode
[ 1244.003387][ T5903] veth0_vlan: left promiscuous mode
[ 1244.334700][   T29] audit: type=1400 audit(5339.281:1503): avc:  denied  { shutdown } for  pid=16784 comm="syz.5.2057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1244.458360][ T5855] Bluetooth: hci2: command tx timeout
[ 1244.522790][ T5898] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1244.672847][ T5898] usb 2-1: Using ep0 maxpacket: 16
[ 1244.687663][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1244.700105][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1244.715311][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1244.730132][ T5898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1244.740314][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1244.754883][ T5898] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1244.764509][ T5898] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1244.772542][ T5898] usb 2-1: Manufacturer: syz
[ 1244.788511][ T5898] usb 2-1: config 0 descriptor??
[ 1244.927774][ T5903] team0 (unregistering): Port device team_slave_1 removed
[ 1244.998915][ T5903] team0 (unregistering): Port device team_slave_0 removed
[ 1245.034884][   T29] audit: type=1326 audit(5340.001:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1245.048929][T16790] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2058'.
[ 1245.058441][   T29] audit: type=1326 audit(5340.001:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1245.109476][   T29] audit: type=1326 audit(5340.001:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f258697d0b0 code=0x7ffc0000
[ 1245.132749][ T5898] rc_core: IR keymap rc-hauppauge not found
[ 1245.138842][ T5898] Registered IR keymap rc-empty
[ 1245.169658][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.182452][   T29] audit: type=1326 audit(5340.001:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f258697ff47 code=0x7ffc0000
[ 1245.205557][   T29] audit: type=1326 audit(5340.001:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1245.225143][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.228789][   T29] audit: type=1326 audit(5340.001:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f258697ff47 code=0x7ffc0000
[ 1245.258829][   T29] audit: type=1326 audit(5340.001:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f258697d3aa code=0x7ffc0000
[ 1245.273838][ T5898] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1245.282779][   T29] audit: type=1326 audit(5340.001:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1245.316713][   T29] audit: type=1326 audit(5340.001:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16789 comm="syz.1.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1245.320834][ T5898] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input97
[ 1245.405130][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.429023][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.472858][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.512770][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.542769][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.576616][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.616574][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.649252][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.682842][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.867779][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1245.904011][ T5898] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 1245.912164][ T5898] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1245.924304][ T5898] usb 2-1: USB disconnect, device number 54
[ 1246.522788][ T5855] Bluetooth: hci2: command tx timeout
[ 1246.528677][T16748] lo speed is unknown, defaulting to 1000
[ 1247.768095][T16814] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[ 1247.774659][T16814] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1247.823051][T16814] vhci_hcd vhci_hcd.0: Device attached
[ 1247.927016][T16819] vhci_hcd: connection closed
[ 1247.927474][   T11] vhci_hcd: stop threads
[ 1247.952107][   T11] vhci_hcd: release socket
[ 1248.308084][   T11] vhci_hcd: disconnect device
[ 1248.326072][ T5897] usb 34-1: SetAddress Request (2) to port 0
[ 1248.351631][ T5897] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1248.607499][ T5897] usb 34-1: enqueue for inactive port 0
[ 1248.620803][ T5855] Bluetooth: hci2: command tx timeout
[ 1248.754041][T16839] netlink: 'syz.1.2065': attribute type 4 has an invalid length.
[ 1248.982805][T16844] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2066'.
[ 1249.045813][T16748] chnl_net:caif_netlink_parms(): no params data found
[ 1249.104962][ T5897] usb usb34-port1: attempt power cycle
[ 1249.441193][   T29] kauditd_printk_skb: 62 callbacks suppressed
[ 1249.441210][   T29] audit: type=1400 audit(5344.411:1575): avc:  denied  { create } for  pid=16854 comm="syz.5.2068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1249.492363][T16748] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1249.513691][T16748] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1249.531263][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(30)
[ 1249.532405][   T29] audit: type=1400 audit(5344.451:1576): avc:  denied  { getopt } for  pid=16854 comm="syz.5.2068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1249.537885][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.546408][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1249.562822][T16748] bridge_slave_0: entered allmulticast mode
[ 1249.595045][T16864] fuse: Bad value for 'fd'
[ 1249.601410][T16748] bridge_slave_0: entered promiscuous mode
[ 1249.615371][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(32)
[ 1249.622012][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.629090][T16748] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1249.650366][   T29] audit: type=1400 audit(5344.451:1577): avc:  denied  { write } for  pid=16854 comm="syz.5.2068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1249.669103][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1249.681189][T16748] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1249.694143][T16748] bridge_slave_1: entered allmulticast mode
[ 1249.709583][T16748] bridge_slave_1: entered promiscuous mode
[ 1249.713358][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(34)
[ 1249.722022][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.729822][T14665] vhci_hcd: vhci_device speed not set
[ 1249.744274][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1249.792851][T14665] usb 43-1: new low-speed USB device number 3 using vhci_hcd
[ 1249.808699][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(36)
[ 1249.815342][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.823853][ T5897] usb usb34-port1: unable to enumerate USB device
[ 1249.844997][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1249.854741][T16748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1249.872263][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(38)
[ 1249.878907][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.895195][T16748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1249.912964][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1249.939794][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(5) sockfd(40)
[ 1249.946441][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.995854][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1250.027097][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(6) sockfd(42)
[ 1250.033737][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1250.086957][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1250.441469][T16857] vhci_hcd vhci_hcd.0: pdev(5) rhport(7) sockfd(44)
[ 1250.448105][T16857] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1250.622327][T16748] team0: Port device team_slave_0 added
[ 1250.625953][T16857] vhci_hcd vhci_hcd.0: Device attached
[ 1250.653681][T16748] team0: Port device team_slave_1 added
[ 1250.672835][ T5863] Bluetooth: hci2: command tx timeout
[ 1250.714619][T16748] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1250.721604][T16748] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1250.760709][T16857] vhci_hcd vhci_hcd.0: port 0 already used
[ 1250.795802][T16748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1250.828910][T16748] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1250.836397][T16748] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1250.872897][T16748] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1251.023767][T16748] hsr_slave_0: entered promiscuous mode
[ 1251.038757][T16748] hsr_slave_1: entered promiscuous mode
[ 1251.190596][T16748] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1251.222383][T16748] Cannot create hsr debugfs directory
[ 1251.515182][T16865] vhci_hcd: connection closed
[ 1251.515640][T16860] vhci_hcd: connection reset by peer
[ 1251.599830][T16870] vhci_hcd: connection closed
[ 1251.607103][T16867] vhci_hcd: connection closed
[ 1251.633877][T16889] vhci_hcd: connection closed
[ 1251.644852][   T29] audit: type=1400 audit(5346.451:1578): avc:  denied  { write } for  pid=16911 comm="syz.0.2075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1251.829399][T16883] vhci_hcd: connection closed
[ 1251.860443][   T53] vhci_hcd: stop threads
[ 1251.861629][T16879] vhci_hcd: connection closed
[ 1251.865227][   T53] vhci_hcd: release socket
[ 1251.865285][   T53] vhci_hcd: disconnect device
[ 1251.883664][T16877] vhci_hcd: connection closed
[ 1251.884947][   T53] vhci_hcd: stop threads
[ 1251.894581][   T53] vhci_hcd: release socket
[ 1251.899516][   T53] vhci_hcd: disconnect device
[ 1251.904929][   T53] vhci_hcd: stop threads
[ 1251.909180][   T53] vhci_hcd: release socket
[ 1251.913889][   T53] vhci_hcd: disconnect device
[ 1251.918915][   T53] vhci_hcd: stop threads
[ 1251.923642][   T53] vhci_hcd: release socket
[ 1251.928120][   T53] vhci_hcd: disconnect device
[ 1251.978965][   T53] vhci_hcd: stop threads
[ 1251.990927][   T53] vhci_hcd: release socket
[ 1252.012747][   T53] vhci_hcd: disconnect device
[ 1252.040876][   T53] vhci_hcd: stop threads
[ 1252.052636][   T53] vhci_hcd: release socket
[ 1252.057392][   T53] vhci_hcd: disconnect device
[ 1252.062310][   T53] vhci_hcd: stop threads
[ 1252.086512][   T53] vhci_hcd: release socket
[ 1252.091203][   T53] vhci_hcd: disconnect device
[ 1252.120067][   T53] vhci_hcd: stop threads
[ 1252.124733][   T53] vhci_hcd: release socket
[ 1252.129371][   T53] vhci_hcd: disconnect device
[ 1252.252829][ T9444] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1252.428940][ T9444] usb 6-1: config 0 has an invalid interface number: 64 but max is 0
[ 1252.439800][ T9444] usb 6-1: config 0 has no interface number 0
[ 1252.521461][ T9444] usb 6-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[ 1252.533924][ T9444] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1252.542133][ T9444] usb 6-1: Product: syz
[ 1252.547406][ T9444] usb 6-1: Manufacturer: syz
[ 1252.552266][ T9444] usb 6-1: SerialNumber: syz
[ 1252.565990][ T9444] usb 6-1: config 0 descriptor??
[ 1252.812800][ T9444] usb 6-1: Found UVC 0.08 device syz (046d:0823)
[ 1252.820621][ T9444] usb 6-1: No valid video chain found.
[ 1253.484068][ T9444] usb 6-1: USB disconnect, device number 31
[ 1253.908483][T16944] ebt_limit: overflow, try lower: 570423552/2483027968
[ 1255.419959][T14665] vhci_hcd: vhci_device speed not set
[ 1256.597143][T16748] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1256.624494][T16748] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1256.635569][T16748] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1256.644639][T16748] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1256.891902][   T29] audit: type=1400 audit(5351.861:1579): avc:  denied  { read } for  pid=16977 comm="syz.5.2087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1257.711232][T16748] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1258.170876][T16748] 8021q: adding VLAN 0 to HW filter on device team0
[ 1258.371959][T16748] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1259.023130][T16748] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1259.044165][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1259.051369][ T5903] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1259.137772][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1259.144988][ T5903] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1260.509087][T17029] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2093'.
[ 1260.570412][T17034] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2094'.
[ 1260.793455][ T9444] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1261.274150][ T9444] usb 3-1: config 0 has an invalid interface number: 62 but max is 0
[ 1261.293446][ T9444] usb 3-1: config 0 has no interface number 0
[ 1261.299600][ T9444] usb 3-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1261.325523][T16748] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1261.502187][ T9444] usb 3-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1261.512533][ T9444] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1261.520875][ T9444] usb 3-1: Product: syz
[ 1261.525138][ T9444] usb 3-1: Manufacturer: syz
[ 1261.529746][ T9444] usb 3-1: SerialNumber: syz
[ 1261.546907][ T9444] usb 3-1: config 0 descriptor??
[ 1262.026560][ T9444] usb 3-1: USB disconnect, device number 42
[ 1262.689103][T17074] lo speed is unknown, defaulting to 1000
[ 1262.889581][T16748] veth0_vlan: entered promiscuous mode
[ 1263.010500][T16748] veth1_vlan: entered promiscuous mode
[ 1263.216037][T16748] veth0_macvtap: entered promiscuous mode
[ 1263.227348][T16748] veth1_macvtap: entered promiscuous mode
[ 1263.504096][T16748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1263.686920][T16748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1263.844922][T16748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1263.880500][T16748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1263.908719][T16748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1263.932687][T16748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1263.954684][T16748] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1264.072913][T16748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1264.106710][T16748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1264.138186][T16748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1264.155382][T16748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1264.168902][T16748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1264.197321][T16748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1264.229632][T16748] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1264.269171][T16748] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1264.284366][T16748] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1264.293661][T16748] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1264.315551][T16748] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1264.443245][T14665] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1264.517895][ T6080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1264.541913][ T6080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1264.623411][T14665] usb 6-1: Using ep0 maxpacket: 32
[ 1264.623648][ T5953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1264.640318][T14665] usb 6-1: config 0 has an invalid interface number: 5 but max is 0
[ 1264.659845][ T5953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1264.664000][T14665] usb 6-1: config 0 has no interface number 0
[ 1264.691108][T14665] usb 6-1: config 0 interface 5 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1264.712477][T14665] usb 6-1: config 0 interface 5 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1264.723765][T14665] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1264.733285][T14665] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.750438][T14665] usb 6-1: config 0 descriptor??
[ 1265.601694][ T5953] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1265.724399][T14665] usbhid 6-1:0.5: can't add hid device: -71
[ 1265.730466][T14665] usbhid 6-1:0.5: probe with driver usbhid failed with error -71
[ 1265.740704][T14665] usb 6-1: USB disconnect, device number 32
[ 1265.934855][ T5953] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1266.204577][ T5953] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1266.286264][ T5953] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1266.502993][ T5953] bridge_slave_1: left allmulticast mode
[ 1266.512085][ T5953] bridge_slave_1: left promiscuous mode
[ 1266.517933][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1266.533067][ T5953] bridge_slave_0: left allmulticast mode
[ 1266.538754][ T5953] bridge_slave_0: left promiscuous mode
[ 1266.550603][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1267.042194][ T5953] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1267.054443][ T5953] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1267.065272][ T5953] bond0 (unregistering): Released all slaves
[ 1267.475053][ T5953] hsr_slave_0: left promiscuous mode
[ 1267.481155][ T5953] hsr_slave_1: left promiscuous mode
[ 1267.488670][ T5953] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1267.532698][ T5953] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1267.653594][ T5953] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1267.684822][ T5953] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1268.071307][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1268.086185][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1268.097649][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1268.113192][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1268.125554][ T5855] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1268.147762][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1268.374019][ T5953] veth1_macvtap: left promiscuous mode
[ 1268.378652][T17184] FAULT_INJECTION: forcing a failure.
[ 1268.378652][T17184] name failslab, interval 1, probability 0, space 0, times 0
[ 1268.379551][ T5953] veth0_macvtap: left promiscuous mode
[ 1268.463175][ T5953] veth1_vlan: left promiscuous mode
[ 1268.470224][ T5953] veth0_vlan: left promiscuous mode
[ 1268.472806][T17184] CPU: 1 UID: 0 PID: 17184 Comm: syz.1.2110 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1268.475938][   T29] audit: type=1326 audit(5363.381:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17172 comm="syz.2.2111" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x0
[ 1268.486157][T17184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1268.486171][T17184] Call Trace:
[ 1268.486179][T17184]  <TASK>
[ 1268.486188][T17184]  dump_stack_lvl+0x16c/0x1f0
[ 1268.529449][T17184]  should_fail_ex+0x497/0x5b0
[ 1268.534128][T17184]  ? fs_reclaim_acquire+0xae/0x150
[ 1268.539247][T17184]  should_failslab+0xc2/0x120
[ 1268.543921][T17184]  __kmalloc_noprof+0xcb/0x400
[ 1268.548683][T17184]  sock_kmalloc+0x111/0x170
[ 1268.553181][T17184]  skcipher_recvmsg+0x49d/0x1020
[ 1268.558120][T17184]  ? find_held_lock+0x2d/0x110
[ 1268.562877][T17184]  ? __pfx_skcipher_recvmsg+0x10/0x10
[ 1268.568249][T17184]  sock_recvmsg+0x1f6/0x250
[ 1268.572762][T17184]  ____sys_recvmsg+0x219/0x6b0
[ 1268.577528][T17184]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1268.582824][T17184]  ? find_held_lock+0x2d/0x110
[ 1268.587587][T17184]  ___sys_recvmsg+0x115/0x1a0
[ 1268.592258][T17184]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1268.597459][T17184]  ? lock_acquire+0x2f/0xb0
[ 1268.601967][T17184]  ? fdget+0x176/0x210
[ 1268.606037][T17184]  do_recvmmsg+0x2ba/0x750
[ 1268.610460][T17184]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1268.615392][T17184]  ? vfs_write+0x306/0x1150
[ 1268.619898][T17184]  ? __mutex_unlock_slowpath+0x164/0x650
[ 1268.625539][T17184]  ? __fget_files+0x244/0x3f0
[ 1268.630220][T17184]  __x64_sys_recvmmsg+0x239/0x290
[ 1268.635241][T17184]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1268.640787][T17184]  do_syscall_64+0xcd/0x250
[ 1268.645294][T17184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1268.651185][T17184] RIP: 0033:0x7f258697e719
[ 1268.655591][T17184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1268.675192][T17184] RSP: 002b:00007f2587801038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1268.683598][T17184] RAX: ffffffffffffffda RBX: 00007f2586b36058 RCX: 00007f258697e719
[ 1268.691562][T17184] RDX: 0000000000000001 RSI: 0000000020005800 RDI: 0000000000000007
[ 1268.699524][T17184] RBP: 00007f2587801090 R08: 0000000000000000 R09: 0000000000000000
[ 1268.707486][T17184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1268.715447][T17184] R13: 0000000000000000 R14: 00007f2586b36058 R15: 00007fffd39547d8
[ 1268.723421][T17184]  </TASK>
[ 1269.197803][   T29] audit: type=1400 audit(5364.171:1581): avc:  denied  { connect } for  pid=17191 comm="syz.5.2115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1270.330645][ T5863] Bluetooth: hci2: command tx timeout
[ 1270.383716][   T29] audit: type=1400 audit(5365.361:1582): avc:  denied  { module_load } for  pid=17191 comm="syz.5.2115" path="/sys/power/wakeup_count" dev="sysfs" ino=1383 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[ 1270.698847][T17209] trusted_key: encrypted_key: insufficient parameters specified
[ 1271.592736][ T9624] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1272.342714][ T9624] usb 6-1: Using ep0 maxpacket: 16
[ 1272.349518][ T9624] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1272.361261][ T5855] Bluetooth: hci2: command tx timeout
[ 1272.366896][ T9624] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1272.392949][ T9624] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1272.403259][ T9624] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1272.430060][ T9624] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1272.473965][ T9624] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1272.483865][ T9624] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1272.491990][ T9624] usb 6-1: Manufacturer: syz
[ 1272.504369][ T9624] usb 6-1: config 0 descriptor??
[ 1272.813882][ T9624] rc_core: IR keymap rc-hauppauge not found
[ 1272.819835][ T9624] Registered IR keymap rc-empty
[ 1272.842258][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1272.882812][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1272.932232][ T9624] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1272.963932][ T9624] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input99
[ 1272.992397][T17213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1273.021423][T17213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1273.106084][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.120034][ T5953] team0 (unregistering): Port device team_slave_1 removed
[ 1273.153056][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.202738][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.219435][ T5953] team0 (unregistering): Port device team_slave_0 removed
[ 1273.242781][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.282779][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.313072][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.361715][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.385879][T17213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1273.404328][T17213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1273.413560][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.453383][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.482728][ T9624] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1273.525794][ T9624] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[ 1273.533923][ T9624] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1273.612795][ T9624] usb 6-1: USB disconnect, device number 33
[ 1274.432691][ T5855] Bluetooth: hci2: command tx timeout
[ 1274.543296][   T29] audit: type=1326 audit(5369.471:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17226 comm="syz.5.2123" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x0
[ 1275.041303][T17178] lo speed is unknown, defaulting to 1000
[ 1276.192746][ T9444] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1276.363747][ T9444] usb 6-1: Using ep0 maxpacket: 16
[ 1276.396321][ T9444] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1276.442134][ T9444] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1276.484863][ T9444] usb 6-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[ 1276.512722][ T5863] Bluetooth: hci2: command tx timeout
[ 1276.553589][ T9444] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1276.588945][ T9444] usb 6-1: config 0 descriptor??
[ 1276.644339][T17262] 9pnet_fd: Insufficient options for proto=fd
[ 1277.116101][T17178] chnl_net:caif_netlink_parms(): no params data found
[ 1277.572660][ T9444] usbhid 6-1:0.0: can't add hid device: -71
[ 1277.583049][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1277.631792][ T9444] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1277.687689][ T9444] usb 6-1: USB disconnect, device number 34
[ 1277.698281][T17178] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1277.717124][T17178] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1277.731666][T17178] bridge_slave_0: entered allmulticast mode
[ 1277.740423][T17178] bridge_slave_0: entered promiscuous mode
[ 1277.791939][T17178] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1277.804197][T17178] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1277.811553][T17178] bridge_slave_1: entered allmulticast mode
[ 1277.819256][T17178] bridge_slave_1: entered promiscuous mode
[ 1277.877860][T17178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1277.901255][T17178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1278.234821][T17178] team0: Port device team_slave_0 added
[ 1278.274919][T17178] team0: Port device team_slave_1 added
[ 1278.591680][T17178] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1278.628872][ T8273] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1278.652694][T17178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1278.722789][T17178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1278.753218][T17178] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1278.762819][T17178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1278.799293][T17178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1278.811585][ T8273] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1278.879910][ T8273] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1278.905970][T17292] netlink: 'syz.2.2134': attribute type 4 has an invalid length.
[ 1279.797057][ T8273] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1280.031322][ T8273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1280.039715][ T8273] usb 2-1: SerialNumber: syz
[ 1280.184644][T17178] hsr_slave_0: entered promiscuous mode
[ 1280.190637][T14665] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1280.223230][T17178] hsr_slave_1: entered promiscuous mode
[ 1280.231240][T17178] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1280.259724][T17178] Cannot create hsr debugfs directory
[ 1280.285781][   T29] audit: type=1400 audit(5375.261:1584): avc:  denied  { setattr } for  pid=17278 comm="syz.1.2131" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1280.519966][T14665] usb 6-1: config 0 has an invalid interface number: 62 but max is 0
[ 1280.540354][T14665] usb 6-1: config 0 has no interface number 0
[ 1280.557069][T14665] usb 6-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1280.572333][T14665] usb 6-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1280.583799][T14665] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1280.592448][T14665] usb 6-1: Product: syz
[ 1280.611150][T14665] usb 6-1: Manufacturer: syz
[ 1281.074812][   T29] audit: type=1400 audit(5376.041:1585): avc:  denied  { mounton } for  pid=17278 comm="syz.1.2131" path="/493/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1281.098156][T14665] usb 6-1: SerialNumber: syz
[ 1281.283581][T14665] usb 6-1: config 0 descriptor??
[ 1281.864611][T14665] usb 6-1: USB disconnect, device number 35
[ 1281.877229][   T29] audit: type=1400 audit(5376.831:1586): avc:  denied  { remount } for  pid=17278 comm="syz.1.2131" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1282.151499][   T29] audit: type=1326 audit(5377.121:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17324 comm="syz.0.2139" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6491f7e719 code=0x0
[ 1282.935704][T17339] 9pnet_fd: Insufficient options for proto=fd
[ 1284.848121][ T8273] usb 2-1: 0:2 : does not exist
[ 1285.036297][ T8273] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1285.077257][ T8273] usb 2-1: USB disconnect, device number 55
[ 1285.234619][ T5855] Bluetooth: hci5: command 0x1003 tx timeout
[ 1285.260894][ T5863] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1285.326757][T17364] FAULT_INJECTION: forcing a failure.
[ 1285.326757][T17364] name failslab, interval 1, probability 0, space 0, times 0
[ 1285.341477][T17364] CPU: 0 UID: 0 PID: 17364 Comm: syz.1.2145 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1285.352273][T17364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1285.362346][T17364] Call Trace:
[ 1285.365635][T17364]  <TASK>
[ 1285.368574][T17364]  dump_stack_lvl+0x16c/0x1f0
[ 1285.373272][T17364]  should_fail_ex+0x497/0x5b0
[ 1285.377964][T17364]  ? fs_reclaim_acquire+0xae/0x150
[ 1285.383095][T17364]  should_failslab+0xc2/0x120
[ 1285.387790][T17364]  __kmalloc_noprof+0xcb/0x400
[ 1285.392576][T17364]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1285.398214][T17364]  ? rcu_is_watching+0x12/0xc0
[ 1285.402998][T17364]  tomoyo_realpath_from_path+0xb9/0x720
[ 1285.408564][T17364]  ? tomoyo_path_perm+0x25f/0x450
[ 1285.413595][T17364]  tomoyo_path_perm+0x273/0x450
[ 1285.418464][T17364]  ? tomoyo_path_perm+0x25f/0x450
[ 1285.423523][T17364]  ? __pfx_tomoyo_path_perm+0x10/0x10
[ 1285.428944][T17364]  ? __pfx___lock_acquire+0x10/0x10
[ 1285.434172][T17364]  ? lock_acquire.part.0+0x11b/0x380
[ 1285.439511][T17364]  tomoyo_path_rmdir+0x92/0xe0
[ 1285.444304][T17364]  ? __pfx_tomoyo_path_rmdir+0x10/0x10
[ 1285.449802][T17364]  ? d_lookup+0xe9/0x180
[ 1285.454061][T17364]  security_path_rmdir+0x145/0x2b0
[ 1285.459182][T17364]  do_rmdir+0x2b5/0x410
[ 1285.463333][T17364]  ? __pfx_do_rmdir+0x10/0x10
[ 1285.468002][T17364]  ? strncpy_from_user+0x1e6/0x2c0
[ 1285.473115][T17364]  ? getname_flags.part.0+0x1c5/0x550
[ 1285.478485][T17364]  ? __pfx_ksys_write+0x10/0x10
[ 1285.483341][T17364]  __x64_sys_unlinkat+0xef/0x130
[ 1285.488306][T17364]  do_syscall_64+0xcd/0x250
[ 1285.492805][T17364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1285.498693][T17364] RIP: 0033:0x7f258697e719
[ 1285.503112][T17364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1285.522804][T17364] RSP: 002b:00007f2587822038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[ 1285.531213][T17364] RAX: ffffffffffffffda RBX: 00007f2586b35f80 RCX: 00007f258697e719
[ 1285.539179][T17364] RDX: 0000000000000200 RSI: 0000000020000140 RDI: 0000000000000003
[ 1285.547145][T17364] RBP: 00007f2587822090 R08: 0000000000000000 R09: 0000000000000000
[ 1285.555113][T17364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1285.563074][T17364] R13: 0000000000000000 R14: 00007f2586b35f80 R15: 00007fffd39547d8
[ 1285.571049][T17364]  </TASK>
[ 1285.579230][T17364] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1286.255389][T17178] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1286.279503][T17178] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1286.290865][T17178] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1286.321022][T17178] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1286.503891][   T29] audit: type=1326 audit(5381.391:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17379 comm="syz.0.2149" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6491f7e719 code=0x0
[ 1286.527515][ T8273] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1286.684998][ T9444] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1286.733288][ T8273] usb 2-1: Using ep0 maxpacket: 16
[ 1286.752053][ T8273] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1286.778868][ T8273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1286.790582][ T8273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1286.821990][ T8273] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1286.852126][ T8273] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1286.868508][ T8273] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1286.878691][ T8273] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1286.887205][ T8273] usb 2-1: Manufacturer: syz
[ 1286.893854][ T9444] usb 3-1: too many configurations: 65, using maximum allowed: 8
[ 1286.903517][ T8273] usb 2-1: config 0 descriptor??
[ 1286.909331][ T9444] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 1286.930832][ T9444] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1286.954317][T17178] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1286.996467][T17178] 8021q: adding VLAN 0 to HW filter on device team0
[ 1287.010009][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1287.017218][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1287.058099][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1287.065249][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1287.117414][   T29] audit: type=1326 audit(5382.091:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1287.194541][ T9624] usb 3-1: USB disconnect, device number 43
[ 1287.226030][   T29] audit: type=1326 audit(5382.121:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f258697d0b0 code=0x7ffc0000
[ 1287.250550][T17370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2147'.
[ 1287.311484][   T29] audit: type=1326 audit(5382.121:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f258697ff47 code=0x7ffc0000
[ 1287.376234][   T29] audit: type=1326 audit(5382.121:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1287.387980][T17178] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1287.404223][   T29] audit: type=1326 audit(5382.121:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f258697ff47 code=0x7ffc0000
[ 1287.466806][ T8273] rc_core: IR keymap rc-hauppauge not found
[ 1287.583068][   T29] audit: type=1326 audit(5382.121:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f258697d3aa code=0x7ffc0000
[ 1287.989098][ T5863] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1287.995094][ T8273] Registered IR keymap rc-empty
[ 1287.996291][ T5855] Bluetooth: hci5: command 0x1003 tx timeout
[ 1288.013097][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1288.055538][   T29] audit: type=1326 audit(5382.121:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1288.088239][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1288.105184][   T29] audit: type=1326 audit(5382.121:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1288.142024][   T29] audit: type=1326 audit(5382.121:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17369 comm="syz.1.2147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f258697e719 code=0x7ffc0000
[ 1288.197927][ T8273] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1288.210707][ T8273] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input100
[ 1288.249145][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1288.451742][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1288.574673][T17419] 9pnet_fd: Insufficient options for proto=fd
[ 1289.240820][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.501044][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.522987][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.543869][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.563106][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.583123][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.607872][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.633848][ T8273] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1289.753662][ T8273] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 1289.768363][ T8273] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1289.784730][T15991] udevd[15991]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1290.412370][ T8273] usb 2-1: USB disconnect, device number 56
[ 1290.911460][T17178] veth0_vlan: entered promiscuous mode
[ 1290.921690][T17178] veth1_vlan: entered promiscuous mode
[ 1290.943029][T17178] veth0_macvtap: entered promiscuous mode
[ 1290.951784][T17178] veth1_macvtap: entered promiscuous mode
[ 1290.968211][T17178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1290.978997][T17178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1290.990631][T17178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1291.001307][T17178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1291.011633][T17178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1291.022239][T17178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1291.033363][T17178] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1291.073964][T17178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1291.084691][T17178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1291.094635][T17178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1291.105222][T17178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1291.117289][T17178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1291.127835][T17178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1291.139387][T17178] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1291.152947][ T9624] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1291.153483][T17178] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.169891][T17178] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.179124][T17178] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.187886][T17178] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.322906][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1291.472926][ T9624] usb 6-1: Using ep0 maxpacket: 32
[ 1291.484813][ T9624] usb 6-1: config 0 has an invalid interface number: 5 but max is 0
[ 1291.521104][ T9624] usb 6-1: config 0 has no interface number 0
[ 1291.660531][   T29] kauditd_printk_skb: 47 callbacks suppressed
[ 1291.660570][   T29] audit: type=1400 audit(5386.571:1645): avc:  denied  { getopt } for  pid=17440 comm="syz.0.2159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1291.903920][ T9624] usb 6-1: config 0 interface 5 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.961018][ T9624] usb 6-1: config 0 interface 5 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.992740][ T6085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1292.009208][ T6085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1292.136749][ T9624] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1292.195309][ T9624] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1292.433011][ T6085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1292.564321][ T6085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1292.728235][ T9624] usb 6-1: config 0 descriptor??
[ 1293.446999][ T9624] ft260 0003:0403:6030.000B: unknown main item tag 0x0
[ 1293.553534][T17469] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2162'.
[ 1293.728805][ T9624] ft260 0003:0403:6030.000B: failed to retrieve chip version
[ 1293.749249][ T9624] ft260 0003:0403:6030.000B: probe with driver ft260 failed with error -71
[ 1293.837451][ T9624] usb 6-1: USB disconnect, device number 36
[ 1294.377092][T17491] 9pnet_fd: Insufficient options for proto=fd
[ 1294.741212][T17496] 9pnet_fd: Insufficient options for proto=fd
[ 1295.234711][ T5855] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1295.558714][   T53] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.651542][T17498] lo speed is unknown, defaulting to 1000
[ 1296.119348][   T53] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1296.236881][   T53] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1296.358616][   T53] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1296.440448][   T53] bridge_slave_1: left allmulticast mode
[ 1296.446330][   T53] bridge_slave_1: left promiscuous mode
[ 1296.462609][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1296.471117][   T53] bridge_slave_0: left allmulticast mode
[ 1296.477137][   T53] bridge_slave_0: left promiscuous mode
[ 1296.483360][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1296.930145][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1296.940697][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1296.950990][   T53] bond0 (unregistering): Released all slaves
[ 1297.335545][   T53] hsr_slave_0: left promiscuous mode
[ 1297.341360][   T53] hsr_slave_1: left promiscuous mode
[ 1297.354494][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1297.361989][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1297.371522][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1297.379117][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1297.397547][   T53] veth1_macvtap: left promiscuous mode
[ 1297.403504][   T53] veth0_macvtap: left promiscuous mode
[ 1297.409039][   T53] veth1_vlan: left promiscuous mode
[ 1297.414376][   T53] veth0_vlan: left promiscuous mode
[ 1298.215820][ T5863] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1298.231927][ T5863] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1298.250251][ T5863] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1298.267873][ T5863] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1298.293188][ T5863] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1298.300876][ T5863] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1299.617351][T17531] overlayfs: missing 'lowerdir'
[ 1299.918738][   T53] team0 (unregistering): Port device team_slave_1 removed
[ 1300.014791][   T53] team0 (unregistering): Port device team_slave_0 removed
[ 1300.290779][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.369663][ T5855] Bluetooth: hci2: command tx timeout
[ 1300.802793][T17548] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 1300.861034][T17538] lo speed is unknown, defaulting to 1000
[ 1301.040795][   T29] audit: type=1400 audit(5396.011:1646): avc:  denied  { ioctl } for  pid=17565 comm="syz.1.2178" path="socket:[59739]" dev="sockfs" ino=59739 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1301.132142][   T29] audit: type=1400 audit(5396.041:1647): avc:  denied  { write } for  pid=17565 comm="syz.1.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1301.171858][   T29] audit: type=1400 audit(5396.041:1648): avc:  denied  { read } for  pid=17565 comm="syz.1.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1301.334699][ T5898] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1301.390244][T17538] chnl_net:caif_netlink_parms(): no params data found
[ 1301.492827][ T5898] usb 3-1: Using ep0 maxpacket: 16
[ 1301.502129][T17538] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1301.514172][T17538] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1301.521513][T17538] bridge_slave_0: entered allmulticast mode
[ 1301.526767][ T5898] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1301.528706][T17538] bridge_slave_0: entered promiscuous mode
[ 1301.551517][T17538] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1301.554278][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1301.559114][T17538] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1301.576860][T17538] bridge_slave_1: entered allmulticast mode
[ 1301.580850][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1301.584479][T17538] bridge_slave_1: entered promiscuous mode
[ 1301.610578][ T5898] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1301.626613][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1301.645307][ T5898] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1301.656890][ T5898] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1301.667671][ T5898] usb 3-1: Manufacturer: syz
[ 1301.676573][T17538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1301.686890][ T5898] usb 3-1: config 0 descriptor??
[ 1301.692421][T17538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1301.773501][T17538] team0: Port device team_slave_0 added
[ 1301.799194][T17538] team0: Port device team_slave_1 added
[ 1301.903365][   T29] audit: type=1326 audit(5396.881:1649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1301.917654][T17566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2177'.
[ 1301.941380][   T29] audit: type=1326 audit(5396.881:1650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1301.966273][T17538] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1301.979578][   T29] audit: type=1326 audit(5396.881:1651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb60ad7d0b0 code=0x7ffc0000
[ 1302.007923][T17538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1302.034376][   T29] audit: type=1326 audit(5396.881:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb60ad7ff47 code=0x7ffc0000
[ 1302.058500][T17538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1302.069588][   T29] audit: type=1326 audit(5396.881:1653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1302.099424][T17590] lo speed is unknown, defaulting to 1000
[ 1302.115313][T17538] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1302.147278][   T29] audit: type=1326 audit(5396.881:1654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb60ad7ff47 code=0x7ffc0000
[ 1302.170794][T17538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1302.346577][T17538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1302.411214][   T29] audit: type=1326 audit(5396.881:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17564 comm="syz.2.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb60ad7d3aa code=0x7ffc0000
[ 1302.438877][ T5855] Bluetooth: hci2: command tx timeout
[ 1302.462712][ T5898] rc_core: IR keymap rc-hauppauge not found
[ 1302.468807][ T5898] Registered IR keymap rc-empty
[ 1302.483445][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.532825][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.536946][T17597] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2181'.
[ 1302.592030][ T5898] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1302.593483][T17538] hsr_slave_0: entered promiscuous mode
[ 1302.640291][ T5898] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input101
[ 1302.653121][T17538] hsr_slave_1: entered promiscuous mode
[ 1302.681080][T17538] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1302.692543][T17538] Cannot create hsr debugfs directory
[ 1302.697235][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.745046][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.799410][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.833710][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.884468][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.936594][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1302.974349][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1303.032807][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1303.062998][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1303.098920][ T5898] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1303.184121][ T5898] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[ 1303.211678][ T5898] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1303.263597][ T5898] usb 3-1: USB disconnect, device number 44
[ 1303.694777][T17538] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1303.740969][T17538] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1304.079677][T17538] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1304.216534][T17538] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1304.874370][ T5855] Bluetooth: hci2: command tx timeout
[ 1305.579133][T17538] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1305.710363][T17538] 8021q: adding VLAN 0 to HW filter on device team0
[ 1305.730134][ T6085] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1305.737310][ T6085] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1305.844546][ T6085] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1305.851750][ T6085] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1306.643952][ T9444] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1307.163262][ T9444] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1307.167137][ T5855] Bluetooth: hci2: command tx timeout
[ 1307.174457][ T9444] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1307.202759][ T9444] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1307.211846][ T9444] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1307.605062][ T9444] usb 3-1: config 0 descriptor??
[ 1307.792938][T17538] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1307.835140][    T8] hid-generic 0005:0C45:1010.000C: item fetching failed at offset 0/1
[ 1307.875581][    T8] hid-generic 0005:0C45:1010.000C: probe with driver hid-generic failed with error -22
[ 1308.067927][ T9444] kovaplus 0003:1E7D:2D50.000D: item fetching failed at offset 1/5
[ 1308.104387][ T9444] kovaplus 0003:1E7D:2D50.000D: parse failed
[ 1308.151093][ T9444] kovaplus 0003:1E7D:2D50.000D: probe with driver kovaplus failed with error -22
[ 1308.329470][ T9444] usb 3-1: USB disconnect, device number 45
[ 1309.054538][T17538] veth0_vlan: entered promiscuous mode
[ 1309.067481][T17538] veth1_vlan: entered promiscuous mode
[ 1309.088815][T17538] veth0_macvtap: entered promiscuous mode
[ 1309.098029][T17538] veth1_macvtap: entered promiscuous mode
[ 1309.220094][T17538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1309.261863][T17538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1309.277352][T17538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1309.288278][T17538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1309.302707][T17538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1309.330186][T17538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1309.355947][T17538] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1309.368214][T17538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1309.425913][T17538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1309.463185][T17538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1309.562882][ T9624] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1309.581956][T17538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1309.635882][T17538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1309.722979][ T9624] usb 3-1: Using ep0 maxpacket: 16
[ 1309.750559][ T9624] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1309.817864][ T9624] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1309.946156][T17538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1310.004340][T17538] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1310.063659][T17538] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.118702][ T9624] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1310.132287][ T9624] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1310.142132][ T9624] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1310.142314][   T29] kauditd_printk_skb: 64 callbacks suppressed
[ 1310.142328][   T29] audit: type=1326 audit(5405.111:1720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17704 comm="syz.5.2197" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff6d597e719 code=0x0
[ 1310.158855][ T9624] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1310.213420][T17538] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.222208][T17538] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.258280][T17538] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.546456][ T9624] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1310.628398][   T29] audit: type=1400 audit(5405.601:1721): avc:  denied  { getopt } for  pid=17706 comm="syz.0.2198" lport=36161 faddr=::ffff:172.30.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1310.646320][  T735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1310.745428][ T9624] usb 3-1: Manufacturer: syz
[ 1310.826625][ T9624] usb 3-1: config 0 descriptor??
[ 1310.844842][   T29] audit: type=1400 audit(5405.811:1722): avc:  denied  { validate_trans } for  pid=17706 comm="syz.0.2198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 1310.854396][  T735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1311.708197][ T6085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1311.716343][   T29] audit: type=1326 audit(5406.061:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1311.739521][ T6085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1311.766210][   T29] audit: type=1326 audit(5406.061:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1311.829860][   T29] audit: type=1326 audit(5406.061:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb60ad7d0b0 code=0x7ffc0000
[ 1311.845740][T17694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2194'.
[ 1311.948275][   T29] audit: type=1326 audit(5406.071:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb60ad7ff47 code=0x7ffc0000
[ 1311.978795][   T29] audit: type=1326 audit(5406.071:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb60ad7e719 code=0x7ffc0000
[ 1312.001886][   T29] audit: type=1326 audit(5406.071:1728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb60ad7ff47 code=0x7ffc0000
[ 1312.025007][   T29] audit: type=1326 audit(5406.081:1729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17692 comm="syz.2.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb60ad7d3aa code=0x7ffc0000
[ 1313.262060][ T9624] rc_core: IR keymap rc-hauppauge not found
[ 1313.268228][ T9624] Registered IR keymap rc-empty
[ 1313.273237][ T9624] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1313.300306][ T9624] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1313.703467][ T8273] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1313.943964][ T9624] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1313.959750][ T9624] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input102
[ 1313.975449][ T8273] usb 2-1: config 0 has an invalid interface number: 62 but max is 0
[ 1313.975480][ T8273] usb 2-1: config 0 has no interface number 0
[ 1313.975514][ T8273] usb 2-1: config 0 interface 62 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1313.978499][ T9624] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1313.979203][ T8273] usb 2-1: New USB device found, idVendor=951f, idProduct=a083, bcdDevice=31.b8
[ 1313.979235][ T8273] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1313.979259][ T8273] usb 2-1: Product: syz
[ 1313.979283][ T8273] usb 2-1: Manufacturer: syz
[ 1313.979301][ T8273] usb 2-1: SerialNumber: syz
[ 1313.981135][ T8273] usb 2-1: config 0 descriptor??
[ 1314.021562][T17671] ==================================================================
[ 1314.021579][T17671] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8e6/0x9c0
[ 1314.021612][T17671] Read of size 8 at addr ffff88804d948060 by task khidpd_0c451010/17671
[ 1314.021630][T17671] 
[ 1314.021638][T17671] CPU: 0 UID: 0 PID: 17671 Comm: khidpd_0c451010 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1314.021661][T17671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1314.021672][T17671] Call Trace:
[ 1314.021680][T17671]  <TASK>
[ 1314.021688][T17671]  dump_stack_lvl+0x116/0x1f0
[ 1314.021712][T17671]  print_report+0xc3/0x620
[ 1314.021738][T17671]  ? __virt_addr_valid+0x5e/0x590
[ 1314.021762][T17671]  ? __phys_addr+0xc6/0x150
[ 1314.021787][T17671]  kasan_report+0xd9/0x110
[ 1314.021810][T17671]  ? __mutex_lock+0x8e6/0x9c0
[ 1314.021830][T17671]  ? __mutex_lock+0x8e6/0x9c0
[ 1314.021851][T17671]  __mutex_lock+0x8e6/0x9c0
[ 1314.021873][T17671]  ? l2cap_unregister_user+0x71/0x240
[ 1314.021895][T17671]  ? __pfx___mutex_lock+0x10/0x10
[ 1314.021914][T17671]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1314.021943][T17671]  ? __try_to_del_timer_sync+0x116/0x170
[ 1314.021971][T17671]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1314.022000][T17671]  ? l2cap_unregister_user+0x71/0x240
[ 1314.022026][T17671]  l2cap_unregister_user+0x71/0x240
[ 1314.022047][T17671]  hidp_session_thread+0x462/0x650
[ 1314.022070][T17671]  ? __kthread_parkme+0xb7/0x220
[ 1314.022095][T17671]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1314.022117][T17671]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1314.022141][T17671]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1314.022163][T17671]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1314.022192][T17671]  ? __kthread_parkme+0x148/0x220
[ 1314.022217][T17671]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1314.022240][T17671]  kthread+0x2c1/0x3a0
[ 1314.022262][T17671]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1314.022288][T17671]  ? __pfx_kthread+0x10/0x10
[ 1314.022311][T17671]  ret_from_fork+0x45/0x80
[ 1314.022331][T17671]  ? __pfx_kthread+0x10/0x10
[ 1314.022354][T17671]  ret_from_fork_asm+0x1a/0x30
[ 1314.022388][T17671]  </TASK>
[ 1314.022396][T17671] 
[ 1314.022401][T17671] Allocated by task 17538:
[ 1314.022412][T17671]  kasan_save_stack+0x33/0x60
[ 1314.022432][T17671]  kasan_save_track+0x14/0x30
[ 1314.022451][T17671]  __kasan_kmalloc+0xaa/0xb0
[ 1314.022469][T17671]  __kmalloc_noprof+0x1e8/0x400
[ 1314.022490][T17671]  hci_alloc_dev_priv+0x1d/0x2820
[ 1314.022515][T17671]  __vhci_create_device+0xef/0x7d0
[ 1314.022534][T17671]  vhci_write+0x2c3/0x470
[ 1314.022552][T17671]  vfs_write+0x5ae/0x1150
[ 1314.022575][T17671]  ksys_write+0x12f/0x260
[ 1314.022597][T17671]  do_syscall_64+0xcd/0x250
[ 1314.022613][T17671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1314.022641][T17671] 
[ 1314.022645][T17671] Freed by task 17538:
[ 1314.022655][T17671]  kasan_save_stack+0x33/0x60
[ 1314.022674][T17671]  kasan_save_track+0x14/0x30
[ 1314.022693][T17671]  kasan_save_free_info+0x3b/0x60
[ 1314.022719][T17671]  __kasan_slab_free+0x51/0x70
[ 1314.022739][T17671]  kfree+0x14f/0x4b0
[ 1314.022755][T17671]  hci_release_dev+0x4d9/0x600
[ 1314.022777][T17671]  bt_host_release+0x6a/0xb0
[ 1314.022800][T17671]  device_release+0xa1/0x240
[ 1314.022821][T17671]  kobject_put+0x1e4/0x5a0
[ 1314.022841][T17671]  put_device+0x1f/0x30
[ 1314.022860][T17671]  vhci_release+0x81/0xf0
[ 1314.022876][T17671]  __fput+0x3f6/0xb60
[ 1314.022896][T17671]  task_work_run+0x14e/0x250
[ 1314.022913][T17671]  do_exit+0xadd/0x2d70
[ 1314.022937][T17671]  do_group_exit+0xd3/0x2a0
[ 1314.022961][T17671]  __x64_sys_exit_group+0x3e/0x50
[ 1314.022985][T17671]  x64_sys_call+0x14a9/0x16a0
[ 1314.023010][T17671]  do_syscall_64+0xcd/0x250
[ 1314.023033][T17671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1314.023058][T17671] 
[ 1314.023063][T17671] Last potentially related work creation:
[ 1314.023070][T17671]  kasan_save_stack+0x33/0x60
[ 1314.023089][T17671]  __kasan_record_aux_stack+0xba/0xd0
[ 1314.023114][T17671]  insert_work+0x36/0x230
[ 1314.023140][T17671]  __queue_work+0x3f8/0x1080
[ 1314.023158][T17671]  queue_work_on+0x11a/0x140
[ 1314.023175][T17671]  process_one_work+0x9c5/0x1ba0
[ 1314.023193][T17671]  worker_thread+0x6c8/0xf00
[ 1314.023210][T17671]  kthread+0x2c1/0x3a0
[ 1314.023230][T17671]  ret_from_fork+0x45/0x80
[ 1314.023247][T17671]  ret_from_fork_asm+0x1a/0x30
[ 1314.023271][T17671] 
[ 1314.023275][T17671] Second to last potentially related work creation:
[ 1314.023282][T17671]  kasan_save_stack+0x33/0x60
[ 1314.023302][T17671]  __kasan_record_aux_stack+0xba/0xd0
[ 1314.023326][T17671]  insert_work+0x36/0x230
[ 1314.023351][T17671]  __queue_work+0x97e/0x1080
[ 1314.023368][T17671]  call_timer_fn+0x1a0/0x610
[ 1314.023390][T17671]  __run_timers+0x56a/0x930
[ 1314.023412][T17671]  run_timer_base+0x111/0x190
[ 1314.023435][T17671]  run_timer_softirq+0x1a/0x40
[ 1314.023458][T17671]  handle_softirqs+0x213/0x8f0
[ 1314.023478][T17671]  irq_exit_rcu+0xbb/0x120
[ 1314.023498][T17671]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1314.023522][T17671]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1314.023549][T17671] 
[ 1314.023554][T17671] The buggy address belongs to the object at ffff88804d948000
[ 1314.023554][T17671]  which belongs to the cache kmalloc-8k of size 8192
[ 1314.023570][T17671] The buggy address is located 96 bytes inside of
[ 1314.023570][T17671]  freed 8192-byte region [ffff88804d948000, ffff88804d94a000)
[ 1314.023590][T17671] 
[ 1314.023596][T17671] The buggy address belongs to the physical page:
[ 1314.023609][T17671] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d948
[ 1314.023628][T17671] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1314.023644][T17671] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1314.023662][T17671] page_type: f5(slab)
[ 1314.023681][T17671] raw: 00fff00000000040 ffff88801b042280 ffffea0000d97200 0000000000000002
[ 1314.023699][T17671] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 1314.023717][T17671] head: 00fff00000000040 ffff88801b042280 ffffea0000d97200 0000000000000002
[ 1314.023734][T17671] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[ 1314.023753][T17671] head: 00fff00000000003 ffffea0001365201 ffffffffffffffff 0000000000000000
[ 1314.023771][T17671] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 1314.023782][T17671] page dumped because: kasan: bad access detected
[ 1314.023795][T17671] page_owner tracks the page as allocated
[ 1314.023801][T17671] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5494, tgid 5494 (dhcpcd), ts 1277830876400, free_ts 1276395347598
[ 1314.023836][T17671]  post_alloc_hook+0x2d1/0x350
[ 1314.023857][T17671]  get_page_from_freelist+0xf7d/0x2d10
[ 1314.023879][T17671]  __alloc_pages_noprof+0x223/0x25a0
[ 1314.023901][T17671]  alloc_pages_mpol_noprof+0x2c9/0x610
[ 1314.023926][T17671]  new_slab+0x2c9/0x410
[ 1314.023943][T17671]  ___slab_alloc+0xdac/0x1880
[ 1314.023960][T17671]  __slab_alloc.constprop.0+0x56/0xb0
[ 1314.023979][T17671]  __kmalloc_node_track_caller_noprof+0x355/0x430
[ 1314.024003][T17671]  kmalloc_reserve+0xef/0x2c0
[ 1314.024033][T17671]  __alloc_skb+0x164/0x380
[ 1314.024052][T17671]  netlink_dump+0x2c1/0xcc0
[ 1314.024077][T17671]  netlink_recvmsg+0xa0d/0xf30
[ 1314.024101][T17671]  sock_recvmsg+0x1f6/0x250
[ 1314.024125][T17671]  ____sys_recvmsg+0x219/0x6b0
[ 1314.024148][T17671]  ___sys_recvmsg+0x115/0x1a0
[ 1314.024168][T17671]  __sys_recvmsg+0x114/0x1e0
[ 1314.024189][T17671] page last free pid 9444 tgid 9444 stack trace:
[ 1314.024200][T17671]  free_unref_page+0x5f4/0xdc0
[ 1314.024219][T17671]  __put_partials+0x14c/0x170
[ 1314.024238][T17671]  qlist_free_all+0x4e/0x120
[ 1314.024255][T17671]  kasan_quarantine_reduce+0x192/0x1e0
[ 1314.024275][T17671]  __kasan_slab_alloc+0x69/0x90
[ 1314.024295][T17671]  __kmalloc_noprof+0x199/0x400
[ 1314.024315][T17671]  usb_get_configuration+0x323/0x5e50
[ 1314.024336][T17671]  usb_new_device+0x1189/0x1a10
[ 1314.024360][T17671]  hub_event+0x2d9a/0x4e10
[ 1314.024384][T17671]  process_one_work+0x9c5/0x1ba0
[ 1314.024401][T17671]  worker_thread+0x6c8/0xf00
[ 1314.024419][T17671]  kthread+0x2c1/0x3a0
[ 1314.024439][T17671]  ret_from_fork+0x45/0x80
[ 1314.024456][T17671]  ret_from_fork_asm+0x1a/0x30
[ 1314.024480][T17671] 
[ 1314.024485][T17671] Memory state around the buggy address:
[ 1314.024494][T17671]  ffff88804d947f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1314.024508][T17671]  ffff88804d947f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1314.024522][T17671] >ffff88804d948000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1314.024533][T17671]                                                        ^
[ 1314.024544][T17671]  ffff88804d948080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1314.024558][T17671]  ffff88804d948100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1314.024569][T17671] ==================================================================
[ 1314.024666][T17671] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1314.024677][T17671] CPU: 0 UID: 0 PID: 17671 Comm: khidpd_0c451010 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 1314.024702][T17671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1314.024713][T17671] Call Trace:
[ 1314.024719][T17671]  <TASK>
[ 1314.024727][T17671]  dump_stack_lvl+0x3d/0x1f0
[ 1314.024749][T17671]  panic+0x71d/0x800
[ 1314.024775][T17671]  ? mark_held_locks+0x9f/0xe0
[ 1314.024794][T17671]  ? __pfx_panic+0x10/0x10
[ 1314.024821][T17671]  ? irqentry_exit+0x3b/0x90
[ 1314.024848][T17671]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1314.024878][T17671]  ? check_panic_on_warn+0x1f/0xb0
[ 1314.024907][T17671]  check_panic_on_warn+0xab/0xb0
[ 1314.024935][T17671]  end_report+0x117/0x180
[ 1314.024958][T17671]  kasan_report+0xe9/0x110
[ 1314.024980][T17671]  ? __mutex_lock+0x8e6/0x9c0
[ 1314.025000][T17671]  ? __mutex_lock+0x8e6/0x9c0
[ 1314.025027][T17671]  __mutex_lock+0x8e6/0x9c0
[ 1314.025048][T17671]  ? l2cap_unregister_user+0x71/0x240
[ 1314.025069][T17671]  ? __pfx___mutex_lock+0x10/0x10
[ 1314.025089][T17671]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1314.025115][T17671]  ? __try_to_del_timer_sync+0x116/0x170
[ 1314.025140][T17671]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1314.025166][T17671]  ? l2cap_unregister_user+0x71/0x240
[ 1314.025184][T17671]  l2cap_unregister_user+0x71/0x240
[ 1314.025204][T17671]  hidp_session_thread+0x462/0x650
[ 1314.025225][T17671]  ? __kthread_parkme+0xb7/0x220
[ 1314.025247][T17671]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1314.025269][T17671]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1314.025292][T17671]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1314.025313][T17671]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1314.025339][T17671]  ? __kthread_parkme+0x148/0x220
[ 1314.025362][T17671]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1314.025383][T17671]  kthread+0x2c1/0x3a0
[ 1314.025404][T17671]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1314.025428][T17671]  ? __pfx_kthread+0x10/0x10
[ 1314.025450][T17671]  ret_from_fork+0x45/0x80
[ 1314.025470][T17671]  ? __pfx_kthread+0x10/0x10
[ 1314.025492][T17671]  ret_from_fork_asm+0x1a/0x30
[ 1314.025524][T17671]  </TASK>
[ 1314.025741][T17671] Kernel Offset: disabled